Secure Information Technology Center – Austria

25

July

2017

Blockchain & Smart Contracts

Kategorie: IT-Security

The Blockchain was developed as part of the cryptocurrency Bitcoin by a person or a group of persons using the synonym Satoshi Nakamoto. The Blockchain is a distributed ledger that consists of a chain of blocks. The attached report explains different types of Blockchains as well as different consensus algorithms. The report focuses on the Ethereum platform, as it seems to be a promising platform for the execution of so called smart contracts. Smart contracts are autonomous applications which are executed in the Blockchain network. This provides applications with no downtime and high censorship resistance. Based on the Blockchain technology and on smart contracts a messenger was developed.
Weiter lesen…

13

July

2017

Rich End-to-End Encryption

Kategorie: eGovernment

The recent project “Skytrust” being about moving the cryptographic key data from the application to an external service succeeded in relieving the cryptographic key data itself from unwanted attention. However, authentication data used to authorise key usage takes its place in being the weak point. These data are collected by the application and forwarded suitably – hence, the application has access to the now very sensitive authentication data. A better approach would be to also collect the authentication data outside the application. An intermediate authentication data collector service between application and key service is necessary to achieve the functionality. An intermediate, however, calls for end-to-end encryption. The challenge is to collect and route the authentication data without the need for breaking the end-to-end encrypted communication, while being able to add the data.

Weiter lesen…

LOD and LOV for Authorization Concepts

Kategorie: eGovernment

Linked Open Data (LOD) and Linked Open Vocabularies (LOV) deal with the definition of reusable concepts, models, and architectures that facilitate the integration of data and services on a web scale. With the ever-growing heterogeneity of available standards and implementation approaches, such integration faces various barriers that make this process costly and less effective in practice. Open and reusable vocabularies aim to lower these barriers by providing the foundations for conceptual annotations that allow the abstraction and bridging of concepts among different entities and domains in reusable, scalable and machine-readable manner. LOV, as one of the initiatives supporting the underlying paradigm, has emerged from the DataLift project and is supported by the Open Knowledge Foundation. LOV today represents the largest dataset that systematically gathers, analyzes and presents data about semantic vocabularies from different domains.

Weiter lesen…

Traffic Analysis of Mobile Applications

Kategorie: IT-Security

As a supporting measure for the inspection of mobile applications, the data sent and received to/from the Internet has always been of interest. If data was transfered in plain text, intuitive conclusions could be drawn about their use in the context of a mobile application. Due to the fact that more and more network traffic is encrypted (HTTPS / TLS), the meaningfulness of captured data packets becomes limited and, consequently, allows only little conclusions to be drawn about the actually transmited content.
Weiter lesen…

24

May

2017

Analysis of Browser-Extensions

Kategorie: IT-Security, Web Technologies

Browser extensions can extend the functionality of modern web browsers almost arbitrarily. However, they are often used for malicious activities, due to their ability to easily access sensitive data (i.e. Cookies). Likewise, benign but faulty extensions can be used for targeted attacks by exploiting errors in the implementation. Usually, the security mechanisms of modern browsers only provide limited protection against such attacks. Thus, the present study deals with dangers posed from benign browser extensions.

Weiter lesen…

9

May

2017

Migrating Edge Computing to Hybrid Edge Computing

Kategorie: Cloud Computing

Currently, various ways exist to offload computationally intensive tasks to remote computers. The goals of these approaches are similar: increase performance and reduce energy consumption.
Furthermore, is was discovered that moving computing units in the priximity of the users is beneficial and is key to achieve best possible results. These revelations form the baseline for the Edge Computing paradigm.
Weiter lesen…

5

May

2017

State of the Art Services for Direct Communication

Kategorie: Cloud Computing, IT-Security

Direct data transfer and direct communication services are becoming increasingly relevant due to widespread availability of high bandwidth Internet connections. At the same time, some properties of today’s Internet infrastructure overcomplicate the act of establishing direct end-to-end connections. This is mostly due to legacy technologies still dominating some key components of the TCP/IP stack. To make matters worse, this is unlikely to change significantly for the foreseeable future.
Weiter lesen…

24

April

2017

Automated Reasoning over Security Policies

Kategorie: Cloud Computing, eGovernment, IT-Security, Web Technologies

Applied approaches on authorization management often focus on a single system or environment, neglecting the need to address the security of data sharing processes that span various entities and organizations.
In the course of this work, we address the shortcomings of existing frameworks by separating authorization management from particular organizations, their business or resource models. We establish a framework that defines abstract means to manage the security of resources distributed across diverse services using a unified service and policy description models. Weiter lesen…

15

March

2017

Security Aspects of Web-APIs

Kategorie: Cloud Computing, eGovernment, IT-Security, Web Technologies

Web-APIs represent a significant building block of the modern Web. They enable efficient and technology neutral data and process integration between diverse entities and platforms. As an innovation driver, they facilitate the creation of new business models and products. The broad variety of APIs, as well as the need to efficiently manage their lifecycles, motivated the inception of specifications and tools to ease and accelerate their development and integration in programmatic environments. Weiter lesen…