This book is a journey through coexisting, emerging or speculated about, types of digital value transfer infrastructures. Using digital value transfer infrastructures as a central case study, this thesis is concerned with unpacking the negotiation processes that shape the governance, design and political purposes of digital infrastructures that are closely linked to the public interest and state sovereignty. In particular, the papers that are assembled in this manuscript identify and inspect three main socio-technical developments occurring in the domain of value transfer technologies: a) the privatization and platformization of digital payment infrastructures; b) the spread of blockchain-based digital value transfer infrastructures; c) the construction of digital value transfer infrastructures as public utilities, from the part of public institutions or organizations. Concerned with the relationship between law, discourse and technological development, the thesis explores four transversal issues that strike differences and peculiarities of these three scenarios: i) privacy; ii) the synergy and mutual influence of legal change and technological development in the construction of digital infrastructures; iii) the role of socio-technical imaginaries in policy-making concerned with digital infrastructures; iv) the geography and scale of digital infrastructures. The analyses lead to the argument that, in the co-development of legal systems and digital infrastructures that are core to public life, conflicts are productive. Negotiations, ruptures and exceptions are constitutive of the unending process of mutual reinforcement, and mutual containment, in which a plurality of agencies – expressed through legal institutions, symbolic systems, as well as information and media structures – are entangled.
MULTIFILE
CRYPTOPOLIS is a project supported by EU which focuses on the financial management knowledge of teachers and the emerging field of risk management and risk analysis of cryptocurrencies. Cryptocurrency has shown to be a vital and rapidly growing component in today’s digital economy therefore there is a need to include not just financial but also crypto literacy into the schools. Beside multiple investors and traders the market is attracting an increasing number of young individuals, viewing it as an easy way to make money. A large pool of teenagers and young adults want to hop on this train, but a lack of cryptocurrency literacy, as well as financial literacy in general amongst youth, together with their inexperience with investing makes them even more vulnerable to an already high-risk investment.Therefore, we aim to increase the capacity and readiness of secondary schools and higher educational institutions to manage an effective shift towards digital education in the field of crypto and financial literacy. The project will develop the purposeful use of digital technologies in financial and crypto education for teaching, learning, assessment and engagement.
Today, embedded devices such as banking/transportation cards, car keys, and mobile phones use cryptographic techniques to protect personal information and communication. Such devices are increasingly becoming the targets of attacks trying to capture the underlying secret information, e.g., cryptographic keys. Attacks not targeting the cryptographic algorithm but its implementation are especially devastating and the best-known examples are so-called side-channel and fault injection attacks. Such attacks, often jointly coined as physical (implementation) attacks, are difficult to preclude and if the key (or other data) is recovered the device is useless. To mitigate such attacks, security evaluators use the same techniques as attackers and look for possible weaknesses in order to “fix” them before deployment. Unfortunately, the attackers’ resourcefulness on the one hand and usually a short amount of time the security evaluators have (and human errors factor) on the other hand, makes this not a fair race. Consequently, researchers are looking into possible ways of making security evaluations more reliable and faster. To that end, machine learning techniques showed to be a viable candidate although the challenge is far from solved. Our project aims at the development of automatic frameworks able to assess various potential side-channel and fault injection threats coming from diverse sources. Such systems will enable security evaluators, and above all companies producing chips for security applications, an option to find the potential weaknesses early and to assess the trade-off between making the product more secure versus making the product more implementation-friendly. To this end, we plan to use machine learning techniques coupled with novel techniques not explored before for side-channel and fault analysis. In addition, we will design new techniques specially tailored to improve the performance of this evaluation process. Our research fills the gap between what is known in academia on physical attacks and what is needed in the industry to prevent such attacks. In the end, once our frameworks become operational, they could be also a useful tool for mitigating other types of threats like ransomware or rootkits.
This project addresses the fundamental societal problem that encryption as a technique is available since decades, but has never been widely adopted, mostly because it is too difficult or cumbersome to use for the public at large. PGP illustrates this point well: it is difficult to set-up and use, mainly because of challenges in cryptographic key management. At the same time, the need for encryption has only been growing over the years, and has become an urgent problem with stringent requirements – for instance for electronic communication between doctors and patients – in the General Data Protection Regulation (GDPR) and with systematic mass surveillance activities of internationally operating intelligence agencies. The interdisciplinary project "Encryption for all" addresses this fundamental problem via a combination of cryptographic design and user experience design. On the cryptographic side it develops identity-based and attribute-based encryption on top of the attribute-based infrastructure provided by the existing IRMA-identity platform. Identity-based encryption (IBE) is a scientifically well-established technique, which addresses the key management problem in an elegant manner, but IBE has found limited application so far. In this project it will be developed to a practically usable level, exploiting the existing IRMA platform for identification and retrieval of private keys. Attribute-based encryption (ABE) has not reached the same level of maturity yet as IBE, and will be a topic of further research in this project, since it opens up attractive new applications: like a teacher encrypting for her students only, or a company encrypting for all employees with a certain role in the company. On the user experience design side, efforts will be focused on making these encryption techniques really usable (i.e., easy to use, effective, efficient, error resistant) for everyone (e.g., also for people with disabilities or limited digital skills). To do so, an iterative, human-centred and inclusive design approach will be adopted. On a fundamental level, scientific questions will be addressed, such as how to promote the use of security and privacy-enhancing technologies through design, and whether and how usability and accessibility affect the acceptance and use of encryption tools. Here, theories of nudging and boosting and the unified theory of technology acceptance and use (known as UTAUT) will serve as a theoretical basis. On a more applied level, standards like ISO 9241-11 on usability and ISO 9241-220 on the human-centred design process will serve as a guideline. Amongst others, interface designs will be developed and focus groups, participatory design sessions, expert reviews and usability evaluations with potential users of various ages and backgrounds will be conducted, in a user experience and observation laboratory available at HAN University of Applied Sciences. In addition to meeting usability goals, ensuring that the developed encryption techniques also meet national and international accessibility standards will be a particular point of focus. With respect to usability and accessibility, the project will build on the (limited) usability design experiences with the mobile IRMA application.
