João Marco C. Silva
ABSTRACT
Providing public services through the internet is an effective approach towards an encompassing number of citizens being covered by them and for cost reduction. However, the fast development of this area has fostered discussion and legislation regarding information security and trustworthiness. In addition to security mechanisms for data processed and stored internally, service providers must ensure that data exchanged between their servers and citizens are not intercepted or modified when traversing heterogeneous and uncontrolled networks. Moreover, such institutions should provide means enabling the citizen to verify the authenticity of the services offered. In this way, the present work provides a comprehensive overview regarding the security posture of Portuguese public institutions in their online services. It consists of non-invasive robustness evaluation of the deployed solutions for end-to-end data encryption and the correct use of digital certificates. As a result, we provide some recommendations aiming to enhance the current panorama in the majority of the 111 online services considered in this study.
- OECD. 2018. Internet access (indicator). Technical Report.Google Scholar
- 2016. Regulation (EU) 2016/679of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Da. Official Journal of the European Union L119 (may 2016), 1--88.Google Scholar
- Tim Dierks and Eric Rescorla. 2008. The transport layer security (TLS) protocol version 1.2 - RFC 5246. Technical Report.Google Scholar
- Benjamin Vander Sloot, Johanna Amann, Matthew Bernhard, Zakir Durumeric, Michael Bailey, and J Alex Halderman. 2016. Towards a Complete View of the Certificate Ecosystem. In Proceedings of the 2016 Internet Measurement Conference (IMC '16). ACM, New York, NY, USA, 543--549. Google ScholarDigital Library
- Michael E. Whitman and Herbert J. Mattord.2011. Principles of information security. Cengage Learning. Google ScholarDigital Library
- Zakir Durumeric, James Kasten, Michael Bailey, and J Alex Halderman. 2013. Analysis of the HTTPS certificate ecosystem. In Proceedings of the 2013 conference on Internet measurement conference. ACM, 291--304. Google ScholarDigital Library
- Jon Callas, Lutz Donnerhacke, Hal Finney, David Shaw, and Rodney Thayer.2007. OpenPGP message format. Technical Report. Google Scholar
- Stefan Santesson, Magnus Nystrom, and Tim Polk. 2004. Internet x. 509 public key infrastructure: Qualified certificates profile (RFC 3739 IETF). Technical Report. Google Scholar
- Tim Dierks and Eric Rescorla. 2008. The transport layer security (TLS) protocol version 1.2 - RFC 5246. Technical Report.Google Scholar
- Eric Rescorla. 2018. The transport layer security (TLS) protocol version 1.3 - RFC 8446. Technical Report. RFC - Proposed Standard (IETF Stream).Google Scholar
- Eric Rescorla and Brian Korver. 2003. Guidelines for writing RFC text on security considerations - RFC 3552. Technical Report. RFC - Proposed Standard (IETF Stream). Google Scholar
- Andrew S Tanenbaum and David J Wetherall. 2010. Computer Networks (5th ed.). Prentice Hall Press, Upper Saddle River, NJ, USA. Google ScholarDigital Library
- Daniel A Menascé. 2003. Security performance. IEEE Internet Computing 7, 3 (2003), 84--87. Google ScholarDigital Library
- C S Team. 2015. Common Vulnerability Scoring System v3.0: Specification Document. First. org (2015).Google Scholar
- Peter Mell, Karen Scarfone, and Sasha Romanosky. 2007. A complete guide to the common vulnerability scoring system version 2.0. In Published by FIRST-Forum of Incident Response and Security Teams, Vol. 1. 23.Google Scholar
- Paul Kirchner. 2011. Improved Generalized Birthday Attack. IACR Cryptology ePrint Archive 2011 (2011), 377.Google Scholar
Index Terms
- Data Security and Trustworthiness in Online Public Services: An Assessment of Portuguese Institutions
Recommendations
Information security aspects of public software
MEDES '13: Proceedings of the Fifth International Conference on Management of Emergent Digital EcoSystemsPublic Software can be defined as any software that is endorsed by a Public Agent and distributed for wide use by the society. The concept of Public Software is an outspread of the idea that "software" is an important asset for the welfare of society, ...
Attitudes toward online availability of US public records
dg.o '11: Proceedings of the 12th Annual International Digital Government Research Conference: Digital Government Innovation in Challenging TimesMany have enthusiastically greeted the ability to search and view public records online as a great advance for transparency and accountability. Such ability, however, also creates value tensions with privacy and other important human values. In this ...
Participatory Governance of Smart Cities: a study upon Portuguese and Brazilian government portals
ICEGOV '18: Proceedings of the 11th International Conference on Theory and Practice of Electronic GovernanceThis paper presents the results of the preliminary framework proposed by the authors for Smart Governance drivers. In this sense, the issue for research is the following: which are the requirements in order to reach participative governance in Smart ...
Comments