scholarly journals Securing Open Banking with Model-View-Controller Architecture and OWASP

2021 ◽  
Vol 2021 ◽  
pp. 1-13
Author(s):  
Deina Kellezi ◽  
Christian Boegelund ◽  
Weizhi Meng
Keyword(s):  
Data Storage ◽  
Web Applications ◽  
Service Providers ◽  
Third Party ◽  
Security Level ◽  
The European Union ◽  
Security Measures ◽  
Security Issues ◽  
Separation Of Concern ◽  
The Right

In 2015, the European Union passed the PSD2 regulation, with the aim of transferring ownership of bank accounts to the private person. As a result, Open Banking has become an emerging concept, which provides third-party financial service providers open access to bank APIs, including consumer banking, transaction, and other financial data. However, such openness may also incur many security issues, especially when the data can be exposed by an API to a third party. Focused on this challenge, the primary goal of this work is to develop one innovative web solution to the market. We advocate that the solution should be able to trigger transactions based on goals and actions, allowing users to save up money while encouraging positive habits. In particular, we propose a solution with an architectural model that ensures clear separation of concern and easy integration with Nordea’s (the largest bank in the Nordics) Open Banking APIs (sandbox version), and a technological stack with the microframework Flask, the cloud application platform Heroku, and persistent data storage layer using Postgres. We analyze and map the web application’s security threats and determine whether or not the technological frame can provide suitable security level, based on the OWASP Top 10 threats and threat modelling methodology. The results indicate that many of these security measures are either handled automatically by the components offered by the technical stack or are easily preventable through included packages of the Flask Framework. Our findings can support future developers and industries working with web applications for Open Banking towards improving security by choosing the right frameworks and considering the most important vulnerabilities.

scholarly journals DCSS Protocol for Data Caching and Sharing Security in a 5G Network

Network ◽  
2021 ◽  
Vol 1 (2) ◽  
pp. 75-94
Author(s):  
Ed Kamya Kiyemba Edris ◽  
Mahdi Aiash ◽  
Jonathan Loo
Keyword(s):  
Mobile Networks ◽  
Service Providers ◽  
Security Analysis ◽  
Mobile Network ◽  
End Users ◽  
Third Party ◽  
Control Mechanisms ◽  
Security Measures ◽  
Data Caching ◽  
Pi Calculus

Fifth Generation mobile networks (5G) promise to make network services provided by various Service Providers (SP) such as Mobile Network Operators (MNOs) and third-party SPs accessible from anywhere by the end-users through their User Equipment (UE). These services will be pushed closer to the edge for quick, seamless, and secure access. After being granted access to a service, the end-user will be able to cache and share data with other users. However, security measures should be in place for SP not only to secure the provisioning and access of those services but also, should be able to restrict what the end-users can do with the accessed data in or out of coverage. This can be facilitated by federated service authorization and access control mechanisms that restrict the caching and sharing of data accessed by the UE in different security domains. In this paper, we propose a Data Caching and Sharing Security (DCSS) protocol that leverages federated authorization to provide secure caching and sharing of data from multiple SPs in multiple security domains. We formally verify the proposed DCSS protocol using ProVerif and applied pi-calculus. Furthermore, a comprehensive security analysis of the security properties of the proposed DCSS protocol is conducted.

scholarly journals An enhanced security tree to secure cloud data

2017 ◽  
Vol 7 (1.1) ◽  
pp. 64 ◽  
Author(s):  
S. Renu ◽  
S.H. Krishna Veni
Keyword(s):  
Data Storage ◽  
Binary Tree ◽  
Data Encryption ◽  
Third Party ◽  
Data Outsourcing ◽  
Cloud Data ◽  
Security Issues ◽  
Security Services ◽  
Computing Services ◽  
User Data

The Cloud computing services and security issues are growing exponentially with time. All the CSPs provide utmost security but the issues still exist. Number of technologies and methods are emerged and futile day by day. In order to overcome this situation, we have also proposed a data storage security system using a binary tree approach. Entire services of the binary tree are provided by a Trusted Third Party (TTP) .TTP is a government or reputed organization which facilitates to protect user data from unauthorized access and disclosure. The security services are designed and implemented by the TTP and are executed at the user side. Data classification, Data Encryption and Data Storage are the three vital stages of the security services. An automated file classifier classify unorganized files into four different categories such as Sensitive, Private, Protected and Public. Applied cryptographic techniques are used for data encryption. File splitting and multiple cloud storage techniques are used for data outsourcing which reduces security risks considerably. This technique offers  file protection even when the CSPs compromise. 

Security Aspects in Cloud Computing

2018 ◽  
pp. 54-76
Author(s):  
Tabassum N. Mujawar ◽  
Ashok V. Sutagundar ◽  
Lata L. Ragha
Keyword(s):  
Cloud Computing ◽  
Service Providers ◽  
Cloud Service ◽  
Third Party ◽  
Storage Security ◽  
Security Issues ◽  
Access Control Mechanism ◽  
And Storage ◽  
Privacy Issues ◽  
Different Levels

Cloud computing is recently emerging technology, which provides a way to access computing resources over Internet on demand and pay per use basis. Cloud computing is a paradigm that enable access to shared pool of resources efficiently, which are managed by third party cloud service providers. Despite of various advantages of cloud computing security is the biggest threat. This chapter describes various security concerns in cloud computing. The clouds are subject to traditional data confidentiality, integrity, availability and various privacy issues. This chapter comprises various security issues at different levels in environment that includes infrastructure level security, data level and storage security. It also deals with the concept of Identity and Access Control mechanism.

Advanced Data Storage Security System for Public Cloud

2020 ◽  
Vol 3 (2) ◽  
pp. 21-30
Author(s):  
Jitendra Kumar ◽  
Mohammed Ammar ◽  
Shah Abhay Kantilal ◽  
Vaishali R. Thakare
Keyword(s):  
Cloud Computing ◽  
Data Storage ◽  
Dynamic Capabilities ◽  
Data Transfer ◽  
Service Providers ◽  
Open Systems ◽  
Cloud Infrastructure ◽  
Great Loss ◽  
Security Issues ◽  
Data Auditing

Cloud is a collective term for a large number of developments and possibilities. Various data can be stored by the large amount of people onto the cloud storage facility without any bound of limitations as it provides tremendous space. Open systems like Android (Google Apps) still face many day- to-day security threats or attacks. With recent demand, cloud computing has raised security concerns for both service providers and consumers. Major issues like data transfer over wireless network across the globe have to be protected from unauthorized usage over the cloud as altered data can lead to great loss. In this regard, data auditing along with integrity, dynamic capabilities, and privacy preserving, and plays as an important role for preventing data from various cloud attacks which is considered in this work. The work also includes efficient auditor which plays a crucial role in securing the cloud environment. This paper presents a review on the cloud computing concepts and security issues inherent within the context of cloud computing and cloud infrastructure.

scholarly journals A Cloud-User Protocol Based on Ciphertext Watermarking Technology

2017 ◽  
Vol 2017 ◽  
pp. 1-14 ◽  
Author(s):  
Keyang Liu ◽  
Weiming Zhang ◽  
Xiaojuan Dong
Keyword(s):  
Cloud Computing ◽  
Service Providers ◽  
Hamming Distance ◽  
Cloud Service ◽  
Third Party ◽  
Plain Text ◽  
Privacy Leakage ◽  
Cloud Computing Service ◽  
The Right ◽  
Cloud User

With the growth of cloud computing technology, more and more Cloud Service Providers (CSPs) begin to provide cloud computing service to users and ask for users’ permission of using their data to improve the quality of service (QoS). Since these data are stored in the form of plain text, they bring about users’ worry for the risk of privacy leakage. However, the existing watermark embedding and encryption technology is not suitable for protecting the Right to Be Forgotten. Hence, we propose a new Cloud-User protocol as a solution for plain text outsourcing problem. We only allow users and CSPs to embed the ciphertext watermark, which is generated and embedded by Trusted Third Party (TTP), into the ciphertext data for transferring. Then, the receiver decrypts it and obtains the watermarked data in plain text. In the arbitration stage, feature extraction and the identity of user will be used to identify the data. The fixed Hamming distance code can help raise the system’s capability for watermarks as much as possible. Extracted watermark can locate the unauthorized distributor and protect the right of honest CSP. The results of experiments demonstrate the security and validity of our protocol.

A quest for consistency in the law of commercial agency. Loss of the right to remuneration in Polish and European law

2017 ◽  
Vol 71 (0) ◽  
pp. 0-0
Author(s):  
Piotr Sitnik
Keyword(s):  
Case Law ◽  
Third Party ◽  
European Law ◽  
The European Union ◽  
The Third ◽  
Court Of Justice ◽  
Council Directive ◽  
European Standards ◽  
Polish Law ◽  
The Right

In a recent judgment in ERGO Poist’ovňa, a.s. v Alžbeta Barlíková, the Court of Justice of the European Union attempted to clarify the ambit of Article 11 of Council Directive of 18 December 1986 on the coordination of the laws of the Member States relating to self-employed commercial agents, that is the circumstances where a commercial agent’s right to remuneration may be extinguished should a negotiated transaction not be executed between the principal and the client. Notably, the Court held that in the event of even partial non-execution of a negotiated contract between the principal and the third party client, provided it happened due to no fault on the part of the principal, the agent’s right to commission is proportionately extinguished. The paper discusses the judgment in the light of previous CJEU case law and the Polish transposition of the said European standards with a view to finding any potential divergences between the two. The paper notes two problems. First, Polish law, as opposed to Slovak law, does not recognize an automatic termination of an insurance contract in the event of default on the part of the customer. Conversely, whether such an effect eventuates is left to contractual discretion of the parties. Second, Polish courts have been recently willing to substitute unjust enrichment for contractual liability even where, it appears, complainants have valid claims under Article 7614 of the Civil Code.

On Data Security and Encryption Algorithms in Cloud Environment

2014 ◽  
Vol 701-702 ◽  
pp. 1106-1111 ◽  
Author(s):  
Xin Zheng Zhang ◽  
Ya Juan Zhang
Keyword(s):  
Cloud Computing ◽  
Data Storage ◽  
Data Security ◽  
Service Providers ◽  
Cloud Service ◽  
Working Environment ◽  
Cloud Environment ◽  
Cloud Data ◽  
Security Issues ◽  
Encryption Algorithms

As information and processes are migrating to the cloud, Cloud Computing is drastically changing IT professionals’ working environment. Cloud Computing solves many problems of conventional computing. However, the new technology has also created new challenges such as data security, data ownership and trans-code data storage. We discussed about Cloud computing security issues, mechanism, challenges that Cloud service providers and consumers face during Cloud engineering. Based on concerning of security issues and challenges, we proposed several encryption algorithms to make cloud data secure and invulnerable. We made comparisons among DES, AES, RSA and ECC algorithms to find combinatorial optimization solutions, which fit Cloud environment well for making cloud data secure and not to be hacked by attackers.

scholarly journals PROTECTION OF ECONOMIC COMPETITION: AN OVERVIEW OF THE LATEST LEGISLATIVE NOVELTIES

2019 ◽  
pp. 165-171
Author(s):  
Sergii Shkliar ◽  
Olha Bulaieva
Keyword(s):  
Decision Making ◽  
European Union ◽  
Procedural Justice ◽  
Third Party ◽  
The European Union ◽  
Economic Competition ◽  
Time Limits ◽  
The Third ◽  
The Law ◽  
The Right

Purpose. The article is dedicated to the analysis of the main changes introduced by the Law of Ukraine “On Amendments to Some Laws of Ukraine ensuring the principles of procedural justice and increasing the efficiency of proceedings in cases of violations of the legislation on the protection of economic competition”. Methods. Law of Ukraine “On Amendments to Some Laws of Ukraine ensuring the principles of procedural justice and increasing the efficiency of proceedings in cases of violations of the legislation on the protection of economic competition” proposes the implementation of several novelties. Among them are: the restriction for the Antimonopoly Committee of Ukraine by certain time limits for considering cases; possibility of extension of the term for consideration of cases by decision of the Committee’s State Commissioner or head of a territorial office; renewal of deadlines for consideration of cases where the respondent is replaced or a co-respondent is involved; provision for the consequences of missing the deadlines for considering cases and also the mechanism of consultations during the consideration of a case, which may be appointed either on the initiative of the Antimonopoly Committee of Ukraine or on the motion of interested persons. Results. The abovementioned amendments will influence the existing system of economic competition protection in a serious way. Among the changes are: – the fine for delayed payment of a fine imposed by the Antimonopoly Committees of Ukraine decision on violation of the legislation on the protection of economic competition is cancelled; – the member of the Antimonopoly Committee of Ukraine who conducted or organized an investigation is deprived of the right to vote in the process of decision-making in the respective case; – the procedure for holding hearings is defined; – recusals and self-recusals are envisaged for the Antimonopoly Committee of Ukraine officers; – the grounds for acquiring the third-party status in a case are changed; – the rights of persons involved in the case are specified and expanded. An important remark of the Law of Ukraine “On Amendments to Some Laws of Ukraine ensuring the principles of procedural justice and increasing the efficiency of proceedings in cases of violations of the legislation on the protection of economic competition” is that a person that is exempted from liability or whose fine is reduced shall still be liable for damage caused by the violation to other persons. Conclusions. As a result, Law of Ukraine “On Amendments to Some Laws of Ukraine ensuring the principles of procedural justice and increasing the efficiency of proceedings in cases of violations of the legislation on the protection of economic competition” is expected to become an important step forward in increasing the effectiveness of investigations into violations of the legislation on the protection of economic competition. It can also be regarded as the next step to harmonize Ukrainian legislation with the European Union acquis.

scholarly journals Identification of Various Security Issues, Threats and A Novel Service Model in Cloud Computing

2020 ◽  
Vol 10 (1) ◽  
pp. 321-325
Keyword(s):  
Cloud Computing ◽  
Cloud Storage ◽  
Sudden Change ◽  
Third Party ◽  
Security And Privacy ◽  
Security Measures ◽  
Computing Technology ◽  
Service Model ◽  
Cloud Data ◽  
Security Issues

Cloud Computing is a robust, less cost, and an effective platform for providing services. Nowadays, it is applied in various services such as consumer business or Information Technology (IT) carried over the Internet. This cloud computing has some risks of security because, the services which are required for its effective compilation is outsources often by the third party providers. This makes the cloud computing more hard to maintain and monitor the security and privacy of data and also its support. This sudden change in the process of storing data towards the cloud computing technology improved the concerns about different issues in security and also the various threats present in this cloud storage. In the concept of security in cloud storage, various threats and challenges are noted by recent researchers. Hence, an effective framework of providing security is required. The main aim of this paper is to analyze various issues in securing the cloud data threats present in the cloud storage and to propose a novel methodology to secure it. This paper also identifies the most crucial components that can be incorporated in the already existing security measures while designing the storage systems based on cloud. This study also provides us to identify all the available solutions for the challenges of security and privacy in cloud storage.

Dynamic Public Data Auditing Schemes on Cloud: A Survey

2018 ◽  
Vol 8 (1) ◽  
pp. 76 ◽  
Author(s):  
R.Santha Maria Rani ◽  
Dr.Lata Ragha
Keyword(s):  
Cloud Computing ◽  
Data Storage ◽  
Service Providers ◽  
Hash Table ◽  
Cloud Service ◽  
Third Party ◽  
Cloud Data ◽  
Merkle Hash Tree ◽  
Public Data ◽  
Data Auditing

Cloud computing provides elastic computing and storage resource to users. Because of the characteristic the data is not under user’s control, data security in cloud computing is becoming one of the most concerns in using cloud computing resources. To improve data reliability and availability, Public data auditing schemes is used to verify the outsourced data storage without retrieving the whole data. However, users may not fully trust the cloud service providers (CSPs) because sometimes they might be dishonest. Therefore, to maintain the integrity of cloud data, many auditing schemes have been proposed. In this paper, analysis of various existing auditing schemes with their consequences is discussed.  Keywords: — Third Party Auditor (TPA), Cloud Service Provider (CSP), Merkle-Hash Tree (MHT), Provable data Possession (PDP), Dynamic Hash Table (DHT).

Sign in / Sign up

Export Citation Format

Share Document