Global ETD Search

461	Privacy Issues in Decentralized Online Social Networks and other Decentralized Systems Greschbach, Benjamin January 2016 (has links) Popular Online Social Networks (OSNs), such as Facebook or Twitter, are logically centralized systems. The massive information aggregation of sensitive personal data at the central providers of these services is an inherent threat to the privacy of the users. Leakages of these data collections happen regularly – both intentionally, for example by selling of user data to third parties and unintentionally, for example when outsiders successfully attack a provider. Motivated by this insight, the concept of Decentralized Online Social Networks (DOSNs) has emerged. In these proposed systems, no single, central provider keeps a data collection of all users. Instead, the data is spread out across multiple servers or is distributed completely among user devices that form a peer-to-peer (P2P) network. Encryption is used to enforce access rights of shared content and communication partners ideally connect directly to each other. DOSNs solve one of the biggest privacy concerns of centralized OSNs in a quite forthright way – by getting rid of the central provider. Furthermore, these decentralized systems can be designed to be more immune to censorship than centralized services. But when decentralizing OSNs, two main challenges have to be met: to provide user privacy under a significantly different threat model, and to implement equal usability and functionality without centralized components. In this work we analyze the general privacy-problems in DOSNs, especially those arising from the more exposed metadata in these systems. Furthermore, we suggest three privacy-preserving implementations of standard OSN features, i.e. user authentication via password-login, user search via a knowledge threshold and an event invitation system with fine-grained privacy-settings. These implementations do not rely on a trusted, central provider and are therefore applicable in a DOSN scenario but can be applied in other P2P or low-trust environments as well. Finally, we analyze a concrete attack on a specific decentralized system, the Tor anonymization network, and suggest improvements for mitigating the identified threats. / Populära sociala nätverkstjänster som Facebook och Instagram bygger på en logiskt centraliserad systemarkitektur. Tjänsteleverantörerna har därför tillgång till omfattande ansamlingar av känsliga personuppgifter,vilket innebär en oundviklig risk för integritetskränkningar. Med jämna mellanrum läcks dessa informationsansamlingar till tredje part – antingen när tjänsteleverantören själv säljer eller ger dem tillexterna aktörer, eller när obehöriga får åtkomst till tjänsteleverantörens datasystem. Decentraliserade sociala nätverkstjänster (eng. Decentralized Online Social Networks, DOSNs) är en lovande utveckling för att minska denna risk och för att skydda användarnas personliga information såväl från tjänsteleverantören som från tredje part. Ett vanligt sätt att implementera ett DOSN är genom en icke-hierarkisk nätverksarkitektur (eng. peer-to-peer network) för att undvika att känsliga personuppgifter samlas på ett ställe som är under tjänsteleverantörens kontroll. Kryptering används för att skydda kommunikationen och för att realisera åtkomstkontrollen av information som ska delas med andra användare. Att inte längre ha en tjänsteleverantör som har tillgång till all data innebär att den största riskfaktorn for integritetskränkningar tas bort. Men genom att ersätta den centrala tjänsteleverantören med ett decentraliserat system tar vi även bort ett visst integritetsskydd. Integritetsskyddet var en konsekvens av att förmedlingen av all användarkommunikation skedde genom tjänsteleverantörens servrar. När ansvaret för lagring av innehållet, hantering av behörigheterna, åtkomst och andra administrativa uppgifter övergår till användarna själva, blir det en utmaning att skydda metadata för objekt och informationsflöden, även om innehållet är krypterat. I ett centraliserat system är dessa metadata faktiskt skyddade av tjänsteleverantören – avsiktligt eller som en sidoeffekt. För att implementera de olika funktioner som ska finnas i ett integritetsskyddande DOSN, är det nödvändigt både att lösa dessa generella utmaningar och att hantera frånvaron av en betrodd tjänsteleverantör som har full tillgång till all data. Användarautentiseringen borde till exempel ha samma användbarhet som i centraliserade system. Det vill säga att det är lätt att ändra lösenordet, upphäva rättigheterna för en stulen klientenhet eller återställa ett glömt lösenord med hjälp av e-post eller säkerhetsfrågor – allt utan att förlita sig på en betrodd tredje part. Ett annat exempel är funktionen att kunna söka efter andra användare. Utmaningen där är att skydda användarinformationen samtidigt som det måste vara möjligt att hitta användare baserad på just denna informationen. En implementation av en sådan funktion i ett DOSN måste klara sig utan en betrodd tjänsteleverantör som med tillgång till alla användardata kan upprätthålla ett globalt sökindex. I den här avhandlingen analyserar vi de generella risker för integritetskränkningar som finns i DOSN, särskilt de som orsakas av metadata. Därutöver föreslår vi tre integritetsskyddande implementationer av vanliga funktioner i en social nätverkstjänst: lösenordsbaserad användarautentisering, en användarsökfunktion med en kunskapströskel och en inbjudningsfunktion för evenemang med detaljerade sekretessinställningar. Alla tre implementationerna är lämpliga för DOSN-scenarier eftersom de klarar sig helt utan en betrodd, central tjänsteleverantör, och kan därför även användas i andra sammanhang såsom icke-hierarkiska nätverk eller andra system som måste klara sig utan en betrodd tredje part. Slutligen analyserar vi en attack på ett specifikt decentraliserat system, anonymitetstjänsten Tor, och diskuterar hur systemet kan skyddas mot de analyserade sårbarheterna. / <p>QC 20161115</p> Privacy Online Social Networks Decentralized Online Social Networks
462	Dynamic User Defined Permissions for Android Devices Stelly, Christopher D 20 December 2013 (has links) Mobile computing devices have become an essential part of everyday life and are becoming the primary means for collecting and storing sensitive personal and corporate data. Android is, by far, the dominant mobile platform, which makes its permissions model responsible for securing the vast majority of this sensitive data. The current model falls well short of actual user needs, as permission assignments are made statically at installation time. Therefore, it is impossible to implement dynamic security policies that could be applied selectively depending on context. Users are forced to unconditionally trust installed apps without means to isolate them from sensitive data. We describe a new approach, app sanitization, which automatically instruments apps at installation time, such that users can dynamically grant and revoke individual permissions. The main advantage of our technique is that it runs in userspace and utilizes standard aspect-oriented methods to incorporate custom security controls into the app. android security privacy permissions instrumentation aspect oriented programming appsanitizer
463	Privacidad de ubicación para un sistema de monitoreo de la calidad de acceso a internet móvil: Location privacy for a monitoring system of the quality of access to mobile internet Font Brevis, Giselle Alejandra January 2015 (has links) Magíster en Ciencias, Mención Computación / Ingeniera Civil en Computación / Con el objeto de medir la calidad de acceso a Internet móvil, NIC Chile Research Labs desarrolló Adkintun Mobile, un monitor pasivo instalado en los celulares de usuarios voluntarios. Periódicamente, la aplicación registra datos relativos al estado de la red, los que son enviados a un servidor que los recolecta. Los investigadores del laboratorio tienen acceso a los datos almacenados por el colector. A partir de la conexión a las antenas de celulares, la ubicación del dispositivo puede ser deducida, por lo que la ubicación de los usuarios queda expuesta a la vista de los investigadores, lo que resulta preocupante desde el punto de vista de la privacidad de ubicación de los individuos. Más aún, sólo cuatro puntos espacio temporales son suficientes para reidentificar al 95% de la población a partir de una base de datos anonimizada. Es por ello que este trabajo se enfoca en resolver el problema usando un enfoque criptográfico. Se propone un modelo en el que los investigadores pueden acceder, consultar y calcular agregaciones sobre los datos almacenados, pero sólo obteniendo de la ubicación de los individuos el resultado de las agregaciones. El modelo utiliza encriptación homomórfica para resguardar la privacidad de ubicación. La información relativa a la ubicación es enviada encriptada desde los celulares hacia el servidor. El servidor puede calcular homomórficamente funciones predefinidas, como contar el número de usuarios en un determinado lugar. Las consultas a la base de datos y la desencriptación, se ejecutan en capas separadas, para evitar que la llave secreta sea utilizada en la desencriptación directa de los datos. Se implementaron dos versiones de la capa de privacidad de ubicación, con encriptación completamente homomórfica (FHE) usando el esquema BGV, y con encriptación parcialmente homomórfica (PHE) usando el esquema Paillier. El desempeño y overhead del sistema, muestran que el modelo es adecuado para cálculo offline de estadísticas. Las contribuciones de este trabajo consisten en proponer una aplicación práctica de FHE para privacidad de ubicación; y discutir sobre el trade-off entre privacidad de ubicación y el desempeño del sistema en ambas implementaciones (FHE y PHE). -------------------------- In order to measure the quality of access to mobile Internet, NIC Chile Research Labs developed Adkintun Mobile, a passive monitor installed in volunteer users' mobile phones. Periodically, the client application records data related to network state, which is sent to the collector server. Researchers of the laboratory have access to such stored data. Since from connexion to antennas location can be deduced, location data of individuals is exposed to researchers, which is a concern for location privacy. Moreover, as only four spatio-temporal points are enough to identify 95\% of the population in an anonymized dataset, this work takes a cryptographic approach to solve the problem. We propose a model where researchers can access, query and compute aggregations on stored data, learning nothing more about users' location than the result of the aggregation. Our model uses homomorphic encryption to preserve location privacy. Location data is sent encrypted from mobile devices to the server. The server can homomorphically evaluate predefined functions such as counting the number of users in a given location. Query and result decryption are performed from a separate layer, which protects the secret key from being used for direct decryption of the records. We implemented two versions of the location privacy layer using a Leveled Fully Homomorphic encryption (FHE) scheme (BGV), and a Partial (additive) Homomorphic encryption (PHE) scheme (Paillier). The overhead and performance evaluation show that both versions are adequate for offline statistical analysis. The contribution of this work is to propose a practical use of FHE for location privacy; and to discuss the trade-off between location privacy and system performance for implementations using FHE and PHE. Internet Location privacy Garantía de calidad
464	qSCMS: post-quantum security credential management system for vehicular communications. / qSCMS: sistema de gerenciamento de credenciais de segurança pós-quântico para comunicações veiculares. Oliveira, Jefferson Evandi Ricardini Fernandes de 26 April 2019 (has links) With the increasing demand for intelligent transportation systems (ITS), security and privacy requirements are paramount. This demand led to many proposals aimed at creating a Vehicular Public Key Infrastructure (VPKI) able to address such prerequisites. Among them, the Security Credential Management System (SCMS) is particularly promising, providing data authentication in a privacy-preserving manner and supporting the revocation of misbehaving vehicles. Namely, one of the main benefits of SCMS is its so-called butterfly key expansion process, which issues arbitrarily large batches of pseudonym certificates through a single request. Despite SCMS\'s appealing design, in this document, we show that its certificate issuing process can be improved. Namely, this protocol originally requires the vehicle to provide two separate public/private key pairs to registration authorities; we now propose an improved approach that unifies them into a single key pair. We also show that such performance gains come with no negative impact in terms of security, flexibility or scalability when compared to the original SCMS. Besides the improvement on the initial Elliptic Curve based protocol, we present a post-quantum version of the protocol using Ring Learning-with-errors (R-LWE) assumption. This new protocol has the same shape and features of the original one, but using R-LWE-based signature and encryption as underlying schemes and Lattices operation for the key issuing instead of Elliptic Curves. / Com o aumento da demanda por Sistemas de Transporte Inteligentes (ITS - intelligent transportation systems), requisitos de segurança de informação e privacidade são primordiais. Isso levou a muitas propostas visando a criação de uma infraestrutura de chave pública veicular (VPKI - Vehicular Public Key Infrastructure) capaz de atender esses requisitos. Entre estes, o Sistema de Gerenciamento de Credenciais de segurança (SCMS - Security Credential Management System) é particularmente promissor. Ele provê autenticação de dados de uma maneira a preservar a privacidade e também suporta revogação de veículos que apresentem comportamento inadequado. Especificamente, um dos principais benefícios do SCMS é o chamado processo de butterfly key expansion, que emite lotes arbitrariamente grandes de certificados para pseudônimos a partir de única requisição. Embora este protocolo originalmente exija que o veículo forneça dois pares de chaves públicas/privadas separadas para as autoridades de registro, aqui é proposta uma abordagem aprimorada que as unifica em um único par de chaves. Também é mostrado esse ganho de desempenho não causa nenhuma deterioração em termos de segurança, flexibilidade ou escalabilidade quando comparado ao SCMS original. Além das melhorias no protocolo original baseado em curvas elípticas, aqui é apresentada uma versão pós-quântica do protocolo usando a hipótese de segurança R-LWE (Ring Learning-with-errors). Este novo protocolo tem o mesmo formato e características do original, mas usa assinatura e cifração baseada em R-LWE como esquemas subjacentes e operações em reticulados para o processo de emissão de chaves em vez de curvas elípticas. Algorithms Algoritmos Criptologia Criptology Lattices Privacidade Privacy Reticulados
465	A competition policy for the digital age : An analysis of the challenges posed by data-driven business models to EU competition law Sahlstedt, Andreas January 2019 (has links) The increasing volume and value of data in online markets along with tendencies of market concentration makes it an interesting research topic in the field of competition law. The purpose of this thesis is to evaluate how EU competition law could adapt to the challenges brought on by big data, particularly in relation to Art. 102 TFEU and the EUMR. Furthermore, this thesis analyses the intersection between privacy regulations and competition law. The characteristics pertaining to online markets and data are presented in this thesis in order to accurately describe the specific challenges which arise in online markets. By analysing previous case law of the ECJ as well as the Bundeskartellamt’s Facebook investigation, this thesis concludes that privacy concerns could potentially be addressed within a EU competition law procedure. Such an approach might be particularly warranted in markets where privacy is a key parameter of competition. However, a departure from the traditionally price-centric enforcement of competition law is required in order to adequately address privacy concerns. The research presented in this thesis demonstrates the decreasing importance of market shares in the assessment of a dominant position in online markets, due to the dynamic character of such markets. An increased focus on entry barriers appears to be necessary, of which data can constitute an important barrier. Additionally, consumer behaviour constitutes a source of market power in online markets, which warrants a shift towards behavioural economic analysis. The turnover thresholds of the EUMR do not appear to adequately address data-driven mergers, which is illustrated by the Facebook/WhatsApp merger. Therefore, thresholds based on other parameters are necessary. The value of data also increases the potential anticompetitive effects of vertical and conglomerate mergers, warranting an increased focus on such mergers. Competition law data big data privacy Law Juridik
466	American and Norwegian Press' Approaches to Identification of Criminal Suspects or Arrestees: The Public's Right to Know Versus the Private Citizen's Right to Privacy, Reputation, and Presumption of Innocence Bowers, Jonathan 10 October 2013 (has links) This thesis examines the processes the American and Norwegian press go through when identifying (or not) private citizens who are suspected of or arrested for a crime. Four central principles are explored in detail and elaborated upon as they relate to the press and individuals in the criminal justice system: the public's right to know, the right to privacy, protection of reputation, and presumption of innocence. Three Norwegian newspaper editors and an independent consultant to the Norwegian Institute of Journalism elaborated on how identification of criminal suspects is determined in Norway. The Norwegian case study provides an alternative approach to identification. Both legal and ethics solutions are proposed as a way to help protect the privacy, reputation, and presumption of innocence of private individuals suspected of or arrested for a crime but without unconstitutionally intruding on press freedom. Identification News Presumption of innocence Privacy Reputation Right to know
467	Verified, Tracked, and Visible: A History of the Configuration of the Internet User St. Louis, Christopher 10 April 2018 (has links) The figure of the user is often overlooked in Internet histories, which frequently focus on larger treatments of infrastructure, governance, or major contributions of specific individuals. This thesis constructs a philosophical and ideological history of the Internet user and examines how that figure has changed though the evolution of the Internet. Beginning with the Web 2.0 paradigm in the early 2000s, a growing state and corporate interest in the Internet produced substantial changes to the structure and logic of the Internet that saw the user being placed increasingly at the periphery of online space as the object of state surveillance or behavioral tracking. The three case studies in this thesis investigate the combination of technological constraints and discursive strategies which have aided in shaping the contemporary user from active architect of the Internet itself to passive, ideal consumer of predetermined online experiences. Internet history Internet studies Media history Privacy Surveillance
468	Personalization paradox: the wish to be remembered and the right to be forgotten : A qualitative study of how companies balance being personal while protecting consumers’ right to privacy Harrysson, Alexandra, Olsson, Julia January 2019 (has links) Many argue that personalization is needed in a modern marketing strategy. Whilst there are several positive aspects of personalization, e.g. improved customer satisfaction rates, it can also lead to firms being perceived as intrusive and elicit privacy concerns. This dilemma describes the personalization paradox, which refers to the two-sided results of using personalized communication by collecting and analyzing consumer data. To address the issue of how firms balance the need for personalization while still respecting consumers’ privacy, previous researchers have mainly investigated the issue from the consumer perspective. However, the consumer is believed to display a paradoxical behavior in regards to personalization. Therefore, we have addressed this issue through interviewing 12 company representatives from 7 companies. Our findings indicate that companies are mindful when creating personalized content and do acknowledge the issues with privacy and the risk of being perceived as intrusive. To overcome the personalization paradox, firms are not explicit about their data analysis in their personalized communication as this can lead to consumers feeling discomfort. Finally, an essential way that firms can prevent privacy concerns is to create relevant content as this outweighs feelings of discomfort. These findings to a certain extent do not reflect the empirical research on the topic, however the discrepancies may exist as previous studies were conducted from the consumer side. personalization privacy trust transparency control Business Administration Företagsekonomi
469	Using Privacy Indicators to Nudge Users into Selecting Privacy Friendly Applications Bromander, Anton January 2019 (has links) In the play store today, users are shown download count, app rating, reviews, screenshots etc. when deciding to download an application, and it’s shown very conveniently. If the users however are interested in viewing privacy in- formation about the application, it is multiple clicks away and there is no default in how to display it. This is where privacy indicators come in handy. With privacy indicators, data can be analyzed and displayed to the user in a way they understand, even if they don’t understand what the data itself means and what is dangerous. This however comes with the challenge of deciding what is dangerous and what is not. This report creates and implements an app store with added privacy infor- mation displayed to the user in the form of a privacy indicator and some detailed information about each application. To test the effectiveness of the privacy indicator, a small scale study was conducted where it was discovered that users who were not already interested in privacy didn’t pay much at- tention to it, while those who were took it more into account when deciding to download applications. Privacy indicator Android App store Computer Sciences Datavetenskap (datalogi)
470	Children's Privacy and the Justification of ICT-based Parental Monitoring Lin, Zhihao January 2019 (has links) As Information and Communication technology (ICT) has rapidly advanced in China, parental monitoring may invasively penetrate into children's privacy, while China is lagging behind on the issue of children privacy protection. Privacy is invaluable to human development, and children do have interests in their privacy. This thesis is going to investigate under which condition it is desirable for parents to apply ICT techniques to monitor children, which does not invade children's privacy. Before reaching the decision of carrying out monitoring, the intent and the necessity of monitoring should be considered. Children should be informed and their consent should be acquired before deploying monitoring. After the decision is made, the proportionality of monitoring practice requires parents to opt for the least invasive and the most necessary approach. Besides parental monitoring, states and schools can offer media literacy education to enable children to protect themselves from privacy infringement. children parents privacy ICT parental monitoring Ethics Etik

Search results