icegov2012 proceedings

Recommendations

Info

charge are either not aware of the Secure Platform Problem or the approaches are not known enough, yet. This is not surprising as there is no comprehensive document describing the different concepts including their advantages and disadvantages as well as the remaining risks. This work aims to narrow this gap. We present a taxonomy to categorize existing approaches and define criteria, an adequate solution for the Secure Platform Problem should meet. Furthermore, we provide an overview of existing proposals to address the Secure Platform Problem proposed for different applications and analyze them according to the previously defined criteria. Furthermore, we intend to raise awareness for this problem that is mostly neglected and to support decision makers in electronic government projects with an overview of the currently most relevant approaches to meet the Secure Platform Problem including their limitations. Additionally it should encourage developers to integrate one or more of these approaches in their products, and researchers to find more adequate solutions. 1.1 Related Work To our knowledge, no comprehensive overview and discussion of solution approaches for the Secure Platform Problem exists. However there are few works addressing subsets of existing approaches. The author of [32] describes and compares five different approaches to address the problem. The discussion is brief and does only address a fraction of the approaches discussed in this work. [19] provides a good introduction and overview of the Secure Platform Problem. The author classifies some meaningful approaches and concludes that dedicated hardware devices can provide the highest security level against the Secure Platform Problem while he does not analyze this branch of solutions in any detail due to the expected costs for development, distribution and maintenance. The common conclusion of the above authors is that none of the existing approaches is applicable for large-scale elections. 1.2 Structure of this Work Section 2 provides an overview of the Secure Platform Problem. We introduce a new informal adversary model and express the adversary’s capabilities. In Sect. 3 we formulate the criteria we used to discuss the different existing solution approaches as well as a simple taxonomy, which serves to classify the approaches in Sects. 4 – 6. Section 7 concludes this work and summarizes some open issues for future work. 2. PROBLEM DESCRIPTION In this section, we explain the Secure Platform Problem and define a new adequate adversary model. In the context of security critical communication an adversary’s ultimate goal is to violate confidentiality and/or integrity of messages sent and received by users. For the purpose of this paper we define a powerful adversary capable of entirely controlling the platform of the user. Thus, the adversary does not only control the network between the user’s computing platform and the 411 authority’s trusted server, but also acts as the user’s interface to the network. We abstract from the untrusted platform and assume it to be part of the adversary-controlled network. Communication takes place between the user and the adversary as well as between the server and the adversary. Hence, all communication between the user and the server is sent through the adversary. Note that the user is not a machine but human and thus is very limited in terms of computation power and memory. Fig. 1 depicts our adversary model. This model extends the common formal protocol analysis models based on the well-known Dolev-Yao-style adversary [8]. User Trust-base Untrusted Platform Adversary Server Figure 1. Secure Platform Problem Adversary Model We add a trust-base to our model, in order to address those approaches, which introduce techniques to execute certain trustworthy functionality outside the influence of the adversary. The functionality and especially the communication capabilities of the trust-base depend on the individual approaches as well as on the respective implementation details. Since we focus on the client-side Secure Platform Problem only, we assume the server-side as well as the user to be trustworthy. More specifically, we do not consider the case where users intend to collaborate with the adversary as it would be the case for vote selling in internet voting. Furthermore we do not take into account the adversary to be physically present to influence the user. Our adversary model yields the following capabilities. We recap the fundamental capabilities of the Dolev-Yao adversary and extend them with human capabilities. In particular we assume that the adversary: o can learn messages sent from the user to the untrusted platform; o can learn messages sent from the server to the network and further to an untrusted platform; o can learn messages sent from the trust-base to an untrusted platform or directly to the network; o can drop messages to replace them with own messages 1 ; o can manipulate and fabricate arbitrary messages according to publicly known knowledge and previously sent messages; o can perform every publicly known function; o knows all implementation details of all used systems; o can act as a human 2 . 1 We do not consider denial-of-service attacks in this work. 2 Note, for example, that strategies against Completely Automated Public Turing tests to tell Computers and Humans Apart (CAPTCHAs) exist.
Although the above assumptions describe a powerful adversary, the capabilities are limited. In particular, the adversary: o cannot break cryptography; o cannot overhear or manipulate communication between the user and the trust-base; o cannot access knowledge dedicated to the user, the trust-base or the server; o cannot manipulate the trust-base. 3. EXISTING APPROACHES In this section, we introduce the properties that will be used to later on discuss and compare existing approaches. While we are mainly interested in confidentiality and integrity of messages, we settle for the following more precise definitions and describe how they are related. Note that the following criteria and taxonomy hold for security-critical systems in general. However, we will take internet voting and corresponding solutions as an example to discuss the different approach classes in Sects. 4 – 6. 3.1 Criteria While we are mainly interested in confidentiality and integrity of messages, we settle for the following more precise definitions and describe how they are related. 3.1.1 Confidentiality An approach supports user-to-server-secrecy if it is not possible for the adversary to learn a secret that the user submitted to server. This means that the user has the opportunity to submit a message secretly to the authority’s server and hence privacy holds. 3.1.2 Integrity If it is possible for the server to verify the integrity and authenticity of a received message with respect to the user-sent message, we say the approach supports user-to-server-integrity. Note that individual verifiability in internet voting allows the voter to verify that the server correctly received the voter’s ballot. But this is not enough to ensure vote integrity since the voter must also be given the possibility to complain in the case the verification fails. Moreover, individual verifiability also requires integrity and authenticity of messages sent from the server to the user in order for the user to be able to verify what message the server actually received. From the authority’s perspective, vote integrity is then given by the fact that the user did not complain. 3.1.3 Further Criteria Especially but not exclusively in internet voting, an application should provide anonymity. We say an approach supports useranonymity if it is not possible for the adversary to reveal the origin of a message sent to the server. Note that it is possible for a user to send messages that are not secret but cannot be linked to the sender and thus privacy holds too. Beside security properties other non-functional properties such as user-friendliness, cost-efficiency, and practicality for large-scale settings must be considered as well. Although we focus on security, we also discuss these properties where it applies but we do not define any measurement for that. 412 3.2 Taxonomy of Approaches Following, we propose a taxonomy to give an overview and to classify the different approaches. In scientific literature mainly two different classes of solutions for the Secure Platform Problem can be found. While one class aims to make the platform trustworthy, the other class of approaches assumes the user’s platform to be insecure. See Fig. 2 for an overview of the classes that are covered in this work. In the following sections we refer to this taxonomy, summarize concrete examples, and discuss them according to the above criteria. Particularly, Sect. 4 examines approaches to make the platform trustworthy. Approaches distrusting the user’s platform are discussed in Sect. 5, where we summarize approaches without trusted devices and Sect. 6, where we discuss solutions based on dedicated trusted devices. Trusted Computing Bootable Clean OS Trustworthy Platform (Sect. 4) Humancomputer Crypto Guidelines and Education Solution Approaches Codebook Crypto Distrusted Platform w/o Trusted Devices (Sect. 5) Trusted Devices (Sect. 6) Procedural Standalone Connected Figure 2. Taxonomy of Analyzed Approaches 4. TRUSTWORTHY PLATFORM Approaches in this category aim to improve the user’s platform integrity in a way that it becomes trustworthy. These approaches lead to the situation where the platform becomes the trust-base and users no longer access the communication interface to the adversary. 4.1 Trusted Computing The key idea of applying Trusted Computing [29] techniques to overcome the Secure Platform Problem is to use an appropriate security architecture based on a security kernel and special Trusted Computing hardware. [1] and [33] discuss the application of this approach for internet voting in detail. Trusted Computing efficiently overcomes malicious software on the user’s computing platform because an eligible message can only be created after successful verification of the system’s integrity. However, there are still open problems with Trusted Computing, such as in remote attestation [31]. Moreover, the concept is not widespread enough, users might already have a personal computer with integrated Trusted Platform Module but the security architecture and security kernel are still missing. It is questionable whether or not this technique will be applied on a large scale in near future. However, the approach would allow convenient and user-friendly solutions for secure services, even for internet voting as this would all run in the background. 4.2 Bootable Clean Operating System Otten [22] recommended developing a special voting operating system based on an open-source operating system that boots and runs directly from a read-only data medium such as a CD or DVD. This medium would then be distributed to all users. After having received, users need to configure their computer to boot
Page 1:
2012 ALBANY, NEW YORK UNITED STATES
Page 4 and 5:
Foreword The 6 th International Con
Page 6 and 7:
Table of Contents Forward .........
Page 8 and 9:
Session 10: ICTs & Governance Trans
Page 10 and 11:
o Revival of Farming Community with
Page 12 and 13:
International Steering Committee Jo
Page 14 and 15:
Jim DAVIES, Computing Laboratory, U
Page 16:
Session 1 Open Government Data
Page 19 and 20:
the combination of their moral sent
Page 21 and 22:
involve the creation of a Network o
Page 23 and 24:
approach [28] to expose indicators
Page 25 and 26:
4. IMPLENTING PAR In order to come
Page 27 and 28:
conclusions that might arise rom th
Page 29 and 30:
6.3 Large Scale Implementation In r
Page 31 and 32:
Implementation Framework for Open D
Page 33 and 34:
2) Usage: Assessed by quantifying t
Page 35 and 36:
Increasing Kenyan Open Data Consump
Page 37 and 38:
insight into available data resourc
Page 39 and 40:
New Perspectives for Electronic Gov
Page 41 and 42:
Not without reason therefore that t
Page 43 and 44:
Another principle adopted by this s
Page 45 and 46:
access to public information, chang
Page 47 and 48:
Open Government 2.0: Citizen Empowe
Page 49 and 50:
As a third finding, we also found a
Page 51:
Session 2 E-democracy & Participati
Page 54 and 55:
two polarized (optimistic or utopia
Page 56 and 57:
through aggregating, shaping, and c
Page 58 and 59:
in-depth expert interviews, and wer
Page 60 and 61:
government made of citizens’ cont
Page 62 and 63:
[8] Putman, R.D. 1994. Making Democ
Page 64 and 65:
The third stream of studies reviewe
Page 66 and 67:
interests, gaining access to inform
Page 68 and 69:
2. THEORETICAL FOUNDATION 2.1 The P
Page 70 and 71:
epresentatives from the three main
Page 72 and 73:
While letters to the editor could b
Page 74 and 75:
person. Table 5: Public sphere char
Page 76 and 77:
[32] Yang, S., H. Lee, and S. Kurni
Page 78 and 79:
In March 2000, just a couple of mon
Page 80 and 81:
society the gap will close [2]. The
Page 83 and 84:
A New Roadmap for Next-Generation P
Page 85 and 86:
needs and the activities of policy-
Page 87 and 88:
[18] Moss, S., (2010). Policy Model
Page 89 and 90:
2.1. National digital inclusion exp
Page 91 and 92:
advanced initiatives specifically d
Page 93 and 94:
involved later [22]. Several instit
Page 95 and 96:
among lecturers and students parall
Page 97 and 98:
2. COMPARATIVE E-GOVERNMENT IN LATI
Page 99 and 100:
governments can innovate or be disc
Page 101 and 102:
2. E-GOVERNMENT AS IS 2.1. E-Govern
Page 103 and 104:
ankings on the formation of nationa
Page 106 and 107:
Framework for Useful Transparency W
Page 108 and 109:
are doing a good job overall in reg
Page 110 and 111:
The Circular Continuum of Agencies,
Page 112 and 113:
continue to rely on dial-up Interne
Page 114 and 115:
this time the authors continue to w
Page 116 and 117:
government agencies should consider
Page 118 and 119:
The critical success factors for we
Page 120 and 121:
include customers and competitors,
Page 122 and 123:
Websites or columns for MFWs In thi
Page 124 and 125:
According to our investigation, the
Page 126 and 127:
Construction of Inter-regional Publ
Page 128 and 129:
The Development of Public Smart Pho
Page 130 and 131:
Stage Description 1 st stage (Simpl
Page 132 and 133:
Understanding Citizens’ Perceptio
Page 134 and 135:
performance compared to those provi
Page 136:
Session 5 Information Sharing, Mode
Page 139 and 140:
arising as a result of these two bi
Page 141 and 142:
forms for the system. At the same t
Page 143 and 144:
further investigation of the relati
Page 145 and 146:
5.3.10 Commitment Both personal and
Page 147 and 148:
law. Virginia Journal of Internatio
Page 149 and 150:
available to others” [5]. Informa
Page 151 and 152:
conflict around information sharing
Page 153 and 154:
for understanding information polic
Page 155 and 156:
primarily on the information flows
Page 157 and 158:
On Public Service Provision Informa
Page 159 and 160:
employs workflow management technol
Page 161 and 162:
o Information. Represents any infor
Page 163 and 164:
common documents repository at the
Page 165 and 166:
Figure 15. Full model of Passport I
Page 167 and 168:
142
Page 169 and 170:
policies to prevent government agen
Page 171 and 172:
ecause the majority of the shared i
Page 174 and 175:
A Patent System Ontology for Facili
Page 176 and 177:
uilt on top of the semantics of RDF
Page 178 and 179:
dynamically derive relevancy based
Page 180 and 181:
Figure 6. Cross-‐Reference betw
Page 182 and 183:
Category II: After identifying some
Page 184 and 185:
[8] De Nicola, A., Missikoff, M. an
Page 186 and 187:
oral option, it also allows for a m
Page 188 and 189:
mapping of citizens would ensure un
Page 190 and 191:
Here the authors wish to extend the
Page 192 and 193:
http://www.ecp.gov.pk/Reports/SPStr
Page 194 and 195:
will enable to assess and confront
Page 196 and 197:
The underlying DeLP process is as f
Page 198 and 199:
Preparing for Digital Curation Gove
Page 200 and 201:
semester hours. Nine of the forty-f
Page 202 and 203:
REGNET: Regulatory Information Mana
Page 204 and 205:
Search Terms/ Concepts References D
Page 206 and 207:
4. COMPARATIVE STUDIES OF REGULATOR
Page 208 and 209:
1105.4 [6] Content of Section 1105.
Page 210 and 211:
Pollution Prevention Guide for Vehi
Page 213 and 214:
From Information-Poor to Informatio
Page 215 and 216:
To address the divide, specific gov
Page 217 and 218:
ICT for Development and the MuNet P
Page 219 and 220:
competencies and skills, contributi
Page 221 and 222:
ICT Policy in Africa - A Comparativ
Page 223 and 224:
essential and necessary to guide th
Page 225 and 226:
Kenya it is the minister for Inform
Page 227 and 228:
of existing Public Internet Access
Page 229 and 230:
the policy process e.g. formulation
Page 231 and 232:
Laggards or Victims of Socioeconomi
Page 233 and 234:
Figure 3. Facilities & Services Enj
Page 235 and 236:
Promoting user uptake of e-governme
Page 237 and 238:
It was also decided that it was nec
Page 239:
Session 8 Measurement 1
Page 242 and 243:
technology (IT) projects by governm
Page 244 and 245:
Gap = 5; The weak and unreliable In
Page 246 and 247:
6. ACKNOWLEDGEMENT We are grateful
Page 248 and 249:
aspects are hardly discussed as the
Page 250 and 251:
service level agreements. The inter
Page 252 and 253:
concensus of all participants, the
Page 254 and 255:
Furthermore, it is understood from
Page 256 and 257:
Mobile Technologies on the Internet
Page 258 and 259:
of mothers. Based on this reason, w
Page 260 and 261:
5.1.4 Precedence Plots Based on com
Page 262 and 263:
3 indicators are similar but not th
Page 264 and 265:
Latitude 10°�S 9°�S 8°�S 7
Page 266 and 267:
7. CONCLUSION According to ORDIT an
Page 268 and 269:
include but not limited to: payment
Page 270 and 271:
Categories Only XSS (%) Table 2: Di
Page 272 and 273:
From table 3, it can be deduced tha
Page 274:
Session 9 Social Media in Governmen
Page 277 and 278:
1. What kind of social media servic
Page 279 and 280:
4.2.1 Facebook Usage Figure 3. Perc
Page 281 and 282:
Government Crisis Communication on
Page 283 and 284:
estoration theory. He termed it as
Page 285 and 286:
Table 3. Strategies for Pre-crisis
Page 287 and 288:
accounts, among which seven message
Page 289 and 290:
information in the crisis event sta
Page 291 and 292:
Government Official Microblogs: An
Page 293 and 294:
It is worth mentioning that, while
Page 295 and 296:
Managing Chinese Government Microbl
Page 297 and 298:
due to their tremendous influence,
Page 299 and 300:
3. ACKNOWLEDGEMENT This research is
Page 301 and 302:
3) Established year: to specify the
Page 303 and 304:
Figure 6. Language used in Hong Kon
Page 306 and 307:
E-Government and Transformation of
Page 308 and 309:
and domestic as well as internation
Page 310 and 311:
4.6 Computerisation of Railway Tick
Page 312 and 313:
abysmally low (2.25). In addition t
Page 314 and 315:
Evaluating and Assessing a Typology
Page 316 and 317:
Exhaustiveness indicates that all c
Page 318 and 319:
Fig. 1 Spatial Unit Fig. 3. By whom
Page 320 and 321:
SUPPLEMENTARY TABLE 1. RESULT OF SE
Page 322 and 323:
Explaining the eGovernment Paradox:
Page 324 and 325:
eGovernment services to a large ext
Page 326 and 327:
policy agenda, as Heeks [10] says,
Page 328 and 329:
Implementation Plan’s outcomes an
Page 330 and 331:
Conference on eGovernment (pp. 90-9
Page 332 and 333:
Investigating the Relationships bet
Page 334 and 335:
hybrid or authoritarian regime. Bov
Page 336 and 337:
Technologies, Tools and Web 2.0 in
Page 338 and 339:
with resources, peers and experts w
Page 340 and 341:
cluster were: Court Clerks; Court,
Page 342 and 343:
(8 questions) and the third subpart
Page 344 and 345:
http://ux.brookdalecc.edu/governanc
Page 346 and 347:
the examination of the 311 program
Page 348 and 349:
3. CASE STUDY METHOD This study use
Page 350 and 351:
discuss departmental performance at
Page 352 and 353:
or laptop computers. Internet conne
Page 354 and 355:
[2] Anavitarte, L. and Tratz-Ryan,
Page 357 and 358:
A Literature Review: IT Governance
Page 359 and 360:
Interviewees Useful? Table 3. Inter
Page 361 and 362:
Assessment of Success Factors of e-
Page 363 and 364:
In view of different theoretical ap
Page 365 and 366:
approximate figure of 60% of intern
Page 367 and 368:
difference between its priority and
Page 369 and 370:
Computer Supported Contractor Selec
Page 371 and 372:
(2) conduction of the public auctio
Page 373 and 374:
E-Government Success Factors in the
Page 375 and 376:
creating different incentives and p
Page 377 and 378:
American and the Caribbean Institut
Page 379 and 380:
* Note: A 7-points Likert scale was
Page 381 and 382:
showed to be useful, for collecting
Page 383 and 384:
Public CIO, Figurehead or Decision-
Page 385 and 386:
4.2 Operative CIO The Operative CIO
Page 387:
Session 12 Implementation & Impact
Page 390 and 391:
NYSED is responsible for collecting
Page 392 and 393:
considered markers that are able to
Page 394 and 395:
many of the MDGs. The direct impact
Page 396 and 397:
strongly believed that local govern
Page 398 and 399:
Goal Variables Measurements 2 3 Com
Page 400 and 401:
Hypothesis Variables Endogenous Exo
Page 402 and 403:
[16] Joreskog, K.G., and Sorbom, D.
Page 404 and 405: GoN has addressed the challenge to
Page 406 and 407: Figures 6 and 7. Computer classes a
Page 408 and 409: ICT-enabled Delivery of Maternal He
Page 410 and 411: 3. E-HEALTH 3.1 ICTs and Health Com
Page 412 and 413: Chart 1 [40] GHANA - Total Telephon
Page 414 and 415: change their behaviour, improve the
Page 416 and 417: activities such as the MoTeCH partn
Page 418 and 419: If We Build it Will They Come? A Mi
Page 420 and 421: The methodology contains inherent l
Page 422 and 423: information about their broadband s
Page 424: Session 13 E-democracy & Participat
Page 427 and 428: attempt to influence future behavio
Page 429 and 430: Evidence shows that cognitive facto
Page 431 and 432: success factors for eParticipation[
Page 433 and 434: structure of the forum as well as t
Page 435 and 436: government as well as augmenting di
Page 437 and 438: Figure 1: Message content 4.3 Messa
Page 439 and 440: Figure 6: Associated levels 4.10 At
Page 441 and 442: improve the government management e
Page 443: Session 14 Information Structure
Page 446 and 447: 2. HEALTHCARE IN RURAL INDIA Health
Page 448 and 449: Cloud Data Center Internet Service
Page 450 and 451: Reliability of data: data collected
Page 452 and 453: Information System (NHIS). A Nation
Page 456 and 457: from this medium. Additional securi
Page 458 and 459: attacks require the adversary to ma
Page 460 and 461: actions with yet unknown recipients
Page 462: Session 15 Measurement 2
Page 465 and 466: 2. LITERATURE REVIEW 2.1 Electronic
Page 467 and 468: Among the main limitations and chal
Page 469 and 470: Furthermore, our study demonstrates
Page 471 and 472: E-Government Portals in Central Ame
Page 473 and 474: 13 Guadaloupe 31.74 14.19 14 Aruba
Page 475 and 476: Evolving e-Government Benchmarking
Page 477 and 478: judgments are made about the qualit
Page 479 and 480: percentage of online availability o
Page 481 and 482: methodology, and few national gover
Page 483 and 484: integrating them worth it? Because
Page 485 and 486: Impacts of the Public Procurement R
Page 487 and 488: Not all the municipalities have the
Page 489 and 490: 3. HYPHOTESIS AND RELEVANT QUESTION
Page 491 and 492: 58% of the buyers believe that the
Page 493 and 494: A strategy of evolution of the mark
Page 495: Posters
Page 498 and 499: Russian Federation legislative prop
Page 500 and 501: Figure 1. Document Flow and E-DRM P
Page 502 and 503: We further assume that each key tar
Page 504 and 505:
egion that is more representative o
Page 506 and 507:
2.2 C-DAC C-DAC’s PARAM series of
Page 508 and 509:
The Metropolitan Area Planning Coun
Page 510 and 511:
expanded functionality in three are
Page 512 and 513:
For each case, semi-structured inte
Page 514 and 515:
Figure 1. Comparative analysis on t
Page 516 and 517:
projects and their on-site images.
Page 518 and 519:
key challenges of Enterprise System
Page 520 and 521:
5. PART THREE: E GOVERNMENT APPLICA
Page 522 and 523:
Following the research objectives,
Page 524 and 525:
From Inter-Agency Information Shari
Page 526 and 527:
479
Page 528 and 529:
more and more valuable with the gro
Page 530 and 531:
Implementation of Integrated Tax Sy
Page 532 and 533:
Information Sharing in Inter-depart
Page 534 and 535:
Interagency Collaboration in Provid
Page 536 and 537:
489
Page 538 and 539:
noted. The list of basic e-services
Page 540 and 541:
the description of procedure for mo
Page 542 and 543:
Opportunities for Improving eGovern
Page 544 and 545:
Prioritization and Geo-Spatiotempor
Page 546 and 547:
[4] R.Bruggemann and Ganapati P. Pa
Page 548 and 549:
equirements. A direct communication
Page 550 and 551:
Stage - 2: Here the actual software
Page 552 and 553:
membership associations, recreation
Page 554 and 555:
Fig 1 : Agriculture Revolution 3. P
Page 556 and 557:
sector, private sector, and civil s
Page 558 and 559:
System For Measuring e-Gov: A Multi
Page 560 and 561:
The Digital Divide’s Devaluing of
Page 562 and 563:
[3] Coursey, D., & Norris, D.F. (20
Page 564 and 565:
In Brazil, electronic accessibility
Page 566 and 567:
2) The areas to which mobile and wi
Page 568 and 569:
2. OVERVIEW OF DISTRICT MAPPING The
Page 570 and 571:
3.4 Driving License Driving License
Page 572 and 573:
and socio-economic backgrounds. The
Page 574 and 575:
Figure - 2: eGovernment Implementat
Page 577 and 578:
Tutorial: Digital Curation for Publ
Page 579 and 580:
ut also provide sufficient detail o
Page 581 and 582:
ABM is known as a bottom-up simulat
Page 583 and 584:
5.2 Relation to Empirics “Where d
Page 585 and 586:
Larson, Elizabeth .................
show all

icegov2012 proceedings

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?