Towards Internet Voting in the State of Qatar

Al-Hamar, Jassim Khalid

January 2011

Qatar is a small country in the Middle East which has used its oil wealth to invest in the country's infrastructure and education. The technology for Internet voting now exists or can be developed, but are the people of Qatar willing to take part in Internet voting for national elections?. This research identifies the willingness of government and citizens to introduce and participate in Internet voting (I-voting) in Qatar and the barriers that may be encountered when doing so. A secure I voting model for the Qatar government is then proposed that address issues of I-voting which might arise due to the introduction of such new technology. Recommendations are made for the Qatar government to assist in the introduction of I-voting. The research identifies the feasibility of I-voting and the government s readiness and willingness to introduce it. Multiple factors are examined: the voting experience, educational development, telecommunication development, the large number of Internet users, Qatar law which does not bar the use of I-voting and Qatar culture which supports I-voting introduction. It is shown that there is a willingness amongst both the people and the government to introduce I-voting, and there is appropriate accessibility, availability of IT infrastructure, availability of Internet law to protect online consumers and the existence of the e government project. However, many Qataris have concerns of security, privacy, usability, transparency and other issues that would need to be addressed before any voting system could be considered to be a quality system in the eyes of the voters. Also, the need to consider the security threat associated on client-side machines is identified where a lack of user awareness on information security is an important factor. The proposed model attempts to satisfy voting principles, introducing a secure platform for I-voting using best practices and solutions such as the smart card, Public Key Infrastructure (PKI) and digital certificates. The model was reviewed by a number of experts on Information Technology, and the Qatari culture and law who found that the system would, generally, satisfy voting principles, but pointed out the need to consider the scalability of the model, the possible cyber-attacks and the risks associated with voters computers. which could be reduced by enhancing user awareness on security and using secure operating systems or Internet browsers. From these findings, a set of recommendations were proposed to encourage the government to introduce I-voting which consider different aspects of I-voting, including the digital divide, e-literacy, I voting infrastructure, legal aspects, transparency, security and privacy. These recommendations were also reviewed by experts who found them to be both valuable and effective. Since literature on Internet voting in Qatar is sparse, empirical and non-empirical studies were carried out in a variety of surveys, interviews and experiments. The research successfully achieved its aim and objectives and is now being considered by the Qatari Government.

320

On the specification and analysis of secure transport layers

Dilloway, Christopher

January 2008

The world is becoming strongly dependent on computers, and on distributed communication between computers. As a result of this, communication security is important, sometimes critically so, to many day-to-day activities. Finding strategies for discovering attacks against security protocols and for proving security protocols correct is an important area of research. An increasingly popular technique that is used to simplify the design of security protocols is to rely on a secure transport layer to protect messages on the network, and to provide protection against attackers. In order to make the right decision about which secure transport layer protocols to use, and to compare and contrast different secure transport protocols, it is important that we have a good understanding of the properties that they can provide. To do this, we require a means to specify these properties precisely. The aim of this thesis is to improve our understanding of the security guarantees that can be provided by secure transport protocols. We define a framework in which one can capture security properties. We describe a simulation relation over specifications based on the events performed by honest agents. This simulation relation allows us to compare channels; it also allows us to specify the same property in different ways, and to conclude that the specifications are equivalent. We describe a hierarchy of confidentiality, authentication, session and stream properties. We present example protocols that we believe satisfy these specifications, and we describe which properties we believe that the various modes of TLS satisfy. We investigate the effects of chaining our channel properties through a trusted third party, and we prove an invariance theorem for the secure channel properties. We describe how one can build abstract CSP models of the secure transport protocol properties. We use these models to analyse two single sign-on protocols for the internet that rely on SSL and TLS connections to function securely. We present a new methodology for designing security protocols which is based on our secure channel properties. This new approach to protocol design simplifies the design process and results in a simpler protocol.

621.382

Genetic diversity and structure of livestock breeds

Wilkinson, Samantha

January 2012

This thesis addresses the genetic characterisation of livestock breeds, a key aspect of the long-term future breed preservation and, thus, of primary interest for animal breeders and management in the industry. First, the genetic diversity and structure of breeds were investigated. The application of individual-based population genetic approaches at characterising genetic structure was assessed using the British pig breeds. All approaches, except for Principle Component Analysis (PCA), found that the breeds were distinct genetic populations. Bayesian genotypic clustering tools agreed that breeds had little individual genetic admixture. However, inconsistent results were observed between the Bayesian methods. Primarily, BAPS detected finer genetic differentiation than other approaches, producing biologically credible genetic populations. BAPS also detected substructure in the British Meishan, consistent with prior known population information. In contrast, STRUCTURE detected substructure in the British Saddleback breed that could not wholly be explained. Further analysis of the British Saddleback revealed that the genetic subdivision did not reflect its historical origin (union of Essex pig and Wessex Saddleback) but was associated with herds. The Rainbarrow appeared to be moderately differentiated from the other herds, and relatively lower allelic diversity and higher individual inbreeding, a possible result of certain breeding strategies. The genetic structure and diversity of the British traditional chicken breeds was also characterised. The breeds were found to be highly distinctive populations with moderately high levels of within-breed genetic diversity. However, majority of the breeds had an observed heterozygote deficit. Although individuals clustered to their origin for some of the breeds, genetic subdivision of individuals was observed in some breeds. For two breeds the inferred genetic subpopulations were associated with morphological varieties, but in others they were associated with flock supplier. As with the British Saddleback breed, gene flow between flocks within the chicken breeds should be enhanced to maintain current levels of genetic diversity. Second, the thesis focused on breed identification through the assignment of individuals to breed origin. Dense genome-wide assays provide an opportunity to develop tailor-made panels for food authentication, especially for verifying traditional breed-labelled products. In European cattle breeds, the prior selection of informative markers produced higher correct individual identification than panels of randomly selected markers. Selecting breed informative markers was more powerful using delta (allele frequency difference) and Wright's FST (allele frequency variation), than PCA. However, no further gain in power of assignment was achieved by sampling in excess of 200 markers. The power of assignment and number of markers required was dependent on the levels of breed genetic distinctiveness. Use of dense genome-wide assays and marker selection was further assessed in the British pig breeds. With delta, it was found that 96 informative SNP markers were sufficient for breed differentiation, with the exception of Landrace and Welsh pair. Assignment of individuals to breed origin was high and few individuals were falsely assigned, especially for the traditional breeds. The probability that a sample of a presumed origin actually originated from that breed was high in the traditional breeds. Validation of the 96-SNP panel using independent test samples of known origin and market samples revealed a high level of breed label conformity.

591.35

Förfalskningens lockelse : Analys av två svenska brottsmål om bedrägeri och signaturförfalskning

Norling, Per

January 2016

The purpose of the paper is to present work patterns from two perspectives, the art expert´s and art forger´s, as the patterns can be retrieved from two Swedish criminal cases of fraud, the case "T" and the case "M". A minor purpose is to create a knowledge base extracted from literature regarding more general work patterns used by art experts when they work with attribution.   The method used can best be named descriptive. Forged artwork from nine artists are described and comments on the fake procedures are provided from buyers, forgers/sellers, middlemen (auction houses), police, prosecutors, experts, lawyers and the Stockholm District Court. The result in the paper can be summarized as follows: 1/ General work patterns with attribution: The track-paradigm is governing the expert´s work. As a start we have a time-setting, by identifying general style patterns in the artwork. Then there is a search for a possible geographical area where the work could have been created, and also a search for art schools and artist groups in that area. If a possible attribution of the work to an artist can be done, a search starts for that artist´s characteristics when it comes to motive, color selection, composition, figures, brush movements etc. Different types of physical measurements and tests can provide a complement to the qualitative analysis. The signature, if there is one, is examined and the provenance for the work is searched for. Information about the work in different archives can strengthen the results. 2/ “T” & “M” - the art expert´s patterns: All experts go directly to the alleged artist for a critical analysis of the specific work. First an overall evaluation is done, and that is often sufficient to reject the work. If necessary, details in the work are examined. If a signature is present, it is examined and compared with genuine ones. In some cases, technical studies are used to reach a definitive verdict. The police focus is to identify inaccuracies and fakes in the sales information, and to show efforts to hide information.    3/ “T” & “M” - the forger’s patterns: Art works from recent years are used as models for the creation of pastiches. Craftsmanship is toned down. Pitfalls are being circumvented by selection of genuine material ingredients and selection of secure image content related to the chosen artist. There is a thorough work with information creation to ensure the prospective buyer's desire for proof of authenticity. In parallel there is a work with cover up, and to secure information gaps.

forged artwork

art forger

authentication

art experts

konstförfalskning

konstförfalskare

attribuering

granskare

Art History

Konstvetenskap

Assessing the Effectiveness of a Fingerprint Biometric and a Biometric Personal Identification Number (BIO-PIN™) when used as a Multi-Factor Authentication Mechanism

Batie, Robert B.

01 January 2016

The issue of traditional user authentication methods, such as username/passwords, when accessing information systems, the Internet, and Web-based applications still pose significant vulnerabilities. The problem of user authentication including physical and logical access appears to have limited, if any, coverage in research from the perspective of biometric as ‘something the user knows.’ Previous methods of establishing ones’ identity by using a password, or presenting a token or identification (ID) card are vulnerable to circumvention by misplacement or unauthorized sharing. The need for reliable user authentication techniques has increased in the wake of heightened concerns about information security and rapid advancements in networking, communication, and mobility. The main goal of this research study was to examine the role of the authentication method (BIO-PIN™ or username/password) and time, on the effectiveness of authentication, as well as the users’ ability to remember the BIO-PIN™ versus username/password (UN/PW). Moreover, this study compared the BIO-PIN™ with a traditional multi-factor biometric authentication using multiple fingerprints (without sequence) and a numerical PIN sequence (noted as "BIO+PIN"). Additionally, this research study examined the authentication methods when controlled for age, gender, user’s computer experience, and number of accounts. This study used a quasi-experimental multiple baseline design method to evaluate the effectiveness of the BIO-PIN™ authentication method. The independent, dependent, and control variables were addressed using descriptive statistics and Multivariate Analysis of Variance (MANOVA) statistical analysis to compare the BIO-PIN™, the BIO+PIN, and UN/PW authentication methods for research questions (RQs) 1 and 2. Additionally, the Multivariate Analysis of Covariance (MANCOVA) was used to address RQ 3 and RQ4, which seeks to test any differences when controlled by age, gender, user experience, and number of accounts. This research study was conducted over a 10-week period with participant engagement occurring over time including a registration week and in intervals of 2 weeks, 3 weeks, and 5 weeks. This study advances the current research in multi-factor biometric authentication and increases the body of knowledge regarding users’ ability to remember industry standard UN/PWs, the BIO-PIN™ sequence, and traditional BIO+PIN.

Biometric

BIO+PIN

BIO-PIN

Personal Identification Number

Two-Factor Authentication

Computer Sciences

Vybrané problémy českých médií a novinářské profese na příkladu pronikání smyšlených událostí a recesistických obsahů do zpravodajství / Selected problems of the czech media and journalistic profession on the exemple of the intrusion of fictitious events and news satire into official news

Seidlová, Tereza

January 2014

This diploma thesis focuses on the problematic aspects of the journalistic profession nowadays, namely on the example of the penetration of the mystifying jokes to the mainstream media. In three specific cases where the authors of the mystifying pranks managed to penetrate the media, the work illustrates the most common mistakes journalists can make and focuses on trends, which stand for these tendencies. Part of this work is the analysis of the mystifying contents that appeared on jokes websites, on Facebook or in the context of interpersonal communication, and subsequent analysis of the media in which these mystifying reports appeared in the form of the real events. The interviews with both stakeholders - authors of the hoax contents and media representatives - will subsequently serve for the illustration of the overall issue and the final conclusion.

Autorskoprávní a jiná ochrana výtvarných děl / Copyright and other protection of visual arts

Šatrová, Adéla

January 2016

Copyright and other protection of visual arts The main topic of this thesis is the copyright and other protection of visual arts. Its aim is to present the main principles of Czech copyright law, illustrate these general rules on examples of visual art, and point out the specifics of the Czech copyright towards these works. Apart from the Czech copyright law, this thesis presents the basic rules of American copyright law, as an introduction to this subject matter in a different legal system. This thesis then shows the legal rules of copyright law in the Czech Republic, which emerges from civil law, and the legal rules of copyright in the USA, which extends from common law. The purpose is not to compare these two legal systems in detail, but to explain the Czech rules in context of a foreign legal system, which offers different concepts and other solutions. The first chapter presents the legal sources of Czech and American copyright. Chapter two describes the basic principles of Czech copyright law, which is followed by an introduction to American copyright law in chapter three. These two chapters interpret the origins of Czech and American copyright, define the work of copyright in both systems as well as explain in legal terms of what a "work of visual art" means in these systems. Chapter four is...

Security and Authentication for 802.11 Wireless Networks

Getraide, Michel

21 May 2004

Wireless Networks is a very growing market. However, the security measures are not strong enough; the WEP security protocol is flawed. The 802.11 Task Group I is working on new security measures in order to strengthen the access control of users, the privacy and the integrity of data. We will describe the WEP flaws and the new security measures of 802.11 Task Group I. Finally, we will propose a new architecture to improve user identification for the wireless network of our department.

EAP

RADIUS

WPA

wireless networks

security

authentication

WEP

TKIP

802.11

802.1x

One Time Password Scheme Via Secret Sharing Techniques

Miceli, Christopher

20 May 2011

Many organizations today are seeking to improve security by implementing multi-factor authentication, i.e. authentication requiring more than one independent mechanism to prove one's identity. One-time passwords in the form of hardware tokens in combination with conventional passwords have emerged as the predominant means in high security environments to satisfy the independent identification criteria for strong authentication. However, current popular public one-time passwords solutions such as HOTP, mOTP, TOTP, and S/Key depend on the computational complexity of breaking encryption or hash functions for security. This thesis will present an efficient and information-theoretically secure one-time password system called Shamir-OTP that is based upon secret sharing techniques.

Shamir secret sharing

Proactive secret sharing

Verifiable secret sharing

one-time password

multi-factor authentication

password

What Are the Security Challenges Concerning Maintenance Data in the Railway Industry

Khan, Hiba

January 2019

Recently, technology advancement has brought improvement in all the sectors, including the railway sector. The Internet of Things (IoT) based railway systems have immense potential to improve quality and systems that will enable more efficient, environmental friendly railway system. Many research brought innovations that offer enormous benefits for rail travel. The current research focuses on the railway industries, as they want to reap the benefits of IT concept such as Cloud Computing, Information Security, and Internet of Things (IoT). Railway industries are generating a large volume of data every day from different sources. In addition, machine and human interactions are rapidly increasing along with the development of technologies. This data need to be properly gathered, analysed and shared in a way that it is safe from different types of cyberattacks and calamities. To overcome smart devices’ and Cloud’s limitations, the new paradigm known as Fog computing has appeared. In which an additional layer processes the data and sends the results to the Cloud. Despite numerous benefits of Fog, computing brings into IoT-based environments, privacy and security issues remain the main challenge for its implementation. Hence, the primary purpose of this research is to investigate the potential challenges, consequences, threats, vulnerabilities, and risk management of data security in the railway infrastructure in the context of eMaintenance.

Cloud Computing

Railway

Identification

Internet Of Things

Authorization

Authentication.

Elektroteknik och elektronik