The influence of live customer service on consumers' likelihood of disclosing personal information

Li, Dan, active 21st century

08 August 2014

Live customer service has been used by many e-commerce brands as a method to gain consumers personal information. Previous research has found that live service agents have a positive influence on consumer perceived service quality and trust. This research aims to examine if certain type of live customer service generate better website and brand perceptions from the consumer and ultimately help in gaining consumer personal information. Results of this experimental design show that avatar selection and exposure did not significantly differ for service quality, trust, attitudes, purchase intention, and likelihood of disclosing personal information. It was also found that customers have a significant likelihood of selecting agents of the same gender. / text

Live customer service

Online privacy

Database marketing

E-commerce

Private environments for programs

Dunn, Alan Mark

25 September 2014

Commodity computer systems today do not provide system support for privacy. As a result, given the creation of new leak opportunities by ever-increasing software complexity, leaks of private data are inevitable. This thesis presents Suliban and Lacuna, two systems that allow programs to execute privately on commodity hardware. These systems demonstrate different points in a design space wherein stronger privacy guarantees can be traded for greater system usability. Suliban uses trusted computing technology to run computation-only code privately; we refer to this protection as "cloaking". In particular, Suliban can run malicious computations in a way that is resistant to analysis. Suliban uses the Trusted Platform Module and processor late launch to create an execution environment entirely disjoint from normal system software. Suliban uses a remote attestation protocol to demonstrate to a malware distribution platform that the environment has been correctly created before the environment is allowed to receive a malicious payload. Suliban's execution outside of standard system software allows it to resist attackers with privileged operating system access and those that can perform some forms of physical attack. However, Suliban cannot access system services, and requires extra case-by-case measures to get outside information like the date or host file contents. Nonetheless, we demonstrate that Suliban can run computations that would be useful in real malware. In building Suliban, we uncover which defenses are most effective against it and highlight current problems with the use of the Trusted Platform Module. Lacuna instead aims at achieving forensic deniability, which guarantees that an attacker that gains full control of a system after a computation has finished cannot learn answers to even binary questions (with a few exceptions) about the computation. This relaxation of Suliban's guarantees allows Lacuna to run full-featured programs concurrently with non-private programs on a system. Lacuna's key primitive is the ephemeral channel, which allows programs to use peripherals while maintaining forensic deniability. This thesis extends the original Lacuna work by investigating how Linux kernel statistics leak private session information and how to mitigate these leaks. / text

System-level privacy

Code obfuscation

Data leaks

Trusted computing

Virtualization

Communication strategies to restore or preserve informational and psychological privacy; the effects of privacy invasive questions in the health care context

Le Poire, Beth Ann, 1964-

January 1988

This investigation explored the role of informational and psychological privacy in the health context by examining the relationship between type of relationship (physician versus acquaintance), type of observation (self-report versus observation), and communication strategies used to restore or preserve privacy (interaction control, dyadic strategies, expressions of negative arousal, blocking and avoidance, distancing, and confrontation). It was hypothesized and confirmed that individuals report exhibiting more behaviors to restore or preserve informational privacy in response to an informationally privacy-invasive question posed by an acquaintance than by a physician. The hypothesis that presentation of an informationally privacy invasive question by the physician causes patients to exhibit more communication strategies after the privacy invasive question than before, was unsupported. Finally, the hypothesis that individuals actually exhibit more privacy restoration behaviors than they report using in a similar situation with their physician was also unsupported. Patients reported using more communication strategies than they actually exhibited. One confound to the self reports was that videotaped participants reported the use of fewer direct privacy restoring communication strategies than non-videotaped.

Privacy, Right of.

Patient compliance.

Physician and patient.

Acceptance of a Remote Desktop Access System to Increase Workspace Awareness

Williams, Jennifer

January 2000

Awareness systems are being designed and implemented to improve employee connections. This study examines the variables that affect the acceptance of an awareness system. The awareness system that was used for this research was a remote desktop access system. The independent variables investigated were the degree of detail that can be viewed on a desktop, whether the users can control who can access their desktops, whether the users can control when others have access to their desktops, the equality of access to others' desktops, and task-technology fit. In determining the effect of the independent variables on acceptance, the dependent variable, the mediating variables of privacy and fairness were taken into account. There was a preliminary survey conducted to determine appropriate situations to be used in the scenario descriptions for the survey for the main study. The methodology of policy-capturing surveys was utilized to conduct the survey for the main study in order to investigate the model developed in this study. The policy-capturing survey was pre-tested on University of Waterloo students. The main study was conducted in two different organizations, the subjects for the first study were employees from the Information Systems and Technology Department at the University of Waterloo and the subjects for the second study were employees from Ciber Incorporated. Results indicate that perceptions of privacy and perceptions of fairness have significant effects on acceptance. Also, perceptions of privacy and fairness are related to details in the design of the remote desktop access system. This research may be a contribution to this field since little research has been conducted in this area and implications can be drawn for future research on acceptance of awareness systems.

Management

awareness systems

privacy

fairness

acceptance

activity-based

Ringing the bell; sounding the alarm a proposal for the simultaneous advancement of security and privacy

Novak, Kneilan K.

03 1900

CHDS State/Local / The need for domestic intelligence and information sharing to detect indications and warnings of terrorist acts and prevent them has raised privacy and civil liberties concerns. The relationship between national security and privacy and civil liberties is often modeled as a scale with security on one end and privacy and civil liberties on the other. Success is said to be achieved when security and privacy are balanced. This model forces these values to be traded in a zero-sum game. A new model that decreases the "cost" to privacy and increases the "value" to security is needed. Technological, policy and organizational innovation hold promise in designing new intelligence and information-sharing architectures capable of detecting indications and warnings of terrorism and protecting the privacy and civil liberties of Americans. Using government documents that articulate attributes for a terrorism early warning system and widely accepted privacy principles as design requirements, the thesis examines technologies that could meet the challenges of both security and privacy. Designing and building a system that supports both security and privacy will benefit both. The thesis argues, this system will enable the Nation to fight terrorism while upholding the liberties that form the core values of the American people. / Captain (Capt), US Northern Command (Northcom) - NORAD J5

Civil defense

United States

Privacy, Right of

Electronic intelligence

Terrorism

Prevention

Between City Street and River Bed: An Urban Indoor Park

Salley, Meredith

26 April 2012

A park is a place of many uses. A place to: walk, sit, reflect, eat, play, gather, people-watch, work, re-energize. A park can be quiet, loud, busy, or slow, sometimes all at once. Parks bring together friends, family, and people who may not otherwise ever interact with each other. Everyone has their own place in a park. This park intertwines open, public space with intimate, private space throughout. The question of how to attain privacy within a potentially very bustling public space is examined in depth and carefully considered throughout this design process.

park

indoor

privacy

public

urban

Art and Design

Arts and Humanities

Privacy Issues in Decentralized Online Social Networks and other Decentralized Systems

Greschbach, Benjamin

January 2016

Popular Online Social Networks (OSNs), such as Facebook or Twitter, are logically centralized systems. The massive information aggregation of sensitive personal data at the central providers of these services is an inherent threat to the privacy of the users. Leakages of these data collections happen regularly – both intentionally, for example by selling of user data to third parties and unintentionally, for example when outsiders successfully attack a provider. Motivated by this insight, the concept of Decentralized Online Social Networks (DOSNs) has emerged. In these proposed systems, no single, central provider keeps a data collection of all users. Instead, the data is spread out across multiple servers or is distributed completely among user devices that form a peer-to-peer (P2P) network. Encryption is used to enforce access rights of shared content and communication partners ideally connect directly to each other. DOSNs solve one of the biggest privacy concerns of centralized OSNs in a quite forthright way – by getting rid of the central provider. Furthermore, these decentralized systems can be designed to be more immune to censorship than centralized services. But when decentralizing OSNs, two main challenges have to be met: to provide user privacy under a significantly different threat model, and to implement equal usability and functionality without centralized components. In this work we analyze the general privacy-problems in DOSNs, especially those arising from the more exposed metadata in these systems. Furthermore, we suggest three privacy-preserving implementations of standard OSN features, i.e. user authentication via password-login, user search via a knowledge threshold and an event invitation system with fine-grained privacy-settings. These implementations do not rely on a trusted, central provider and are therefore applicable in a DOSN scenario but can be applied in other P2P or low-trust environments as well. Finally, we analyze a concrete attack on a specific decentralized system, the Tor anonymization network, and suggest improvements for mitigating the identified threats. / Populära sociala nätverkstjänster som Facebook och Instagram bygger på en logiskt centraliserad systemarkitektur. Tjänsteleverantörerna har därför tillgång till omfattande ansamlingar av känsliga personuppgifter,vilket innebär en oundviklig risk för integritetskränkningar. Med jämna mellanrum läcks dessa informationsansamlingar till tredje part – antingen när tjänsteleverantören själv säljer eller ger dem tillexterna aktörer, eller när obehöriga får åtkomst till tjänsteleverantörens datasystem. Decentraliserade sociala nätverkstjänster (eng. Decentralized Online Social Networks, DOSNs) är en lovande utveckling för att minska denna risk och för att skydda användarnas personliga information såväl från tjänsteleverantören som från tredje part. Ett vanligt sätt att implementera ett DOSN är genom en icke-hierarkisk nätverksarkitektur (eng. peer-to-peer network) för att undvika att känsliga personuppgifter samlas på ett ställe som är under tjänsteleverantörens kontroll. Kryptering används för att skydda kommunikationen och för att realisera åtkomstkontrollen av information som ska delas med andra användare. Att inte längre ha en tjänsteleverantör som har tillgång till all data innebär att den största riskfaktorn for integritetskränkningar tas bort. Men genom att ersätta den centrala tjänsteleverantören med ett decentraliserat system tar vi även bort ett visst integritetsskydd. Integritetsskyddet var en konsekvens av att förmedlingen av all användarkommunikation skedde genom tjänsteleverantörens servrar. När ansvaret för lagring av innehållet, hantering av behörigheterna, åtkomst och andra administrativa uppgifter övergår till användarna själva, blir det en utmaning att skydda metadata för objekt och informationsflöden, även om innehållet är krypterat. I ett centraliserat system är dessa metadata faktiskt skyddade av tjänsteleverantören – avsiktligt eller som en sidoeffekt. För att implementera de olika funktioner som ska finnas i ett integritetsskyddande DOSN, är det nödvändigt både att lösa dessa generella utmaningar och att hantera frånvaron av en betrodd tjänsteleverantör som har full tillgång till all data. Användarautentiseringen borde till exempel ha samma användbarhet som i centraliserade system. Det vill säga att det är lätt att ändra lösenordet, upphäva rättigheterna för en stulen klientenhet eller återställa ett glömt lösenord med hjälp av e-post eller säkerhetsfrågor – allt utan att förlita sig på en betrodd tredje part. Ett annat exempel är funktionen att kunna söka efter andra användare. Utmaningen där är att skydda användarinformationen samtidigt som det måste vara möjligt att hitta användare baserad på just denna informationen. En implementation av en sådan funktion i ett DOSN måste klara sig utan en betrodd tjänsteleverantör som med tillgång till alla användardata kan upprätthålla ett globalt sökindex. I den här avhandlingen analyserar vi de generella risker för integritetskränkningar som finns i DOSN, särskilt de som orsakas av metadata. Därutöver föreslår vi tre integritetsskyddande implementationer av vanliga funktioner i en social nätverkstjänst: lösenordsbaserad användarautentisering, en användarsökfunktion med en kunskapströskel och en inbjudningsfunktion för evenemang med detaljerade sekretessinställningar. Alla tre implementationerna är lämpliga för DOSN-scenarier eftersom de klarar sig helt utan en betrodd, central tjänsteleverantör, och kan därför även användas i andra sammanhang såsom icke-hierarkiska nätverk eller andra system som måste klara sig utan en betrodd tredje part. Slutligen analyserar vi en attack på ett specifikt decentraliserat system, anonymitetstjänsten Tor, och diskuterar hur systemet kan skyddas mot de analyserade sårbarheterna. / <p>QC 20161115</p>

Privacy

Online Social Networks

Decentralized Online Social Networks

Dynamic User Defined Permissions for Android Devices

Stelly, Christopher D

20 December 2013

Mobile computing devices have become an essential part of everyday life and are becoming the primary means for collecting and storing sensitive personal and corporate data. Android is, by far, the dominant mobile platform, which makes its permissions model responsible for securing the vast majority of this sensitive data. The current model falls well short of actual user needs, as permission assignments are made statically at installation time. Therefore, it is impossible to implement dynamic security policies that could be applied selectively depending on context. Users are forced to unconditionally trust installed apps without means to isolate them from sensitive data. We describe a new approach, app sanitization, which automatically instruments apps at installation time, such that users can dynamically grant and revoke individual permissions. The main advantage of our technique is that it runs in userspace and utilizes standard aspect-oriented methods to incorporate custom security controls into the app.

android

security

privacy

permissions

instrumentation

aspect oriented programming

appsanitizer

Privacidad de ubicación para un sistema de monitoreo de la calidad de acceso a internet móvil: Location privacy for a monitoring system of the quality of access to mobile internet

Font Brevis, Giselle Alejandra

January 2015

Magíster en Ciencias, Mención Computación / Ingeniera Civil en Computación / Con el objeto de medir la calidad de acceso a Internet móvil, NIC Chile Research Labs desarrolló Adkintun Mobile, un monitor pasivo instalado en los celulares de usuarios voluntarios. Periódicamente, la aplicación registra datos relativos al estado de la red, los que son enviados a un servidor que los recolecta. Los investigadores del laboratorio tienen acceso a los datos almacenados por el colector. A partir de la conexión a las antenas de celulares, la ubicación del dispositivo puede ser deducida, por lo que la ubicación de los usuarios queda expuesta a la vista de los investigadores, lo que resulta preocupante desde el punto de vista de la privacidad de ubicación de los individuos. Más aún, sólo cuatro puntos espacio temporales son suficientes para reidentificar al 95% de la población a partir de una base de datos anonimizada. Es por ello que este trabajo se enfoca en resolver el problema usando un enfoque criptográfico. Se propone un modelo en el que los investigadores pueden acceder, consultar y calcular agregaciones sobre los datos almacenados, pero sólo obteniendo de la ubicación de los individuos el resultado de las agregaciones. El modelo utiliza encriptación homomórfica para resguardar la privacidad de ubicación. La información relativa a la ubicación es enviada encriptada desde los celulares hacia el servidor. El servidor puede calcular homomórficamente funciones predefinidas, como contar el número de usuarios en un determinado lugar. Las consultas a la base de datos y la desencriptación, se ejecutan en capas separadas, para evitar que la llave secreta sea utilizada en la desencriptación directa de los datos. Se implementaron dos versiones de la capa de privacidad de ubicación, con encriptación completamente homomórfica (FHE) usando el esquema BGV, y con encriptación parcialmente homomórfica (PHE) usando el esquema Paillier. El desempeño y overhead del sistema, muestran que el modelo es adecuado para cálculo offline de estadísticas. Las contribuciones de este trabajo consisten en proponer una aplicación práctica de FHE para privacidad de ubicación; y discutir sobre el trade-off entre privacidad de ubicación y el desempeño del sistema en ambas implementaciones (FHE y PHE). -------------------------- In order to measure the quality of access to mobile Internet, NIC Chile Research Labs developed Adkintun Mobile, a passive monitor installed in volunteer users' mobile phones. Periodically, the client application records data related to network state, which is sent to the collector server. Researchers of the laboratory have access to such stored data. Since from connexion to antennas location can be deduced, location data of individuals is exposed to researchers, which is a concern for location privacy. Moreover, as only four spatio-temporal points are enough to identify 95\% of the population in an anonymized dataset, this work takes a cryptographic approach to solve the problem. We propose a model where researchers can access, query and compute aggregations on stored data, learning nothing more about users' location than the result of the aggregation. Our model uses homomorphic encryption to preserve location privacy. Location data is sent encrypted from mobile devices to the server. The server can homomorphically evaluate predefined functions such as counting the number of users in a given location. Query and result decryption are performed from a separate layer, which protects the secret key from being used for direct decryption of the records. We implemented two versions of the location privacy layer using a Leveled Fully Homomorphic encryption (FHE) scheme (BGV), and a Partial (additive) Homomorphic encryption (PHE) scheme (Paillier). The overhead and performance evaluation show that both versions are adequate for offline statistical analysis. The contribution of this work is to propose a practical use of FHE for location privacy; and to discuss the trade-off between location privacy and system performance for implementations using FHE and PHE.

Internet

Location privacy

Garantía de calidad

qSCMS: post-quantum security credential management system for vehicular communications. / qSCMS: sistema de gerenciamento de credenciais de segurança pós-quântico para comunicações veiculares.

Oliveira, Jefferson Evandi Ricardini Fernandes de

26 April 2019

With the increasing demand for intelligent transportation systems (ITS), security and privacy requirements are paramount. This demand led to many proposals aimed at creating a Vehicular Public Key Infrastructure (VPKI) able to address such prerequisites. Among them, the Security Credential Management System (SCMS) is particularly promising, providing data authentication in a privacy-preserving manner and supporting the revocation of misbehaving vehicles. Namely, one of the main benefits of SCMS is its so-called butterfly key expansion process, which issues arbitrarily large batches of pseudonym certificates through a single request. Despite SCMS\'s appealing design, in this document, we show that its certificate issuing process can be improved. Namely, this protocol originally requires the vehicle to provide two separate public/private key pairs to registration authorities; we now propose an improved approach that unifies them into a single key pair. We also show that such performance gains come with no negative impact in terms of security, flexibility or scalability when compared to the original SCMS. Besides the improvement on the initial Elliptic Curve based protocol, we present a post-quantum version of the protocol using Ring Learning-with-errors (R-LWE) assumption. This new protocol has the same shape and features of the original one, but using R-LWE-based signature and encryption as underlying schemes and Lattices operation for the key issuing instead of Elliptic Curves. / Com o aumento da demanda por Sistemas de Transporte Inteligentes (ITS - intelligent transportation systems), requisitos de segurança de informação e privacidade são primordiais. Isso levou a muitas propostas visando a criação de uma infraestrutura de chave pública veicular (VPKI - Vehicular Public Key Infrastructure) capaz de atender esses requisitos. Entre estes, o Sistema de Gerenciamento de Credenciais de segurança (SCMS - Security Credential Management System) é particularmente promissor. Ele provê autenticação de dados de uma maneira a preservar a privacidade e também suporta revogação de veículos que apresentem comportamento inadequado. Especificamente, um dos principais benefícios do SCMS é o chamado processo de butterfly key expansion, que emite lotes arbitrariamente grandes de certificados para pseudônimos a partir de única requisição. Embora este protocolo originalmente exija que o veículo forneça dois pares de chaves públicas/privadas separadas para as autoridades de registro, aqui é proposta uma abordagem aprimorada que as unifica em um único par de chaves. Também é mostrado esse ganho de desempenho não causa nenhuma deterioração em termos de segurança, flexibilidade ou escalabilidade quando comparado ao SCMS original. Além das melhorias no protocolo original baseado em curvas elípticas, aqui é apresentada uma versão pós-quântica do protocolo usando a hipótese de segurança R-LWE (Ring Learning-with-errors). Este novo protocolo tem o mesmo formato e características do original, mas usa assinatura e cifração baseada em R-LWE como esquemas subjacentes e operações em reticulados para o processo de emissão de chaves em vez de curvas elípticas.

Algorithms

Algoritmos

Criptologia

Criptology

Lattices

Privacidade

Privacy

Reticulados