The Interplay of Web Aggregation and Regulation

Zhu, Hongwei, Madnick, Stuart E., Siegel, Michael D.

01 1900

The development of web technology has led to the emergence of web aggregation, a service that collects existing web data and turns them into more useful information. We review the development of both comparison and relationship aggregation and discuss their impacts on various stakeholders. The aggregator’s capability of transparently extracting web data has raised challenging issues in database and privacy protection. Consequently, new regulations are introduced or being proposed. We analyze the interactions between aggregation and related policies and provide our insights about the implications of new policies on the development of web aggregation. / Singapore-MIT Alliance (SMA)

international IP law

privacy law

web aggregation

intellectual property

RFID in the retail sector a methodology for analysis of policy proposals and their implications for privacy, economic efficiency and security /

Bitko, Gordon.

January 2007

Thesis (Ph.D.)--RAND Graduate School, 2007. / Includes bibliographical references.

Privacy in the next generation Internet. Data proection in the context of European Union policy

Escudero-Pascual, Alberto

January 2002

With the growth in social, political and economic importanceof the Internet, it has been recognized that the underlyingtechnology of the next generation Internet must not only meetthe many technical challenges but must also meet the socialexpectations of such a pervasive technology. As evidence ofthe strategic importance of the development of the Internet,the European Union has adopted a communication to the Counciland the European Parliament focusing on the next generationInternet and the priorities for action in migrating to the newInternet protocol IPv6 andalso a new Directive (2002/58/EC) on'processing of personal data and protection of privacy in theelectronic communication sector'. The Data Protection Directiveis part of a package of proposals for initiatives which willform the future regulatory framework for electroniccommunications networks and services. The new Directive aims toadapt and update the existing Data ProtectionTelecommunications Directive (97/66/EC) to take account oftechnological developments. However, it is not well undersoodhow this policy and the underlying Internet technology can bebrought into alignment. This dissertation builds upon the results of my earlierlicentiate thesis by identifying three specific, timely, andimportant privacy areas in the next generation Internet: uniqueidentifiers and observability, privacy enhanced location basedservices, and legal aspects of data traffic. Each of the three areas identified are explored in the eightpublished papers that form this dissertation. The paperspresent recommendations to technical standarization bodies andregulators concerning the next generation Internet so that thistechnology and its deployment can meet the specific legalobligations of the new European Union data protectiondirective.

location privacy

IPv6

data protection

mobile internet

PUL

Opportunistic Routing for Enhanced Source-location Privacy in Wireless Sensor Networks

Spachos, Petros

11 January 2011

Wireless sensor networks (WSN) are an attractive solution for a plethora of communication applications, such as unattended event monitoring and tracking. One of the looming challenges that threaten the successful deployment of these sensor networks is source-location privacy, especially when they are used to monitor sensitive objects. In order to enhance source location privacy in sensor networks, we propose the use of an opportunistic routing scheme and we examine four different approaches. In opportunistic routing, each sensor transmits the packet over a dynamic path to the destination. Every packet from the source can therefore follow a different path toward the destination, making it difficult for an adversary to backtrack hop-by-hop to the origin of the sensor communication. Through theoretical analysis, we attempt to justify the use of opportunistic routing for the source-location problem. Moreover, simulations have been conducted in order to evaluate the performance of all the proposed schemes, in terms of source-location privacy.

opportunistic routing

source-location privacy

wireless sensor networks

0544

Opportunistic Routing for Enhanced Source-location Privacy in Wireless Sensor Networks

Spachos, Petros

11 January 2011

Wireless sensor networks (WSN) are an attractive solution for a plethora of communication applications, such as unattended event monitoring and tracking. One of the looming challenges that threaten the successful deployment of these sensor networks is source-location privacy, especially when they are used to monitor sensitive objects. In order to enhance source location privacy in sensor networks, we propose the use of an opportunistic routing scheme and we examine four different approaches. In opportunistic routing, each sensor transmits the packet over a dynamic path to the destination. Every packet from the source can therefore follow a different path toward the destination, making it difficult for an adversary to backtrack hop-by-hop to the origin of the sensor communication. Through theoretical analysis, we attempt to justify the use of opportunistic routing for the source-location problem. Moreover, simulations have been conducted in order to evaluate the performance of all the proposed schemes, in terms of source-location privacy.

opportunistic routing

source-location privacy

wireless sensor networks

0544

[Redacted Text] and Surveillance: An Ideographic Analysis of the Struggle between National Security and Privacy

Connelly, Eric M

03 June 2010

In the aftermath of the events of 9/11, the U.S. executive branch has repeatedly maintained that its need for action to secure the nation requires a revised interpretation of individual liberties. This study will explore the tensions between the positive ideographs and in response to the negative ideograph in a contemporary United States court ruling. Using Burke’s pentad, and cluster analysis, as well as Brummett’s notion of strategic silence, the study examines how the FISCR substantially changed the interrelationship between the two ideographs. The study concludes that the FISCR situated strengthening national security as the purpose of the case it ruled on, which privileged national security over privacy. Throughout the expansion of security,> the court used silence to justify its decision. This analysis both adds to our understanding of the synchronic relationship between ideographs, and examines how the courts utilize such interplays to reconstitute community.

Ideograph

Privacy

National security

Silence

Cluster analysis

Pentadic analysis

Communication

Watching workers: a critical review of the law regarding electronic employee monitoring in non-unionized workplaces in Canada

Bueckert, Melanie R.

15 September 2008

This thesis addresses the topic of electronic employee monitoring in non-unionized workplaces in Canada. Electronic employee monitoring is defined as including (1) the use of electronic devices to review and evaluate employees’ performance; (2) ‘electronic surveillance’; and (3) employers’ use of computer forensics. Detailed consideration is given to a variety of technologies, including computer, internet and e-mail monitoring, location awareness technologies (such as global positioning systems and radio frequency identification), as well as biometrics, and the developing case law surrounding these innovations. Analogies are drawn to the jurisprudence developing with respect to unionized workplaces and under statutory unjust dismissal regimes. This analysis leads to the conclusion that legislative reform is necessary, either through (1) the creation of parallel private sector privacy regimes, such as those in British Columbia and Alberta, mirroring existing federal legislation; (2) amendments to existing employment standards legislation; or (3) the enactment of a stand-alone surveillance statute. / October 2008

Privacy

Law

Employment

Surveillance

Monitoring

Computer

Biometrics

GPS

RFID

Secure and Privacy-Preserving Vehicular Communications

Lin, Xiaodong

January 2008

Road safety has been drawing increasing attention in the public, and has been subject to extensive efforts from both industry and academia in mitigating the impact of traffic accidents. Recent advances in wireless technology promise new approaches to facilitating road safety and traffic management, where each vehicle (or referred to as On-board unit (OBU)) is allowed to communicate with each other as well as with Roadside units (RSUs), which are located in some critical sections of the road, such as a traffic light, an intersection, and a stop sign. With the OBUs and RSUs, a self-organized network, called Vehicular Ad Hoc Network (VANET), can thus be formed. Unfortunately, VANETs have faced various security threats and privacy concerns, which would jeopardize the public safety and become the main barrier to the acceptance of such a new technology. Hence, addressing security and privacy issues is a prerequisite for a market-ready VANET. Although many studies have recently addressed a significant amount of efforts in solving the related problems, few of the studies has taken the scalability issues into consideration. When the traffic density is getting large, a vehicle may become unable to verify the authenticity of the messages sent by its neighbors in a timely manner, which may result in message loss so that public safety may be at risk. Communication overhead is another issue that has not been well addressed in previously reported studies. Many efforts have been made in recent years in achieving efficient broadcast source authentication and data integrity by using fast symmetric cryptography. However, the dynamic nature of VANETs makes it very challenging in the applicability of these symmetric cryptography-based protocols. In this research, we propose a novel Secure and Efficient RSU-aided Privacy Preservation Protocol, called SERP^3, in order to achieve efficient secure and privacy-preserving Inter-Vehicle Communications (IVCs). With the commitments of one-way key chains distributed to vehicles by RSUs, a vehicle can effectively authenticate any received message from vehicles nearby even in the presence of frequent change of its neighborship. Compared with previously reported public key infrastructure (PKI)-based packet authentication protocols for security and privacy, the proposed protocol not only retains the security and privacy preservation properties, but also has less packet loss ratio and lower communication overhead, especially when the road traffic is heavy. Therefore, the protocol solves the scalability and communication overhead issues, while maintaining acceptable packet latency. However, RSU may not exist in some situations, for example, in the early stage deployment phase of VANET, where unfortunately, SERP^3 is not suitable. Thus, we propose a complementary Efficient and Cooperative Message Validation Protocol, called ECMVP, where each vehicle probabilistically validates a certain percentage of its received messages based on its own computing capacity and then reports any invalid messages detected by it. Since the ultimate goal of designing VANET is to develop vehicle safety/non-safety related applications to improve road safety and facilitate traffic management, two vehicle applications are further proposed in the research to exploit the advantages of vehicular communications. First, a novel vehicle safety application for achieving a secure road traffic control system in VANETs is developed. The proposed application helps circumvent vehicles safely and securely through the areas in any abnormal situation, such as a car crash scene, while ensuring the security and privacy of the drivers from various threats. It not only enhances traveler safety but also minimizes capacity restrictions due to any unusual situation. Second, the dissertation investigates a novel mobile payment system for highway toll collection by way of vehicular communications, which addresses all the issues in the currently existing toll collection technologies.

security

conditional privacy preservation

vehicular communications

Electrical and Computer Engineering

Network Coding based Information Security in Multi-hop Wireless Networks

Fan, Yanfei

January 2010

Multi-hop Wireless Networks (MWNs) represent a class of networks where messages are forwarded through multiple hops of wireless transmission. Applications of this newly emerging communication paradigm include asset monitoring wireless sensor networks (WSNs), command communication mobile ad hoc networks (MANETs), community- or campus-wide wireless mesh networks (WMNs), etc. Information security is one of the major barriers to the wide-scale deployment of MWNs but has received little attention so far. On the one hand, due to the open wireless channels and multi-hop wireless transmissions, MWNs are vulnerable to various information security threats such as eavesdropping, data injection/modification, node compromising, traffic analysis, and flow tracing. On the other hand, the characteristics of MWNs including the vulnerability of intermediate network nodes, multi-path packet forwarding, and limited computing capability and storage capacity make the existing information security schemes designed for the conventional wired networks or single-hop wireless networks unsuitable for MWNs. Therefore, newly designed schemes are highly desired to meet the stringent security and performance requirements for the information security of MWNs. In this research, we focus on three fundamental information security issues in MWNs: efficient privacy preservation for source anonymity, which is critical to the information security of MWNs; the traffic explosion issue, which targets at preventing denial of service (DoS) and enhancing system availability; and the cooperative peer-to-peer information exchange issue, which is critical to quickly achieve maximum data availability if the base station is temporarily unavailable or the service of the base station is intermittent. We have made the following three major contributions. Firstly, we identify the severe threats of traffic analysis/flow tracing attacks to the information security in network coding enabled MWNs. To prevent these attacks and achieve source anonymity in MWNs, we propose a network coding based privacy-preserving scheme. The unique “mixing” feature of network coding is exploited in the proposed scheme to confuse adversaries from conducting advanced privacy attacks, such as time correlation, size correlation, and message content correlation. With homomorphic encryption functions, the proposed scheme can achieve both privacy preservation and data confidentiality, which are two critical information security requirements. Secondly, to prevent traffic explosion and at the same time achieve source unobservability in MWNs, we propose a network coding based privacy-preserving scheme, called SUNC (Source Unobservability using Network Coding). Network coding is utilized in the scheme to automatically absorb dummy messages at intermediate network nodes, and thus, traffic explosion induced denial of service (DoS) can be naturally prevented to ensure the system availability. In addition to ensuring system availability and achieving source unobservability, SUNC can also thwart internal adversaries. Thirdly, to enhance the data availability when a base station is temporarily unavailable or the service of the base station is intermittent, we propose a cooperative peer-to-peer information exchange scheme based on network coding. The proposed scheme can quickly accomplish optimal information exchange in terms of throughput and transmission delay. For each research issue, detailed simulation results in terms of computational overhead, transmission efficiency, and communication overhead, are given to demonstrate the efficacy and efficiency of the proposed solutions.

Information Security

Network Coding

Privacy Preservation

Availability

Electrical and Computer Engineering

Network Performance Improvements for Low-Latency Anonymity Networks

Al-Sabah, Mashael

January 2013

While advances to the Internet have enabled users to easily interact and exchange information online, they have also created several opportunities for adversaries to prey on users’ private information. Whether the motivation for data collection is commercial, where service providers sell data for marketers, or political, where a government censors, blocks and tracks its people, or even personal, for cyberstalking purposes, there is no doubt that the consequences of personal information leaks can be severe. Low-latency anonymity networks have thus emerged as a solution to allow people to surf the Internet without the fear of revealing their identities or locations. In order to provide anonymity to users, anonymity networks route users’ traffic through several intermediate relays, which causes unavoidable extra delays. However, although these networks have been originally designed to support interactive applications, due to a variety of design weaknesses, these networks offer anonymity at the expense of further intolerable performance costs, which disincentivize users from adopting these systems. In this thesis, we seek to improve the network performance of low-latency anonymity networks while maintaining the anonymity guarantees they provide to users today. As an experimentation platform, we use Tor, the most widely used privacy-preserving network that empowers people with low-latency anonymous online access. Since its introduction in 2003, Tor has successfully evolved to support hundreds of thousands of users using thousands of volunteer-operated routers run all around the world. Incidents of sudden increases in Tor’s usage, coinciding with global political events, confirm the importance of the Tor network for Internet users today. We identify four key contributors to the performance problems in low-latency anonymity networks, exemplified by Tor, that significantly impact the experience of low-latency application users. We first consider the lack of resources problem due to the resource-constrained routers, and propose multipath routing and traffic splitting to increase throughput and improve load balancing. Second, we explore the poor quality of service problem, which is exacerbated by the existence of bandwidth-consuming greedy applications in the network. We propose online traffic classification as a means of enabling quality of service for every traffic class. Next, we investigate the poor transport design problem and propose a new transport layer design for anonymous communication networks which addresses the drawbacks of previous proposals. Finally, we address the problem of the lack of congestion control by proposing an ATM-style credit-based hop-by-hop flow control algorithm which caps the queue sizes and allows all relays to react to congestion in the network. Our experimental results confirm the significant performance benefits that can be obtained using our privacy-preserving approaches.

Anonymity network

Tor

performance

Privacy-Enhancing Technology

Computer Science