Refine
Year of publication
Document Type
- Article (209)
- Conference Proceeding (59)
- Part of a Book (12)
- Book (11)
- Report (4)
- Contribution to a Periodical (2)
- Working Paper (1)
Keywords
- MITRE (1)
- OSINT (1)
- advanced persistent threats (1)
- blockchain (1)
- bloxberg (1)
- consent banner (1)
- cookie banner (1)
- cookies (1)
- cyber kill chain (1)
- dlt (1)
Institute
With ongoing developments in the field of smart cities and digitalization in general, data is becoming a driving factor and value stream for new and existing economies alike. However, there exists an increasing centralization and monopolization of data holders and service providers, especially in the form of the big US-based technology companies in the western world and central technology providers with close ties to the government in the Asian regions. Self Sovereign Identity (SSI) provides the technical building blocks to create decentralized data-driven systems, which bring data autonomy back to the users. In this paper we propose a system in which the combination of SSI and token economy based incentivisation strategies makes it possible to unlock the potential value of data-pools without compromising the data autonomy of the users.
The European General Data Protection Regulation (GDPR), which went into effect in May 2018, brought new rules for the processing of personal data that affect many business models, including online advertising. The regulation’s definition of personal data applies to every company that collects data from European Internet users. This includes tracking services that, until then, argued that they were collecting anonymous information and data protection requirements would not apply to their businesses.
Previous studies have analyzed the impact of the GDPR on the prevalence of online tracking, with mixed results. In this paper, we go beyond the analysis of the number of third parties and focus on the underlying information sharing networks between online advertising companies in terms of client-side cookie syncing. Using graph analysis, our measurement shows that the number of ID syncing connections decreased by around 40 % around the time the GDPR went into effect, but a long-term analysis shows a slight rebound since then. While we can show a decrease in information sharing between third parties, which is likely related to the legislation, the data also shows that the amount of tracking, as well as the general structure of cooperation, was not affected. Consolidation in the ecosystem led to a more centralized infrastructure that might actually have negative effects on user privacy, as fewer companies perform tracking on more sites.
In the modern Web, service providers often rely heavily on third parties to run their services. For example, they make use of ad networks to finance their services, externally hosted libraries to develop features quickly, and analytics providers to gain insights into visitor behavior.
For security and privacy, website owners need to be aware of the content they provide their users. However, in reality, they often do not know which third parties are embedded, for example, when these third parties request additional content as it is common in real-time ad auctions.
In this paper, we present a large-scale measurement study to analyze the magnitude of these new challenges. To better reflect the connectedness of third parties, we measured their relations in a model we call third party trees, which reflects an approximation of the loading dependencies of all third parties embedded into a given website. Using this concept, we show that including a single third party can lead to subsequent requests from up to eight additional services. Furthermore, our findings indicate that the third parties embedded on a page load are not always deterministic, as 50 % of the branches in the third party trees change between repeated visits. In addition, we found that 93 % of the analyzed websites embedded third parties that are located in regions that might not be in line with the current legal framework. Our study also replicates previous work that mostly focused on landing pages of websites. We show that this method is only able to measure a lower bound as subsites show a significant increase of privacy-invasive techniques. For example, our results show an increase of used cookies by about 36 % when crawling websites more deeply.
Advanced Persistent Threats (APTs) are one of the main challenges in modern computer security. They are planned and performed by well-funded, highly-trained and often state-based actors. The first step of such an attack is the reconnaissance of the target. In this phase, the adversary tries to gather as much intelligence on the victim as possible to prepare further actions. An essential part of this initial data collection phase is the identification of possible gateways to intrude the target.
In this paper, we aim to analyze the data that threat actors can use to plan their attacks. To do so, we analyze in a first step 93 APT reports and find that most (80 %) of them begin by sending phishing emails to their victims. Based on this analysis, we measure the extent of data openly available of 30 entities to understand if and how much data they leak that can potentially be used by an adversary to craft sophisticated spear phishing emails. We then use this data to quantify how many employees are potential targets for such attacks. We show that 83 % of the analyzed entities leak several attributes of uses, which can all be used to craft sophisticated phishing emails.
The set of transactions that occurs on the public ledger of an Ethereum network in a specific time frame can be represented as a directed graph, with vertices representing addresses and an edge indicating the interaction between two addresses.
While there exists preliminary research on analyzing an Ethereum network by the means of graph analysis, most existing work is focused on either the public Ethereum Mainnet or on analyzing the different semantic transaction layers using static graph analysis in order to carve out the different network properties (such as interconnectivity, degrees of centrality, etc.) needed to characterize a blockchain network. By analyzing the consortium-run bloxberg Proof-of-Authority (PoA) Ethereum network, we show that we can identify suspicious and potentially malicious behaviour of network participants by employing statistical graph analysis. We thereby show that it is possible to identify the potentially malicious
exploitation of an unmetered and weakly secured blockchain network resource. In addition, we show that Temporal Network Analysis is a promising technique to identify the occurrence of anomalies in a PoA Ethereum network.
This paper analyses the status quo of large-scale decision making combined with the possibility of blockchain as an underlying decentralized architecture to govern common pool resources in a collective manner and evaluates them according to their requirements and features (technical and non-technical). Due to an increasing trend in the distribution of knowledge and an increasing amount of information, the combination of these decentralized technologies and approaches, can not only be beneficial for consortial governance using blockchain but can also help communities to govern common goods and resources. Blockchain and its trust-enhancing properties can potenitally be a catalysator for more collaborative behavior among participants and may lead to new insights about collective action and CPRs.
Die Digitalisierung ist die Basis für das Wohlergehen unserer modernen und globalen Informations- und Wissensgesellschaft und schreitet immer schneller voran. Dabei eröffnet die Digitalisierung über alle Branchen und Unternehmensgrößen hinweg enorme Wachstumschancen und führt zu immer besseren Prozessen, die die Effizienz steigern und Kosten reduzieren. Der Digitalisierungsprozess beschleunigt auf allen Ebenen und der Wertschöpfungsanteil der IT in allen Produkten und Lösungen wird immer größer. Die möglichen Erfolgsfaktoren der Digitalisierung sind vielfältig: Die Kommunikationsgeschwindigkeiten und -qualitäten, die mit 5G- und Glasfasernetzen neue Anwendungen möglich machen. Die Smartness der Endgeräte, wie Smartwatches, Smartphones, PADs, IoT-Geräte usw., die viele neue positive Möglichkeiten mit sich bringt. Aber auch immer leistungsfähigere zentrale IT-Systeme, wie Cloud-Angebote, Hyperscaler, KI-Anwendungen usw., schaffen Innovationen mit großen Potenzialen.
Moderne Benutzerschnittstellen, wie Sprache und Gestik, vereinfachen die Bedienung für die Nutzer. Die Optimierung von Prozessen schafft ein enormes Rationalisierungspotenzial, das es zu heben gilt, um wettbewerbsfähig zu bleiben und die Wachstumschancen für unser Wohlergehen zu nutzen. Neue Möglichkeiten mit Videokonferenzen, Cloud-Anwendungen usw., im Homeoffice zu arbeiten und damit die Personenmobilität zu reduzieren und die Umwelt zu schonen.
A Crypto-Token Based Charging Incentivization
Scheme for Sustainable Light Electric Vehicle
Sharing
(2021)
The ecological impact of shared light electric vehicles (LEV) such as kick scooters is still widely discussed. Especially the fact that the vehicles and batteries are collected using diesel vans in order to charge empty batteries with electricity of unclear origin is perceived as unsustainable. A better option could be to let the users charge the vehicles themselves whenever it is necessary. For this, a decentralized,flexible and easy to install network of off-grid solar charging stations could bring renewable electricity where it is needed without sacrificing the convenience of a free float sharing system. Since the charging stations are powered by solar energy the most efficient way to utilize them would be to charge the vehicles when the sun is shining. In order to make users charge the vehicle it is necessary to provide some form of benefit for
them doing so. This could be either a discount or free rides. A
particularly robust and well-established mechanism is controlling incentives via means of blockchain-based cryptotokens. This paper demonstrates a crypto-token based scheme for incentivizing users to charge sharing vehicles during times of considerable solar irradiation in order to contribute to more sustainable mobility services.
Self-Sovereign Identity (SSI) sorgt für eine sichere und vertrauenswürdige Digitalisierung. Nutzer können selbstbestimmt ihre digitale Identität und Nachweise wie Ausweis oder Bescheinigungen an Anwendungen weitergeben. Das europäische SSI-Ökosystem löst Abhängigkeiten von Monopolisten und gibt uns die Freiheit, die digitale Zukunft souverän und zügig zu gestalten.
Third-party tracking is a common and broadly used technique on the Web. Different defense mechanisms have emerged to counter these practices (e.g. browser vendors that ban all third-party cookies). However, these countermeasures only target third-party trackers and ignore the first party because the narrative is that such monitoring is mostly used to improve the utilized service (e.g. analytical services). In this paper, we present a large-scale measurement study that analyzes tracking performed by the first party but utilized by a third party to circumvent standard tracking preventing techniques. We visit the top 15,000 websites to analyze first-party cookies used to track users and a technique called “DNS CNAME cloaking”, which can be used by a third party to place first-party cookies. Using this data, we show that 76% of sites effectively utilize such tracking techniques. In a long-running analysis, we show that the usage of such cookies increased by more than 50% over 2021.