Academic Publications

Anonymous Trusted Data Relocation for TEEs
Authors:
Vasco Guita, Daniel Andrade, João Nuno Silva, Miguel Correia
Organisation:
INESC-ID, Instituto Superior Técnico, Universidade de Lisboa, Portugal
Abstract
Trusted Execution Environment (TEE) technology like ARM TrustZone allows protecting confidential data using cryptographic keys that are bound to a specific TEE and device. However, there are good reasons to allow relocating such data from a TEE to another TEE in another device, often in a non-interactive (offline) and anonymous manner.
We propose the Trusted Relocation Extension (TRX), a TrustZone-based trusted storage service enabling backup /recovery and sharing of data between TEEs in different devices. TRX works offline, without previous key exchange, and ensures the anonymity of the sender and the receiver. We present an implementation of TRX compatible with OP-TEE and its evaluation with Raspberry Pi 3 B+ devices.
Year of Publication:
2022
Title of Publication:
37th International Conference on ICT Systems Security and Privacy Protection (SEC 2022)
Link to Document:
SRX - Secure Data Backup and Recovery for SGX Applications
Authors:
Daniel Andrade, João Silva, Miguel Correia
Organisation:
INESC-ID, Instituto Superior Técnico, Universidade de Lisboa, Portugal
Abstract
Intel SGX improves the security of applications by shielding code and data from untrusted
software in enclaves. Since enclaves lose their state when closed, that state has to be sealed, i.e.,
cryptographically protected with a secret key, and stored outside the enclave boundary. In SGX, the
used key is bound to both the enclave and the processor that sealed the data, so it is unfeasible for
any enclave in another computer to derive the same secret key to unseal such data. This oers security
to the data, but also makes it impossible to recover that data if the original computer is damaged or
stolen. In order to support backup and recovery of data sealed by enclaves, we propose SRX, a solution
for sharing sealed data amongst a restricted set of SGX-enabled computers executing the same enclave
code. Enclaves using SRX have access to common keys to seal and unseal enclave data, allowing the
sharing of sealed data among the trusted domain. SRX guarantees that these secret keys are never
exposed outside the trusted domain. SRX was implemented and evaluated with two applications: a
bitcoin wallet and a password manager.
Year of Publication:
2022
Title of Publication:
IEEE Access
Link to Document:
Towards the Classification of Self-Sovereign Identity Properties
Authors:
Špela Čučko, Šeila Bečirović, Aida Kamišalić, Saša Mrdović, Muhamed Turkanović
Organisation:
University of Maribor, Faculty of Electrical Engineering and Computer Science: Maribor, Maribor, SI
Abstract
Self-Sovereign Identity (SSI) is a novel and emerging, decentralized digital identity approach that enables entities to control and manage their digital identifiers and associated identity data while enhancing trust, privacy, security, and the many other properties identified and analyzed in this paper. The paper provides an overview and classification of the SSI properties, focusing on an in-depth analysis, furthermore, presenting a comprehensive collection of SSI properties that are important for the implementation of the SSI system. In addition, it explores the general SSI process flow, and highlights the steps in which individual properties are important. After the initial purification and classification phase, we then validated properties among experts in the field of Decentralized and Self-Sovereign Identity Management using an online questionnaire, which resulted in a final set of classified and verified SSI properties. The results can be used for further work on definition and standardization of the SSI field.
Year of Publication:
2022
Title of Publication:
IEEE Access
Link to Document:
Supporting Learning Mobility with Student Data Harmonisation—A European Perspective
Authors:
Karunaratne, T., & Kontopoulos, E.
Organisation:
Stockholm University
Abstract
Digitalisation promotes online education, internationalisation and student mobility. Based on the Bologna process and the European higher education area, learning mobility has been successful under Erasmus and other similar initiatives. However, a key issue for students and universities is that a significant amount of time is spent on the manual labour involved in the process of applying to degree programs overseas. It is therefore essential for higher education institutions to better exploit the potential of technology and Web 2.0 to enable a secure exchange of evidence during application for degree programs and academic courses in foreign Higher Education Institutions, as well as applying for study grants and obtaining recognition for academic and other types of studies. Harmonisation of the student data is a key initial step for enabling such exchange. In this study, an approach to a secured exchange of education evidence is instrumented under the H2020 project Digital Europe for All (DE4A). Existing semantic standards for Web 2.0 applications, core vocabularies for public service data and semantic assets from existing best practices such as W3C, ISA2 core vocabularies, and Europass data model are used to curate data models that allow the exchange of a higher education diploma, secondary education diploma and information of special needs (disability, large family), which is required by students when requesting study grants (waive of tuition fees). The semantic interoperability agreements are established cross-border through these data models called canonical evidences. The canonical evidences are tested with the national data services of three countries, Portugal, Slovenia, and Spain. The final data models are implemented in XML Schema format that could be used by any educational organisation intending to use trusted public service databases within Europe to automatically retrieve information on students’ degrees. The validity of the canonical evidences is tested on two pilot occasions within the DE4A project. The outcome of this study summarises the procedural requirements for evidences when applying for a higher degree program and seeking grants. Furthermore, it resulted in verified canonical evidence data models that fulfil the procedural requirements for applying for studying abroad.
Year of Publication:
2022
Title of Publication:
Academic Conferences International Limited, UK
Link to Document:
Semantic Reusable Web Components: A Use Case in E-Government Interoperability
Authors:
Žitnik, S., Kern Pipan, K., Jesenko, M. and Lavbič, D
Organisation:
Ministry of the Republic of Slovenia for Public Administration
Abstract
Advances in technology and software engineering strive to build efficient and robust techniques that would be delivered as quickly as possible. It has been shown that this can be achieved by reusing existing implementations, libraries, components or even frameworks. In the field of public administration, which must follow and implement national and European regulations, in addition to compatibility at the data level and processes, it is important to ensure cross-sector and cross-border integration. In this paper, we present the project "Digital Europe for All", more precisely an example of the use of a reusable web component based on the semantic representation of data. We show that it is possible to easily embed the component in any website and to support any types of evidence that are presented using the project ontology.
Year of Publication:
2022
Title of Publication:
Applied Informatics
Link to Document:
Knowledge-Driven Unsupervised Skills Extraction for Graph-Based Talent Matching
Authors:
Konstantinidis Ioannis, Maragoudakis, Magnisalis, Berberidis, & Peristeras.
Organisation:
IHU - International Helenic University
Abstract
In human resource management of large organisations, finding the best candidate for a job description requires an extensive examination of a large number of resume profiles. Even with the advent of Deep Information Retrieval and the supported semantic similarity search, identification of relevant skills within profiles requires thorough investigation over several aspects, including educational background, professional experience, achievements, etc. However, these techniques are based on the existence of domain-specific, human-annotated datasets, a laborious task that portrays high cost and a slow labeling progress. In this paper, we propose Resume2Skill-SE, an end-to-end architecture for interpretable skill-based talent matching.
Year of Publication:
2022
Title of Publication:
ACM Digital Library
Link to Document:
A Canonical Evidence-based Approach for Semantic Interoperability in Cross-border and Cross-domain e-Government Services
Authors:
Thashmee Karunarathne, Efstratios Kontopoulos, Ioannis Konstantinidis, and Ana Rosa Guzmán Carbonell
Organisation:
Stockholm University
Abstract
This paper demonstrates a proof of concept for cross-border information exchange guided by the single digital gateway regulation (SDGR) and once-only principle (OOP). The research systematically investigates the challenges and limitations of existing solutions for semantic interoperability. Furthermore, the concept of canonical evidence is introduced as a tool for the cross-border exchange of structured data automatically with less ambiguity and in compliance with the legal requirements of the selected public services. A design science research approach in an agile set-up is applied in the artefact (canonical evidences) development process. The requirements are elicited based on eight case studies set up in the context of the EU initiative, Digital Europe for all (De4a). The data models developed in this study are in compliance with the requirements and provisions of a selected set of EU member states. The outcome of the study includes eleven evidence types that could be reusable in executing procedures of respective e-Government services.
Year of Publication:
2022
Title of Publication:
15th International Conference on Theory and Practice of Electronic Governance (ICEGOV 2022). Association for Computing Machinery (ACM)
Link to Document:
Decentralized and Self-Sovereign Identity: Systematic Mapping Study
Authors:
Špela Čučko; Muhamed Turkanović
Organisation:
University of Maribor, Faculty of Electrical Engineering and Computer Science: Maribor, Maribor, SI
Abstract
Self-Sovereign Identity is an emerging, user-centric, decentralized identity approach utilizing some form of decentralized technology. It provides a means for digital identification without reliance on any external authority, enabling entities to control their identity and data flow during digital interactions while enhancing security and privacy. With the rise of blockchain technology, Self-Sovereign Identity is gathering momentum in academia and industry while the number of research papers increases rapidly. However, Self-Sovereign Identity is still a young unstructured field in its early stages of research. Thus, a systematic mapping methodology was adopted to provide a coarse-grained overview of decentralized and Self-Sovereign Identity and structure the research area by identifying, analyzing, and classifying the research papers according to predefined parameters, which is to say according to their contribution, application domain, IT field, research type, research method, and place of publication. Furthermore, the nature and scope of the research were determined, while existing research topics, gained insights into trends, demographics, challenges, gaps, and opportunities for future research were also presented. The results suggest that validation research and solution proposals prevail, addressing decentralized identity in a general matter. Papers mainly propose systems/solutions, architectures, and frameworks, focusing on authentication, security, privacy, and trust, while there are hardly any studies researching usability, user experience, patterns, and good practices
Year of Publication:
2021
Title of Publication:
IEEE Access
Link to Document:
Government Big Data Ecosystem: Definitions, Types of Data, Actors, and Roles and the Impact in Public Administrations
Authors:
Shah, Syed Iftikhar Hussain, Peristeras, Vassilios, & Magnisalis, Ioannis.
Organisation:
School of Science & Technology, International Hellenic University, Thessaloniki, Greece
Abstract
The public sector, private firms, business community, and civil society are generating data that are high in volume, veracity, and velocity and come from a diversity of sources. This type of data is today known as big data. Public administrations pursue big data as “new oil” and implement data-centric policies to collect, generate, process, share, exploit, and protect data for promoting good governance, transparency, innovative digital services, and citizens’ engagement in public policy. All of the above constitute the Government Big Data Ecosystem (GBDE). Despite the great interest in this ecosystem, there is a lack of clear definitions, the various important types of government data remain vague, the different actors and their roles are not well defined, while the impact in key public administration sectors is not yet deeply understood and assessed. Such research and literature gaps impose a crucial obstacle for a better understanding of the prospects and nascent issues in exploiting GBDE. With this study, we aim to start filling the above-mentioned gaps by organizing our findings from an extended Systematic Literature Review into a framework to organise and address the above-mentioned challenges. Our goal is to contribute in this fast-evolving area by bringing some clarity and establishing common understanding around key elements of the emerging GBDE.
Year of Publication:
2021
Title of Publication:
Journal of Data and Information Quality
Link to Document:
DaLiF: a data lifecycle framework for data-driven governments
Authors:
Shah, Syed Iftikhar Hussain, Peristeras, Vassilios; Magnisalis, Ioannis
Organisation:
School of Science & Technology, International Hellenic University, Thessaloniki, Greece
Abstract
The public sector, private firms, business community, and civil society are generating data that is high in volume, veracity, velocity and comes from a diversity of sources. This kind of data is known as big data. Public Administrations (PAs) pursue big data as “new oil” and implement data-centric policies to transform data into knowledge, to promote good governance, transparency, innovative digital services, and citizens’ engagement in public policy. From the above, the Government Big Data Ecosystem (GBDE) emerges. Managing big data throughout its lifecycle becomes a challenging task for governmental organizations. Despite the vast interest in this ecosystem, appropriate big data management is still a challenge. This study intends to fill the above-mentioned gap by proposing a data lifecycle framework for data-driven governments. Through a Systematic Literature Review, we identified and analysed 76 data lifecycles models to propose a data lifecycle framework for data-driven governments (DaliF). In this way, we contribute to the ongoing discussion around big data management, which attracts researchers’ and practitioners’ interest.
Year of Publication:
2021
Title of Publication:
Journal of Big Data
Link to Document:
Signing Blockchain Transactions Using Qualified Certificates
Authors:
Muhamed Turkanović ; Blaž Podgorelec
Organisation:
University of Maribor, Faculty of Electrical Engineering and Computer Science: Maribor, Maribor, SI
Abstract
Blockchain technology is increasingly being considered among both private enterprises and public services. However, it poses a challenge with regard to aligning its identity management scheme with the Public Key Infrastructure and the Qualified Digital Certificates issued by Qualified Trust Service Providers. To solve this challenge, we will present a solution in the form of an architecture reference model, which enables enterprises and public services to leverage blockchain technology by integrating Qualified Electronic Signatures with blockchain transactions. The evaluation of the architecture reference model is provided through the design of a Blockchain-based Trusted Public Service and a use-case scenario example. The proposed architecture reference model is based on the CEF building blocks EBSI, eSignature, and eID compliant with eIDAS.