scholarly journals A holistic analysis of web-based public key infrastructure failures: comparing experts' perceptions and real-world incidents

2021 ◽  
Vol 7 (1) ◽  
Author(s):  
Hilda Hadan ◽  
Nicolas Serrano ◽  
L Jean Camp
Keyword(s):  
Computer Security ◽  
Real World ◽  
Public Key Infrastructure ◽  
Mitigation Strategies ◽  
Public Key ◽  
Web Based ◽  
Academic Literature ◽  
Underlying Causes ◽  
Holistic Analysis ◽  
The Web

Abstract Public key infrastructure (PKI) is the foundation of secure and trusted transactions across the Internet. This paper presents an evaluation of web-based PKI incidents in two parts. We began with a qualitative study where we captured security and policy experts' perceptions of PKI in a set of interviews. We interviewed 18 experts in two conferences who include security academics and practitioners. We describe their perceptions of PKI failures. To evaluate whether perceived failures match real documented failures, we conducted a quantitative analysis of real-world PKI incidents on the web since 2001. Our data comprise reports from Bugzilla, root program operators, academic literature, security blogs, and the popular press. We determined the underlying causes of each and reported the results. We identified a gap between experts' perceptions and real-world PKI incidents. We conclude that there are significant sources of failures of PKI that neither the usability nor traditional computer security community is engaging, nor can arguably engage separately. Specifically, we found incidents illustrate systematic weaknesses of organizational practices that create risks for all who rely upon PKI. More positively, our results also point to organizational and configuration choices that could avoid or mitigate some of these risks. Thus, we also identify immediate mitigation strategies (where feasible).

scholarly journals Tensions Within the Ministry of Provenance: Reflections on Co-Creating a Research Game Together With Artists

2018 ◽  
Vol 50 (3) ◽  
pp. 329-358 ◽  
Author(s):  
Richard Wetzel ◽  
Khaled Bachour ◽  
Martin Flintham
Keyword(s):  
Game Design ◽  
Collaborative Research ◽  
Research Agenda ◽  
High Impact ◽  
Mitigation Strategies ◽  
Web Based ◽  
Related Research ◽  
Artistic Vision ◽  
Research Questions ◽  
The Web

Background. Research games are challenging to design as they seek to fulfil a research agenda as well as work as a game. We have successfully collaborated with a group of artists in a research game about people’s perception of provenance called The Apocalypse of the Ministry of Provenance (MoP). The web-based game ran for 6 months with a total of 1004 players signing up over its lifetime with 490 consenting to their data being used for research purposes. While the game allowed us to answer our provenance-related research questions, in this article we look at the game design process of such a collaborative research game. Aim. The co-creation approach created tensions that had to be carefully negotiated between everyone involved. The purpose of this article is to investigate the nature of these tensions, what has caused them, and how we managed (or failed) to mitigate them. This leads to recommendations for future researchers co-creating a research game with artists. Method. We use the form of a post-mortem reflection on the development of the game, based on our own experiences, a one-hour long interview with the two artists involved, and post-game phone interviews with players (n=8). Results. We identify the following three tensions that had a high impact on the overall process: 1) Translating research questions into engaging gameplay elements; 2) Creation of research-relevant content by artists; 3) Artistic vision conflicting with research agenda. We contextualize these tensions by describing six vignettes concerning our collaboration in rich detail that highlight the salient issues of the overall process and resulting game from different perspectives. Lastly, we present seven mitigation strategies on how to deal with the tensions or prevent them from arising. Conclusions. A collaboration with artists for the purpose of creating a research game is a rewarding but also challenging process. Overcoming the resulting tensions is possible by utilizing mitigation strategies that need to be implemented jointly between researchers and artists to guarantee the success as an engaging research game.

Design Guidelines for Web-Based Courses

2000 ◽  
pp. 32-40 ◽  
Author(s):  
Zane L. Berge ◽  
Mauri Collins ◽  
Karen Dougherty
Keyword(s):  
Real World ◽  
Design Guidelines ◽  
Web Based ◽  
Course Content ◽  
Web Environment ◽  
Video Clips ◽  
Sound Effects ◽  
High Standards ◽  
Problem Solvers ◽  
The Web

Successful course creation for the Web environment means much more than the use of documents uploaded and electronically linked together. Course content should be designed specifically for use with an interactive, electronic medium that is capable of accommodating different types of audiovisual information (Porter, 1997, p. 128). This content can include video clips, animation, sound effects, music, voiceovers, photographs, drawings, and linked and unlinked pages. It means maintaining high standards of quality while promoting accessibility, motivation, and interactivity for students who are learning in this environment. Students in Web-based courses can become problem solvers involved in real-world problems as they take responsibility for their own learning.

Security Threats in Web-Powered Databases and Web Portals

2011 ◽  
pp. 869-874
Author(s):  
Theodoros Evdoridis
Keyword(s):  
Computer Security ◽  
Security Threats ◽  
Web Portals ◽  
Web Database ◽  
Confidential Information ◽  
Web Based ◽  
Vital Importance ◽  
Government Portal ◽  
Web Based System ◽  
The Web

It is a strongly held view that the scientific branch of computer security that deals with Web-powered databases (Rahayu & Taniar, 2002) than can be accessed through Web portals (Tatnall, 2005) is both complex and challenging. This is mainly due to the fact that there are numerous avenues available for a potential intruder to follow in order to break into the Web portal and compromise its assets and functionality. This is of vital importance when the assets that might be jeopardized belong to a legally sensitive Web database such as that of an enterprise or government portal, containing sensitive and confidential information. It is obvious that the aim of not only protecting against, but mostly preventing from potential malicious or accidental activity that could set a Web portal’s asset in danger, requires an attentive examination of all possible threats that may endanger the Web-based system.

Security Threats in Web-Powered Databases and Web Portals

2009 ◽  
pp. 2109-2117
Author(s):  
Theodoros Evdoridis ◽  
Theodoros Tzouramanis
Keyword(s):  
Computer Security ◽  
Security Threats ◽  
Web Portals ◽  
Web Database ◽  
Confidential Information ◽  
Web Based ◽  
Vital Importance ◽  
Government Portal ◽  
Web Based System ◽  
The Web

It is a strongly held view that the scientific branch of computer security that deals with Web-powered databases (Rahayu & Taniar, 2002) than can be accessed through Web portals (Tatnall, 2005) is both complex and challenging. This is mainly due to the fact that there are numerous avenues available for a potential intruder to follow in order to break into the Web portal and compromise its assets and functionality. This is of vital importance when the assets that might be jeopardized belong to a legally sensitive Web database such as that of an enterprise or government portal, containing sensitive and confidential information. It is obvious that the aim of not only protecting against, but mostly preventing from potential malicious or accidental activity that could set a Web portal’s asset in danger, requires an attentive examination of all possible threats that may endanger the Web-based system.

scholarly journals CRYPTOGRAPHY USED IN WHATSAPP

2020 ◽  
Author(s):  
Anushka Xavier K
Keyword(s):  
Crucial Role ◽  
Public Key ◽  
Web Based ◽  
Private Key ◽  
Privacy Breach ◽  
Cross Platform ◽  
End To End ◽  
The Web ◽  
Taking Care

In this era people are closely connected to each other using technology.Messaging services a plays a crucial role in this process.For this, WhatsApp Messenger being an exclusive cross-platform that allows to exchange text, files as well as audio and video messages.WhatsApp has 1.5 billion dynamic clients in 180 nations.However, being such a well liked application,taking care of privacy breach is very salient. It is necessary that the application protects clients confidentiality and authenticity. Thus, to give assurance and stealth to client, for the most part cryptography is utilized as a spine of the web based exchanges. WhatsApp utilizes End-to-End Encryption technique and uses various protocols (Signal protocol etc.) and keys (public key, private key etc.) along with algorithm like Curve25519.In this era people are closely connected to each other using technology.Messaging services a plays a crucial role in this process.For this, WhatsApp Messenger being an exclusive cross-platform that allows to exchange text, files as well as audio and video messages.WhatsApp has 1.5 billion dynamic clients in 180 nations.However, being such a well liked application,taking care of privacy breach is very salient. It is necessary that the application protects clients confidentiality and authenticity. Thus, to give assurance and stealth to client, for the most part cryptography is utilized as a spine of the web based exchanges. WhatsApp utilizes End-to-End Encryption technique and uses various protocols (Signal protocol etc.) and keys (public key, private key etc.) along with algorithm like Curve25519.

Security Threats in Web-Powered Databases and Web Portals

2011 ◽  
pp. 424-449
Author(s):  
Theodoros Evdoridis
Keyword(s):  
Computer Security ◽  
Security Threats ◽  
Web Portals ◽  
Web Database ◽  
Confidential Information ◽  
Web Based ◽  
Vital Importance ◽  
Government Portal ◽  
Web Based System ◽  
The Web

It is a strongly held view that the scientific branch of computer security that deals with Web-powered databases (Rahayu & Taniar, 2002) than can be accessed through Web portals (Tatnall, 2005) is both complex and challenging. This is mainly due to the fact that there are numerous avenues available for a potential intruder to follow in order to break into the Web portal and compromise its assets and functionality. This is of vital importance when the assets that might be jeopardized belong to a legally sensitive Web database such as that of an enterprise or government portal, containing sensitive and confidential information. It is obvious that the aim of not only protecting against, but mostly preventing from potential malicious or accidental activity that could set a Web portal’s asset in danger, requires an attentive examination of all possible threats that may endanger the Web-based system.

PENERAPAN METODE PROTOTYPING PADA PERANCANGAN APLIKASI SPPD KPPN MEDAN II BERBASIS WEBSITE

2019 ◽  
Vol 11 (1) ◽  
pp. 8-19
Author(s):  
Crystal Jelita Lumban Tobing
Keyword(s):  
Time Saving ◽  
Web Based ◽  
Government Organization ◽  
Manual Method ◽  
Microsoft Word ◽  
Ministry Of Finance ◽  
The Government ◽  
The City ◽  
Employee Data ◽  
The Web

 KPPN Medan II is one of the government organization units at the Ministry of Finance. Where leaders and employees who work at KPPN Medan II always carry out official trips between cities and outside the city. With these conditions, making SPPD documents experiencing the intensity of official travel activities carried out by employees of KPPN Medan II can be said frequently. So that in making SPPD in KPPN Medan II is still using the manual method that is recording through Microsoft Word which in the sense is less effective and efficient. In naming employees who get official assignments, officers manually entering employee data that receives official travel letters are prone to being lost because data is manually written. The web-based SPPD application is built by applying this prototyping method which is expected to facilitate SPPD KPPN Medan II management officers in making SPPD that is effective, efficient, accurate, time-saving, and not prone to losing SPPD data of KPPN Medan II employees who will has made official trips due to the existence of a special database to accommodate all SPPD files.

Sign in / Sign up

Export Citation Format

Share Document