Identity and Privacy in the Internet Age

1. Front Matter

   PDF

2. Session 1: Anonymity and Privacy

   1. On the Effectiveness of Privacy Breach Disclosure Legislation in Europe: Empirical Evidence from the US Stock Market

      • Jan Muntermann, Heiko Roßnagel

      Pages 1-14

   2. Facilitating the Adoption of Tor by Focusing on a Promising Target Group

      • Heiko Roßnagel, Jan Zibuschka, Lexi Pimenides, Thomas Deselaers

      Pages 15-27

   3. A Parallelism-Based Approach to Network Anonymization

      • Igor Margasiński

      Pages 28-43

   4. Security Usability of Petname Systems

      • Md. Sadek Ferdous, Audun Jøsang, Kuldeep Singh, Ravishankar Borgaonkar

      Pages 44-59

3. Session 2: Modelling and Design

   1. An Analysis of Widget Security

      • Karsten Peder Holth, Do van Thuan, Ivar Jørstad, Do van Thanh

      Pages 60-71

   2. Trade-Offs in Cryptographic Implementations of Temporal Access Control

      • Jason Crampton

      Pages 72-87

   3. Blunting Differential Attacks on PIN Processing APIs

      • Riccardo Focardi, Flaminia L. Luccio, Graham Steel

      Pages 88-103

4. Session 3: Network Layer Security

   1. Characterising Anomalous Events Using Change - Point Correlation on Unsolicited Network Traffic

      • Ejaz Ahmed, Andrew Clark, George Mohay

      Pages 104-119

   2. An Improved Attack on TKIP

      • Finn M. Halvorsen, Olav Haugen, Martin Eian, Stig F. Mjølsnes

      Pages 120-132

5. Session 4: Security for Mobile Users

   1. ContikiSec: A Secure Network Layer for Wireless Sensor Networks under the Contiki Operating System

      • Lander Casado, Philippas Tsigas

      Pages 133-147

   2. A Mechanism for Identity Delegation at Authentication Level

      • Naveed Ahmed, Christian D. Jensen

      Pages 148-162

   3. Introducing Sim-Based Security Tokens as Enabling Technology for Mobile Real-Time Services

      • Heiko Roßnagel, Jan Muntermann

      Pages 163-178

   4. Towards True Random Number Generation in Mobile Environments

      • Jan Bouda, Jan Krhovjak, Vashek Matyas, Petr Svenda

      Pages 179-189

6. Session 5: Embedded Systems and Mechanisms

   1. Towards Modelling Information Security with Key-Challenge Petri Nets

      • Mikko Kiviharju, Teijo Venäläinen, Suna Kinnunen

      Pages 190-206

   2. Security and Trust for the Norwegian E-Voting Pilot Project E-valg 2011

      • Arne Ansper, Sven Heiberg, Helger Lipmaa, Tom André Øverland, Filip van Laenen

      Pages 207-222

   3. Advanced SIM Capabilities Supporting Trust-Based Applications

      • Thomas Vilarinho, Kjetil Haslum, Josef Noll

      Pages 223-238

   4. Towards Practical Enforcement Theories

      • Nataliia Bielova, Fabio Massacci, Andrea Micheletti

      Pages 239-254

7. Session 6: Protocols and Protocol Analysis

   1. Security Analysis of AN.ON’s Payment Scheme

      • Benedikt Westermann

      Pages 255-270

   2. Formal Analysis of the Estonian Mobile-ID Protocol

      • Peeter Laud, Meelis Roos

      Pages 271-286

The NordSec workshops were started in 1996 with the aim of bringing together - searchers and practitioners within computer security in the Nordic countries – thereby establishing a forum for discussions and co-operation between universities, industry and computer societies. Since then, the workshop has developed into a fully fledged inter- tional information security conference, held in the Nordic countries on a round robin basis. The 14th Nordic Conference on Secure IT Systems was held in Oslo on 14-16 October 2009. Under the theme Identity and Privacy in the Internet Age, this year's conference explored policies, strategies and technologies for protecting identities and the growing flow of personal information passing through the Internet and mobile n- works under an increasingly serious threat picture. Among the contemporary security issues discussed were security services modeling, Petri nets, attack graphs, electronic voting schemes, anonymous payment schemes, mobile ID-protocols, SIM cards, n- work embedded systems, trust, wireless sensor networks, privacy, privacy disclosure regulations, financial cryptography, PIN verification, temporal access control, random number generators, and some more. As a pre-cursor to the conference proper, the Nordic Security Day on Wednesday 14 October hosted talks by leading representatives from industry, academia and the g- ernment sector, and a press conference was given.

• attack graphs
• authentication
• cryptography
• e-Business
• e-Commerce
• e-Payment
• e-Voting
• embedded systems
• information
• petri nets
• privacy
• security services
• service modeling
• trust
• wireless sensor networks

• University of Oslo, University Graduate Center, Kjeller, Norway

  Audun Jøsang

• Norwegian Defence Research Establishment, Kjeller, Norway

  Torleiv Maseng

• Norwegian University of Science and Technology, Centre for Quantifiable Quality of Service in Communication Systems, Trondheim, Norway

  Svein Johan Knapskog

Policies and ethics