Identity and privacy in the Internet age : 14th Nordic Conference on Secure IT Systems, NordSec 2009, Oslo, Norway, 14-16 October 2009 : proceedings

The NordSec workshops were started in 1996 with the aim of bringing together - searchers and practitioners within computer security in the Nordic countries - thereby establishing a forum for discussions and co-operation between universities, industry and computer societies. Since then, the workshop has developed into a fully fledged inter- tional information security conference, held in the Nordic countries on a round robin basis. The 14th Nordic Conference on Secure IT Systems was held in Oslo on 14-16 October 2009. Under the theme Identity and Privacy in the Internet Age, this year's conference explored policies, strategies and technologies for protecting identities and the growing flow of personal information passing through the Internet and mobile n- works under an increasingly serious threat picture. Among the contemporary security issues discussed were security services modeling, Petri nets, attack graphs, electronic voting schemes, anonymous payment schemes, mobile ID-protocols, SIM cards, n- work embedded systems, trust, wireless sensor networks, privacy, privacy disclosure regulations, financial cryptography, PIN verification, temporal access control, random number generators, and some more. As a pre-cursor to the conference proper, the Nordic Security Day on Wednesday 14 October hosted talks by leading representatives from industry, academia and the g- ernment sector, and a press conference was given.

Session 1: Anonymity and Privacy.- On the Effectiveness of Privacy Breach Disclosure Legislation in Europe: Empirical Evidence from the US Stock Market.- Facilitating the Adoption of Tor by Focusing on a Promising Target Group.- A Parallelism-Based Approach to Network Anonymization.- Security Usability of Petname Systems.- Session 2: Modelling and Design.- An Analysis of Widget Security.- Trade-Offs in Cryptographic Implementations of Temporal Access Control.- Blunting Differential Attacks on PIN Processing APIs.- Session 3: Network Layer Security.- Characterising Anomalous Events Using Change - Point Correlation on Unsolicited Network Traffic.- An Improved Attack on TKIP.- Session 4: Security for Mobile Users.- ContikiSec: A Secure Network Layer for Wireless Sensor Networks under the Contiki Operating System.- A Mechanism for Identity Delegation at Authentication Level.- Introducing Sim-Based Security Tokens as Enabling Technology for Mobile Real-Time Services.- Towards True Random Number Generation in Mobile Environments.- Session 5: Embedded Systems and Mechanisms.- Towards Modelling Information Security with Key-Challenge Petri Nets.- Security and Trust for the Norwegian E-Voting Pilot Project E-valg 2011.- Advanced SIM Capabilities Supporting Trust-Based Applications.- Towards Practical Enforcement Theories.- Session 6: Protocols and Protocol Analysis.- Security Analysis of AN.ON's Payment Scheme.- Formal Analysis of the Estonian Mobile-ID Protocol.- Generating In-Line Monitors for Rabin Automata.