Opportunities and threats: A security assessment of state e-government websites

The information in government web sites, which are widely adopted in many countries, must be accessible for all people, easy to use, accurate and secure. The main objective of this study is to investigate the usability, accessibility and security aspects of e-government web sites in Kyrgyz Republic. The analysis of web government pages covered 55 sites listed in the State Information Resources of the Kyrgyz Republic and five government web sites which were not included in the list. Analysis was conducted using several automatic evaluation tools. Results suggested that government web sites in Kyrgyz Republic have a usability error rate of 46.3 % and accessibility error rate of 69.38 %. The study also revealed security vulnerabilities in these web sites. Although the "Concept of Creation and Development of Information Network of the Kyrgyz Republic" was launched at September 23, 1994, government web sites in the Kyrgyz Republic have not been reviewed and still need great efforts to improve accessibility, usability and security.

Web site accessibility, usability and security: a survey of government web sites in Kyrgyz Republic

Electronic government (e-government) uses information and communication technologies to deliver public services to individuals and organisations effectively, efficiently and transparently. E-government is one of the most complex systems which needs to be distributed, secured and privacy-preserved, and the failure of these can be very costly both economically and socially. Most of the existing e-government systems such as websites and electronic identity management systems (eIDs) are centralized at duplicated servers and databases. A centralized management and validation system may suffer from a single point of failure and make the system a target to cyber attacks such as malware, denial of service attacks (DoS), and distributed denial of service attacks (DDoS). The blockchain technology enables the implementation of highly secure and privacy-preserving decentralized systems where transactions are not under the control of any third party organizations. Using the blockchain technology, exiting data and new data are stored in a sealed compartment of blocks (i.e., ledger) distributed across the network in a verifiable and immutable way. Information security and privacy are enhanced by the blockchain technology in which data are encrypted and distributed across the entire network. This paper proposes a framework of a decentralized e-government peer-to-peer (p2p) system using the blockchain technology, which can ensure both information security and privacy while simultaneously increasing the trust of the public sectors. In addition, a prototype of the proposed system is presented, with the support of a theoretical and qualitative analysis of the security and privacy implications of such system.

A framework of blockchain-based secure and privacy-preserving E-government system

E-government is an indispensable part of a Smart City. Information and communication technologies transform the relationship between citizens, businesses, and government departments, which enables the implementation of e-government, making operational processes efficient and speedy. This chapter investigates the current deployment strategies and the technological solutions of e-government in terms of security and privacy in a Smart City environment; it also identifies the challenges of adoption. In addition, this chapter proposes a decentralized framework based upon blockchain and artificial intelligence to provide a secure and privacy-preserving infrastructure. The proposed framework integrates technologies to provide mutual trust between individuals, businesses, and governments, leading to a greater transparency of activity and less operational overhead. The reduction in process overhead results in lower running costs (therefore increasing revenue) and improves the speed of cross-boundary transactions.

Privacy and Security Aspects of E-government in Smart Cities

Electronic government (e-government) uses information and communication technologies to deliver public services to individuals and organisations effectively, efficiently and transparently. E-government is one of the most complex systems which needs to be distributed, secured and privacy-preserved, and the failure of these can be very costly both economically and socially. Most of the existing e-government systems such as websites and electronic identity management systems (eIDs) are centralized at duplicated servers and databases.
 A centralized management and validation system may suffer from a single point of failure and make the system a target to cyber attacks such as malware, denial of service attacks (DoS), and distributed denial of service attacks (DDoS). The blockchain technology enables the implementation of highly secure and privacy-preserving decentralized systems where transactions are not under the control of any third party organizations. Using the blockchain technology, exiting data and new data are stored in a sealed compartment of blocks (i.e., ledger) distributed across the network in a verifiable and immutable way. Information security and privacy are enhanced by the blockchain technology in which data are encrypted and distributed across the entire network. This paper proposes a framework of a decentralized e-government peer-to-peer (p2p) system using the blockchain technology, which can ensure both information security and privacy while simultaneously increasing the trust of the public sectors. In addition, a prototype of the proposed system is presented, with the support of a theoretical and qualitative analysis of the security and privacy implications of such system.

/pdf/a-framework-of-blockchain-based-secure-and-privacy-4eocqh4eix.pdf

This paper shows that more than 80% of the e-governments in the world are vulnerable to common web-application attacks such as Cross Site Scripting and Structured Query Language (SQL) injection. Industrialised countries were found to be more vulnerable than under-developed countries (90% versus 50%). This paper also describes some malicious data mining possibilities on the Norwegian e-government and how information can be combined and used to create other practical attacks.

Vulnerabilities in e-governments

J2ME Bluetooth programming

The banking industry in Norway has developed a new security infrastructure for conducting commerce on the Internet The initiative, called BankID, aims to become a national ID infrastructure supporting services such as authentication and digital signatures for the entire Norwegian population This paper describes a practical man-in the- middle attack against online banking applications using BankID The attack gives an adversary access to customer bank accounts in two different online banking systems Proof of concept code has been developed and executed to demonstrate the seriousness of the problem

A Proof of Concept Attack against Norwegian Internet Banking Systems

An increasing number of smart phones support Java 2, Micro Edition. Mobile application developers must deal with J2ME's inherent security weaknesses as well as bugs in implementations on real devices. The new Security and Trust Services API for J2ME addresses some of these challenges, although it too has shortcomings

Challenges in securing networked J2ME applications

This case study focuses on real-world ATM card misuse, illustrating how too much secrecy led to a deterioration of PIN-based authentication procedures, and why a bank's refusal to share technical information is a threat to customers during a conflict.

André N. Klingsheim

Papers

Vulnerabilities in e-governments

J2ME Bluetooth programming

A Proof of Concept Attack against Norwegian Internet Banking Systems

Challenges in securing networked J2ME applications

Lessons from the Norwegian ATM System