Global ETD Search

841	Achieving Perfect Location Privacy in Wireless Devices Using Anonymization Montazeri, Zarrin 24 March 2017 (has links) The popularity of mobile devices and location-based services (LBS) have created great concerns regarding the location privacy of the users of such devices and services. Anonymization is a common technique that is often being used to protect the location privacy of LBS users. This technique assigns a random pseudonym to each user and these pseudonyms can change over time. Here, we provide a general information theoretic definition for perfect location privacy and prove that perfect location privacy is achievable for mobile devices when using the anonymization technique appropriately. First, we assume that the user’s current location is independent from her past locations. Using this i.i.d model, we show that if the pseudonym of the user is changed before O(n2/(r−1)) number of anonymized observations is made by the adversary for that user, then she has perfect location privacy, where n is the number of users in the network and r is the number of all possible locations that the user might occupy. Then, we model each user’s movement by a Markov chain so that a user’s current location depends on his previous locations, which is a more realistic model when approximating real world data. We show that perfect location privacy is achievable in this model if the pseudonym of the user is changed before O(n2/(\|E\|−r)) anonymized observations is collected by the adversary for that user where \|E\| is the number of edges in the user’s Markov model. Location Privacy Perfect Location Privacy Location Based Services Mutual Information Markov Chain Wireless device Computer Engineering Computer Sciences Engineering Information Security
842	Val av Cookies : - En kvantitativ studie om förekomsten av privacy paradox och bounded rationality vid en användares val av cookies. Dahlgren, Carl, Lundkvist, Elias January 2023 (has links) Data räknas idag som en av världens värdefullaste resurser. I takt med att internet har blivit mer etablerat och utökat sina användningsområden, har insamlingen av information om dess användare ökat. Genom att använda sig av cookies kan företag analysera sina kunders vanor på internet och på så sätt tillgodose personligt riktad reklam och specialanpassade flöden. Tidigare studier visar att internetanvändare är oroliga över deras personliga integritet på nätet men att de inte tar åtgärder för att skydda den. Fenomenet kallas för privacy paradox och det finns rapporter som tyder på att detta fenomen inte är närvarande hos svenska internetanvändare. Studiens syfte är att undersöka om privacy paradox finns hos svenska internetanvändare och om fenomenet kan förklaras via en avsaknad av kunskap inom området, även kallat bounded rationality. Studiens datamängd samlades in via en internetbaserad enkät och analyserades utifrån studiens teoretiska modell som utgår ifrån det teoretiska ramverket Knowledge-Attitude-Behaviour(KAB). Univariat-, bivariat- och multivariat statistik användes för att beskriva datamängden och besvara forskningsfrågan. SmartPLS användes för att konstruera och analysera PLS-SEM modellerna som användes i den multivariata analysen. Det statistiska programmeringsspråket R användes vid den univariata och bivariata analysen. Resultatet visade att privacy paradox inte kunde fastställas i studiens datamängd. Det kunde även fastställas att datamängden påvisade en hög kunskap gällande cookies, vilket talar emot en förekomst av bounded rationality. / Data is now considered one of the world's most valuable resources. As the internet has become more established and expanded its uses, the collection of user information has increased. By using cookies, companies can analyze their customers' habits on the internet and thus provide personalized advertising and customized feeds. Previous studies show that internet users are concerned about their online privacy but do not take steps to protect it. The phenomenon is called the privacy paradox and there are reports that suggest that this phenomenon is not present among Swedish internet users. The purpose of the study is to investigate whether the privacy paradox is present among Swedish internet users and whether the phenomenon can be explained by a lack of knowledge in the area, also known as bounded rationality. The study's data set was collected via an Internet-based questionnaire and analyzed in the study's theoretical model, a model based on the theoretical framework Knowledge-Attitude-Behavior (KAB). Univariate, bivariate and multivariate statistics were used to describe the data set and answer the research question. SmartPLS was used to construct and analyze the PLS-SEM models used in the multivariate analysis. The statistical programming language R was used for the univariate and bivariate analysis. The results showed that privacy paradox could not be established in the study's data set. It was also determined that the data set showed a high level of knowledge about cookies which is contradicting bounded rationality. Cookies KAB The Privacy Paradox Bounded Rationality Cookies KAB The Privacy Paradox Bounded Rationality Information Systems, Social aspects
843	Experience with users about the various GDPR provisions available through the services Alid, Hani January 2023 (has links) This thesis discusses the General Data Protection Regulation (GDPR) and its impact on individuals since the GDPR became effective in May 2018. The regulation has had significant implications for companies and organizations that handle user data as it provides fines if they are non-compliance. However, the GDPR was created to protect individuals' privacy and personal data in the European Union (EU), which has added many complexities to companies and individuals. This study aims to provide an experiment with individuals in Sweden to document their knowledge of the regulations and their ability to exercise the rights granted and to know their opinions through interviews with 19 samples of individuals. The research deals with the third chapter more than other chapters of the GDPR. The results revealed a lack of awareness among the participants, with only a small percentage having prior knowledge of the GDPR and lacking a clear understanding of the implications and practical implementation of these rights, despite the participants' enthusiasm when explaining the rights to them. Participants acknowledged the importance of their data and assessed the provisions of the GDPR. They emphasized rights such as access, rectification, and erasure as necessary to protect privacy. After obtaining nearly complete knowledge, the participants could exercise and find the GDPR rights entirely on Swedish sites, except those who were able to find the rights with only a little knowledge. The study highlights the need to enhance individuals' awareness of the GDPR and improve transparency and accessibility of privacy policies. controllers knowledge privacy awareness privacy policies user rights Information Systems, Social aspects
844	Seed and Grow: An Attack Against Anonymized Social Networks Peng, Wei 07 August 2012 (has links) Indiana University-Purdue University Indianapolis (IUPUI) / Digital traces left by a user of an on-line social networking service can be abused by a malicious party to compromise the person’s privacy. This is exacerbated by the increasing overlap in user-bases among various services. To demonstrate the feasibility of abuse and raise public awareness of this issue, I propose an algorithm, Seed and Grow, to identify users from an anonymized social graph based solely on graph structure. The algorithm first identifies a seed sub-graph either planted by an attacker or divulged by collusion of a small group of users, and then grows the seed larger based on the attacker’s existing knowledge of the users’ social relations. This work identifies and relaxes implicit assumptions taken by previous works, eliminates arbitrary parameters, and improves identification effectiveness and accuracy. Experiment results on real-world collected datasets further corroborate my expectation and claim. social networks; anonymization; privacy Data protection Computer security Internet -- Safety measures Privacy, Right of Computer networks -- Social aspects
845	The EU General Data Protection Regulations and their consequences on computer system design / EUs allmänna dataskyddsförordning och dess konsekvenser för programsystemteknik Magnusson, Wilhelm January 2017 (has links) As of writing this thesis, the EU’s new data protection laws (GDPR) will start to apply within one year. The new regulations are poorly understood by many and rumours of varying accuracy are circling the IT industry. This thesis takes a look at the parts of the GDPR concerning system design and architecture, clarifying what they mean and their consequences for system design. The new regulations are compared to the old data protection laws (Directive 95/46/EC), showing how companies must alter their computer systems in order to adapt. Using evaluations of the old data protection laws predictions are made for how the GDPR will affect the IT industry going forward. One of the more important questions are what tools are available for companies when adapting to privacy protection regulations and threats. This thesis aims to identify the most common processes for this kind of system modification and compare their effectiveness in relation to the GDPR. / Vid framställningen av denna avhandling är det mindre än ett år innan EUs nya dataskyddsförordning (GDPR) träder i kraft. Många har bristande förståelse av de nya förordningarna och rykten av varierande korrekthet cirkulerar inom IT industrin. Denna avhandling utför en kritisk undersökning utav de delar inom GDPR som berör system design och arkitektur och beskriver dess innebörd för system design. De nya lagarna jämförs med de föregående dataskyddslagarna (Direktiv 95/46/EC) för att påvisa de modifikationer som kommer krävas för att anpassa datorsystem till de nya förordningarna. Genom att undersöka de äldre dataskyddslagarnas effekt på industrin görs även förutsägelser kring hur GDPR kommer påverka IT industrin inom den närmaste framtiden. Än av de intressantare frågorna är vilka metoder som finns tillgängliga för att underlätta systemanpassningar relaterade till dataskyddsförordningar. Denna avhandling syftar att identifiera de mest etablerade av dessa typer av processer och jämföra deras lämplighet i förhållande till GDPR. GDPR PbD PIA PUL privacy impact assessment privacy by design Directive 95/46/EC General Data Protection Regulations Computer Sciences Datavetenskap (datalogi)
846	Towards privacy-preserving and fairness-enhanced item ranking in recommender systems Sun, Jia Ao 07 1900 (has links) Nous présentons une nouvelle approche de préservation de la vie privée pour améliorer l’équité des éléments dans les systèmes de classement. Nous utilisons des techniques de post-traitement dans un environnement de recommandation multipartite afin d’équilibrer l’équité et la protection de la vie privée pour les producteurs et les consommateurs. Notre méthode utilise des serveurs de calcul multipartite sécurisés (MPC) et une confidentialité différentielle (DP) pour maintenir la confidentialité des utilisateurs tout en atténuant l’injustice des éléments sans compromettre l’utilité. Les utilisateurs soumettent leurs données sous forme de partages secrets aux serveurs MPC, et tous les calculs sur ces données restent cryptés. Nous évaluons notre approche à l’aide d’ensembles de données du monde réel, tels qu’Amazon Digital Music, Book Crossing et MovieLens-1M, et analysons les compromis entre confidentialité, équité et utilité. Notre travail encourage une exploration plus approfondie de l’intersection de la confidentialité et de l’équité dans les systèmes de recommandation, jetant les bases de l’intégration d’autres techniques d’amélioration de la confidentialité afin d’optimiser l’exécution et l’évolutivité pour les applications du monde réel. Nous envisageons notre approche comme un tremplin vers des solutions de bout en bout préservant la confidentialité et promouvant l’équité dans des environnements de recommandation multipartites. / We present a novel privacy-preserving approach to enhance item fairness in ranking systems. We employ post-processing techniques in a multi-stakeholder recommendation environment in order to balance fairness and privacy protection for both producers and consumers. Our method utilizes secure multi-party computation (MPC) servers and differential privacy (DP) to maintain user privacy while mitigating item unfairness without compromising utility. Users submit their data as secret shares to MPC servers, and all calculations on this data remain encrypted. We evaluate our approach using real-world datasets, such as Amazon Digital Music, Book Crossing, and MovieLens-1M, and analyze the trade-offs between privacy, fairness, and utility. Our work encourages further exploration of the intersection of privacy and fairness in recommender systems, laying the groundwork for integrating other privacy-enhancing techniques to optimize runtime and scalability for real-world applications. We envision our approach as a stepping stone towards end-to-end privacy-preserving and fairness-promoting solutions in multi-stakeholder recommendation environments. Privacy Fairness Ranking Secure multi-party computation Differential privacy Confidentialité Équité Classement Calcul multipartite sécurisé Confidentialité différentielle
847	ANTECEDENTS AND OUTCOMES OF PERCEIVED CREEPINESS IN ONLINE PERSONALIZED COMMUNICATIONS Stevens, Arlonda M. 01 June 2016 (has links) No description available. Marketing Information Science Management Mass Media Creepy Creepy Marketing Personalized Communication Transparency Control Creepy Quadrant Online Information Privacy Concerns Online Behavioral Advertising Data Privacy Trust Customer Satisfaction
848	Valuing Differential Privacy : Assessing the value of personal data anonymization solutions, specifically Differential Privacy-solutions, for companies in the mobility sector / Värdering av Differential Privacy : En värdering av anonymiseringsalgoritmer, specifikt Differential Privacy-lösningar, för bolag inom mobilitetssektorn Andersson, Axel, Borgernäs, Sebastian January 2022 (has links) This paper aims to determine the value of the product based on the mathematical concept of Differential Privacy, by assessing the value of the business opportunities it enables and the value of the possible GDPR-fines it prevents. To delimit the scope of the research the analysis will focus on what the value of personal data is for companies within the mobility sector. Mobility is a cross-industrial sector consisting of companies within connectivity-technology, transportation, and automotive. The method used to assess the final value of anonymizing personal data, such as consumer data, using a DP-solution (meaning, an implementation of the theory) has consisted of both quantitative and qualitative analysis. The quantitative analysis aims to assess the ‘Cost of Risk’ for mobility companies that are exposed to personal integrity regulation due to data processing. To further conclude the true cost of the financial impact caused by getting fined for infringing on privacy regulation because of unlawful data processing is done through a complementary qualitative assessment. Lastly, the 'Opportunity Cost', or rather the cost of missed financial opportunities, is determined qualitatively for a case study company within Sweden’s mobility ecosystem to conclude the overall value of a DP-solution for a specific company. The final product of this research paper is to provide a framework assessing the total value, for specifically companies in the mobility sector, of implementing differential privacy solutions. / Syftet med denna uppsats är att fastställa värdet av anonymisering baserat på det matematiska konceptet Differential Privacy, genom att bedöma värdet av de affärsmöjligheter det skapar, samt värdet av de möjliga GDPR- böter det förhindrar. För att avgränsa studiens omfattning består analysen endast av att uppskatta dessa värden för företag inom mobilitetssektorn. Mobilitetssektorn är en tvärindustriell sektor som består av företag inom uppkoppling-, transport- och bilindustrin. Metoden som använts för att ta fram det slutliga värdet av att anonymisera persondata genom en differential privacy lösning, består både av en kvantitativ och en kvalitativ analys. Målet med den kvantitativa analysen är att estimera kostnadsrisken för företag inom mobilitetssektorn som exponeras mot GDPR-böter med avseende på dess datahantering. För att vidare ta reda på den totala finansiella inverkan av sådana böter, kompletteras analysen av en kvalitativ studie, som delvis omfattas av de finansiella möjligheterna ett företag går miste om i en sådan situation. Den kvalitativa analysen består också av en fallstudie av ett svenskt företag inom mobilitetssektorn, med målet att estimera värdet av de affärsmöjligheter som uppstår med hjälp av anonymisering av data. Slutligen är målet med denna uppsats att förse läsaren med att ramverk för att estimera det totala värdet av att implementera differential privacy lösningar i företag inom mobilitetssektorn. differential privacy hedonic pricing method logistic regression GDPR privacy regulation valuation risk assessment valuing emerging technologies valuing non-market goods and services mobility Computer Sciences Datavetenskap (datalogi)
849	DSAP: Data Sharing Agreement Privacy Ontology / Privacy Ontology for Health Data Sharing in Research Li, Mingyuan January 2018 (has links) Medical researchers utilize data sharing agreements (DSA) to communicate privacy policies that govern the treatment of data in their collaboration. Expression of privacy policies in DSAs have been achieved through the use of natural and policy languages. However, ambiguity in natural language and rigidness in policy languages make them unsuitable for use in collaborative medical research. Our goal is to develop an unambiguous and flexible form of expression of privacy policies for collaborative medical research. In this thesis, we developed a DSA Privacy Ontology to express privacy policies in medical research. Our ontology was designed with hierarchy structure, lightweight in expressivity, closed world assumption in interpretation, and the reuse of other ontologies. The design allows our ontology to be flexible and extensible. Being flexible allows our ontology to express different types of privacy policies. Being extensible allows our ontology to be mapped to other linkable ontologies without the need to change our existing ontology. We demonstrate that our ontology is capable of supporting the DSA in a collaborative research data sharing scenario through providing the appropriate vocabulary and structure to log privacy events in a linked data based audit log. Furthermore, through querying the audit log, we can answer privacy competency questions relevant to medical researchers. / Thesis / Master of Science (MSc) Privacy Health Research Medical Research Ontology Data Sharing Data Sharing Agreements Linked Data Privacy Audit Log Health Information Sharing Health Information
850	Privacy and Security Enhancements for Tor Arushi Arora (18414417) 21 April 2024 (has links) <p dir="ltr">Privacy serves as a crucial safeguard for personal autonomy and information, enabling control over personal data and space, fostering trust and security in society, and standing as a cornerstone of democracy by protecting against unwarranted interference. This work aims to enhance Tor, a volunteer-operated network providing privacy to over two million users, by improving its programmability, security, and user-friendliness to support wider adoption and underscore the importance of privacy in protecting individual rights in the digital age.</p><p dir="ltr">Addressing Tor's limitations in adapting to new services and threats, this thesis introduces programmable middleboxes, enabling users to execute complex functions on Tor routers to enhance anonymity, security, and performance. This architecture, called Bento, is designed to secure middleboxes from harmful functions and vice versa, making Tor more flexible and efficient.</p><p dir="ltr">Many of the attacks on Tor's anonymity occur when an adversary can intercept a user’s traffic; it is thus useful to limit how much of a user's traffic can enter potentially adversarial networks. We tackle the vulnerabilities of onion services to surveillance and censorship by proposing DeTor<sub>OS</sub>, a Bento function enabling geographic avoidance for onion services- which is challenging since no one entity knows the full circuit between user and onion service, providing a method to circumvent adversarial regions and enhance user privacy.</p><p dir="ltr">The final part focuses on improving onion services' usability and security. Despite their importance, these services face high latency, Denial of Service (DoS) and deanonymization attacks due to their content. We introduce CenTor, a Content Delivery Network (CDN) for onion services using Bento, offering replication, load balancing, and content proximity benefits. Additionally, we enhance performance with multipath routing strategies through uTor, balancing performance and anonymity. We quantitatively analyze how geographical-awareness for an onion service CDN and its clients could impact a user’s anonymity- performance versus security tradeoff. Further, we evaluate CenTor on the live Tor network as well as large-scale Shadow simulations.</p><p dir="ltr">These contributions, requiring no changes to the Tor protocol, represent significant advancements in Tor's capabilities, performance, and defenses, demonstrating potential for immediate benefits to the Tor community.</p> System and network security Networking and communications Privacy and data rights tor anonymity networks privacy usability and security programmable networks onion services CDN censorship anonymity NFV

Search results