Digitala banktjänster och kundernas förtroende : En empirisk kvantitativ studie om sambandet mellan digitala banktjänster och bankkunders förtroende

Abdirahman, Leensaa, Kombarova, Lalitta

January 2023

Bakgrund och problemformulering: Skiftet till digitala banktjänster innebär ett annat arbetssätt att bibehålla förtroendet hos sina kunder då servicen blir mindre personlig. Förtroende och service är en viktig del hos kunderna samtidigt som det ställs nya krav gällande bekvämlighet och automatiserade självtjänster. Mot denna bakgrund är möjliga problem som kan uppstå en bristande säkerhet samt riskerna kring integriteten.  Syftet: Studiens syfte är att undersöka om det finns ett samband mellan kundernas förtroende och bankernas digitala banktjänster. Utöver detta vill forskarna få en förståelse för bankkunders förtroende för sin digitala bank.  Metod: Undersökningen bygger på kvantitativ metod i form av en enkätundersökning som sedan används för att genomföra en korrelationsanalys och regressionsanalys. Teoretisk referensram: Technology Acceptance Model, Social Exchange Theory, Perceived Risk och Digitala Tillitsmodellen. Empiri: Empirin har fyra olika fokusområden: kontrollfrågor, förtroende, digitala banktjänster samt risk och säkerhet. Dessa sammanställs och testas i en korrelationsanalys och regressionsanalys för att undersöka samband och testa hypoteser.  Slutsats: Resultatet visar att det föreligger ett positivt samband mellan digitala banktjänsters användbarhet och förtroende för digitala banktjänster samt att upplevd integritetsrisk har ett negativt samband med förtroendet. Trots att det kan finnas ett samband mellan digitala banktjänsternas användarvänlighet och förtroende finns inte tillräckligt med stöd för att bevisa detta. / Background and problem formulation: The shift to digital banking services means a different way of working to maintain the trust of its customers, this as the service has become less personal. Trust and service are valued highly for the customers, while new demands are being made regarding convenience and automated self-service. Against this background, possible problems that may arise are a lack of security and the risks surrounding integrity. Purpose: The purpose of the study is to investigate whether there is a relationship between customers' trust and the banks' digital banking services. In addition to this, the researchers want to gain an understanding of bank customers' trust in their digital bank. Method: The survey is based on a quantitative method in the form of a questionnaire which is then used to carry out a correlation and regression analysis. Framework: Technology Acceptance Model, Social Exchange Theory, Perceived Risk and Digital Trust Model. Empiricism: The empiricism has four different focus areas: control questions, trust, digital banking services and lastly risk as well as security. These are compiled and tested in a correlation and regression analysis to examine relationships by testing hypotheses. Conclusions: The findings show that there is a positive relationship between the usability of digital banking services and trust in digital banking services, and that perceived integrity risk has a negative relationship with trust. Although there may be a link between the ease of use of digital banking services and trust, there is not enough support to prove this.

Technology Acceptance Model

Social Exchange Theory

Perceived Risk

Digital Trust Model

Digital bank

förtroende

Integritetsrisk

Social Sciences

Samhällsvetenskap

Business Administration

Företagsekonomi

Trust Me, I'm the Principal! A New Conceptual Model of Trust for Educational Leaders

Blair, Bryan W.

20 July 2007

The ultimate aim of this work is to contribute to the knowledge of how trust influences and relates to those practices that best support student development and growth as educated and productive citizens, prepared to share in our democratic society-which is the ultimate purpose of our schools (Dewey & Dewey, 1915). Specifically, this thesis investigates the role of trust in relationships between school principals and teachers. A comparative analysis of available literature was conducted using grounded theory methodologies to inform the development of a proposed conceptual model describing the role of trust in organizational processes within the school, specifically between the principal and the teacher. There is sufficient literature in the realm of leadership theory and organizational behavior and psychology to justify the links among motivation, action, and outcomes. The intent of this treatise is not to spend an inordinate amount of time rehashing these well-established links. What is distinctive in this model is the assertion that trust relationships are a prerequisite for motivation, and therefore the subsequent actions and outcomes of a leadership process. Therefore, a large majority of this work is devoted to developing a strong understanding of trust, the components of trust, and the underlying need for trust. Examples from the literature and personal experience are then used to suggest future study to validate the groundedness of the model and to suggest ways for educational leaders to build trust within their organizations, using the model to predict outcomes of each strategy, and to promote student achievement.

trust

education

school

leader

predictability

risk

principal

teacher

grounded theory

trust model

trust process

components of trust

need for trust

modernity

comparative analysis

Educational Leadership

Un modèle de collaboration basé sur les contrats et la confiance / A Contract-based and Trust-aware Collaboration Model

Truong, Hien Thi Thu

11 December 2012

De nos jours, les technologies de l'information offrent aux utilisateurs la possibilité de travailler avec n'importe qui, à n'importe quel moment, de n'importe où et avec plusieurs dispositifs hétérogènes. Cette évolution favorise un nouveau modèle distribué de collaboration de confiance où les utilisateurs peuvent travailler sur des documents partagés avec qui ils ont confiance. La collaboration multi-synchrone est largement utilisée pour soutenir le travail collaboratif en maintenant des flux simultanés de l'activité des utilisateurs qui divergent et convergent continuellement. Cependant, ce modèle n'offre pas de support concernant l'expression et la vérification de restriction d'usage des données. Cette thèse présente C-PPC, un modèle de collaboration basé sur les contrats et sur la confiance. Dans ce modèle, des contrats sont utilisés comme des règles d'utilisation des données et les utilisateurs collaborent en fonction des niveaux de confiance qu'ils attribuent aux autres en accord avec le respect des contrats. Nous formalisons les contrats en utilisant des concepts déontiques: permission, obligation et prohibition. Les contrats sont inclus dans les historiques d'opérations des données partagées. Le modèle C-PPC fournit un mécanisme pour la fusion des modifications des données et des contrats. N'importe quel utilisateur peut auditer les historiques à n'importe quel moment et les résultats de l'audit sont utilisés pour actualiser les niveaux de confiance en se basant sur une métrique de confiance. Nous proposons une solution reposant sur des authentificateurs basés sur les chaînes de hachage pour garantir l'intégrité des historiques et la responsabilité des utilisateurs. Nous fournissons des algorithmes pour construire les authentificateurs et vérifier les historiques puis nous prouvons leur correction. Des résultats expérimentaux montrent la faisabilité du modèle C-PPC / Nowadays, information technologies provide users ability to work with anyone, at any time, from everywhere and with several heterogeneous devices. This evolution fosters a new distributed trustworthy collaboration model where users can work on shared documents with whom they trust. Multi-synchronous collaboration is widely used for supporting collaborative work by maintaining simultaneous streams of user activities which continually diverge and converge. However, this model lacks support on how usage restrictions on data can be expressed and checked within the model. This thesis proposes "C-PPC", a multi-synchronous contract-based and trust-aware collaboration model. In this model, contracts are used as usage rules and users collaborate according to trust levels they have on others computed according to contract compliance. We formalize contracts by using deontic concepts: permission, obligation and prohibition. Contracts are enclosed in logs of operations over shared data. The C-PPC model provides a mechanism for merging data changes and contracts. Any user can audit logs at any time and auditing results are used to update user trust levels based on a trust metric. We propose a solution relying on hash-chain based authenticators that ensures integrity of logs and user accountability. We provide algorithms for constructing authenticators and verifying logs and prove their correctness. A set of experimental results shows the feasibility of the C-PPC model

Traitement réparti

Informatique distribuée

Travail collaboratif

Logique déontique

Contrat

Confiance

Collaboration multi-synchrone

Contrôle d'usage

Modèle de confiance

Audit

Authentificateur

Multi-synchronous collaboration

Usage control

Trust model

Contract

Log auditing

Authenticator

658.403 6

006.33

Use of Technological Tools for Supporting Interpersonal Trust: From Modelling to Fostering Trust Through Design

Morita, Plinio Pelegrini

January 2014

Trust is a core construct of our social lives, influencing how we interact with other individuals that are part of our social circle. Whether at work, in teams, or with friends and family, trust influences how much information we exchange with the other individuals and how we interact as a dyad. Defined as risk acceptance behaviour in situations where there is dependency between the parties, trusting another person means accepting some risks to benefit from the social integration of tasks and knowledge. In an institutional environment, trust is a core component of teamwork dynamics, having a strong influence on team effectiveness and performance. Teams are the backbone of current industry, research, healthcare, and business domains. Teams have the power to increase the momentum of projects and tasks, and may also benefit from the collective body of knowledge brought by experts from different fields. Teamwork also brings new constraints to the interpersonal dynamic; for instance, a lack of interpersonal trust can deeply impact the performance and effectiveness of a team. Without trust, communication and interaction between team members can be significantly impaired, limiting the ability of a team to perform and to become effective. As teams move to non-collocated work, the development of trust is restricted by the limited media richness of communication channels. The perceptual mechanisms that compose the major part of the trust development process become constrained, as behavioural cues are not readily available through Computer Mediated Communication Systems (CMCSs). For this reason, virtual teams can suffer from low, fragile, and delayed trust, impairing team effectiveness and performance. Given the increasing prevalence of non-collocated teams, there is a need for the development of a toolset for understanding, measuring, and fostering trust in distributed teamwork environments. The existing literature provides only a partial understanding of the trust formation process and does not encompass a detailed description of the perceptual mechanisms that would help explain trust formation and allow the design of interventions tailored at targeting trust. I started by developing a model that explains trust formation and the perceptual mechanisms involved in this process, in which I also incorporate the distinction between intuitive trust and calculative confidence. The Human Factors Interpersonal Trust State Formation Model developed in this thesis helps explain the situational variability of interpersonal trust, a very important characteristic to consider when using the knowledge about trust formation to inform design. This model explains how researchers and practitioners can develop designs and interventions to foster trust based on increasing the perception of trust-building cues. Similarly, good trust metrics must capture both a measurement of trust between two people and provide information about how each trust cue influences the formation of the trust state. With the intent of incorporating situational sensitivity to a trust metric, I designed the Quick Trust Assessment Scale (QTAS), based on the NASA-TLX structure, using a combination of direct rating of subjective subscales of trust, with a pairwise comparison of each pair of subscales. I evaluated the QTAS using Crombach’s Alpha and Factor Analysis. The results showed high internal validity and identified one component for extraction from the metric, since this component focused on measuring a construct outside the interest of the QTAS. The QTAS is the first trust metric to be developed that includes a component to measure the situational variability of trust. The next component of this thesis focuses on identifying and testing ways to foster trust in a specific other through electronic communication. To achieve this objective, I initially conducted an ethnographic study to identify how team members foster trust in face-to-face collaborations and which trust cues are most often exchanged. In this study, I identified the effect of a third party on fostering trust (liaison) and five behaviours, or trust building cues, that were most used: recommendation, validation, expertise, social network, and benevolence/willingness to help. These five behaviours were later converted into interface design objects (trust tokens), in the form of badges, to be used in CMCSs and social network environments, acting as surrogates for the missing trust cues. The trust tokens were tested on simulated social network interfaces to identify the effects of multiple latent factors. Results showed that the use of the trust tokens is independent of gender, age, education level, and personality type. However, use was dependent on the type of risk the participants were facing and their cultural background. Although trust tokens are effective in fostering trust behaviour, there was not a unified solution for every type of situation. In order to further validate the situational dependence of trust decisions, I have evaluated two major variables of interest. Through experimental manipulation, I demonstrated the influence of (1) situational risk and (2) cultural background on the use of trust cues. These findings are of relevance for the design of systems that support the development of interpersonal trust as they raise the awareness of the highly variable nature of trust. In order for designers, researchers, and practitioners to successfully influence trust behaviour in teamwork environments, they need to include interpersonal trust as a variable of interest in the design requirements of systems that support teamwork, as well as carefully consider the impact of their interventions, as their interventions will influence variably, depending on the situation and target population. Ultimately, this research program demonstrates the importance of including interpersonal trust as a variable of interest in and as a requirement for the design of systems that support teamwork and collaboration.

Interpersonal trust

Designing for trust

Interface design

Human factors

Trust model

Situation Awareness

Lens model

Confidence

Collaboration

Team

Teamwork

Ethnographic

Trust behaviour

Systems Design Engineering

Trust metric

Trust tokens

Cross-cultural

Réseaux ad hoc véhiculaires : vers une dissémination de données efficace, coopérative et fiable / Vehicular ad hoc networks : towards efficient, collaborativeand reliable data dissemination

Haddadou, Nadia

16 June 2014

Les réseaux ad hoc véhiculaires (VANETs) permettent le partage de différents types de données entre les véhicules, de manière collaborative. Dans cette thèse, nous nous sommes tout particulièrement intéressés aux applications de sûreté et de sécurité routière, dédiées à l'échange des informations sur l'état de l'environnement routier. Les contraintes de ces applications en termes de qualité de services sont des plus rigoureuses, car l'acheminent de leurs données doit être exhaustif et ne souffrir d'aucun retard pour assurer une information utile et en temps opportun au profit de tous les usagers concernés. Cet acheminement doit faire face aux difficultés induites par la dispersion et la forte mobilité des véhicules, l'absence ou l'insuffisance d'infrastructure, la densité variable du réseau, la surcharge en informations à envoyer et l'étendue des zones géographiques à couvrir. En effet, la problématique de diffusion des données dans les VANETs s'avère non-triviale et de nombreux verrous scientifiques doivent être levés pour permettre un support efficace, collaboratif et fiable pour les applications de sûreté et de sécurité routière.Plus précisément, nous aborderons la problématique de la dissémination collaborative en se posant trois questions : “comment disséminer les données ? À quel moment le faire ? Mais aussi quoi disséminer et comment inciter à le faire ? ” Nous avons apporté des réponses à travers les trois contributions de cette thèse. La première consiste à proposer une stratégie de dissémination efficace, qui soit adaptée à l'importance de l'information échangée et à sa durée de vie, permettant ainsi d'éviter un processus de diffusion intensif. Celui-ci est inapproprié dans ce cas de figure, car il génère de la congestion et beaucoup de redondance. Une étude de performances par simulation est réalisée, laquelle montre une diminution de 90% du taux de messages redondants par rapport au cas de la diffusion par inondation. Afin d'améliorer plus encore les performances du processus de diffusion des messages de sûreté, nous proposons, dans un second temps, un ordonnanceur pour l'accès au canal de communication qui a pour objectif de réduire le nombre de collisions dues aux synchronisations afférentes à l'utilisation du multi-canal dans le standard IEEE 802.11p/1609.4 et donc élever le taux de réception des données. Nous basons notre proposition sur la théorie de l'arrêt optimal, qui décide du moment opportun pour l'envoi d'une information en conciliant occupation du canal, efficacité de l'envoi et délai d'ajournement toléré par une information. Dans notre cas, la théorie de l'arrêt optimal est formulée par un processus de décision Markovien (MDP). Nous montrons ainsi par simulation une amélioration substantielle du taux de réception (de 25%) et une diminution importante des pertes (de 47%).Après s'être intéressé à l'aspect quantitatif des performances du réseau, nous nous intéresserons ensuite à l'amélioration de la fiabilité du processus de diffusion. Cette fiabilité est obtenue grâce à l'incitation des véhicules à la coopération et à l'exclusion des véhicules malicieux de celui-ci. Ceci est réalisé au travers de la proposition d'un modèle de confiance, inspiré des jeux de signaux. Le modèle crée une situation d'équilibre, tel que les différentes parties le composant ne soient pas tentées de le contourner, ainsi découle une auto-sélection des véhicules, laquelle est rapide et peu coûteuse. À notre connaissance, notre modèle est le seul à s'attaquer aux effets néfastes des deux types de véhicules, malicieux et égoïstes, en même temps. Comme précédemment, nous évaluons les performances de notre solution au travers d'une modélisation par une chaîne de Markov et divers jeux de simulation. Ceci a permis de montrer que 100% des véhicules malicieux sont exclus, avec le maintien d'un taux de coopération élevé dans le réseau, soit une amélioration de 42% / Vehicular Ad Hoc Networks (VANETs) allow sharing different kinds of data between vehicles in a collaborative way. In this thesis, we are particularly interested in road safety applications, designed for the exchange of information on road traffic and conditions. This kind of applications have strict Quality of Service (QoS) requirements, as data must be routed thoroughly and without any delays so for assuring the timely delivery of useful information to the drivers. In this context, data routing must face several issues raised by the high mobility and dispersion of vehicles, inadequate or completely lacking infrastructure, a variable network density, network saturation due to the large of information to deliver, and the size of the geographical areas to cover. Indeed, the problem of data dissemination in VANETs is non-trivial, and several research challenges must be solved in order to provide an efficient, collaborative, and reliable support for road safety applications. Specifically, we will address the problem of collaborative data dissemination through the following three questions: “How to perform data dissemination?”, “When should we do it?”, and “What must be disseminated?” We have provided answers to these questions through the three contributions of this thesis. Our first contribution is an efficient dissemination strategy, specifically tailored to the importance of the exchanged information as well as its lifespan, which is able to avoid the intensive dissemination process that generates network congestion and data redundancy. We confirm our statements and validate the performance of our solution by modeling it using a discrete-time Markov chain, which demonstrates the number of necessary retransmissions for all concerned vehicles to receive information. Moreover, we performed extensive simulations that show a reduction of up to 90% of redundant messages with respect to message flooding dissemination strategies. Next, in order to further improve the road safety message dissemination process, we propose a communications channel access scheduler, which aims at reducing the number of collisions caused by IEEE 802.11p/1609.4 multi-channel synchronizations, and thus improving the data reception rate. We base our solution on the optimal stopping theory, which chooses the right moment to send information by balancing the channel occupancy rate, the data delivery efficiency, and the maximum deferment delay tolerated by the information. To this end, we formulate the optimal stopping theory through a Markov decision process (MDP). We show through simulation-based evaluations an improvement of the reception rate of up to 25% and a reduction of up to 47% of message losses. Finally, after being interested in the quantitative aspect of network performance, we centered our efforts on improving the reliability of the dissemination process, which is obtained by motivating vehicles to cooperate and evicting malicious vehicles from the process. To this end, we propose a trust model inspired on signaling games, which are a type of dynamic Bayesian games. Through the use of our model, equilibrium is achieved, thus resulting in a fast and low-cost vehicle self-selection process. We define the parameters of our trust model through a discrete-time Markov chain model. To the best of our knowledge, our solution is the only existing solution that tackles the negative effects introduced by the presence of both malicious and selfish vehicles in a VANET. We evaluated the performance of our solution by modeling it using a Markov chain, and a set of simulations. Our results show that up to 100% of malicious vehicles are evicted while keeping a high cooperation rate, thus achieving an improvement of 42% when compared to other similar solutions

Réseaux ad hoc véhiculaires

Stratégie de dissémination

Accès au canal de communication

Modèle de confiance

Véhicules malicieux et égoïstes

Vehicular ad hoc Networks

Dissemination strategy

Communications channel access

Trust model

Malicioux and selfish nodes

Une approche multi-agents pour la composition de services Web fondée sur la confiance et les réseaux sociaux / A Multi-Agents Approach for Web service Composition based on Trust and Social Networks

Louati, Amine

13 October 2015

Dans cette thèse, nous nous intéressons aux problèmes de découverte, de sélection et de composition de services. L'objectif est de satisfaire une requête complexe d'un demandeur de services. Pour ce faire, nous proposons une approche multi-agents fondée sur la confiance et les réseaux sociaux. Nous définissions un modèle de confiance en tant que concept compositionnel formé de quatre composantes: une composante sociale, une composante d'expertise, une composante de recommandation et une composante de coopération. La composante sociale juge s'il est intéressant de suivre un fournisseur avant d'utiliser ses services. La composante d'expertise estime si un service se comporte bien et comme prévu. La composante de recommandation vérifie si un agent est pertinent ou pas et si l'on peut compter sur ses recommandations. La composante de coopération permet aux agents de décider avec qui interagir dans une composition de services. Nous proposons un algorithme distribué pour la découverte de services utilisant la confiance entre les agents ainsi que les systèmes de références dans les réseaux sociaux. Nous développons également une nouvelle méthode s'appuyant sur un modèle probabiliste pour inférer la confiance entre les agents non adjacents tout en tenant compte des rôles des agents intermédiaires. Finalement, nous présentons un processus original de formation de coalitions qui est incrémental, dynamique et recouvrant pour une composition de services dans les réseaux sociaux. Les résultats expérimentaux montrent que nos approches multi-agents sont efficaces, plus performants que les approches similaires existantes et peuvent offrir des résultats plus dignes de confiance à faible coût de communications. / This thesis deals with service discovery, selection and composition problems. The aim is to fulfill a complex requester query. To do that, we propose a multi-agent approach based on trust and social networks. We define a trust model as a compositional concept that includes social, expert, recommender and cooperation-based component. The social-based component judges whether or not the provider is worthwhile pursuing before using his services. The expert-based component estimates whether or not the service behaves well and as expected. The recommender-based component checks whether or not an agent is reliable and if we can rely on its recommendations. The cooperation-based component allows agents to decide with whom to interact in a service composition. We propose a distributed algorithm for service discovery using trust between agents and referral systems in social networks. We also develop a new method based on a probabilistic model to infer trust between non adjacent agents while taking into account roles of intermediate agents. Finally, we present an original coalition formation process which is incremental, dynamic and overlapping for service composition in social networks. %In particular, our coalition formation process engaging self-interested agents is incremental, dynamic and overlapping. Experimental results show that our multi-agents approaches are efficient, outperforms existing similar ones and can deliver more trustworthy results at low cost of communications.

Découverte

Sélection et composition de services

Système multi-Agents

Modèle de confiance

Réseaux sociaux

Systèmes de références

Formation de coalitions

Service Discovery

Selection and Composition

Multi Agent System

Trust Model

Social Networks

Referral Systems

Coalition Formation

006.3

Modèle de confiance et ontologie probabiliste pilotés par réseaux bayésiens pour la gestion des accords de services dans l’environnement de services infonuagiques

Jules, Obed

08 1900

No description available.

Infonuage

SLA

Cloud computing

Bayesian network

Cloud-directory

Ontologie probabiliste

Probabilistic ontology

Répertoire infonuagique

Réseau bayésien

Trust model

Modèle de confiance

Policy-based usage control for trustworthy data sharing in smart cities / Contrôle des politiques d’accès pour les relations de confiance dans les données des smart cities

Cao Huu, Quyet

08 June 2017

Dans le domaine de “smart cities” ou “villes connectées”, les technologies de l’information et de la communication sont intégrées aux services traditionnels de la ville (eau, électricité, gaz, transports collectifs, équipements publics, bâtiments, etc.) pour améliorer la qualité des services urbains ou encore pour réduire les coûts. Les données dans la ville connectée sont généralement produites par une grande variété d’acteurs. Ces données devraient être partagées entre diverses applications ou services. Or, il y a un problème, comment les acteurs peuvent-ils exercer un contrôle sur la façon dont leurs données vont être utilisées? C’est important car pour encourager le partage des données, nous devons établir des relations de confiance entre acteurs. Les acteurs ont confiance s’ils ont la capacité à contrôler l’utilisation de leurs données. Nous prendrons en compte les obligations définies par les acteurs pour leurs données : (i) Abstraction de certaines informations, (ii) Granularité spatio-temporelle, (iii) Classification des acteurs et des objectifs, et (iv) Monétisation des données. Mes contributions sont: (i) Un modèle de contrôle d’utilisation des données. Ce modèle répond aux obligations définies par les acteurs pour leur données. (ii) Une plateforme en tant que service. La plateforme a rajouté des composants nécessaire pour permettre la transparence et la traçabilité d’utilisation des données basée sur le modèle. (iii) Un outil de visualisation. C’est l’implémentation d’un prototype pour que les acteurs puissent exercer un contrôle sur la façon dont leurs données vont être utilisées. (iv) Une évaluation de la performance et l’impact de notre solution. Ces solutions permettent l’établissement des relations de confiance pour le partage des données de Smart Cities basées sur le modèle de contrôle d’utilisation des données. Les résultats de ma thèse peuvent être appliqués à la plateforme IoT Datavenue d’Orange / In smart cities, Information and Communication Technologies, in particular Internet of Things (IoT) Technologies, are integrated into traditional services of our city, for example waste management, air pollution monitoring, and parking to improve quality while reducing costs of these services. IoT data in this context are generated by different actors, such as service providers, developers, and municipal authorities. These data should be shared among applications or services. However, in traditional scenario, there is no sharing of IoT data between them. Each actor consumes data from sensors deployed on behalf of that actor, and network infrastructure maybe shared. In order to encourage IoT data sharing, we need to establish the confidence between the actors. Exercising control over the usage of data by other actors is critical in building trust. Thus, the actors should have an ability to exercise control on how their data are going to be used. This major issue have not been treated in IoT namely Usage Control. In this thesis, we take into account obligations defined by the actors for their data (i) Abstraction of certain information, (ii) Spatial and temporal granularity, (iii) Classification of actors and purposes, and (iv) Monetization of data. For example, requirements of data usage in Intelligent parking applications are (i) Data owners have full access to all the details, (ii) Municipal authorities can access the average occupancy of parking place per street on an hourly basis, (iii) Commercial service providers can access only statistical data over a zone and a weekly basis, and (iv) Monetization of data can be based on subscription types or users roles. Thesis contributions include: (i) Policy-based Data Usage Control Model (DUPO) responds to the obligations defined by actors to their data. (ii) Trustworthy Data Sharing Platform as a Service allows transparency and traceability of data usage with open APIs based on the DUPO and Semantic technologies. (iii) Visualization Tool Prototype enables actors to exercise control on how their data will be used. (iv) Evaluation of the performance and the impact of our solution. The results show that the performance of the added trust is not affecting of the system. Mistrust might hamper public acceptance of IoT data sharing in smart cities. Our solution is key which will establish the trust between data owners and consumers by taking into account the obligations of the data owners. It is useful for data operators who would like to provide an open data platform with efficient enablers to partners, data-based services to clients, and ability to attract partners to share data on their platforms

Internet des objets

Villes connectées

Relation de confiance

Partage de données

Contrôle d’utilisation des données

Politique d’usage des données

Internet of things (IoT)

Smart cities

Trust model

Data sharing

Data usage control

Data usage policy

Integrating Trust-Based Adaptive Security Framework with Risk Mitigation to enhance SaaS User Identity and Access Control based on User Behavior

Akpotor Scott, Johnson

January 2022

In recent years, the emerging trends in cloud computing technologies have given rise to different computing services through the Internet. Organizations across the globe have seized this opportunity as a critical business driver for computing resource access and utilities that will indeed support significant business operations. Embracing SaaS as a crucial business factor enhances corporate business strategy through economies of scale, easy manageability, cost-effectiveness, non-geographical dependence, high reliability, flexible resources, and fast innovation. However, this has also come with various risks due to the limitation of traditional user identity and access control solutions’ inability to effectively identify and manage cloud users’ authorization process when interacting with the cloud. The limit can result in a legitimate user account's impersonation to carry out malicious activities after the user account is compromised to go undetected since traditional solutions seldom function based on user behavior trust level behind any account. Furthermore, the limitation is a significant vulnerability to the cloud environment. This vulnerability is known to be exploited by threats that can eventually lead to substantial unacceptable risks that can undermine security principles or requirements such as confidentiality, integrity, and availability. Significant consequences of this risk are categorized into financial damages, legal implications, reputational damages, and regulatory implications to the cloud environment. As a result, a solution that could contribute to the remediation of these potential risks incurred due to the limitation of user identity and access control management was proposed and designed as User Behavior Trust-Based Adaptive Security framework. The design aims to enhance how cloud users' identity and access control might be managed effectively based on a user behavior trust context and adaptation of corresponding access control measures through adaptive security. The design capability was manifested by integrating it into the standard ISO/2705:2018 Risk Management process. Although, there have been several good information security frameworks such as ISO/IEC 27005:2018 and other technical countermeasures such as SaaS Identity & Access Management (IDaaS) to deal with this risk on the public cloud services. However, they are based on static mitigation approaches, so there is a solid need to shift towards a more dynamic strategical approach. The presented design work, User Behavior Trust-Based Adaptive Security framework, intends to serve as a proposed guideline for risk mitigation that would enhance user identity and access control limitations across the cloud. The solution functions by a trust modeling process that evaluates cloud user activities to compute a user behavior comprehensive trust degree. The resulting data is further used as input feeds parameters into a policy decision point process. The policy decision point process adapts the input parameters to user behavior trust level and behavior risk rating to determine the appropriate access control decision. Ultimately, the adaptive security solution consults the policy decision points to dynamically enforce the corresponding controls measures based on the access control decision received as input feed. The report also conducts a risk assessment process to identify vulnerabilities, threats, and risks related to user behavior trust level and risk rating regarding SaaS resources. Then adapt the mitigation solution, User Behavior Trust-Based Adaptive Security framework, as a possible risk treatment within the risk management process ISO/2705:2018. This report uses a design methodology derived from User Behavior Trust Modelling scientific research work, Gartner Adaptive Security Architecture Model, and eXtensible Access Control Markup Language's policy decision point concept. The design evaluates user behavior trust level by the trust modeling, while the integrated policy decision point processes the trust level to make the access control decision which is later enforced by the adaptive security solution. The report further adapts the risk management procedure ISO/2705:2018 to identify risk from user behavior and trust level, then implements the design solution as a possible risk treatment. The research findings were documented as Results and Discussion, where the functional and operational aspects of the designed framework were provided. In addition, the effects of applying the framework as a possible risk treatment solution were observed through conducting an ISO/2705:2018 risk management procedure. The notable outcome of a reduction of identified risk levels was an improvement in user attitude or behavior, which eventually increased user behavior trust level and reduced associated behavior risk. At the same time, the discussion detailed the interpretation of the results, implications, and limitation of the research, why the framework could be considered a remediation solution beyond the state-of-the-art for cloud user identity and access management—precisely by integrating user behavior, trust, policy decision making with adaptive security into risk management process to reduce IDM-associated risk in the SaaS. Finally, this study has outlined the significance of adopting the designed framework as a possible mitigation solution to enhance the shortcomings of user identity and access control management in the cloud. It has demonstrated that SaaS identified risk can be reduced to an acceptable level when user behavior and activities are taken seriously. Insight into the current trust state and associated risk level of cloud users are vital for continuous risk monitoring and reduction. The solution is to be used as a recommended guideline that might significantly contribute to the research community and information security field of cloud security. Future research direction to consider the possibility of simulating and transforming this conceptual and abstract framework into a real-world working solution due to research work limitations. The framework was designed based on recognized and accepted scientific and technological principles and concepts, from user behavior trust modeling, eXtensible access control markup language, and adaptive security architecture. In addition, to extend this concept to a future research area that will focus exclusively on application-processes behavior.

Risk Assessment

Security countermeasure

Risk Management

Risk Mitigation

Adaptive Security Controls

Threats

Risk

Vulnerabilities

User Behavior Trust Degree

User Behavior Risk Rating

Policy Decision Point

Policy Enforcement Point

User Behavior Trust Model

Adaptive Security Architecture

SaaS

Public Cloud.

Computer Systems

Datorsystem

Telecommunications

Telekommunikation

Communication Systems

Kommunikationssystem

Annan elektroteknik och elektronik

Vers des communications de confiance et sécurisées dans un environnement véhiculaire / Towards trusted and secure communications in a vehicular environment

Tan, Heng Chuan

13 September 2017

Le routage et la gestion des clés sont les plus grands défis dans les réseaux de véhicules. Un comportement de routage inapproprié peut affecter l’efficacité des communications et affecter la livraison des applications liées à la sécurité. D’autre part, la gestion des clés, en particulier en raison de l’utilisation de la gestion des certificats PKI, peut entraîner une latence élevée, ce qui peut ne pas convenir à de nombreuses applications critiques. Pour cette raison, nous proposons deux modèles de confiance pour aider le protocole de routage à sélectionner un chemin de bout en bout sécurisé pour le transfert. Le premier modèle se concentre sur la détection de noeuds égoïstes, y compris les attaques basées sur la réputation, conçues pour compromettre la «vraie» réputation d’un noeud. Le second modèle est destiné à détecter les redirecteurs qui modifient le contenu d’un paquet avant la retransmission. Dans la gestion des clés, nous avons développé un système de gestion des clés d’authentification et de sécurité (SA-KMP) qui utilise une cryptographie symétrique pour protéger la communication, y compris l’élimination des certificats pendant la communication pour réduire les retards liés à l’infrastructure PKI. / Routing and key management are the biggest challenges in vehicular networks. Inappropriate routing behaviour may affect the effectiveness of communications and affect the delivery of safety-related applications. On the other hand, key management, especially due to the use of PKI certificate management, can lead to high latency, which may not be suitable for many time-critical applications. For this reason, we propose two trust models to assist the routing protocol in selecting a secure end-to-end path for forwarding. The first model focusses on detecting selfish nodes, including reputation-based attacks, designed to compromise the “true” reputation of a node. The second model is intended to detect forwarders that modify the contents of a packet before retransmission. In key management, we have developed a Secure and Authentication Key Management Protocol (SA-KMP) scheme that uses symmetric cryptography to protect communication, including eliminating certificates during communication to reduce PKI-related delays.

Règle de combinaison de Dempster

Fusion d’informations

Attaques par paquets

Attaques basées sur la réputation

Attaques à transmission limitée

VANET

WMN

PKI sans certificat

Cryptosystèmes hybrides

Proverif

Accord de clé 3D basé sur un réseau

Dempster’s rule of combination

Information fusion

Packet dropping attacks

Recommendation-based trust model

Reputation-based attacks

Limited transmission power attacks

Merkle tree authentication mechanism

VANET

WMN

Certificate-less PKI

Hybrid cryptosystems

Proverif

3D grid-based key agreement