Watching workers: a critical review of the law regarding electronic employee monitoring in non-unionized workplaces in Canada

Bueckert, Melanie R.

15 September 2008

This thesis addresses the topic of electronic employee monitoring in non-unionized workplaces in Canada. Electronic employee monitoring is defined as including (1) the use of electronic devices to review and evaluate employees’ performance; (2) ‘electronic surveillance’; and (3) employers’ use of computer forensics. Detailed consideration is given to a variety of technologies, including computer, internet and e-mail monitoring, location awareness technologies (such as global positioning systems and radio frequency identification), as well as biometrics, and the developing case law surrounding these innovations. Analogies are drawn to the jurisprudence developing with respect to unionized workplaces and under statutory unjust dismissal regimes. This analysis leads to the conclusion that legislative reform is necessary, either through (1) the creation of parallel private sector privacy regimes, such as those in British Columbia and Alberta, mirroring existing federal legislation; (2) amendments to existing employment standards legislation; or (3) the enactment of a stand-alone surveillance statute. / October 2008

Privacy

Law

Employment

Surveillance

Monitoring

Computer

Biometrics

GPS

RFID

Secure and Privacy-Preserving Vehicular Communications

Lin, Xiaodong

January 2008

Road safety has been drawing increasing attention in the public, and has been subject to extensive efforts from both industry and academia in mitigating the impact of traffic accidents. Recent advances in wireless technology promise new approaches to facilitating road safety and traffic management, where each vehicle (or referred to as On-board unit (OBU)) is allowed to communicate with each other as well as with Roadside units (RSUs), which are located in some critical sections of the road, such as a traffic light, an intersection, and a stop sign. With the OBUs and RSUs, a self-organized network, called Vehicular Ad Hoc Network (VANET), can thus be formed. Unfortunately, VANETs have faced various security threats and privacy concerns, which would jeopardize the public safety and become the main barrier to the acceptance of such a new technology. Hence, addressing security and privacy issues is a prerequisite for a market-ready VANET. Although many studies have recently addressed a significant amount of efforts in solving the related problems, few of the studies has taken the scalability issues into consideration. When the traffic density is getting large, a vehicle may become unable to verify the authenticity of the messages sent by its neighbors in a timely manner, which may result in message loss so that public safety may be at risk. Communication overhead is another issue that has not been well addressed in previously reported studies. Many efforts have been made in recent years in achieving efficient broadcast source authentication and data integrity by using fast symmetric cryptography. However, the dynamic nature of VANETs makes it very challenging in the applicability of these symmetric cryptography-based protocols. In this research, we propose a novel Secure and Efficient RSU-aided Privacy Preservation Protocol, called SERP^3, in order to achieve efficient secure and privacy-preserving Inter-Vehicle Communications (IVCs). With the commitments of one-way key chains distributed to vehicles by RSUs, a vehicle can effectively authenticate any received message from vehicles nearby even in the presence of frequent change of its neighborship. Compared with previously reported public key infrastructure (PKI)-based packet authentication protocols for security and privacy, the proposed protocol not only retains the security and privacy preservation properties, but also has less packet loss ratio and lower communication overhead, especially when the road traffic is heavy. Therefore, the protocol solves the scalability and communication overhead issues, while maintaining acceptable packet latency. However, RSU may not exist in some situations, for example, in the early stage deployment phase of VANET, where unfortunately, SERP^3 is not suitable. Thus, we propose a complementary Efficient and Cooperative Message Validation Protocol, called ECMVP, where each vehicle probabilistically validates a certain percentage of its received messages based on its own computing capacity and then reports any invalid messages detected by it. Since the ultimate goal of designing VANET is to develop vehicle safety/non-safety related applications to improve road safety and facilitate traffic management, two vehicle applications are further proposed in the research to exploit the advantages of vehicular communications. First, a novel vehicle safety application for achieving a secure road traffic control system in VANETs is developed. The proposed application helps circumvent vehicles safely and securely through the areas in any abnormal situation, such as a car crash scene, while ensuring the security and privacy of the drivers from various threats. It not only enhances traveler safety but also minimizes capacity restrictions due to any unusual situation. Second, the dissertation investigates a novel mobile payment system for highway toll collection by way of vehicular communications, which addresses all the issues in the currently existing toll collection technologies.

security

conditional privacy preservation

vehicular communications

Electrical and Computer Engineering

Network Coding based Information Security in Multi-hop Wireless Networks

Fan, Yanfei

January 2010

Multi-hop Wireless Networks (MWNs) represent a class of networks where messages are forwarded through multiple hops of wireless transmission. Applications of this newly emerging communication paradigm include asset monitoring wireless sensor networks (WSNs), command communication mobile ad hoc networks (MANETs), community- or campus-wide wireless mesh networks (WMNs), etc. Information security is one of the major barriers to the wide-scale deployment of MWNs but has received little attention so far. On the one hand, due to the open wireless channels and multi-hop wireless transmissions, MWNs are vulnerable to various information security threats such as eavesdropping, data injection/modification, node compromising, traffic analysis, and flow tracing. On the other hand, the characteristics of MWNs including the vulnerability of intermediate network nodes, multi-path packet forwarding, and limited computing capability and storage capacity make the existing information security schemes designed for the conventional wired networks or single-hop wireless networks unsuitable for MWNs. Therefore, newly designed schemes are highly desired to meet the stringent security and performance requirements for the information security of MWNs. In this research, we focus on three fundamental information security issues in MWNs: efficient privacy preservation for source anonymity, which is critical to the information security of MWNs; the traffic explosion issue, which targets at preventing denial of service (DoS) and enhancing system availability; and the cooperative peer-to-peer information exchange issue, which is critical to quickly achieve maximum data availability if the base station is temporarily unavailable or the service of the base station is intermittent. We have made the following three major contributions. Firstly, we identify the severe threats of traffic analysis/flow tracing attacks to the information security in network coding enabled MWNs. To prevent these attacks and achieve source anonymity in MWNs, we propose a network coding based privacy-preserving scheme. The unique “mixing” feature of network coding is exploited in the proposed scheme to confuse adversaries from conducting advanced privacy attacks, such as time correlation, size correlation, and message content correlation. With homomorphic encryption functions, the proposed scheme can achieve both privacy preservation and data confidentiality, which are two critical information security requirements. Secondly, to prevent traffic explosion and at the same time achieve source unobservability in MWNs, we propose a network coding based privacy-preserving scheme, called SUNC (Source Unobservability using Network Coding). Network coding is utilized in the scheme to automatically absorb dummy messages at intermediate network nodes, and thus, traffic explosion induced denial of service (DoS) can be naturally prevented to ensure the system availability. In addition to ensuring system availability and achieving source unobservability, SUNC can also thwart internal adversaries. Thirdly, to enhance the data availability when a base station is temporarily unavailable or the service of the base station is intermittent, we propose a cooperative peer-to-peer information exchange scheme based on network coding. The proposed scheme can quickly accomplish optimal information exchange in terms of throughput and transmission delay. For each research issue, detailed simulation results in terms of computational overhead, transmission efficiency, and communication overhead, are given to demonstrate the efficacy and efficiency of the proposed solutions.

Information Security

Network Coding

Privacy Preservation

Availability

Electrical and Computer Engineering

Network Performance Improvements for Low-Latency Anonymity Networks

Al-Sabah, Mashael

January 2013

While advances to the Internet have enabled users to easily interact and exchange information online, they have also created several opportunities for adversaries to prey on users’ private information. Whether the motivation for data collection is commercial, where service providers sell data for marketers, or political, where a government censors, blocks and tracks its people, or even personal, for cyberstalking purposes, there is no doubt that the consequences of personal information leaks can be severe. Low-latency anonymity networks have thus emerged as a solution to allow people to surf the Internet without the fear of revealing their identities or locations. In order to provide anonymity to users, anonymity networks route users’ traffic through several intermediate relays, which causes unavoidable extra delays. However, although these networks have been originally designed to support interactive applications, due to a variety of design weaknesses, these networks offer anonymity at the expense of further intolerable performance costs, which disincentivize users from adopting these systems. In this thesis, we seek to improve the network performance of low-latency anonymity networks while maintaining the anonymity guarantees they provide to users today. As an experimentation platform, we use Tor, the most widely used privacy-preserving network that empowers people with low-latency anonymous online access. Since its introduction in 2003, Tor has successfully evolved to support hundreds of thousands of users using thousands of volunteer-operated routers run all around the world. Incidents of sudden increases in Tor’s usage, coinciding with global political events, confirm the importance of the Tor network for Internet users today. We identify four key contributors to the performance problems in low-latency anonymity networks, exemplified by Tor, that significantly impact the experience of low-latency application users. We first consider the lack of resources problem due to the resource-constrained routers, and propose multipath routing and traffic splitting to increase throughput and improve load balancing. Second, we explore the poor quality of service problem, which is exacerbated by the existence of bandwidth-consuming greedy applications in the network. We propose online traffic classification as a means of enabling quality of service for every traffic class. Next, we investigate the poor transport design problem and propose a new transport layer design for anonymous communication networks which addresses the drawbacks of previous proposals. Finally, we address the problem of the lack of congestion control by proposing an ATM-style credit-based hop-by-hop flow control algorithm which caps the queue sizes and allows all relays to react to congestion in the network. Our experimental results confirm the significant performance benefits that can be obtained using our privacy-preserving approaches.

Anonymity network

Tor

performance

Privacy-Enhancing Technology

Computer Science

Personlig integritet på Internet : En studie om attityder / Privacy on the Internet : A study of attitudes

Lindholm, Sara, Nandorf, Moa

January 2010

The internet has fundamentally changed the way people communicate. With all the information that we are sharing over the internet, and the ways which companies want to use our information, the importance of keeping our private information secure has increased. This thesis aims to discover what attitudes internet users have against privacy on the internet, and what – if anything – they are doing to protect their personal privacy. We distributed an online survey to internet users in the Stockholm area, and conducted three interviews with persons in our target population. The results of these studies show that people in general are very aware of privacy concerns on the internet, but that their attitudes toward how important personal privacy on the internet is, differ somewhat. / Internet har fundamentalt förändrat sättet som vi människor kommunicerar. Med all den information som vi delar med oss av över internet, och de olika sätten som företag vill använda vår information, så har vikten av att hålla viss information skyddad/privat/säker ökat. Denna uppsats ämnar att undersöka vilka attityder internetanvändare har till personlig integritet på internet, och vad – om något – de gör för att skydda sin personliga integritet. Vi delade ut en webbaserad enkät till internetanvändare i Stockholms län, och genomförde tre intervjuer med personer i vår målgrupp. Resultaten av dessa studier visar att människor generellt är väldigt medvetna om vikten att vara privat på internet, men att deras attityder mot hur viktigt personlig integritet på internet är, varierar.

personal integrity

privacy

internet

attitudes

personlig integritet

internet

attityder

Acceptance of a Remote Desktop Access System to Increase Workspace Awareness

Williams, Jennifer

January 2000

Awareness systems are being designed and implemented to improve employee connections. This study examines the variables that affect the acceptance of an awareness system. The awareness system that was used for this research was a remote desktop access system. The independent variables investigated were the degree of detail that can be viewed on a desktop, whether the users can control who can access their desktops, whether the users can control when others have access to their desktops, the equality of access to others' desktops, and task-technology fit. In determining the effect of the independent variables on acceptance, the dependent variable, the mediating variables of privacy and fairness were taken into account. There was a preliminary survey conducted to determine appropriate situations to be used in the scenario descriptions for the survey for the main study. The methodology of policy-capturing surveys was utilized to conduct the survey for the main study in order to investigate the model developed in this study. The policy-capturing survey was pre-tested on University of Waterloo students. The main study was conducted in two different organizations, the subjects for the first study were employees from the Information Systems and Technology Department at the University of Waterloo and the subjects for the second study were employees from Ciber Incorporated. Results indicate that perceptions of privacy and perceptions of fairness have significant effects on acceptance. Also, perceptions of privacy and fairness are related to details in the design of the remote desktop access system. This research may be a contribution to this field since little research has been conducted in this area and implications can be drawn for future research on acceptance of awareness systems.

Management

awareness systems

privacy

fairness

acceptance

activity-based

Secure and Privacy-Preserving Vehicular Communications

Lin, Xiaodong

January 2008

Road safety has been drawing increasing attention in the public, and has been subject to extensive efforts from both industry and academia in mitigating the impact of traffic accidents. Recent advances in wireless technology promise new approaches to facilitating road safety and traffic management, where each vehicle (or referred to as On-board unit (OBU)) is allowed to communicate with each other as well as with Roadside units (RSUs), which are located in some critical sections of the road, such as a traffic light, an intersection, and a stop sign. With the OBUs and RSUs, a self-organized network, called Vehicular Ad Hoc Network (VANET), can thus be formed. Unfortunately, VANETs have faced various security threats and privacy concerns, which would jeopardize the public safety and become the main barrier to the acceptance of such a new technology. Hence, addressing security and privacy issues is a prerequisite for a market-ready VANET. Although many studies have recently addressed a significant amount of efforts in solving the related problems, few of the studies has taken the scalability issues into consideration. When the traffic density is getting large, a vehicle may become unable to verify the authenticity of the messages sent by its neighbors in a timely manner, which may result in message loss so that public safety may be at risk. Communication overhead is another issue that has not been well addressed in previously reported studies. Many efforts have been made in recent years in achieving efficient broadcast source authentication and data integrity by using fast symmetric cryptography. However, the dynamic nature of VANETs makes it very challenging in the applicability of these symmetric cryptography-based protocols. In this research, we propose a novel Secure and Efficient RSU-aided Privacy Preservation Protocol, called SERP^3, in order to achieve efficient secure and privacy-preserving Inter-Vehicle Communications (IVCs). With the commitments of one-way key chains distributed to vehicles by RSUs, a vehicle can effectively authenticate any received message from vehicles nearby even in the presence of frequent change of its neighborship. Compared with previously reported public key infrastructure (PKI)-based packet authentication protocols for security and privacy, the proposed protocol not only retains the security and privacy preservation properties, but also has less packet loss ratio and lower communication overhead, especially when the road traffic is heavy. Therefore, the protocol solves the scalability and communication overhead issues, while maintaining acceptable packet latency. However, RSU may not exist in some situations, for example, in the early stage deployment phase of VANET, where unfortunately, SERP^3 is not suitable. Thus, we propose a complementary Efficient and Cooperative Message Validation Protocol, called ECMVP, where each vehicle probabilistically validates a certain percentage of its received messages based on its own computing capacity and then reports any invalid messages detected by it. Since the ultimate goal of designing VANET is to develop vehicle safety/non-safety related applications to improve road safety and facilitate traffic management, two vehicle applications are further proposed in the research to exploit the advantages of vehicular communications. First, a novel vehicle safety application for achieving a secure road traffic control system in VANETs is developed. The proposed application helps circumvent vehicles safely and securely through the areas in any abnormal situation, such as a car crash scene, while ensuring the security and privacy of the drivers from various threats. It not only enhances traveler safety but also minimizes capacity restrictions due to any unusual situation. Second, the dissertation investigates a novel mobile payment system for highway toll collection by way of vehicular communications, which addresses all the issues in the currently existing toll collection technologies.

security

conditional privacy preservation

vehicular communications

Electrical and Computer Engineering

Network Coding based Information Security in Multi-hop Wireless Networks

Fan, Yanfei

January 2010

Multi-hop Wireless Networks (MWNs) represent a class of networks where messages are forwarded through multiple hops of wireless transmission. Applications of this newly emerging communication paradigm include asset monitoring wireless sensor networks (WSNs), command communication mobile ad hoc networks (MANETs), community- or campus-wide wireless mesh networks (WMNs), etc. Information security is one of the major barriers to the wide-scale deployment of MWNs but has received little attention so far. On the one hand, due to the open wireless channels and multi-hop wireless transmissions, MWNs are vulnerable to various information security threats such as eavesdropping, data injection/modification, node compromising, traffic analysis, and flow tracing. On the other hand, the characteristics of MWNs including the vulnerability of intermediate network nodes, multi-path packet forwarding, and limited computing capability and storage capacity make the existing information security schemes designed for the conventional wired networks or single-hop wireless networks unsuitable for MWNs. Therefore, newly designed schemes are highly desired to meet the stringent security and performance requirements for the information security of MWNs. In this research, we focus on three fundamental information security issues in MWNs: efficient privacy preservation for source anonymity, which is critical to the information security of MWNs; the traffic explosion issue, which targets at preventing denial of service (DoS) and enhancing system availability; and the cooperative peer-to-peer information exchange issue, which is critical to quickly achieve maximum data availability if the base station is temporarily unavailable or the service of the base station is intermittent. We have made the following three major contributions. Firstly, we identify the severe threats of traffic analysis/flow tracing attacks to the information security in network coding enabled MWNs. To prevent these attacks and achieve source anonymity in MWNs, we propose a network coding based privacy-preserving scheme. The unique “mixing” feature of network coding is exploited in the proposed scheme to confuse adversaries from conducting advanced privacy attacks, such as time correlation, size correlation, and message content correlation. With homomorphic encryption functions, the proposed scheme can achieve both privacy preservation and data confidentiality, which are two critical information security requirements. Secondly, to prevent traffic explosion and at the same time achieve source unobservability in MWNs, we propose a network coding based privacy-preserving scheme, called SUNC (Source Unobservability using Network Coding). Network coding is utilized in the scheme to automatically absorb dummy messages at intermediate network nodes, and thus, traffic explosion induced denial of service (DoS) can be naturally prevented to ensure the system availability. In addition to ensuring system availability and achieving source unobservability, SUNC can also thwart internal adversaries. Thirdly, to enhance the data availability when a base station is temporarily unavailable or the service of the base station is intermittent, we propose a cooperative peer-to-peer information exchange scheme based on network coding. The proposed scheme can quickly accomplish optimal information exchange in terms of throughput and transmission delay. For each research issue, detailed simulation results in terms of computational overhead, transmission efficiency, and communication overhead, are given to demonstrate the efficacy and efficiency of the proposed solutions.

Information Security

Network Coding

Privacy Preservation

Availability

Electrical and Computer Engineering

On Achieving Secure Message Authentication for Vehicular Communications

Zhang, Chenxi

January 2010

Vehicular Ad-hoc Networks (VANETs) have emerged as a new application scenario that is envisioned to revolutionize the human driving experiences, optimize traffic flow control systems, etc. Addressing security and privacy issues as the prerequisite of VANETs' development must be emphasized. To avoid any possible malicious attack and resource abuse, employing a digital signature scheme is widely recognized as the most effective approach for VANETs to achieve authentication, integrity, and validity. However, when the number of signatures received by a vehicle becomes large, a scalability problem emerges immediately, where a vehicle could be difficult to sequentially verify each received signature within 100-300 ms interval in accordance with the current Dedicated Short Range Communications (DSRC) protocol. In addition, there are still some unsolved attacks in VANETs such as Denial of Service (Dos) attacks, which are not well addressed and waiting for us to solve. In this thesis, we propose the following solutions to address the above mentioned security related issues. First of all, to address the scalability issues, we introduce a novel roadside unit (RSU) aided message authentication scheme, named RAISE, which makes RSUs responsible for verifying the authenticity of messages sent from vehicles and for notifying the results back to vehicles. In addition, RAISE adopts the k-anonymity property for preserving user privacy, where a message cannot be associated with a common vehicle. Secondly, we further consider the situation that RSUs may not cover all the busy streets of a city or a highway in some situations, for example, at the beginning of a VANETs' deployment period, or due to the physical damage of some RSUs, or simply for economic considerations. Under these circumstances, we further propose an efficient identity-based batch signature verification scheme for vehicular communications. The proposed scheme can make vehicles verify a batch of signatures once instead of one after another, and thus it efficiently increases vehicles' message verification speed. In addition, our scheme achieves conditional privacy: a distinct pseudo identity is generated along with each message, and a trust authority can trace a vehicle's real identity from its pseudo identity. In order to find invalid signatures in a batch of signatures, we adopt group testing technique which can find invalid signatures efficiently. Lastly, we identify a DoS attack, called signature jamming attack (SJA), which could easily happen and possibly cause a profound vicious impact on the normal operations of a VANET, yet has not been well addressed in the literature. The SJA can be simply launched at an attacker by flooding a significant number of messages with invalid signatures that jam the surrounding vehicles and prevent them from timely verifying regular and legitimate messages. To countermeasure the SJA, we introduces a hash-based puzzle scheme, which serves as a light-weight filter for excluding likely false signatures before they go through relatively lengthy signature verification process. To further minimize the vicious effect of SJA, we introduce a hash recommendation mechanism, which enables vehicles to share their information so as to more efficiently thwart the SJA. For each research solution, detailed analysis in terms of computational time, and transmission overhead, privacy preservation are performed to validate the efficiency and effectiveness of the proposed schemes.

message authentication

privacy

vehicular ad-hoc network

Electrical and Computer Engineering

BridgeSPA: A Single Packet Authorization System for Tor Bridges

Smits, Rob

January 2012

Tor is a network designed for low-latency anonymous communications. Tor clients form circuits through relays that are listed in a public directory, and then relay their encrypted traffic through these circuits. This indirection makes it difficult for a local adversary to determine with whom a particular Tor user is communicating. Tor may also be used to circumvent regional Internet censorship, since the final hop of a user's connection can be in a different country. In response, some local adversaries restrict access to Tor by blocking each of the publicly listed relays. To deal with such an adversary, Tor uses bridges, which are unlisted relays that can be used as alternative entry points into the Tor network. Unfortunately, issues with Tor's bridge implementation make it easy to discover large numbers of bridges. This makes bridges easy to block. Also, an adversary that hoards this information may use it to determine when each bridge is online over time. If a bridge operator also browses with Tor on the same machine, this information may be sufficient to deanonymize him. We present BridgeSPA as a method to mitigate these issues. A client using BridgeSPA relies on innocuous single packet authorization (SPA) to present a time-limited key to a bridge. Before this authorization takes place, the bridge will not reveal whether it is online. We have implemented BridgeSPA as a working proof-of-concept for GNU/Linux systems. The implementation is available under a free licence. We have integrated our implementation to work in an OpenWRT environment. This enables BridgeSPA support for any client behind a deployed BridgeSPA OpenWRT router, no matter which operating system they are running.

Privacy

Tor

Blocking Resistance

Port Knocking

Computer Science