This is a list of selected publications. For complete list, please check the Google Scholar.
The OAuth 2.0 authorization framework is one of the most commonly used authorization frameworks. In its specification many implementation details are loosely defined, including the relationship between resource servers and authorization servers. This paper presents an approach for establishing trust between servers by using the authorization server as a broker, and examines an implementation for secure exchange of scholarship information between parties. To specify access rights, claims such as roles and capabilities are assigned to resource servers. These claims are asserted by the authorization server in form of access tokens. Instead of relying on shared databases, the issued access tokens are used to exchange messages between resource servers. This approach is useful in scenarios where applications have no shared infrastructure or are implemented by different parties.
Authorization, OAuth, Trust, Security
Digitalization of public services has already changed the way how we interact with government. The electronic signature, based on public key cryptography, has strengthened the trust towards this transformation. With the recent appearance of the electronic seal, this digital transformation is complete. The new European Union regulation for electronic Identification, Authentication and trust Services (eIDAS) has repealed the old directive and provides a regulatory environment. In the meantime, a novel technology based in cryptography rose as an alternative to fulfill these objectives – the blockchain. This paper, analyses the properties of the electronic seal, based on eIDAS regulation, with and without blockchain technology. The developed application uses local X.509 digital certificates and the MultiChain platform for the creation and deployment of private blockchains. At the end of the paper an overview of this comparison is provided, using different documents, pointing out the pros and cons of each technology.
Digital signature, electronic seal, eIDAS, blockchain, cryptography
Recently crowdsourcing is being established as the new platform for capturing ideas from multiple users, i.e., the crowd. Many companies have already shifted their approach towards utilising the power of the crowd. Transparency and quality of election process is the main factor for acknowledging the general election results. Voters, crowd feedback can be utilised to maintain a desired election process transparency and quality. This paper presents an efficient solution using crowdsourcing techniques for increasing transparency and the quality of election processes through a simple feedback web form in polling stations. These polling stations are securely connected to central election commission monitoring room, where the overall transparency and quality in national scale can be monitored. The survey conducted with more than 600 respondents shows that this approach will be acceptable from citizens and will increase the overall transparency, quality, and acceptance of election results.
crowdsourcing, crowd voting, privacy, security
Information technology (IT) systems have great potential to improve the efficiency and methods of operation in each government organization, providing added convenience and flexibility. Currently, most of government law enforcement agencies have digitized their methods of work by advancing their user services. With this new approach, have come new threats, therefore, it is necessary to develop and implement standard policies to enhance information security and privacy on all classified information systems. In this paper a novel solution is presented for protection of information up to the record level encryption by applying the Advanced Encryption Standard (AES) algorithm using derived symmetric master key. The master key is unique per each record and is calculated in the client application. The uniqueness of the derived master key is assured by applying the exclusive or operation of the key of each record and the unique key of the client. Furthermore, this paper includes a critical approach on existing cryptographic methods and proposes additional methods to protect information, such us authentication, access control, and audit.
Information security, Privacy, Encryption, Decryption, Access control, Audit
Applications that requires true random number generator (TRNG), which uses raw analog data generated from any noise source in nature, must convert the source normal distribution to uniform distribution. Many up to date implementations convert the raw analog data into digital data by employing a comparator or a Schmitt trigger. This method wastes a large amount of random input data, lowering the throughput of the TRNG. In new national electronic identity card (eID) beyond the true identity of his bearer and to address the increasing concern of user privacy while doing business in Internet an additional pseudo profile is set. This pseudo profile uses 20-byte random value generated by database server, using a script during personalization process. In this paper, we present a novel algorithm that enables efficient distribution conversion in low power devices. The low memory requirements and efficient processing make it suitable for implementation low power cryptographic devices but also in complex personalization systems. Furthermore, we compare the random data generated by our efficient TRNG vs. those generated by database server.
eID, privacy, security, random, TRNG
Teachers’ contribution in the process of improving the contemporary school performance is manifold and permanent. This study elaborates the contribution of the Kosovan teachers towards the improvement of the quality of work in primary and lower secondary school. Data were collected from 1080 teachers working in schools located in different areas in Kosovo. The data processing was done through the descriptive statistics method with the aim of extracting the characteristics of the data (average standard deviation) and the inferential statistics method in the function of the validity scale of assumptions that result from the data. The research results indicate that today, the Kosovan teachers enjoy more opportunities to influence the policies for the functionalisation and improvement of the work at school, whereas teachers with a higher level of education are more sceptical concerning the issues of influencing the policies of functionalisation and improvement of the work at school.
reform; Kosovo; teacher commitment; school performance; school improvement; decision-making.
Everything that happens in a society is transmitted and reflected indirectly in its schools. The education system in post-war Kosovo underwent radical changes, and the reform and adaptation movements affected all the links of the education system. The political, social and economic status of post-war Kosovo, as well as insufficient staffing capabilities for implementing educational reform, represent a serious challenge in the process of practical implementation of educational reform. In such transitions there are drives to transfer the experiences of the most advanced educational systems of western countries. The application of these reforms brought much disappointments, objections and dilemmas. This paper, apart from the chronological critical review of the changes the education system in Kosovo went through, compares the positive experiences of neighboring countries such as Albania, Macedonia, Serbia and Croatia, and German-speaking countries such as Germany and Austria, i.e. practices that these countries have followed to overcome the challenges that arise in education reforms. In the Kosovo context, based on the steps taken at each stage of the process, we conclude that the initiation of changes in the Kosovo education system started in disregard of the context in which these schools operate. In conclusion, the paper provides recommendations for stakeholders in the education system in order to meet the increasing demands of the society.
Kosovo, school, reform, transition, development.
Personal mobile devices currently have access to a significant portion of their user’s private sensitive data and are increasingly used for processing mobile payments. Consequently, securing access to these mobile devices is a requirement for securing access to the sensitive data and potentially costly services. Face authentication is one of the promising biometrics-based user authentication mechanisms that has been widely available in this era of mobile computing. With a built-in camera capability on smartphones, tablets, and laptops, face authentication provides an attractive alternative of legacy passwords for its memory-less authentication process, which is so sophisticated that it can unlock the device faster than a fingerprint. Nevertheless, face authentication in the context of smartphones has proven to be vulnerable to attacks. In most current implementations, a sufficiently high-resolution face image displayed on another mobile device will be enough to circumvent security measures and bypass the authentication process. In order to prevent such bypass attacks, gesture recognition together with location is proposed to be additionally modeled. Gestures provide a faster and more convenient method of authentication compared to a complex password. The focus of this paper is to build a secure authentication system with face, location and gesture recognition as components. User gestures and location data are a sequence of time series; therefore, in this paper we propose to use unsupervised learning in the long short-term memory recurrent neural network to actively learn to recognize, group and discriminate user gestures and location. Moreover, a clustering-based technique is also implemented for recognizing gestures and location.
authentication; face; smartphones; gestures; location; LSTM; neural network
In the beginning of Bologna’s process and creation of European Higher Education Area (EHEA), great importance has been to the transparency, increase of quality and concurrency between institutions of higher education. Nowadays, hot topic in higher education institutions in Europe are real-time learning outcomes, they are analyzed, projected and are evaluated today in all Europe and abroad. Traditional models and methods of success expression in learning and the degree of qualification is substituted with modern online systems. This paper proposes best practices for competence based teaching in higher education by using eCompetence software. The way these competences are organized, activities which are related to these competences and course contents which will help us to continuously evaluate students and prepare them for the labor market. Our results suggest that by implementing competence based teaching system in university evaluation and competence gaining would be more productive and would better prepare students for labor market. Consequently, this paper draws attention on provision of implementation of such a system in higher education by providing competence matrix, a competence software, and evaluation process.
Competence, E-learning, Evaluation, Competence Management System
Energy and spectral efficiency are the main challenges in 5th generation of mobile cellular networks. In this paper, we propose an optimization algorithm
to optimize the energy efficiency by maximizing the spectral efficiency. Our simulation results show a significant increase in terms of spectral efficiency as well as energy efficiency whenever the mobile user is connected to a low power indoor base station. By applying the proposed algorithm, we show the network performance improvements up to 9 bit/s/Hz in spectral efficiency and 20 Gbit/Joule increase in energy efficiency for the mobile user served by the indoor base station rather than by the outdoor base station.
Energy efficiency, 5G, radio resources, power allocation, optimization convexity
The liberalization of the higher education market and the growth of higher education service providers in the last two decades has demanded from such providers to demonstrate the quality of their activities. Research shows that universities were used to seeing excellence as a self-evident key indicator of quality in higher education, but now this self-evident indicator has been transformed into a control mechanism. In Kosovo, the concept of quality assurance through the Kosovo Accreditation Agency is relatively new, but this concept is becoming increasingly integral and important part of each higher education institution. Mechanisms for external and internal quality assurance have been established in the formal sense, the legal basis on which the quality assurance system is organized, i.e. the quality assurance requirements and standards, is well defined and applicable. This paper presents the challenges of quality assurance (external and internal), by comparing the fulfillment of these criteria over the years, then by comparing with the European quality assurance standards and guidelines as well as the good practices of some developed countries. The paper presents the conclusions, lessons learned during these years, and finally recommendations for higher education system actors to overcome these challenges.
Higher education, quality assurance, accreditation, challenges, Kosovo.
Today, we are witnessing increased demand for more speed and capacity in the Internet, and more processing power and storage in every end user device. Demand for greater performance is present in every system. Electronic devices and their hosted applications need to be fast, but not to lose their main security features. Authentication and encryption are the main processes in the security aspect, and are required for a secure communication. These processes can be executed in different devices, among them PCs, microprocessors, microcontrollers, biometric cards or mobile devices. Biometric identity cards are becoming increasingly popular, challenging traditional PC devices. This paper compares two processing systems, the efficiency of encryption and signatures on the data executed in national identity biometric card versus PC, known also as the match-on-card versus the match-off-card. It considers how different parameters impact the process and the role they play on the overall process. The results, executed with a predefined set of test vectors, determine which processing system to use in a certain situation. Final conclusions and recommendations are given taking into consideration the efficiency and security of the data.
cryptography; digital signature; match-on-card; match-off-card; eID biometric card
The mobile networks use femtocells as low power nodes to improve indoor coverage and thus achieve a high network capacity. In this paper, we focus on a combination of macrocells and femtocells in Long Term Evolution (LTE) networks. To achieve a high LTE network performance, we investigate the influence of power allocated to Evolved NodeB (eNodeBs) and Home Evolved NodeB (HeNodeBs) respectively. Using the Round Robin scheduling, while decreasing the eNodeBs transmit power and increasing the HeNodeBs transmit power, improve the user’s throughput significantly. We further demonstrate, by simulations, that applying other scheduling algorithms under the low eNodeBs transmit power and high eNodeBs, results in a significantly increased performance of LTE network.
Scheduling, transmit power, HetNet, LTE, resource block
With all features and resources, such as: social actors, social relations, content, communication, and ratings that todays’ social networks like Facebook, LinkedIn, Twitter, Google+, etc. offer to users, it still appears that at given point we have to refine and optimize our own accounts within the limits of a certain social network. In line with this trend, in this paper we present a model for efficient management of friends list in Facebook, as one of the limited resource in this social network. In order to get users data from Facebook, a web scraping technique combined with reverse image search has been adopted to ensure users authenticity. The activity between nodes (friends) on a social network is calculated based on their interactions in terms of likes, comments, shares and posts between each other. This approach led us into designing and implementing an algorithm based in these collaborative metrics, named “weight of relationship”. This algorithm calculates weights between friends on a network, and the results are evaluated by comparing these weights with respondent answers, conducted through personalized questionnaire. Consequently, this methodology brings feasible results, with an average accuracy of 71% on recommending which friends should be removed, thus releasing the space for incoming new friends. An app named RateMyFriends is developed based on presented approach.
Social networks; algorithm; efficiency; Web scraping; application
Quality of election process is a main factor for acknowledging the general election results. In this sense a feedback from voters is critical to maintain a desired process quality. Crowdsourcing is establishing as standard platform to capture feedback and new ideas from the participating stakeholders. This paper presents an efficient solution using crowdsourcing techniques for improving the quality of election processes through a simple feedback web form in polling stations. These polling stations are securely connected to Central Election Commission monitoring room, where the overall quality in national scale can be monitored. The survey conducted with more 600 respondents shows that this approach will be acceptable from citizens and will improve the total quality and acceptance of election results.
Crowdsourcing; crowd voting; privacy; security;
Local Loop Unbundling (LLU) is a process which allows the competitive Network Service Providers (NSPs) to use the telecom’s incumbent infrastructure to provide the services to their subscribers. In logical LLU, as the traffic passes through the incumbent network infrastructure, security and privacy of the NSP subscribers is of a serious concern. In this paper, we have presented a novel approach to address these concerns, by implementing the encryption on the Point to Point Protocol over Ethernet (PPPoE), in the broadband network, between the NSP Customer Premises Equipment (CPE) and Broadband Network Gateway (BNG) router. First, encryption algorithm is negotiated using the existing protocol Encryption Control Protocol (ECP), during the PPP establishment phase, and after that the PPP packet payload is encrypted using the Advanced Encryption Standard AES, 128 bit version. The encryption key is derived using the first 128 bits of the SHA256 hash of sum of the three key variables: PPPoE SESSION_ID, CPE MAC Address, and CPE serial number, which makes this encryption key unique. The proposed solution is compared to existing protocols.
AES, BNG, ECP, PPPoE, SHA256
Nowadays all organizations tend to shift their daily business processes into web. This shifting requires from web developer’s detailed knowledge about security techniques, such as Structured Query Language (SQL) injection and Cross Site Scripting Attack (XSS), otherwise the data managed and protected by web application could be exposed to not authorized parties. This paper aims to link and measure the impact of security techniques used by web developers for avoiding the vulnerabilities in web applications. We conducted a survey about the level of applicability of security techniques during web development and conducted a penetration testing for more than 110 local web sites. We discovered many vulnerabilities in these web sites and we linked the results with survey outcome.
Web security, security scanners, Web vulnerabilities, SQL injection, XSS attack
The raw analog data generated from almost any noise source in nature has a normal distribution of values. Cryptography applications usually require true random number generators (TRNGs) to output random data streams that have a uniform distribution of values. Since TRNGs use a noise source to generate the random data, and that source usually has a normal distribution, the TRNG has to convert the distribution. If the TRNG is implemented in a low power device such as a microcontroller, the algorithm for distribution conversion needs to be lightweight and efficient in terms of using as much of the raw data as possible. Current market implementations convert the analog data into digital data by employing a comparator or a Schmitt trigger. This method wastes a large amount of random input data, lowering the throughput of the TRNG. This paper presents a novel algorithm that enables distribution conversion in low power devices. The low memory requirements and efficient processing make it suitable for implementation in microcontrollers or other low power cryptographic devices. The algorithm is also flexible, allowing for any size of noise samples.
Algorithm, distribution, random, security, TRNG
Short Message Service (SMS) is the oldest application for exchanging messages between communicating parties in cellular network used by mobile phones. These messages are encrypted over-the-air with A5/1 algorithm and stored as clear text at network operator. Recent developments have shown that this algorithm is not secure any more. Compromising an access to network operator registers gains access to SMS also. For assuring privacy the SMS application must provide end-to-end encryption. In this paper we present an efficient solution for encrypting SMS between communicating parties using Advanced Encryption Standard (AES) algorithm in Android environment. Furthermore we compare the proposed solution we existing ones in market listing strengthens and limitations.
Encryption, Privacy, SMS, AES, and Android.
Authentication and privacy are central issues for acceptance of any e-Voting system in particular and growth of e-Services in general. This paper aims to: (i) to analyze the appropriate architecture and propose new efficient architecture of electronic voting system in Kosovo, and (ii) to analyze the threat vectors and their avoidance in such system. The novelty of implemented solution is based on using dynamic queue list generated based on voters arrivals and identification at the polling station. The proposed architecture enables citizens to cast their vote in any polling station, in opposite to paper form voting where citizen is linked to his predefined polling station. The national election commission configures the smart card, as part of electronic voting infrastructure, to allow decryption of number of records that matches the number of voters in final country wide voting list. The communication between polling stations and central server is encrypted with server’s public key stored in digital certificate and every casted vote is digitally signed by ballot box private key. The developed model is used to compare the costs and efficiency of e-Voting against the traditional paper based voting system in Kosovo.
Digital Signature, Privacy, Security, Smart Cards, e-Voting, X.509 Digital Certificates
Civil Registry Information System serves as an essential data source for all e-government services. Searching for a citizen’s data in Civil Registry Database is usually done by providing unique keywords such as name. Due to the similar pronunciation of some Albanian language consonants, for example gj [ɟ] and xh [d͡ ʒ], problems arise in finding citizens data, names of which are similarly pronounced, despite different spelling. This paper presents a novel approach for string matching algorithm based on Albanian names. For this paper Levenshtein distance, American Soundex and modified Soundex results are compared on a database of 271.000 citizens of Prishtina municipality. The modified Soundex algorithm accommodates basic rules of pronunciation in Albanian language and its accuracy and efficiency is better than Levenshtein distance and American
String matching, Levenshtein, Soundex, Civil Registry
In this paper is presented a novel approach for fulfilling the data security criteria in a Student Lifecycle Management System at the University of Prishtina. The four main criteria of data security such as: privacy, authentication, integrity and non-repudiation are fulfilled through carefully selected security policies. Student data privacy is achieved using the Secure Socket Layer protocol for web communication with web server. Each user, being student, academic or administrative staff is provided with unique user name and initial password in the Student Lifecycle Management System. Data integrity and non-repudiation are fulfilled using digital signatures. The novelty of implemented solution is based on extending the subject name in X.509 digital certificates and using this certificate for securing student grades, which is in full compliance with the Kosovo Law on Information Society. Public Key Infrastructure and X.509 digital certificates have been established as the most trustworthy methods for assuring data security criteria in modern software applications. Security policy enforces that digital certificate and its associated private key shall be stored in a smart card. Access to private key stored in a smart card is protected by Personal Identification Number, known only by smart card holder. This implementation was installed at the Faculty of Electrical and Computer Engineering and has successfully passed a six semester testing period and students were, for the first time in the history of the University of Prishtina, able to apply online to take an exam.
Digital Signature, Privacy, Security, Smart Cards, X.509 Digital Certificates
Security and privacy are central issues for the acceptance of online payment methods in particular and growth of the Internet market in general. Public Key Infrastructure and X.509 certificates have been established as the most trustworthy methods for assuring security in online transactions. In this work is a new approach proposed for increasing security by avoiding privacy violation using X.509 version 3 certificate private extensions and storing the certicate and its corresponding private key in the smartcard. The private key never leaves the smartcard and it can be used for encryption/decryption only after successful personal identication number presentation.
X.50g v3 identity and. attribute certificates, privacy, security encryption, digital signature, non-repudiation, online transaction, smartcards, SET.
Web Services represents a new way of invoking remote functions over standard Internet protocols. They are basic building blocks of the distributed computing over the Internet. Security and privacy are central issues for the acceptance of Web Services in particular and the growth of the Internet market in general. Public Key Infrastructure and X.509 Certificates have been established as the most trustworthy methods for assuring online security. In this thesis are compared the existing approaches for securing Web Services and proposed new approaches for increasing security by avoiding privacy violation using X.509 certificate private extensions and storing these certificates in smartcards. Adopting the Internet for every possible transaction has lead to a situation where a user has to enter extra information for completing his real profile. The aim of the thesis is to increase user privacy in online transactions. This is achieved through extending certificates with private extensions. Each extension holds encrypted data for user properties, such as: credit card number, insurance number, address, etc., and thus each online participant understands the general (public) data on the certificate and one relevant encrypted private extension.
The invention relates to first information which is determined for a first receiver. Said first information is transmitted together with secondary information, which is determined for a second receiver in a common information unit to the first receiver. The first information can be encrypted according to specifications of the first receiver. The secondary information, which can be made of several components, is encrypted according to the specifications of the second receiver, for example, with an open key, a so-called public key. Said public key encryption methods have various embodiments and security steps. Said methods ensure that the first receiver, upon receipt of the complete information, can not encrypt pieces of information therefor not intended therefor.