Secure Information Technology Center – Austria

Android Browser – Security and Privacy

Kategorie: IT-Security

Online advertising is growing rapidly. In 2007 online advertising revenues in Germany totalled €976 million, a 103% increase compared to the revenues in 2006. This year a revenue of €6.9 billion is expected in Germany. For users there are various reasons why one would like to block ads. Blocking ads can increase the user experience, decrease data usage, decrease processor load and therefore increase battery life and protect against Malvertising.
Weiter lesen…

Multilateral Integration of XACML Policies

Kategorie: Cloud Computing, IT-Security

XACML is a framework that establishes an XML-based language, architecture and process models for the externalized authorization management. XACML has been by its design focused on the protection of information assets present in the realm of a single organization.  Because of this narrow scope, a range of tools and methodologies emerged that support the application of XACML policies to a single environment only. In this project we extend an administrative model that supports the multilateral management of XACML security policies. This is achieved through the development of an adapter that allows the translation and mapping of abstract, semantic security policies designed for a broader scope and Web API-based environments, to XACML policies specific for a particular organization and its environment.

Weiter lesen…

Secure Real-Time Textcollaboration

Kategorie: IT-Security

Google Docs and Office 365 are fixed points when it comes to cloud-based data processing. The rush towards different people editing a single document at the same time, however, seems merely restrained by concerns about data confidentiality. This project gives an overview of current approaches to secure real-time textcollaboration available in science and industry and distills a list of remaining Weiter lesen…

Fingerprinting Code of Mobile Applications

Kategorie: IT-Security

The analysis of applications for mobile platforms (Android, iOS) has shown that security-relevant problems are often not to be found in the application code itself, but are introduced by components of third-party software. Often, these problematic code parts are made freely available and are thus found in many applications. If the program code is obfuscated by the manufacturer, it becomes very difficult to find precarious code parts.
Weiter lesen…

Device Enrolment Using Flexible Authentication

Kategorie: IT-Security

Managed devices are already established in corporate environments. Small businesses and end users, however, rarely benefit from such complex systems and dedicated infrastructures.
This project compiled concepts for authenticating devices, with a focus on the initial authentication as part of enrolment processes as well as easy and convenient revocation of permissions. This initial authentication needs to be flexible in order to take the different characteristics and features of current devices into account and possible create device policies on-demand.
The actual communication between enrolled devices and a service, on the other hand, should be kept as simple as possible. This is feasible due to virtually all (client) devices supporting technologies like TLS. A demonstrator illustrates that an OS-independent implementation of the proposed concepts is possible.
Weiter lesen…

Utilizing Policy Enforcement System to Control Mobile Distributed Applications

Kategorie: Cloud Computing, IT-Security

XACML is the de-facto standard in the area of data security policy languages. It enables to centralize the evaluation and administration of access control rules. This project extends XACML to enable centralized controlling of distributed mobile application. Without applying optimizations, applications render unusable due to heavy losses in performance.
Furthermore, this concept does not require a static Internet connectivity of the mobile devices and also works with occassional connectivity to the policy evaluation infrastructure.

Weiter lesen…

Traces on the Internet

Kategorie: IT-Security, Web Technologies

Almost all activities on the Internet leave traces, which, when combined accordingly, can help identify an induvial with sufficient certainty. One of the main reasons for this is that the technical foundation of the Internet dates back to a time when privacy and data protection were not relevant. However, most components involved are considered as critical infrastructure. Thus, they cannot simply be replaced. As a result, additional measures need to be taken, in order to keep one’s identity secret and to leave as little traces as possible. Especially on application level, a lot of traces are left.

Weiter lesen…

25

July

2017

Blockchain & Smart Contracts

Kategorie: IT-Security

The Blockchain was developed as part of the cryptocurrency Bitcoin by a person or a group of persons using the synonym Satoshi Nakamoto. The Blockchain is a distributed ledger that consists of a chain of blocks. The attached report explains different types of Blockchains as well as different consensus algorithms. The report focuses on the Ethereum platform, as it seems to be a promising platform for the execution of so called smart contracts. Smart contracts are autonomous applications which are executed in the Blockchain network. This provides applications with no downtime and high censorship resistance. Based on the Blockchain technology and on smart contracts a messenger was developed.
Weiter lesen…

13

July

2017

Rich End-to-End Encryption

Kategorie: eGovernment

The recent project “Skytrust” being about moving the cryptographic key data from the application to an external service succeeded in relieving the cryptographic key data itself from unwanted attention. However, authentication data used to authorise key usage takes its place in being the weak point. These data are collected by the application and forwarded suitably – hence, the application has access to the now very sensitive authentication data. A better approach would be to also collect the authentication data outside the application. An intermediate authentication data collector service between application and key service is necessary to achieve the functionality. An intermediate, however, calls for end-to-end encryption. The challenge is to collect and route the authentication data without the need for breaking the end-to-end encrypted communication, while being able to add the data.

Weiter lesen…

LOD and LOV for Authorization Concepts

Kategorie: eGovernment

Linked Open Data (LOD) and Linked Open Vocabularies (LOV) deal with the definition of reusable concepts, models, and architectures that facilitate the integration of data and services on a web scale. With the ever-growing heterogeneity of available standards and implementation approaches, such integration faces various barriers that make this process costly and less effective in practice. Open and reusable vocabularies aim to lower these barriers by providing the foundations for conceptual annotations that allow the abstraction and bridging of concepts among different entities and domains in reusable, scalable and machine-readable manner. LOV, as one of the initiatives supporting the underlying paradigm, has emerged from the DataLift project and is supported by the Open Knowledge Foundation. LOV today represents the largest dataset that systematically gathers, analyzes and presents data about semantic vocabularies from different domains.

Weiter lesen…