Global ETD Search

401	Understanding Susceptibility to Social Engineering Attacks Through Online Privacy Behaviors Glaris Lancia Raja Arul (11794286) 19 December 2021 (has links) <p>Human-based social engineering attacks continue to grow in popularity, with increasing numbers of cases reported yearly. This can be accredited to the ease with which common social engineering attacks can be launched, and the abundance of information available online that attackers can use against their targets. Current mitigative strategies and awareness trainings against social engineering attacks incorporate an understanding of the major factors that influence individual susceptibility to social engineering attacks. These strategies emphasize an engagement in secure behaviors and practices, especially with respect to identifying the key indicators in any form of communication or situation that can classify it as a social engineering attack. There is also an emphasis on restricting the amount of information that individuals should share about themselves in workplace settings. However, these approaches do not comprehensively consider the different intrinsic motivations that individuals develop to engage in the protective behaviors necessary to assure their safety against social engineering attacks, regardless of environment. Individual attitudes and behaviors about online privacy could hold the key to defending oneself by way of restricting unwarranted access to associated information online. Psychological traits and attitudes developed in response to the perception of social engineering as a threat could act as motivators for engaging in privacy protective behaviors, which in turn could affect the extent to which an individual can protect themselves from social engineering attacks. This thesis investigates the role of privacy protective behaviors in impacting an individual’s susceptibility to social engineering attacks and the impacts of specific privacy factors as motivating antecedents to engagement in privacy protective behaviors.</p> Online Privacy Social Engineering Privacy Behaviors
402	Complying with the GDPR in the context of continuous integration Li, Ze Shi 08 April 2020 (has links) The full enforcement of the General Data Protection Regulation (GDPR) that began on May 25, 2018 forced any organization that collects and/or processes personal data from European Union citizens to comply with a series of stringent and comprehensive privacy regulations. Many software organizations struggled to comply with the entirety of the GDPR's regulations both leading up and even after the GDPR deadline. Previous studies on the subject of the GDPR have primarily focused on finding implications for users and organizations using surveys or interviews. However, there is a dearth of in-depth studies that investigate compliance practices and compliance challenges in software organizations. In particular, small and medium enterprises are often neglected in these previous studies, despite small and medium enterprises representing the majority of organizations in the EU. Furthermore, organizations that practice continuous integration have largely been ignored in studies on GDPR compliance. Using design science methodology, we conducted an in-depth study over the span of 20 months regarding GDPR compliance practices and challenges in collaboration with a small, startup organization. Our first step helped identify our collaborator's business problems. Subsequently, we iteratively developed two artifacts to address those business problems: a set of privacy requirements operationalized from GDPR principles, and an automated GDPR tool that tests these GDPR-derived privacy requirements. This design science approach resulted in five implications for research and for practice about ongoing challenges to compliance. For instance, our research reveals that GDPR regulations can be partially operationalized and tested through automated means, which is advantageous for achieving long term compliance. In contrast, more research is needed to create more efficient and effective means to disseminate and manage GDPR knowledge among software developers. / Graduate Requirements Engineering GDPR Privacy Empirical Study Design Science Methodology Privacy Compliance Continuous Software Engineering Continuous Integration
403	Privacy Preserving Systems With Crowd Blending Mohsen Minaei (9525917) 16 December 2020 (has links) <p>Over the years, the Internet has become a platform where individuals share their thoughts and personal information. In some cases, these content contain some damaging or sensitive information, which a malicious data collector can leverage to exploit the individual. Nevertheless, what people consider to be sensitive is a relative matter: it not only varies from one person to another but also changes through time. Therefore, it is hard to identify what content is considered sensitive or damaging, from the viewpoint of a malicious entity that does not target specific individuals, rather scavenges the data-sharing platforms to identify sensitive information as a whole. However, the actions that users take to change their privacy preferences or hide their information assists these malicious entities in discovering the sensitive content. </p><p><br></p><p>This thesis offers Crowd Blending techniques to create privacy-preserving systems while maintaining platform utility. In particular, we focus on two privacy tasks for two different data-sharing platforms— i) concealing content deletion on social media platforms and ii) concealing censored information in cryptocurrency blockchains. For the concealment of the content deletion problem, first, we survey the users of social platforms to understand their deletion privacy expectations. Second, based on the users’ needs, we propose two new privacy-preserving deletion mechanisms for the next generation of social platforms. Finally, we compare the effectiveness and usefulness of the proposed mechanisms with the current deployed ones through a user study survey. For the second problem of concealing censored information in cryptocurrencies, we present a provably secure stenography scheme using cryptocurrencies. We show the possibility of hiding censored information among transactions of cryptocurrencies.</p> Applied Computer Science Computer System Security Crowd Blending Privacy Deletion Privacy Censorship Social Media
404	Personlig integritet på internet : Webbkakor och risken för kränkning av användares personliga integritet Franck, Adéle January 2021 (has links) The purpose of the essay is to examine and analyze if individuals are ensured anefficient protection against violations of personal integrity when using cookiesonline. This is done through both a de lege lata and a de lege ferenda perspective.To do this a technical perspective of what cookies are is applied, as well as howthey can amount to a threat to personal integrity. What personal integrity is andhow it can be protected are questions which are answered through the methodof legal dogmatics as well as the EU legal method, while the question if the protectionis sufficient is answered through the method of legal informatics. The investigation in the matter led to the result of a definition of what is tobe understood by personal integrity within the framework of the essay, whichcan be described as the right to have control over the spread of sensitive information.In addition to this it is shown in the essay that personal integrity in relationto cookies is protected through the means of collecting consent before placingcookies. The mechanism of collecting consent is in theory an appropriate wayto ensure control for the individual. Even so, practical studies in the field indicatethat the regulation does not meet compliance by the market participants sufficientlywhen collecting consent to the use of cookies. Due to this it cannot beclaimed that personal integrity is efficiently protected in practice. Since the de lege lata result show indications of lack of compliance the conclusionis that the current regulations are not sufficiently enough protecting personalintegrity of individuals. The forthcoming e-Data protection Regulationmight offer some solutions to this compliance issue, but as shown in the de legeferenda-discussion there is a need to combine regulatory solutions with technicaltools to enforce a comprehensive compliance by the market participants in practice.The combined solution will give both individuals and supervisory authoritiesthe tools necessary to protect personal integrity, while the collection of consentcan continue to be the regulatory mechanism used to protect personal integrity. cookies consent personal integrity GDPR e-privacy directive webbkakor samtycke personlig integritet GDPR e-privacy direktivet Law Juridik
405	Factors Associated with Behavioral Intention to Disclose Personal Information on Geosocial Networking Applications Cox, Trissa 05 1900 (has links) Information privacy is a major concern for consumers adopting emerging technologies dependent on location-based services. This study sought to determine whether a relationship exists among factors of personalization, locatability, perceived playfulness, privacy concern and behavioral intention to disclose personal information for individuals using location-based, geosocial networking applications. Questionnaire responses from undergraduate students at a 4-year university provide insight into these relationships. Multiple regression results indicated that there was a statistically significant relationship between the four significant predictor variables and the dependent variable. Analysis of beta weights, structure coefficients, and commonality analysis shed light on the variance attributable to the predictor variables of the study. Findings provide understanding of the specific factors examined in the study and have implications for consumers, businesses, application designers, and policymakers. The results from this study contribute to an understanding of technology acceptance theory and offer insight into competing beliefs that may affect an individual’s behavioral intention to disclose personal information. Knowledge gained form the study may be useful for overcoming challenges related to consumer adoption of location-based services that require disclosure of personal information. Information privacy location-based services perceived playfulness locatability personalization privacy concern behavioral intention
406	Resolving the Privacy Paradox: Bridging the Behavioral Intention Gap with Risk Communication Theory Wu, Justin Chun Wah 30 September 2019 (has links) The advent of the Internet has led to vastly increased levels of data accessibility to both users and would-be attackers. The privacy paradox is an established phenomenon wherein users express concern about resultant security and privacy threats to their data, but nevertheless fail to enact the host of protective measures that have steadily become available. The precise nature of this phenomenon, however, is not a settled matter. Fortunately, risk communication theory, a discipline devoted to understanding the factors involved in risk-oriented decision-making and founded in years of empirical research in public health and disaster awareness domains, presents an opportunity to seek greater insight into this problem. In this dissertation, we explore the application of principles and techniques from risk communication theory to the question of factors in the grassroots adoption of secure communication technologies. First, we apply a fundamental first-step technique in risk communication—mental modeling—toward understanding users' perceptions of the structure, function, and utility of encryption in day-to-day life. Second, we apply principles of risk communication to system design by redesigning the authentication ceremony and its associated messaging in the Signal secure messaging application. Third, we evaluate the applicability of a core decision-making theory—protection motivation theory—toward the problem of secure email adoption, and then use this framework to describe the relative impact of various factors on secure email adoption. Finally, we evaluate perceptions of risk and response with respect to the adoption of secure email features in email scenarios of varying sensitivity levels. Our work identifies positive outcomes with respect to the impact that risk messaging has on feature adoption, and mixed results with respect to comprehension. We highlight obstacles to users' mental interactions with encryption, but offer recommendations for progress in the adoption of encryption. We further demonstrate that protection motivation theory, a core behavioral theory underlying many risk communication approaches, has the ability to explain the factors involved in users' decisions to adopt or not adopt in a way that can at least partially explain the privacy paradox phenomenon. In general, we find that the application of even basic principles and techniques from risk communication theory do indeed produce favorable research outcomes when applied to this domain. privacy paradox risk communication online privacy usable security Physical Sciences and Mathematics
407	Privacy concerns of Indonesian Internet users : Investigating the level of concern among ecommerce users Rusna, Rusna January 2022 (has links) The growth of digital marketing has poses a challenge in the area of online privacy and ethical conduct. Internet users in Indonesia, a country with with an immense amount of Internet users, have suffered from many online privacy threats such as personal data trading and online scams. As previous studies have shown that users’ online protective behaviors are influenced by their level of concerns, this study aims to investigate the users’ concerns about their online privacy, as well as the motivations, with a focus on the e-commerce sector. The study used a context-based questionnaire method developed based on IUIPC, to investigate the level of concern and the motivations, as well as statistical correlation analysis to measure the influence of privacy awareness and Internet knowledge towards privacy concerns. The study was distributed to adult Internet users in Indonesia that use the Internet for e-commerce and have a minimum education level of high school. The results revealed that in general eight out of ten users are concerned about their personal data online. Specifically, in the privacy concerns dimension of Control, Collection, and Awareness, the users are most concerned about having control over their data and the collection of identifiable information, but less concerned about the absence of privacy policy and the collection of non-identifiable information such as their views and interest. The biggest reason for the users to feel concerned is the worry of data misuse such as fraud, whereas the reasons to be less concerned include applying self-protection online behavior, trust in the services used, and acceptance of trade-off and control loss. Finally, only the awareness of online fraud has shown a significant correlation to the level of privacy concerns out of six privacy awareness and Internet knowledge items assessed. / Tillväxten av digital marknadsföring har inneburit en utmaning när det gäller sekretess online och etiskt uppförande. Internetanvändare i Indonesien, ett land med en enorm mängd internetanvändare, har drabbats av många integritetshot på nätet som handel med personuppgifter och bedrägerier online. Eftersom tidigare studier har visat att användarnas skyddsbeteende online påverkas av deras oro, syftar denna studie till att undersöka användarnas oro för deras online integritet, såväl som motivationerna, med fokus på e-handelssektorn. Studien använde en kontextbaserad frågeformulärmetod utvecklad baserad på IUIPC, för att undersöka graden av oro och motivationerna, samt statistisk korrelationsanalys för att mäta inverkan av integritetsmedvetenhet och internetkunskap mot integritetsproblem. Studien distribuerades till vuxna internetanvändare i Indonesien som använder internet för e-handel och som har en lägsta utbildningsnivå på gymnasiet. Resultaten avslöjade att åtta av tio användare i allmänhet är oroliga över sina personuppgifter online. Specifikt när det gäller integritetsfrågorna för kontroll, insamling och medvetenhet är användarna mest oroade över att ha kontroll över sina data och insamlingen av identifierbar information, men mindre oroade över avsaknaden av integritetspolicy och insamlingen av icke-identifierbar information såsom deras åsikter och intresse. Den största anledningen till att användarna känner sig oroliga är oro för datamissbruk såsom bedrägeri, medan skälen att vara mindre oroliga inkluderar att tillämpa självskyddande onlinebeteende, förtroende för de tjänster som används och acceptera avvägningar och kontrollförlust. Slutligen har endast medvetenheten om onlinebedrägerier visat en signifikant korrelation till nivån av integritetsproblem av sex sekretessmedvetenhet och internetkunskapsobjekt som bedömts. privacy concerns privacy motivations e-commerce survey Computer and Information Sciences Data- och informationsvetenskap
408	Privacy management in a digital age: A study of alternative conceptualizations of privacy in digital contexts Åkerberg, Linnea January 2018 (has links) Digital technologies are challenging the notions of integrity. This has clearly been proved by people’s use of digital services and products that constantly is increasing. This means that digital services and products continue to develop to fit in on the user’s behavior patterns, and thus meet individual demand. But what developers and users during this development have failed to take into account, is the matter of privacy where the limits of perceptual information and public information lack clear boundaries. The aim of this master thesis is to collect valuable insights into users perception of integrity and privacy in both digital and analog contexts. By using mixed methods with a reversed exploratory sequential design approach, it was possible to explore and map out users perception and prerequisites for when and under what circumstances they choose to share private data. In order to reach the purpose of this study, an online survey and an adapted Cultural probe were conducted. The results of these methods then became the base of a design process that suggests a proposal on how alternative integrity concepts can be constructed. Integrity alternative concepts of privacy privacy digital convenience Engineering and Technology Teknik och teknologier
409	Privacy by Design & Internet of Things: managing privacy Alhussein, Nawras January 2018 (has links) Personlig integritet motsvarar det engelska begreppet privacy, som kan uttryckas som rätten att få bli lämnad ifred. Det har ifrågasatts många gånger om personlig integritet verkligen finns på internet, speciellt i Internet of Things-system eller smarta system som de också kallas. Fler frågor ställs i samband med att den nya allmänna dataskyddsförordningen inom europeiska unionen börjar gälla i maj. I detta arbete studeras privacy by design-arbetssättet som den allmänna dataskyddsförordningen (GDPR) bland annat kommer med. I studien besvaras om privacy by design kommer kunna öka skyddet av den personliga integriteten i Internet of Things-system. För- och nackdelar tas upp och hur företag och vanliga användare påverkas. Genom en litteraturstudie och två intervjuer har frågan kunnat besvaras. Det visade sig att en stor del av problematiken inom Internet of Things avseende personlig integritet kan lösas genom att styra data. I privacy by design-arbetssättet ingår att skydda data i alla tillstånd genom olika metoder som kryptering. På det sättet bidrar privacy by design till ökad säkerhet inom Internet of Things-system. / Privacy means the right to be left alone. It has been questioned many times if privacy really exists on the internet, especially in Internet of Things systems or smart systems as they are also called. More questions occur when the new general data protection regulation (GDPR) within the European Union applies in May. In this paper privacy by design that the general data protection regulation comes with is being studied. This study answers whether privacy by design will be able to increase the protection of privacy in Internet of Things systems. Advantages and disadvantages are also addressed and how companies and common users are affected by the implementation of privacy by design. The question has been answered by a literature review and two interviews. It turned out that a significant part of the problems in Internet of Things regarding privacy may be solved by data management. The privacy by design includes protection of data in all states through different methods such as encryption. In this way, privacy by design contributes to increased security within Internet of Things system. Internet of Things Privacy by design General data protection regulation Privacy GDPR Security Engineering and Technology Teknik och teknologier
410	Adaptable Privacy-preserving Model Brown, Emily Elizabeth 01 January 2019 (has links) Current data privacy-preservation models lack the ability to aid data decision makers in processing datasets for publication. The proposed algorithm allows data processors to simply provide a dataset and state their criteria to recommend an xk-anonymity approach. Additionally, the algorithm can be tailored to a preference and gives the precision range and maximum data loss associated with the recommended approach. This dissertation report outlined the research’s goal, what barriers were overcome, and the limitations of the work’s scope. It highlighted the results from each experiment conducted and how it influenced the creation of the end adaptable algorithm. The xk-anonymity model built upon two foundational privacy models, the k-anonymity and l-diversity models. Overall, this study had many takeaways on data and its power in a dataset. anonymization models data privacy data processing k-anonymity l-diversity privacy-preserving models Computer Sciences

Search results