TrustBus

On 29 February 2024, the European Parliament approved the amendment of the eIDAS Regulation. The revision introduces new elements and a new EU Digital Identity Wallet, expected to be ready by the end of 2026. Even after the wallet is released, the numerous digital identity schemes operating within the Member States will continue to function for some time. The introduction of the new wallet and the coexistence of numerous digital identity schemes will pose challenges for service providers, who will need to adapt to support various means of identity, including the EU wallet, for their services. In response to this challenge, this study examines how to plan interoperability between eIDAS and existing frameworks. First, we organize the eIDAS components in a knowledge graph that encodes information through entities and their relations. While doing this, we highlight various design patterns and use a graph entity alignment method to map components of eIDAS and the Trust Over IP.

In parallel with the rapid development of Information and Communication technologies and the digitization of information in every aspect of daily life, the enforcement of the GDPR, in May 2018, brought significant changes to the processes that organisations should follow during collecting, processing, and storing personal data and revealed the immediate need for integrating the Regulation’s requirements for integrating into organisational activities that process personal and sensitive data. On the other hand, cloud computing is a cutting-edge technology that is widely used in order to support most, if not every, organisational activities. As a result, such infrastructure constitutes huge pools of personal data and, in this context, a careful consideration and implementation of the rules imposed by the Regulation is considered crucial. In this paper, after highlighting the need to consider the GDPR requirements when designing cloud-based systems, we determined those GDPR compliance controls that should be incorporated at the early stages of the system design process. As a next step, those compliance controls were integrated into a holistic framework that considers both the security and privacy aspects of a cloud-based system as well as the requirements arising from the Regulation during the design of such systems.

Separation of Duty (SoD) is a fundamental principle in information security. Especially large and highly regulated companies have to manage a huge number of SoD policies. These policies need to be maintained in an ongoing effort in order to remain accurate and compliant with regulatory requirements. In this work we develop a framework for managing SoD policies that pays particular attention to policy comprehensibility. We conducted seven semi-structured interviews with SoD practitioners from large organizations in order to understand the requirements for managing and maintaining SoD policies. Drawing from the obtained insights, we developed a framework, which includes the relevant stakeholders and tasks, as well as a policy structure that aims to simplify policy maintenance. We anchor the proposed policy structure in a generic IAM data model to ensure compatibility and flexibility with other IAM models. We then show exemplary how our approach can be enforced within Role-Based Access Control. Finally, we evaluate the proposed framework with a real-world IAM data set provided by a large finance company.

In this paper, we present further contributions to the field of privacy-preserving and explainable data analysis applied to tabular datasets. Our approach defines a comprehensive optimization criterion that balances the key aspects of data privacy, model explainability, and data utility. By carefully regulating the privacy parameter and exploring various configurations, our methodology identifies the optimal trade-off that maximizes privacy gain and explainability similarity while minimizing any adverse impact on data utility. To validate our approach, we conducted experiments using five classifiers on a binary classification problem using the well-known Adult dataset, which contains sensitive attributes. We employed (epsilon, delta)-differential privacy with generative adversarial networks as a privacy mechanism and incorporated various model explanation methods. The results showcase the capabilities of our approach in achieving the dual objectives of preserving data privacy and generating model explanations.

Article 45 of the new eIDAS Directive (eIDAS 2.0) is causing a bit of shock on the Internet as it gives European governments the power to make EU-certificated web certificates accepted without the approval of web browsers/OS, which are considered to be the current gatekeepers of the WebPKI ecosystem. This paper goes beyond the current debate between the WebPKI gatekeepers and the European Commission (EC) about the implications of Article 45. It shows how both approaches do not provide full protection to web users. We propose a better approach that Europe can follow to regulate web X.509 certificates: Rather than regulating the issuance of web X.509 certificates, the EC can play the role of a validator that recommends the acceptance of certificates at the web scale.

Create, Read, Update and Delete operations (CRUD) are a well-established abstraction to model data access in software systems of different architectures. Most system requirements, generated during the specification phase, will be realized by combining these operations on different entities of the system under development. The majority of these requirements will be business operations and objectives. Security requirements come on top of business requirements in a mostly network-connected world and risk the existence of a software system as a business. Through the enforcement of privacy laws, modern systems must also legally comply with privacy requirements or face the possibility of high fines. While there is a great interest in methodologies to elicit security and privacy requirements, little has been done to practically apply those requirements during the software development phase. This paper investigates the implication of those four basic operations regarding security and privacy principles as they are implied by the law. Analysis findings aim to raise awareness among developers about privacy when implementing high-level business requirements, and result in a bottom-up compliance procedure regarding privacy and the GDPR by proposing a systematic approach in this direction.

Counterfactual explanations are a promising direction of explainable AI in many domains such as healthcare. These explanations produce a counterexample from the dataset that shows, for example, what should change about a patient to reduce their risk of developing diabetes type 2. However, this poses a clear privacy risk when the dataset contains information about people. Recent literature shows that this risk can be mitigated by using $k$-anonymity to generalise the explanation, such that it is not about a single person. In this paper, we investigate the trade-offs between privacy and explanation quality in the medical domain. Our results show that for around 40\% of the explained cases, the real gain in privacy is limited as the generalisation increases while the explanations continue decreasing in quality.

These findings suggest that this can be an unsuitable strategy in some situations, as its effectiveness depends on characteristics of the underlying dataset.

Cybersecurity threats and attacks on Industry are increasing, and the outcome of a successful cyber-attack can be severe for organizations. A successful cyber-attack on an Industry where Cyber-Physical Systems are present can be particularly devastating as such systems could cause harm to people and the environment if they malfunction. This paper reports on the results of a survey investigating what security measures organizations implement within the industry to strengthen their security posture. The survey instrument used has been developed using the NIST Special Publication "Guide to Operational Technology" and contained 70 questions to determine the level of security controls deployed within the Norwegian Industry. The results show that the average usage of the different security controls is 63%, and 53% of the organizations have a security controls usage of 60% or more. The most used security control is backup of critical software, whereas the two least used are specific-OT cybersecurity training and response planning. Both are highlighted as areas for improvement. Dedicated OT security standards have not been found to influence the level of security controls used. However, employees within an organization following a dedicated security standard have higher cybersecurity knowledge.

The electronic cash (or e-cash) technology based on the foundational work of Chaum is emerging as a scalability and privacy layer atop of expensive and traceable blockchain-based currencies. Unlike trustless blockchains, e-cash designs inherently rely on a trusted party with full control over the currency supply. Since this trusted component cannot be eliminated from the system, we aim to minimize the trust it requires.

We approach this goal from two angles. Firstly, we employ misuse-resistant hardware to mitigate the risk of compromise via physical access to the trusted device. Secondly, we divide the trusted device's capabilities among multiple independent devices, in a way that ensures unforgeability of its currency as long as at least a single device remains uncompromised. Finally, we combine both these approaches to leverage their complementary benefits.

In particular, we surveyed blind protocols used in e-cash designs with the goal of identifying those suitable for misuse-resistant, yet resource-constrained devices. Based on the survey, we focused on the BDHKE-based construction suitable for the implementation on devices with limited resources. Next, we proposed a new multi-party protocol for distributing the operations needed in BDHKE-based e-cash and analyzed its security. Finally, we implemented the protocol for the JavaCard platform and demonstrated the practicality of the approach by measuring its performance on a physical smartcard.

The importance of automotive cybersecurity is increasing in tandem with the evolution of more complex vehicles, fueled by trends like V2X or over-the-air updates. Regulatory bodies are trying to cope with this problem with the introduction of ISO 21434, which standardizes automotive cybersecurity engineering. One piece of the puzzle for compliant cybersecurity engineering is the creation of a TARA (Threat Analysis and Risk Assessment) for identifying and managing cybersecurity risks. The more time security experts invest in creating a TARA, the more detailed and mature it becomes. Thus, organizations must balance the benefits of a more mature TARA against the costs and resources required to achieve it. However, there is a lack of guidance on determining the appropriate level of effort. In this paper, we propose a data-driven maturity model as a management utility facilitating the decision on the maturity-cost trade-off for creating TARAs. To evaluate the model, we conducted interviews with seven automotive cybersecurity experts from the industry.

Several security issues in open-source projects demonstrate that developer accounts get misused or stolen if weak authentication is used. Many services have started to enforce second-factor authentication (2FA) for their users. This is also the case for GitHub, the largest open-source development platform. We surveyed 110 open-source developers in GitHub to explore how they perceive the importance of authentication on GitHub. Our participants perceived secure authentication as important as other security mechanisms (e.g., commit signing) to improve open-source security. 2FA usage of the project owner was perceived as one of the most important mechanisms.

Around half of the participants (51%) were aware of the planned 2FA enforcement on GitHub. Their perception of this enforcement was rather positive. They agreed to enforce 2FA for new devices and new locations, but they were slightly hesitant to use it after some time. They also rather agreed to enforce various user groups on GitHub to use 2FA. Our participants also perceived GitHub authentication methods positively with respect to their usability and security. Most of our participants (68%) reported that they had enabled 2FA on their GitHub accounts.

Trust is crucial when a truster allows a trustee to carry out desired services. Regulatory authorities thus set requirements for organizations under their jurisdiction to ensure a basic trust level. Trusted auditors periodically verify the auditee's compliance with these requirements. However, the quality of the auditees' compliance and the auditors' verification performance often remain unclear and unavailable to the public. In this work, we examine the regulations of Identity and Access Management (IAM) and identify typical patterns. We enhance these patterns to include trust measurements for the auditee providing services and the auditors verifying compliance. We demonstrate the feasibility of this approach for an application utilizing decentralized blockchain technologies and discuss the implications, potential, and benefits of this architecture.

In order to perform cutting-edge research like AI model training, a large amount of data needs to be accessed. However, data providers are often reluctant to share their data with researchers as these might contain personal data and thereby sharing may introduce serious risks with significant personal, institutional or societal impacts. Apart from the need to control these risks, data providers must also comply with regulations like GDPR, which creates an additional overhead that makes data sharing even less appealing to data providers. Technologies like anonymization can play a critical role when sharing data that may contain personal information by offering privacy preservation measures like face or license plate anonymization. Therefore, we propose a framework to support data sharing of personal data for research by integrating anonymization, risk assessment and automatic licence agreement generation. The framework offers a practical and efficient solution for organisations seeking to enhance data-sharing practices without compromising information security.

Implantable Medical Devices (IMDs) are widely deployed today and often use wireless communication. Establishing a secure communication channel to these devices is challenging in practice. To address this issue, researchers have proposed IMD key exchange protocols, particularly ones that leverage an Out-Of-Band (OOB) channel such as audio, vibration and physiological signals. While these solutions have advantages over traditional key exchange, they are often proposed in an ad-hoc manner and lack a systematic evaluation of their security, usability and deployability properties. In this paper, we provide an in-depth analysis of existing OOB-based solutions for IMDs and, based on our findings, propose a novel IMD key exchange protocol that includes a new class of OOB channel based on human bodily motions. We implement prototypes and validate our designs through a user study (N = 24). The results demonstrate the feasibility of our approach and its unique features, establishing a new direction in the context of IMD security.

Federated learning eliminates the necessity of transferring private training data and instead relies on the aggregation of model updates. Several publications on privacy attacks show how these individual model updates are vulnerable to the extraction of sensitive information. State-of-the-art secure aggregation protocols provide privacy for participating clients, yet, they are restrained by high computation and communication overhead.

We propose the efficient secure aggregation protocol DealSecAgg. The cryptographic scheme is based on a lightweight single-masking approach and allows the aggregation of the global model under encryption. DealSecAgg utilizes at least one additional dealer party to outsource the aggregation of masks and to reduce the computational complexity for mobile clients. At the same time, our protocol is scalable and resilient against client dropouts.

We provide a security proof and experimental results regarding the performance of DealSecAgg. The experimental evidence on the CIFAR-10 data set confirms that using our protocol, model utility remains unchanged compared to federated learning without secure aggregation. Furthermore, the results show how our work outperforms other state-of-the-art masking strategies both in the number of communication rounds per training step and in computational costs, which grows linearly in the amount of active clients. By employing our protocol, runtimes can be reduced by up to 87.8% compared to related work.