L. Jean Camp – författare

Anyone who has ever bought a car, rented an apartment, had a job or conversation that they would rather not see in their employee review may find this book of interest. There is a collision occurring in identity management. Identity technologies are problematic, and many see light at the end of the identity theft tunnel. Yet the innovation is driven by individual tendencies to seek convenience and business imperatives to minimize risk with maximized profit. The light is an oncoming identity train wreck of maximum individual exposure, social risk and minimal privacy. The primary debate over identity technologies is happening on the issue of centralization. RealID is effectively a centralized standard with a slightly distributed back-end (e.g., fifty servers). RealID is a national ID card. Many mechanisms for federated identities, such as OpenID or the Liberty Alliance, imagine a network of identifiers shared on an as-needed or ad-hoc process. These systems accept the limits of human information processing, and thus use models that work on paper. Using models that work on paper results in systematic risk of identity theft in this information economy. There are alternatives to erosions of privacy and increasing fraud. There is an ideal where individuals have multiple devices, including computers, smart cards, and cell phones. Smart cards are credit card devices that are cryptographically secure. This may be shared and misused, or secure and privacy enhancing. Yet such a system requires coordinated investment.

Economics of Information Security applies economics not to generate breakthroughs in theoretical economics, but rather breakthroughs in understanding the problems of security. Security, privacy and trusted computing are examined distinctly, using the tools of economics, and as elements of a larger dynamic system. Economics of Information Security is designed for researchers and managers struggling to understand the risks in organizations dependent on secure networks. This book is also suitable for students in computer science, policy and management.

Anyone who has ever bought a car, rented an apartment, had a job or conversation that they would rather not see in their employee review may find this book of interest. There is a collision occurring in identity management. Identity technologies are problematic, and many see light at the end of the identity theft tunnel. Yet the innovation is driven by individual tendencies to seek convenience and business imperatives to minimize risk with maximized profit. The light is an oncoming identity train wreck of maximum individual exposure, social risk and minimal privacy. The primary debate over identity technologies is happening on the issue of centralization. RealID is effectively a centralized standard with a slightly distributed back-end (e.g., fifty servers). RealID is a national ID card. Many mechanisms for federated identities, such as OpenID or the Liberty Alliance, imagine a network of identifiers shared on an as-needed or ad-hoc process. These systems accept the limits of human information processing, and thus use models that work on paper. Using models that work on paper results in systematic risk of identity theft in this information economy. There are alternatives to erosions of privacy and increasing fraud. There is an ideal where individuals have multiple devices, including computers, smart cards, and cell phones. Smart cards are credit card devices that are cryptographically secure. This may be shared and misused, or secure and privacy enhancing. Yet such a system requires coordinated investment.

Economics of Information Security applies economics not to generate breakthroughs in theoretical economics, but rather breakthroughs in understanding the problems of security. Security, privacy and trusted computing are examined distinctly, using the tools of economics, and as elements of a larger dynamic system. Economics of Information Security is designed for researchers and managers struggling to understand the risks in organizations dependent on secure networks. This book is also suitable for students in computer science, policy and management.

Financial identity theft is well understood with clear underlying motives. Medical identity theft is new and presents a growing problem. The solutions to both problems however, are less clear. The Economics of Financial and Medical Identity Theft discusses how the digital networked environment is critically different from the world of paper, eyeballs and pens. Many of the effective identity protections are embedded behind the eyeballs, where the presumably passive observer is actually a fairly keen student of human behavior. The emergence of medical identity theft and the implications of medical data privacy are described in the second section of this book. The Economics of Financial and Medical Identity Theft also presents an overview of the current technology for identity management. The book closes with a series of vignettes in the last chapter, looking at the risks we may see in the future and how these risks can be mitigated or avoided.

Financial identity theft is well understood with clear underlying motives. Medical identity theft is new and presents a growing problem. The solutions to both problems however, are less clear. The Economics of Financial and Medical Identity Theft discusses how the digital networked environment is critically different from the world of paper, eyeballs and pens. Many of the effective identity protections are embedded behind the eyeballs, where the presumably passive observer is actually a fairly keen student of human behavior. The emergence of medical identity theft and the implications of medical data privacy are described in the second section of this book. The Economics of Financial and Medical Identity Theft also presents an overview of the current technology for identity management. The book closes with a series of vignettes in the last chapter, looking at the risks we may see in the future and how these risks can be mitigated or avoided.

This book constitutes the refereed proceedings of two workshops held at the 24th International Conference on Financial Cryptography and Data Security, FC 2020, in Kota Kinabalu, Malaysia, in February 2020. The 39 full papers and 3 short papers presented in this book were carefully reviewed and selected from 73 submissions. The papers feature four Workshops: The 1st Asian Workshop on Usable Security, AsiaUSEC 2020, the 1st Workshop on Coordination of Decentralized Finance, CoDeFi 2020, the 5th Workshop on Advances in Secure Electronic Voting, VOTING 2020, and the 4th Workshop on Trusted Smart Contracts, WTSC 2020.The AsiaUSEC Workshop contributes an increase of the scientific quality of research in human factors in security and privacy. In terms of improving efficacy of secure systems, the research included an extension of graphical password authentication. Further a comparative study of SpotBugs, SonarQube, Cryptoguard and CogniCrypt identified strengths in each and refined the need for improvements in security testing tools.The CoDeFi Workshop discuss multi-disciplinary issues regarding technologies and operations of decentralized finance based on permissionless blockchain. The workshop consists of two parts; presentations by all stakeholders, and unconference style discussions.The VOTING Workshop cover topics like new methods for risk-limited audits, new ethods to increase the efficiency of mixnets, verification of security of voting schemes election auditing, voting system efficiency, voting system usability, and new technical designs for cryptographic protocols for voting systems, and new way of preventing voteselling by de-incentivising this via smart contracts.The WTSC Workshop focuses on smart contracts, i.e., self-enforcing agreements in the form of executable programs, and other decentralized applications that are deployed to and run on top of specialized blockchains.