Ethical Hacking of an Access Control System / Etisk hackning av ett passersystem

Almqvist, Oscar

January 2022

Cybersecurity within Internet of Things (IoT) is as relevant as ever, with the increase of digitalization and the connection of increasing numbers of intelligent devices. The devices within an electronic access control system, ranging from credential readers to management applications, are responsible for protecting various assets and users while still allowing for rich functionality. Regardless of its setting and context, the purpose of such a system is to ensure security. This thesis investigates the cybersecurity of an electronic access control system in an apartment building using penetration testing. The system was evaluated in a black-box setting, meaning no inside information about the system was known. This method consisted of an information gathering and enumeration phase, building a threat model that scored the identified threats based on their impact and consequences. Four devices and two software applications were investigated within the electronic access control system. Further, thirteen threats were identified on six attack surfaces: the physical interfaces, the firmware, the network services, web interfaces, a desktop application, and an embedded application. Twelve threats were tested to see if they are exploitable in practice. Results show that ten threats were exploitable, impacting residents and administrative users of the electronic access control system. The impact of the exploits consists of various degrees of sensitive data disclosure, authentication bypass, weak authentication, denial-of-service (DOS), and tampering, spread across the devices and software within the system. Exploits were successfully executed on every attack surface apart from the firmware. Additionally, the found exploits are reported to the affected manufacturer with suggestions to prevent the found vulnerabilities. / Med tanke på den ökande graden av digitalisering och intelligenta enheter i samhället är cybersäkerhet inom sakernas internet mer relevant än någonsin. Enheterna inom ett elektronisk passersystem har som uppgift att skydda både användare och objekt, oavsett miljö eller sammanhang. Detta, samtidigt som de ska erbjuda rik funktionalitet. Den här studien undersöker cybersäkerheten av ett passersystem installerat i ett lägenhetshus med hjälp av penetrationstestning. Systemet evaluerades genom black box testing, vilket betyder att ingen intern information om vare sig systemet eller enheterna var känd. Metoden inleddes av en informationsinsamlingsfas, som sedan ledde till en konstruktion av en hotmodell bestående av potentiella sårbarheter inom systemet. Sårbarheterna funna blev sedan betygsatta baserat på deras påverkan samt konsekvens ifall de skulle lyckas genomföras. Fyra enheter och två mjukvaruapplikationer inom passersystemet undersöktes. Tretton sårbarheter identifierades på de följande sex attackytorna: fysiska gränssnitt, firmware, nätverkstjänster, webbgränssnitt, datorprogram, samt inbäddade applikationer. Tolv sårbarheter testades för att se de kunde genomföras på systemet. Resultat visar att tio sårbarheter kunde genomföras, vilket påverkade både boende och administrativa användare i passersystemet. Detta resulterade i olika grader av utlämnande av känsliga uppgifter, förbikoppling av autentisering, denial-of-service (DOS), och manipulering, spritt över de olika enheterna och applikationerna i passersystemet. Förutom via firmware så hade samtliga attackytorna någon form av sårbarhet som gick att genomföras. De funna sårbarheterna blev rapporterade till passersystemets tillverkare med förslag på hur de kan åtgärdas.

Cybersecurity

Access control systems

IoT

Penetration testing

Threat modeling

Cybersäkerhet

Passersystem

Sakernas internet

Penetrationstestning

Hotmodellering

Computer Sciences

Datavetenskap (datalogi)

Access Control for Cross Organizational Collaboration

Zhu, Jian

11 May 2012

No description available.

Computer Engineering

Computer Science

Electrical Engineering

Access control

Attribute management

Trust

Privacy preservation

Collaboration

Considering the Social and Emotional Experiences of Access Control Interactions

Isaksson, Clara

January 2022

Access control solutions face challenges of the implications of social and emotional behaviour of their human users. Thus, the research questions I set out for my thesis deal with how the social and emotional aspects of humans affect access control security interactions and what the implications of considering these aspects when designing access control systems will have for the emotional experience of authorised users. By selecting cases from my fieldwork representative of the social and emotional experiences of authorised users of current access control solutions I have been able to uncover issues of how the technological system is inconsiderate of the social and emotional behaviour of its human users, resulting in negative social and emotional experiences of access control solutions. However, by considering how technology can be designed to reshape the social behaviour of users I have explored ways of designing access control solutions that consider both the technological security and the emotional experience of authorised users.

Access control

sociotechnology

interaction design

security

user experience

human-system interactions

research through design

social interactions

Interaction Technologies

Interaktionsteknik

Security Issues and Defense Methods for Wireless Medical Devices

Hei, Xiali

January 2014

This dissertation evaluates the design of several defense schemes for wireless medical devices to address security issues. These schemes are designed to enable efficient and effective access control of wireless medical devices in both non-emergency and emergency situations. In recent years, the range of available wireless medical devices has increased and includes cardiac pacemakers, insulin pump, defibrillators, cochlear implants, neurostimulators, and various drug delivery systems. Unfortunately, most existing wireless medical devices lack sufficient security mechanisms to protect patients from malicious attacks. Thus, with the rise in use of medical implants, security becomes a critical issue as attacks on wireless medical devices may harm patients. Security on wireless medical devices is a relatively new field, which has not been thoroughly researched yet. The authors of a lot of articles have proposed token based, certification based and proximity based schemes to address the issue. However, most of the current solutions have many limitations and cannot be widely applied. Therefore, better solutions are needed. In order to address this issue, we design a novel and multiple-layer access control framework for wireless medical devices. In a low layer level, we utilize bi-channel technology and multi-factor authentication to defend against various attacks at wireless medical devices. Our system utilizes near field communication (NFC) to do device pairing and uses the medical device's wireless radio to perform remote programming. This approach defends against most attacks because our NFC pairing scheme guarantees that the successful communication range between the programmer and wireless medical devices is less than 6cm. When the patient is in a crowded area such as on public transportation, a different person's mobile devices and the patient's medical devices may be located less than 6cm apart; we use the patient's cell phone to detect such an environment. To avoid attacks in crowded areas, we design a scheme to detect such a situation using the patient's cell phone. User involvement is used on non-implantable medical devices (IMDs) and a patient access pattern based access control (PAPAC) scheme is used on IMDs. We also design a response time based scheme to defend against fake patient attacks. Our analyses and experiments show that the protection schemes are efficient and effective. In a high layer level, we design patient infusion pattern based access control (PIPAC) scheme for wireless medical devices. Specifically, insulin pumps are most widely applied wireless medical devices. The pump parameters and doses can be adjusted by anyone with an easily obtained USB device. The hacker can deliver a lethal dose without knowing the device's serial number in advance. To address this issue, we propose a PIPAC for wireless insulin pumps. This scheme employs a supervised learning approach to learn normal patient infusion patterns in terms of the dosage amount, rate, and time of infusion, which are automatically recorded in insulin pump logs. The generated regression models are used to dynamically configure a safe infusion range for abnormal infusion identification. Our proposed algorithms are evaluated with real insulin pump logs used by several patients for up to 6 months. The experimental results demonstrate that our scheme can reliably detect a single overdose attack with a success rate up to 98\% and defend against a chronic overdose attack with a very high success rate. For IMDs in non-emergency case, the PAPAC scheme we design utilizes the patient's IMD access pattern to address resource depletion (RD) attacks. It is a novel support vector machine (SVM) based scheme. This SVM based scheme is very effective at defending against RD attacks. Our experimental results show that the average detection rate is above 90\%. For IMDs in emergency cases, we design a novel biometrics based two-level secure access control scheme that utilizes a patient's biometrics to prevent unauthorized access to the IMD. The scheme consists of two levels: level-one employs a patient's some basic biometrics and is lightweight; level-two uses a patient's customized iris data to achieve effective authentication. The experimental results show that our IMD access control scheme is very effective and has small overhead in terms of battery, CPU and memory. Thus, it is suitable for IMDs. Both the false acceptance rate (FAR) and false rejection rate (FRR) are close to zero with a suitable threshold. Protecting wireless medical devices is a very challenging task due to their extremely limited resource constraints. It is necessary to balance the overhead of security schemes and security requirements. In this dissertation, we will first discuss security vulnerabilities in wireless medical device systems. Then we will present our framework using smart phones and other technologies, such as near field communication based access control. Further, we will describe the detailed design of this framework. Finally, extensive experiments show that our schemes can achieve good performance with small overhead. / Computer and Information Science

Computer Science

Computer Engineering

Access Control

Access Pattern

Computer Security

Infusion Pattern

Near Field Communication

Wireless Medical Devices

Improving the Capacity in Wireless Ad Hoc Networks through Multiple Channel Operation: Design Principles and Protocols

Gong, Michelle Xiaohong

07 July 2005

Despite recent advances in wireless local area network (WLAN) technologies, today's WLANs still cannot offer the same data rates as their wired counterparts. The throughput problem is further aggravated in multi-hop wireless environments due to collisions and interference caused by multi-hop routing. Because all current IEEE 802.11 physical (PHY) standards divide the available frequency into several orthogonal channels, which can be used simultaneously within a neighborhood, increasing capacity by exploiting multiple channels becomes particularly appealing. To improve the capacity of wireless ad hoc networks by exploiting multiple available channels, I propose three principles that facilitate the design of efficient distributed channel assignment protocols. Distributed channel assignment problems have been proven to be <i>NP</i>-complete and, thus, computationally intractable. Though being a subject of many years of research, distributed channel assignment remains a challenging problem. There exist only a few heuristic solutions, none of which is efficient, especially for the mobile ad hoc environment. However, protocols that implement the proposed design principles are shown to require fewer channels and exhibit significantly lower communication, computation, and storage complexity, compared with existing approaches. As examples, I present two such protocols that build on standard reactive and proactive routing protocols. In addition, I prove the correctness of the algorithms and derive an upper bound on the number of channels required to both resolve collisions and mitigate interference. A new multi-channel medium access control (MC-MAC) protocol is also proposed for multi-hop wireless ad hoc networks. MC-MAC is compatible with the IEEE 802.11 medium access control (MAC) standard and imposes the minimum system requirements among all existing multi-channel MAC protocols. In addition, simulation results show that even with only a single half-duplex transceiver, MC-MAC, by exploiting multiple channels, can offer up to a factor of four improvement in throughput over the IEEE 802.11 MAC protocol. The reduction in delay is even more significant. Therefore, the MC-MAC protocol and the accompanying distributed channel assignment protocols constitute an effective solution to the aforementioned performance problem in a multi-hop wireless network. Finally, I generalize the cross-layer design principle to more general networking functions and present a network architecture to motivate and facilitate cross-layer designs in wireless networks. A literature survey is provided to validate the proposed cross-layer design architecture. Current cross-layer design research can be categorized into two classes: joint-layer design using optimization techniques, and adaptive techniques based on system-profile and/or QoS requirements. Joint-layer design based on optimization techniques can achieve optimal performance, but at the expense of complexity. Adaptive schemes may achieve relatively good performance with less complexity. Nevertheless, without careful design and a holistic view of the network architecture, adaptive schemes may actually cause more damage than benefit. / Ph. D.

wireless ad hoc networks

cross-layer design

Ad hoc routing protocol

multi-channel medium access control

distributed channel assignment

Medium Access Control in Cognitive Radio Networks

Bian, Kaigui

29 April 2011

Cognitive radio (CR) is seen as one of the enabling technologies for realizing a new regulatory spectrum management paradigm, viz. opportunistic spectrum sharing (OSS). In the OSS paradigm, unlicensed users (a.k.a. secondary users) opportunistically operate in fallow licensed spectrum on a non-interference basis to licensed users (a.k.a. incumbent or primary users). Incumbent users have absolute priority in licensed bands, and secondary users must vacate the channel where incumbent user signals are detected. A CR network is composed of secondary users equipped with CRs and it can coexist with incumbent users in licensed bands under the OSS paradigm. The coexistence between incumbent users and secondary users is referred to as incumbent coexistence, and the coexistence between CR networks of the same type is referred to as self-coexistence. In this dissertation, we address three coexistence-related problems at the medium access control (MAC) layer in CR networks: (1) the rendezvous (control channel) establishment problem, (2) the channel assignment problem in an ad hoc CR network, and (3) the spectrum sharing problem between infrastructure-based CR networks, i.e., the 802.22 wireless regional area networks (WRANs). Existing MAC layer protocols in conventional wireless networks fail to adequately address the key issues concerning incumbent and self coexistence that emerge in CR networks. To solve the rendezvous establishment problem, we present a systematic approach, based on quorum systems, for designing channel hopping protocols that ensure a pair of CRs to "rendezvous" within an upper-bounded time over a common channel that is free of incumbent user signals. In a single radio interface, ad hoc CR network, we propose a distributed channel assignment scheme that assigns channels at the granularity of "segments" for minimizing the channel switching overhead. By taking into account the coexistence requirements, we propose an inter-network spectrum sharing protocol that enables the sharing of vacant TV white space among coexisting WRANs. Our analytical and simulation results show that these proposed schemes can effectively address the aforementioned MAC layer coexistence problems in CR networks. / Ph. D.

Cognitive radio networks

coexistence

medium access control

control channel

rendezvous

channel hopping

channel assignment

opportunistic spectrum sharing

dynamic spectrum access

Cross-Layer Optimization: System Design and Simulation Methodologies

Mahajan, Rahul

31 December 2003

An important aspect of wireless networks is their dynamic behavior. The conventional protocol stack is inflexible as various protocol layers communicate in a strict manner. In such a case the layers are designed to operate under the worst conditions as opposed to adapting to changing conditions. This leads to inefficient use of spectrum and energy. Adaptation represents the ability of network protocols and applications to observe and respond to channel conditions. Traditional simulation methodologies independently model the physical and higher layers. When multiple layer simulations are required, an abstraction of one layer is inserted into the other to provide the multiple layer simulation. However, recent advances in wireless communication technologies, such as adaptive modulation and adaptive antenna algorithms, demand a cross layer perspective to this problem in order to provide a sufficient level of fidelity. However, a full simulation of both layers often results in excessively burdensome simulation run-times. The benefits and possible parametric characterization issues arising due to the cross-layer integration of lower physical and higher network layers are investigated in this thesis. The primary objective of investigating cross-layer simulation techniques is to increase the fidelity of cross-layer network simulations while minimizing the simulation runtime penalties. As a study of cross-layer system design a medium access control (MAC) scheme is studied for a MANET wherein the nodes are equipped with smart antennas. Traditional MAC protocols assume the use of omnidirectional antennas. Nodes with directional antennas are capable of transmitting in certain directions only and significantly reduce the chances of collision and increase the effective network capacity. MANETs using omni-directional antennas severely limit system performance as the entire space around a node up to its radio range is seen as a single logical channel. In this research a MAC protocol is studied that exploits space division multiple access at the physical layer. This is a strong example where physical and MAC design must be carried out simultaneously for adequate system performance. Power control is a very important in the design of cellular CDMA systems which suffer from the near-far problem. Finally, the interaction between successive interference cancellation (SIC) receivers at the physical layer and power control, which is a layer 2 radio resource management issue, is studied. Traffic for future wireless networks is expected to be a mix of real-time traffic such as voice, multimedia teleconferencing, and games and data traffic such as web browsing, messaging, etc. All these applications will require very diverse quality of service guarantees. A power control algorithm is studied, which drives the average received powers to those required, based on the QoS requirements of the individual users for a cellular CDMA system using SIC receivers. / Master of Science

Measures of Privacy Protection on Social Environments

Alemany Bordera, José

13 October 2020

Tesis por compendio / [EN] Nowadays, online social networks (OSNs) have become a mainstream cultural phenomenon for millions of Internet users. Social networks are an ideal environment for generating all kinds of social benefits for users. Users share experiences, keep in touch with their family, friends and acquaintances, and earn economic benefits from the power of their influence (which is translated into new job opportunities). However, the use of social networks and the action of sharing information imply the loss of the users’ privacy. Recently, a great interest in protecting the privacy of users has emerged. This situation has been due to documented cases of regrets in users’ actions, company scandals produced by misuse of personal information, and the biases introduced by privacy mechanisms. Social network providers have included improvements in their systems to reduce users’ privacy risks; for example, restricting privacy policies by default, adding new privacy settings, and designing quick and easy shortcuts to configure user privacy settings. In the privacy researcher area, new advances are proposed to improve privacy mechanisms, most of them focused on automation, fine-grained systems, and the usage of features extracted from the user’s profile information and interactions to recommend the best privacy policy for the user. Despite these advances, many studies have shown that users’ concern for privacy does not match the decisions they ultimately make in social networks. This misalignment in the users’ behavior might be due to the complexity of the privacy concept itself. This drawback causes users to disregard privacy risks, or perceive them as temporarily distant. Another cause of users’ behavior misalignment might be due to the complexity of the privacy decision-making process. This is because users should consider all possible scenarios and the factors involved (e.g., the number of friends, the relationship type, the context of the information, etc.) to make an appropriate privacy decision. The main contributions of this thesis are the development of metrics to assess privacy risks, and the proposal of explainable privacy mechanisms (using the developed metrics) to assist and raise awareness among users during the privacy decision process. Based on the definition of the concept of privacy, the dimensions of information scope and information sensitivity have been considered in this thesis to assess privacy risks. For explainable privacy mechanisms, soft paternalism techniques and gamification elements that make use of the proposed metrics have been designed. These mechanisms have been integrated into the social network PESEDIA and evaluated in experiments with real users. PESEDIA is a social network developed in the framework of the Master’s thesis of the Ph.D. student [15], this thesis, and the national projects “Privacy in Social Educational Environments during Childhood and Adolescence” (TIN2014-55206- R) and “Intelligent Agents for Privacy Advice in Social Networks” (TIN2017-89156-R). The findings confirm the validity of the proposed metrics for computing the users’ scope and the sensitivity of social network publications. For the scope metric, the results also showed the possibility of estimating it through local and social centrality metrics for scenarios with limited information access. For the sensitivity metric, the results also remarked the users’ misalignment for some information types and the consensus for a majority of them. The usage of these metrics as part of messages about potential consequences of privacy policy choices and information sharing actions to users showed positive effects on users’ behavior regarding privacy. Furthermore, the findings of exploring the users’ trade-off between costs and benefits during disclosure actions of personal information showed significant relationships with the usual social circles (family members, friends, coworkers, and unknown users) and their properties. This allowed designing better privacy mechanisms that appropriately restrict access to information and reduce regrets. Finally, gamification elements applied to social networks and users’ privacy showed a positive effect on the users’ behavior towards privacy and safe practices in social networks. / [ES] En la actualidad, las redes sociales se han convertido en un fenómeno cultural dominante para millones de usuarios de Internet. Las redes sociales son un entorno ideal para la generación de todo tipo de beneficios sociales para los usuarios. Los usuarios comparten experiencias, mantienen el contacto con sus familiares, amigos y conocidos, y obtienen beneficios económicos gracias al poder de su influencia (lo que se traduce en nuevas oportunidades de trabajo). Sin embargo, el uso de las redes sociales y la acción de compartir información implica la perdida de la privacidad de los usuarios. Recientemente ha emergido un gran interés en proteger la privacidad de los usuarios. Esta situación se ha debido a los casos de arrepentimientos documentados en las acciones de los usuarios, escándalos empresariales producidos por usos indebidos de la información personal, y a los sesgos que introducen los mecanismos de privacidad. Los proveedores de redes sociales han incluido mejoras en sus sistemas para reducir los riesgos en privacidad de los usuarios; por ejemplo, restringiendo las políticas de privacidad por defecto, añadiendo nuevos elementos de configuración de la privacidad, y diseñando accesos fáciles y directos para configurar la privacidad de los usuarios. En el campo de la investigación de la privacidad, nuevos avances se proponen para mejorar los mecanismos de privacidad la mayoría centrados en la automatización, selección de grano fino, y uso de características extraídas de la información y sus interacciones para recomendar la mejor política de privacidad para el usuario. A pesar de estos avances, muchos estudios han demostrado que la preocupación de los usuarios por la privacidad no se corresponde con las decisiones que finalmente toman en las redes sociales. Este desajuste en el comportamiento de los usuarios podría deberse a la complejidad del propio concepto de privacidad. Este inconveniente hace que los usuarios ignoren los riesgos de privacidad, o los perciban como temporalmente distantes. Otra causa del desajuste en el comportamiento de los usuarios podría deberse a la complejidad del proceso de toma de decisiones sobre la privacidad. Esto se debe a que los usuarios deben considerar todos los escenarios posibles y los factores involucrados (por ejemplo, el número de amigos, el tipo de relación, el contexto de la información, etc.) para tomar una decisión apropiada sobre la privacidad. Las principales contribuciones de esta tesis son el desarrollo de métricas para evaluar los riesgos de privacidad, y la propuesta de mecanismos de privacidad explicables (haciendo uso de las métricas desarrolladas) para asistir y concienciar a los usuarios durante el proceso de decisión sobre la privacidad. Atendiendo a la definición del concepto de la privacidad, las dimensiones del alcance de la información y la sensibilidad de la información se han considerado en esta tesis para evaluar los riesgos de privacidad. En cuanto a los mecanismos de privacidad explicables, se han diseñado utilizando técnicas de paternalismo blando y elementos de gamificación que hacen uso de las métricas propuestas. Estos mecanismos se han integrado en la red social PESEDIA y evaluado en experimentos con usuarios reales. PESEDIA es una red social desarrollada en el marco de la tesina de Master del doctorando [15], esta tesis y los proyectos nacionales “Privacidad en Entornos Sociales Educativos durante la Infancia y la Adolescencia” (TIN2014-55206-R) y “Agentes inteligentes para asesorar en privacidad en redes sociales” (TIN2017-89156-R). Los resultados confirman la validez de las métricas propuestas para calcular el alcance de los usuarios y la sensibilidad de las publicaciones de las redes sociales. En cuanto a la métrica del alcance, los resultados también mostraron la posibilidad de estimarla mediante métricas de centralidad local y social para escenarios con acceso limitado a la información. En cuanto a la métrica de sensibilidad, los resultados también pusieron de manifiesto la falta de concordancia de los usuarios en el caso de algunos tipos de información y el consenso en el caso de la mayoría de ellos. El uso de estas métricas como parte de los mensajes sobre las posibles consecuencias de las opciones de política de privacidad y las acciones de intercambio de información a los usuarios mostró efectos positivos en el comportamiento de los usuarios con respecto a la privacidad. Además, los resultados de la exploración de la compensación de los usuarios entre los costos y los beneficios durante las acciones de divulgación de información personal mostraron relaciones significativas con los círculos sociales habituales (familiares, amigos, compañeros de trabajo y usuarios desconocidos) y sus propiedades. Esto permitió diseñar mejores mecanismos de privacidad que restringen adecuadamente el acceso a la información y reducen los arrepentimientos. Por último, los elementos de gamificación aplicados a las redes sociales y a la privacidad de los usuarios mostraron un efecto positivo en el comportamiento de los usuarios hacia la privacidad y las prácticas seguras en las redes sociales. / [CA] En l’actualitat, les xarxes socials s’han convertit en un fenomen cultural dominant per a milions d’usuaris d’Internet. Les xarxes socials són un entorn ideal per a la generació de tota mena de beneficis socials per als usuaris. Els usuaris comparteixen experiències, mantenen el contacte amb els seus familiars, amics i coneguts, i obtenen beneficis econòmics gràcies al poder de la seva influència (el que es tradueix en noves oportunitats de treball). No obstant això, l’ús de les xarxes socials i l’acció de compartir informació implica la perduda de la privacitat dels usuaris. Recentment ha emergit un gran interès per protegir la privacitat dels usuaris. Aquesta situació s’ha degut als casos de penediments documentats en les accions dels usuaris, escàndols empresarials produïts per usos indeguts de la informació personal, i als caires que introdueixen els mecanismes de privacitat. Els proveïdors de xarxes socials han inclòs millores en els seus sistemes per a reduir els riscos en privacitat dels usuaris; per exemple, restringint les polítiques de privacitat per defecte, afegint nous elements de configuració de la privacitat, i dissenyant accessos fàcils i directes per a configurar la privacitat dels usuaris. En el camp de la recerca de la privacitat, nous avanços es proposen per a millorar els mecanismes de privacitat la majoria centrats en l’automatització, selecció de gra fi, i ús de característiques extretes de la informació i les seues interaccions per a recomanar la millor política de privacitat per a l’usuari. Malgrat aquests avanços, molts estudis han demostrat que la preocupació dels usuaris per la privacitat no es correspon amb les decisions que finalment prenen en les xarxes socials. Aquesta desalineació en el comportament dels usuaris podria deure’s a la complexitat del propi concepte de privacitat. Aquest inconvenient fa que els usuaris ignorin els riscos de privacitat, o els percebin com temporalment distants. Una altra causa de la desalineació en el comportament dels usuaris podria deure’s a la complexitat del procés de presa de decisions sobre la privacitat. Això es deu al fet que els usuaris han de considerar tots els escenaris possibles i els factors involucrats (per exemple, el nombre d’amics, el tipus de relació, el context de la informació, etc.) per a prendre una decisió apropiada sobre la privacitat. Les principals contribucions d’aquesta tesi són el desenvolupament de mètriques per a avaluar els riscos de privacitat, i la proposta de mecanismes de privacitat explicables (fent ús de les mètriques desenvolupades) per a assistir i conscienciar als usuaris durant el procés de decisió sobre la privacitat. Atesa la definició del concepte de la privacitat, les dimensions de l’abast de la informació i la sensibilitat de la informació s’han considerat en aquesta tesi per a avaluar els riscos de privacitat. Respecte als mecanismes de privacitat explicables, aquests s’han dissenyat utilitzant tècniques de paternalisme bla i elements de gamificació que fan ús de les mètriques propostes. Aquests mecanismes s’han integrat en la xarxa social PESEDIA i avaluat en experiments amb usuaris reals. PESEDIA és una xarxa social desenvolupada en el marc de la tesina de Màster del doctorant [15], aquesta tesi i els projectes nacionals “Privacitat en Entorns Socials Educatius durant la Infància i l’Adolescència” (TIN2014-55206-R) i “Agents Intel·ligents per a assessorar en Privacitat en xarxes socials” (TIN2017-89156-R). Els resultats confirmen la validesa de les mètriques propostes per a calcular l’abast de les accions dels usuaris i la sensibilitat de les publicacions de les xarxes socials. Respecte a la mètrica de l’abast, els resultats també van mostrar la possibilitat d’estimarla mitjançant mètriques de centralitat local i social per a escenaris amb accés limitat a la informació. Respecte a la mètrica de sensibilitat, els resultats també van posar de manifest la falta de concordança dels usuaris en el cas d’alguns tipus d’informació i el consens en el cas de la majoria d’ells. L’ús d’aquestes mètriques com a part dels missatges sobre les possibles conseqüències de les opcions de política de privacitat i les accions d’intercanvi d’informació als usuaris va mostrar efectes positius en el comportament dels usuaris respecte a la privacitat. A més, els resultats de l’exploració de la compensació dels usuaris entre els costos i els beneficis durant les accions de divulgació d’informació personal van mostrar relacions significatives amb els cercles socials habituals (familiars, amics, companys de treball i usuaris desconeguts) i les seves propietats. Això ha permés dissenyar millors mecanismes de privacitat que restringeixen adequadament l’accés a la informació i redueixen els penediments. Finalment, els elements de gamificació aplicats a les xarxes socials i a la privacitat dels usuaris van mostrar un efecte positiu en el comportament dels usuaris cap a la privacitat i les pràctiques segures en les xarxes socials. / Alemany Bordera, J. (2020). Measures of Privacy Protection on Social Environments [Tesis doctoral]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/151456 / Compendio

Privacy

Online Social Networks

Access Control

Users' Scope

Information Sensitivity

Privacy Calculus

Nudge Mechanisms

Gamification

LENGUAJES Y SISTEMAS INFORMATICOS

Blockchain-enabled Secure and Trusted Personalized Health Record

Dong, Yibin

20 December 2022

Longitudinal personalized electronic health record (LPHR) provides a holistic view of health records for individuals and offers a consistent patient-controlled information system for managing the health care of patients. Except for the patients in Veterans Affairs health care service, however, no LPHR is available for the general population in the U.S. that can integrate the existing patients' electronic health records throughout life of care. Such a gap may be contributed mainly by the fact that existing patients' electronic health records are scattered across multiple health care facilities and often not shared due to privacy and security concerns from both patients and health care organizations. The main objective of this dissertation is to address these roadblocks by designing a scalable and interoperable LPHR with patient-controlled and mutually-trusted security and privacy. Privacy and security are complex problems. Specifically, without a set of access control policies, encryption alone cannot secure patient data due to insider threat. Moreover, in a distributed system like LPHR, so-called race condition occurs when access control policies are centralized while decisions making processes are localized. We propose a formal definition of secure LPHR and develop a blockchain-enabled next generation access control (BeNGAC) model. The BeNGAC solution focuses on patient-managed secure authorization for access, and NGAC operates in open access surroundings where users can be centrally known or unknown. We also propose permissioned blockchain technology - Hyperledger Fabric (HF) - to ease the shortcoming of race condition in NGAC that in return enhances the weak confidentiality protection in HF. Built upon BeNGAC, we further design a blockchain-enabled secure and trusted (BEST) LPHR prototype in which data are stored in a distributed yet decentralized database. The unique feature of the proposed BEST-LPHR is the use of blockchain smart contracts allowing BeNGAC policies to govern the security, privacy, confidentiality, data integrity, scalability, sharing, and auditability. The interoperability is achieved by using a health care data exchange standard called Fast Health Care Interoperability Resources. We demonstrated the feasibility of the BEST-LPHR design by the use case studies. Specifically, a small-scale BEST-LPHR is built for sharing platform among a patient and health care organizations. In the study setting, patients have been raising additional ethical concerns related to consent and granular control of LPHR. We engineered a Web-delivered BEST-LPHR sharing platform with patient-controlled consent granularity, security, and privacy realized by BeNGAC. Health organizations that holding the patient's electronic health record (EHR) can join the platform with trust based on the validation from the patient. The mutual trust is established through a rigorous validation process by both the patient and built-in HF consensus mechanism. We measured system scalability and showed millisecond-range performance of LPHR permission changes. In this dissertation, we report the BEST-LPHR solution to electronically sharing and managing patients' electronic health records from multiple organizations, focusing on privacy and security concerns. While the proposed BEST-LPHR solution cannot, expectedly, address all problems in LPHR, this prototype aims to increase EHR adoption rate and reduce LPHR implementation roadblocks. In a long run, the BEST-LPHR will contribute to improving health care efficiency and the quality of life for many patients. / Doctor of Philosophy / Longitudinal personalized electronic health record (LPHR) provides a holistic view of health records for individuals and offers a consistent patient-controlled information system for managing the health care of patients. Except for the patients in Veterans Affairs health care service, however, no LPHR is available for the general population in the U.S. that can integrate the existing patients' electronic health records throughout life of care. Such a gap may be contributed mainly by the fact that existing patients' electronic health records are scattered across multiple health care facilities and often not shared due to privacy and security concerns from both patients and health care organizations. The main objective of this dissertation is to address these roadblocks by designing a scalable and interoperable LPHR with patient-controlled and mutually-trusted security and privacy. We propose a formal definition of secure LPHR and develop a novel blockchain-enabled next generation access control (BeNGAC) model, that can protect security and privacy of LPHR. Built upon BeNGAC, we further design a blockchain-enabled secure and trusted (BEST) LPHR prototype in which data are stored in a distributed yet decentralized database. The health records on BEST-LPHR are personalized to the patients with patient-controlled security, privacy, and granular consent. The unique feature of the proposed BEST-LPHR is the use of blockchain technology allowing BeNGAC policies to govern the security, privacy, confidentiality, data integrity, scalability, sharing, and auditability. The interoperability is achieved by using a health care data exchange standard. We demonstrated the feasibility of the BEST-LPHR design by the use case studies. Specifically, a small-scale BEST-LPHR is built for sharing platform among a patient and health care organizations. We engineered a Web-delivered BEST-LPHR sharing platform with patient-controlled consent granularity, security, and privacy realized by BeNGAC. Health organizations that holding the patient's electronic health record (EHR) can join the platform with trust based on the validation from the patient. The mutual trust is established through a rigorous validation process by both the patient and built-in blockchain consensus mechanism. We measured system scalability and showed millisecond-range performance of LPHR permission changes. In this dissertation, we report the BEST-LPHR solution to electronically sharing and managing patients' electronic health records from multiple organizations, focusing on privacy and security concerns. While the proposed BEST-LPHR solution cannot, expectedly, address all problems in LPHR, this prototype aims to increase EHR adoption rate and reduce LPHR implementation roadblocks. In a long run, the BEST-LPHR will contribute to improving health care efficiency and the quality of life for many patients.

Longitudinal Personalized Health Record

Security

Privacy

Patient Consent

Trust

Sharing Platform

Receiver-Assigned CDMA in Wireless Sensor Networks

Petrosky, Eric Edward

23 May 2018

A new class of Wireless Sensor Networks (WSNs) is emerging within the Internet of Things (IoT) that features extremely high node density, low data rates per node, and high network dependability. Applications such as industrial IoT, factory automation, vehicular networks, aviation, spacecraft and others will soon feature hundreds of low power, low data rate (1-15 kbps) wireless sensor nodes within a limited spatial environment. Existing Medium Access Control (MAC) layer protocols, namely IEEE 802.15.4, may not be suitable for highly dense, low rate networks. A new MAC protocol has been proposed that supports a Receiver-Assigned Code Division Multiple Access (RA-CDMA) physical (PHY) layer multiple access technique, which may enable higher network scalability while maintaining performance and contributing additional robustness. This thesis presents a comparison of the contention mechanisms of IEEE 802.15.4 non- beacon enabled mode and RA-CDMA along with a Matlab simulation framework used for end-to-end simulations of the protocols. Simulations suggest that IEEE 802.15.4 networks begin to break down in terms of throughput, latency, and delivery ratio at a relatively low overall traffic rate compared to RA-CDMA networks. Results show that networks using the proposed RA-CDMA multiple access can support node densities on the order of two to three times higher than IEEE 802.15.4 within the same bandwidth. Furthermore, features of a new MAC layer protocol are proposed that is optimized for RA-CDMA, which could further improve network performance over IEEE 802.15.4. The protocol's simple and lightweight design eliminates significant overhead compared to other protocols while meeting performance requirements, and could further enable the deployment of RA-CDMA WSNs. / Master of Science / Factories, automobiles, planes, spacecraft and other systems in the future will require hundreds of sensors within a relatively small area for data gathering purposes. The sensors, which form Wireless Sensor Networks (WSNs), must have some method of wireless communication that allows each of them to transmit information when needed without obstructing other sensors’ transmissions. Wireless communication protocols provide a method for doing so. Some recognizable examples of wireless communication protocols include Bluetooth, WiFi, 3G and LTE. For WSNs in the future, the industry’s leading candidate protocol is called IEEE 802.15.4, but it may not be most suitable because it is known to break down as large amounts of sensors are added to its networks. Because of this, a new protocol has been proposed around a channel sharing technique called Receiver-Assigned Code Division Multiple Access (RACDMA), which uses a different strategy to efficiently distribute network resources among sensors. This work analyzes the differences between IEEE 802.15.4 and RA-CDMA, focusing specifically on how each protocol allows sensors to transmit without conflicting with one another. A simulation framework is introduced for complete simulations of each protocol. The result of the simulations shows that IEEE 802.15.4 breaks down in dense sensor networks. RACDMA, however, is able to support very large networks, on the order of two to three times the size of IEEE 802.15.4. This result could be an enabling technology for large wireless sensor networks in the future. Additionally, a new protocol optimized for RA-CDMA is presented. Its simple design could further enable the deployment of RA-CDMA WSNs.

Wireless Sensor Networks

Medium Access Control

MAC

RA-CDMA

IEEE 802.15.4

Zigbee