Designing for user awareness and usability : An evaluation of authorization dialogs on a mobile device

Lindegren, Daniel

January 2017

Personal data is often disclosed with every registration, sharing, or request of an online service. With the increased usage of things connected to the Internet, users' information being collected and stored, the risks related to unknowingly sharing personal data increases. Sharing of personal information is a sensitive subject and can hurt people’s assets, dignity, personal integrity and other social aspects. In general, users’ concerns have grown regarding protecting their personal information which has led to the development of multiple privacy-oriented systems. In scenarios where users are logging onto a website or system, they rarely notice, understand or have desire to read the conditions to which they are implicitly agreeing. These systems are often referred to as identity management systems or single sign-on systems. Recent studies have shown that users are not aware of what data transactions take place by using various authentication solutions. It is critical for these types of system dealing with privacy that researchers examine users' understanding of the concepts through interface design. The purpose of this study is to investigate the usability and user awareness of data transactions for identity management systems on mobile devices by constructing and evaluating different design concepts. Therefore, four different mobile prototypes were designed (called CREDENTIAL Wallet) and explored to measure the usability and also the user awareness of users’ disclosures. 20 usability tests were conducted per prototype. Multiple conclusions can be drawn from this study. The findings showed that the drag-and-drop prototype scored a high user awareness score in terms of participants remembering their shared data and having a good idea of them not sharing more data than they had actually shared. Consequently, the drag-and-drop prototype achieved the highest usability result. A prototype that utilized swiping was created to fit the mobile medium. The prototype showed the highest user awareness score in the context of participants stating what data they had shared. However, people using the swiping prototype thought they were sharing more data than they actually were. Data show that users have an incorrect mental model of the sharing of their fingerprint pattern. Finally, the writing concerns recommendations and challenges of identity management systems – e.g. the importance of tutorial screens. Future studies within the CREDENTIAL project are already underway concerning users' incorrect mental model of sharing fingerprint to the service provider side. / CREDENTIAL

User awareness

data transaction

usability

usable privacy

privacy enhancing technology

identity management system

CREDENTIAL

mobile

Human Computer Interaction

Beyond the Child Development Credential: An Exploration of Early Childhood Educator Career Pathway Transitions to Higher Education

Bosh Alexander, Danette

January 2022

No description available.

Early Childhood Education

Education

Higher Education

early childhood education profession

early childhood educator

Child Development Associate Credential

associate degree

transition

professional development

career pathways

higher education

Education for occupational change: a study of institutional retraining in New Zealand

Kuiper, Alison C.

January 2002

In the Western world, and specifically in New Zealand, a major impetus for retraining has arisen quite recently and gone largely unnoticed. The new social phenomenon, retraining in the sense of education for occupational change, is examined in this study. Alongside the three traditionally recognised groups of adult learners: those learning for leisure; second chance learners who have been previously educationally disadvantaged; and upskillers who seek to enhance their existing credentials through further tertiary education; is a fourth; the reskillers, those who are seeking education for occupational change. Women are shown to be pioneers in leading social change in this area of retraining. The key questions investigated in this thesis concern the existence of this new phenomenon in New Zealand; whether it is national or worldwide; and whether its origins are local or international. Whether there are distinctive characteristics to the manifestation of this phenomenon in New Zealand is investigated by examining current policy and practice. Additional questions concern whether there are feature of New Zealand employment or education which make upskilling and reskilling more or less likely in this country; the significance of women being the first to take up education for occupational change and what can be learnt from comparison with other countries specifically the Netherlands and England. Education takes place within a set of intersecting socio-political contexts. In the modern world these are simultaneously international, national, local and institutional. They impact on participants in a course of study yet are not often manifest to the individual. 'Learning for life’ is a significant area of both international and national socio-political concern, manifesting itself in a significant set of public discourses and in social phenomena which, as in this case of education for occupational change, are little researched or understood. The historical evolution of public policy relating to adult learners, internationally, and in New Zealand, is documented, with a particular focus on the period from the 1960s onwards. The major theoretical and ideological constructs are outlined and critiqued particularly with reference to public policy in New Zealand. Analysis shows an inexorable shift over time away from knowledge and skills attained through praxis, to knowledge and skills attained through formal institutionalised learning. At the same time as this change was taking place, participation rates in first secondary, and then tertiary, education rose. Concurrently more and more women entered tertiary education in order to make their way into an increasingly credentialised workforce. It is suggested that, credentials are used for screening purposes in addition to providing individuals with knowledge and skills needed for the occupations they enter. Case studies are used to illustrate and document these changes. Policies relating to learning for life are examined with reference to three different countries: New Zealand, England and the Netherlands. Provision of tertiary education for adults is investigated, and then illustrated through the coverage provided by institutions in three cities, Christchurch, Leicester and Utrecht. These studies show that different countries are subject to international geo-political and ideological forces but respond to them in locally and historically determined ways. The case study/qualitative analysis of the Christchurch Polytechnic’s Next Step Centre for Women and the New Outlook for Women courses illustrates the ways in which the twists and turns of public policy in New Zealand over thirty years have affected women wishing to seek education for occupational change. A quantitative study of mature students and their motivations for returning to study at the Christchurch Polytechnic allows for the impact of public policy and institutional provision on a group of mature individuals to be assessed. The study concludes that education for occupational change appears to be more advanced in New Zealand than in the European countries chosen for comparison. This may result more from individual initiative and the conditions which promote this, than from state policy direction or institutional provision. Policy consequences are proposed on the basis of these findings.

education

occupational change

retraining

reskilling

New Zealand

mature students

state policy

educational institution

provision

credential

tertiary education

women

university

Conception de protocoles cryptographiques préservant la vie privée pour les services mobiles sans contact / Design of privacy preserving cryptographic protocols for mobile contactless services

Arfaoui, Ghada

23 November 2015

Avec l'émergence de nouvelles technologies telles que le NFC (Communication à champ proche) et l'accroissement du nombre de plates-formes mobiles, les téléphones mobiles vont devenir de plus en plus indispensables dans notre vie quotidienne. Ce contexte introduit de nouveaux défis en termes de sécurité et de respect de la vie privée. Dans cette thèse, nous nous focalisons sur les problématiques liées au respect de la vie privée dans les services NFC ainsi qu’à la protection des données privées et secrets des applications mobiles dans les environnements d'exécution de confiance (TEE). Nous fournissons deux solutions pour le transport public: une solution utilisant des cartes d'abonnement (m-pass) et une autre à base de tickets électroniques (m-ticketing). Nos solutions préservent la vie privée des utilisateurs tout en respectant les exigences fonctionnelles établies par les opérateurs de transport. À cette fin, nous proposons de nouvelles variantes de signatures de groupe ainsi que la première preuve pratique d’appartenance à un ensemble, à apport nul de connaissance, et qui ne nécessite pas de calculs de couplages du côté du prouveur. Ces améliorations permettent de réduire considérablement le temps d'exécution de ces schémas lorsqu’ils sont implémentés dans des environnements contraints par exemple sur carte à puce. Nous avons développé les protocoles de m-passe et de m-ticketing dans une carte SIM standard : la validation d'un ticket ou d'un m-pass s'effectue en moins de 300ms et ce tout en utilisant des tailles de clés adéquates. Nos solutions fonctionnent également lorsque le mobile est éteint ou lorsque sa batterie est déchargée. Si les applications s'exécutent dans un TEE, nous introduisons un nouveau protocole de migration de données privées, d'un TEE à un autre, qui assure la confidentialité et l'intégrité de ces données. Notre protocole est fondé sur l’utilisation d’un schéma de proxy de rechiffrement ainsi que sur un nouveau modèle d’architecture du TEE. Enfin, nous prouvons formellement la sécurité de nos protocoles soit dans le modèle calculatoire pour les protocoles de m-pass et de ticketing soit dans le modèle symbolique pour le protocole de migration de données entre TEE. / The increasing number of worldwide mobile platforms and the emergence of new technologies such as the NFC (Near Field Communication) lead to a growing tendency to build a user's life depending on mobile phones. This context brings also new security and privacy challenges. In this thesis, we pay further attention to privacy issues in NFC services as well as the security of the mobile applications private data and credentials namely in Trusted Execution Environments (TEE). We first provide two solutions for public transport use case: an m-pass (transport subscription card) and a m-ticketing validation protocols. Our solutions ensure users' privacy while respecting functional requirements of transport operators. To this end, we propose new variants of group signatures and the first practical set-membership proof that do not require pairing computations at the prover's side. These novelties significantly reduce the execution time of such schemes when implemented in resource constrained environments. We implemented the m-pass and m-ticketing protocols in a standard SIM card: the validation phase occurs in less than 300ms whilst using strong security parameters. Our solutions also work even when the mobile is switched off or the battery is flat. When these applications are implemented in TEE, we introduce a new TEE migration protocol that ensures the privacy and integrity of the TEE credentials and user's private data. We construct our protocol based on a proxy re-encryption scheme and a new TEE model. Finally, we formally prove the security of our protocols using either game-based experiments in the random oracle model or automated model checker of security protocols.

Services mobiles

Respect de la vie privée

Signature de groupe

Proxy de rechiffrement

Migration de secrets

Mobile services

Privacy

Group signature

Proxy re-encryption

Trusted execution environments (TEE)

Credential migration

005.8

A Cloud-native Vehicular Public Key Infrastructure : Towards a Highly-available and Dynamically- scalable VPKIaaS / En cloud-native public key infrastruktur för fordon : För ett VPKI med hög tillgänglihhet och dynamisk skalbarhet

Noroozi, Hamid

January 2021

Efforts towards standardization of Vehicular Communication Systems (VCSs) have been conclusive on the use of Vehicular Public-Key Infrastructure (VPKI) for the establishment of trust among network participants. Employing VPKI in Vehicular Communication (VC) guarantees the integrity and authenticity of Cooperative Awareness Messages (CAMs) and Decentralized Environmental Notification Messages (DENMs). It also offers a level of privacy for vehicles as VPKI provides them with a set of non-linkable short-lived certificates, called pseudonyms, which are used to sign outgoing messages by vehicles while they communicate with other vehicles referred to as Vehicle-to-Vehicle (V2V) or Roadside Units (RSUs) referred to as Vehicle-to-Infrastructure (V2I). Each vehicle uses a pseudonym for its lifetime and by switching to a not- previously- used pseudonym, it continues to communicate without risking its privacy. There have been two approaches suggested by the literature on how to provide vehicles with pseudonyms. One is the so-called pre-loading mode, suggesting to pre-load vehicles with all pseudonyms they need, which increases the cost of revocation in case they are compromised. The other one is the on-demand mode, suggesting a real-time offering of pseudonyms by VPKI at vehicles request e.g., on starting each trip. Choosing the on-demand approach imposes a considerable burden of availability and resilience on VPKI services. In this work, we are confronting the problems regarding a large-scale deployment of an on-demand VPKI that is resilient, highly available, and dynamically scalable. In order to achieve that, by leveraging state-of-the-art tools and design paradigms, we have enhanced a VPKI system to ensure that it is capable of meeting enterprise-grade Service Level Agreement (SLA) in terms of availability, and it can also be cost-efficient as services can dynamically scale-out in the presence of high load, or possibly scale-in when facing less demand. That has been made possible by re-architecting and refactoring an existing VPKI into a cloud-native solution deployed as microservices. Towards having a reliable architecture based on distributed microservices, one of the key challenges to deal with is Sybil-based misbehavior. By exploiting Sybil-based attacks in VPKI, malicious vehicles can gain influential advantage in the system, e.g., one can affect the traffic to serve its own will. Therefore, preventing the occurrence of Sybil attacks is paramount. On the other hand, traditional approaches to stop them, often come with a performance penalty as they verify requests against a relational database which is a bottleneck of the operations. We propose a solution to address Sybil-based attacks, utilizing Redis, an in-memory data store, without compromising the system efficiency and performance considerably. Running our VPKI services on Google Cloud Platform (GCP) shows that a large-scale deployment of VPKI as a Service (VPKIaaS) can be done efficiently. Conducting various stress tests against the services indicates that the VPKIaaS is capable of serving real world traffic. We have tested VPKIaaS under synthetically generated normal traffic flow and flash crowd scenarios. It has been shown that VPKIaaS managed to issue 100 pseudonyms per request, submitted by 1000 vehicles where vehicles kept asking for a new set of pseudonyms every 1 to 5 seconds. Each vehicle has been served in less than 77 milliseconds. We also demonstrate that, under a flash crowd situation, with 50000 vehicles, VPKIaaS dynamically scales out, and takes ≈192 milliseconds to serve 100 pseudonyms per request submitted by vehicles. / Ansträngningar för standardisering av Vehicular Communication Systems har varit avgörande för användandet av Vehicular Public-Key Infrastructure (VPKI) för att etablera förtroende mellan nätverksdeltagare. Användande av VPKI i Vehicular Communication (VC) garanterar integritet och autenticitet av meddelanden. Det erbjuder ett lager av säkerhet för fordon då VPKI ger dem en mängd av icke länkbara certifikat, kallade pseudonym, som används medan de kommunicerar med andra fordon, kallat Vehicle-to-Vehicle (V2V) eller Roadside Units (RSUs) kallat Vehicle-to-Infrastructure (V2I). Varje fordon använder ett pseudonym under en begränsad tid och genom att byta till ett icke tidigare använt pseudonym kan det fortsätta kommunicera utan att riskera sin integritet. I litteratur har två metoder föreslagits för hur man ska ladda fordon med pseudonym de behöver. Den ena metoden det så kallade offline-läget, som proponerar att man för-laddar fordonen med alla pseudonym som det behöver vilket ökar kostnaden för revokering i fall de blir komprometterat. Den andra metoden föreslår ett on-demand tillvägagångssätt som erbjuder pseudonym via VPKI på fordonets begäran vid början av varje färd. Valet av på begäran metoden sätter en stor börda på tillgänglighet och motståndskraft av VPKI tjänster. I det här arbetet, möter vi problem med storskaliga driftsättningar av en på begäran VPKI som är motståndskraftig, har hög tillgänglighet och dynamiskt skalbarhet i syfte att uppnå dessa attribut genom att nyttja toppmoderna verktyg och designparadigmer. Vi har förbättrat ett VPKI system för att säkerställa att det är kapabelt att möta SLA:er av företagsklass gällande tillgänglighet och att det även kan vara kostnadseffektivt eftersom tjänster dynamiskt kan skala ut vid högre last eller skala ner vid lägre last. Detta har möjliggjorts genom att arkitekta om en existerande VPKI till en cloud-native lösning driftsatt som mikrotjänster. En av nyckelutmaningarna till att ha en pålitlig arkitektur baserad på distribuerade mikrotjänster är sybil-baserad missuppförande. Genom att utnyttja Sybil baserade attacker på VPKI, kan illvilliga fordon påverka trafik att tjäna dess egna syften. Därför är det av största vikt att förhindra Sybil attacker. Å andra sidan så dras traditionella metoder att stoppa dem med prestandakostnader. Vi föreslår en lösning för att adressera Sybilbaserade attacker genom att nyttja Redis, en in-memory data-store utan att märkbart kompromissa på systemets effektivitet och prestanda. Att köra våra VPKI tjänster på Google Cloud Platform (GCP) och genomföra diverse stresstester mot dessa har visat att storskaliga driftsättningar av VPKI as a Service (VPKIaaS) kan göras effektivt samtidigt som riktigt trafik hanteras. Vi har testat VPKIaaS under syntetisk genererat normalt trafikflöde samt flow och flash mängd scenarier. Det har visat sig att VPKIaaS klarar att utfärda 100 pseudonym per förfråga utsänt av 1000 fordon (där fordonen bad om en ny uppsättning pseudonym varje 1 till 5 sekunder), och varje fordon fått svar inom 77 millisekunder. Vi demonstrerar även att under en flashcrowd situation, där antalet fordon höjs till 50000 med en kläckningsgrad på 100. VPKIaaS dynamiskt skalar ut och tar ≈192 millisekunder att betjäna 100 pseudonymer per förfrågan gjord av fordon.

Security

Privacy

Vehicular PKI

VPKI

Identity and Credential Management

Vehicular Communications

VANETs

Availability

Scalability

Resilient

Efficiency

Microservice

Container Orchestration

Cloud

Pseudonym Transition

Pseudonym Unlinkability.

Säkerhet

personlig integritet

identitet- och behörighetsuppgifter

tillgänglighet

skalbarhet

motståndskraftig

effektivitet

moln

pseudonymitet

anonymitet

ospårbarhet.

Computer Sciences

Datavetenskap (datalogi)

Agent-based one-shot authorisation scheme in a commercial extranet environment

Au, Wai Ki Richard

January 2005

The enormous growth of the Internet and the World Wide Web has provided the opportunity for an enterprise to extend its boundaries in the global business environment. While commercial functions can be shared among a variety of strategic allies - including business partners and customers, extranets appear to be the cost-effective solution to providing global connectivity for different user groups. Because extranets allow third-party users into corporate networks, they need to be extremely secure and external access needs to be highly controllable. Access control and authorisation mechanisms must be in place to regulate user access to information/resources in a manner that is consistent with the current set of policies and practices both at intra-organisational and cross-organisational levels. In the business-to-customer (B2C) e-commerce setting, a service provider faces a wide spectrum of new customers, who may not have pre-existing relationships established. Thus the authorisation problem is particularly complex. In this thesis, a new authorisation scheme is proposed to facilitate the service provider to establish trust with potential customers, grant access privileges to legitimate users and enforce access control in a diversified commercial environment. Four modules with a number of innovative components and mechanisms suitable for distributed authorisation on extranets are developed: * One-shot Authorisation Module - One-shot authorisation token is designed as a flexible and secure credential for access control enforcement in client/server systems; * Token-Based Trust Establishment Module - Trust token is proposed for server-centric trust establishment in virtual enterprise environment. * User-Centric Anonymous Authorisation Module - One-task authorisation key and anonymous attribute certificate are developed for anonymous authorisation in a multi-organisational setting; * Agent-Based Privilege Negotiation Module - Privilege negotiation agents are proposed to provide dynamic authorisation services with secure client agent environment for hosting these agents on user's platform

distributed authorisation

extranet

Intranet

smart card

personal secure device

authentication

security architecture

security server

trust establishment

trust token

credential-based authorisation

one-shot authorisation token

one-task authorisation key

anonymous attribute certificate

key binding certificate

anonymous authorisation

referee server

privilege negotiation agent

authorisation agent

secure client agent environment

Engineering Ecosystems of Systems: UML Profile, Credential Design, and Risk-balanced Cellular Access Control

Bissessar, David

14 December 2021

This thesis proposes an Ecosystem perspective for the engineering of SoS and CPS and illustrates the impact of this perspective in three areas of contribution category First, from a conceptual and Systems Engineering perspective, a conceptual framework including the Ecosystems of System Unified Language Modeling (EoS-UML) profile, a set of Ecosystem Ensemble Diagrams, the Arms :Length Trust Model and the Cyber Physical Threat Model are provided. Second, having established this conceptual view of the ecosystem, we recognize unique role of the cryptographic credentials within it, towards enabling the ecosystem long-term value proposition and acting as a value transfer agent, implementing careful balance of properties meet stakeholder needs. Third, we propose that the ecosystem computers can be used as a distributed compute engine to run Collaborative Algorithms. To demonstrate, we define access control scheme, risk-balanced Cellular Access Control (rbCAC). The rbCAC algorithm defines access control within a cyber-physical environment in a manner which balances cost, risk, and net utility in a multi-authority setting. rbCAC is demonstrated it in an Air Travel and Border Services scenario. Other domains are also discussed included air traffic control threat prevention from drone identity attacks in protected airspaces. These contributions offer significant material for future development, ongoing credential and ecosystem design, including dynamic perimeters and continuous-time sampling, intelligent and self optimizing ecosystems, runtime collaborative platform design contracts and constraints, and analysis of APT attacks to SCADA systems using ecosystem approaches.

cryptography

digital credentials

biometrics

fuzzy extractors

ecosystems

systems engineering

UML

EoS-UML

digital credential design

rbCAC

SoS

Systems of Systems

CPS

Cyber-physical Systems

Distributed Computing

Collaborative Computing

Design by Contract

Design by Smart Contract

rbCAC

Ecosystem Ensemble Diagram

Confusion Matrix

Classifier Evaluation

Emergent Behavior

Ecosystems Enginering