[en] DATA PROTECTION IN THE SMART CITIES / [pt] PROTEÇÃO DE DADOS NAS CIDADES INTELIGENTES

FREDERICO BOGHOSSIAN TORRES

22 September 2023

[pt] As cidades contemporâneas, cuja população está em tendência de crescimento, são palco dos desafios do presente, como as mudanças climáticas, o acesso a alimentos, os desastres ambientais, o consumo de energia e emissão de gases poluentes, a violência, a desigualdade social, entre outros. A solução desses problemas é complexa e necessita o envolvimento de múltiplos atores e o investimento de volumosos recursos financeiros. Com atenção a isso, surge o ideal da cidade inteligente, que busca utilizar as tecnologias da informação e comunicação para diagnosticar e enfrentar problemas urbanos a partir da coleta e uso de dados sobre a cidade e os cidadãos. Se, por um lado, a tecnologia pode e deve ser utilizada para a melhoria da qualidade de vida, por outro lado, o seu uso traz dúvidas sobre a violação da privacidade dos cidadãos. Por estes motivos, a presente pesquisa objetiva estudar de que forma é possível realizar as promessas da cidade inteligente sem que isso signifique a expansão da vigilância e a sistematização da violação às leis de proteção de dados. Para isso, o trabalho irá: estudar as definições do conceito de cidade inteligente, abordar os desafios para a proteção de dados neste contexto e propor medidas que mitiguem os danos à privacidade dos cidadãos. / [en] Contemporary cities, whose population is on a growing trend, are the main stage for the challenges of the present, such as climate change, access to food, environmental disasters, energy consumption and the emission of greenhouse gases, violence, social inequality, among others. The solution of these problems is complex, requiring the involvement of multiple actors and the investment of voluminous financial resources. With this in mind, the ideal of the smart city emerges, seeking to use information and communication technologies to diagnose and address urban problems by collecting and processing data about the city and its citizens. If, on the one hand, technology can and should be used to improve the quality of life, on the other hand, its use raises doubts about the violation of citizens privacy. For these reasons, the present research aims to study how it is possible to fulfill the promises of the smart city without this meaning the expansion of surveillance and the systematization of violations of data protection laws. For this, the work will: study the definitions of smart city, address the challenges for data protection in this context and propose measures that mitigate the damages to the privacy of urban citizens.

[pt] SEGURANCA DA INFORMACAO

[pt] PROTECAO DE DADOS

[pt] DADOS PESSOAIS

[pt] CIDADES INTELIGENTES

[pt] PRIVACIDADE

[pt] DIREITO A CIDADE

[en] INFORMATION SECURITY

[en] DATA PROTECTION

[en] SMART CITIES

[en] PRIVACY

[en] RIGHT TO THE CITY

From whistleblowing tools to AI-supported data analysis: A compliance practitioner`s view on IT-tools for different aspects of investigations

Endres, Markus

28 November 2023

The text discusses the evolving digital workplace, emphasizing the rise of cybercrime and the need for innovative investigative approaches. It explores the surge in web-based whistleblowing tools in Europe, driven by legislation, and delves into the functionalities and challenges of these tools, including issues of anonymity and data protection. The paper also highlights the role of AI-based forensic tools in government agencies, covering their benefits and potential risks. The use of AI in law enforcement is explored, acknowledging its effectiveness but also cautioning against biases and associated risks. The conclusion stresses the importance of balancing opportunities and risks, particularly in the context of legal and ethical considerations.

info:eu-repo/classification/ddc/343

ddc:343

Operational Factors Affecting the Confidentiality of Proprietary Digital Assets

Massimino, Brett J.

14 October 2014

No description available.

Business Administration

Information Security

Intellectual Property

Breach

Digital Economy

Supply Chain Management

Confidentiality

Asset Protections

Software Development

Worker Behaviors

Behavioral Operations Management

Data Protection

Big Data

Defeating Critical Threats to Cloud User Data in Trusted Execution Environments

Adil Ahmad (13150140)

26 July 2022

<p>In today’s world, cloud machines store an ever-increasing amount of sensitive user data, but it remains challenging to guarantee the security of our data. This is because a cloud machine’s system software—critical components like the operating system and hypervisor that can access and thus leak user data—is subject to attacks by numerous other tenants and cloud administrators. Trusted execution environments (TEEs) like Intel SGX promise to alter this landscape by leveraging a trusted CPU to create execution contexts (or enclaves) where data cannot be directly accessed by system software. Unfortunately, the protection provided by TEEs cannot guarantee complete data security. In particular, our data remains unprotected if a third-party service (e.g., Yelp) running inside an enclave is adversarial. Moreover, data can be indirectly leaked from the enclave using traditional memory side-channels.</p> <p><br></p> <p>This dissertation takes a significant stride towards strong user data protection in cloud machines using TEEs by defeating the critical threats of adversarial cloud services and memory side-channels. To defeat these threats, we systematically explore both software and hardware designs. In general, we designed software solutions to avoid costly hardware changes and present faster hardware alternatives.</p> <p><br></p> <p>We designed 4 solutions for this dissertation. Our Chancel system prevents data leaks from adversarial services by restricting data access capabilities through robust and efficient compiler-enforced software sandboxing. Moreover, our Obliviate and Obfuscuro systems leverage strong cryptographic randomization and prevent information leakage through memory side-channels. We also propose minimal CPU extensions to Intel SGX called Reparo that directly close the threat of memory side-channels efficiently. Importantly, each designed solution provides principled protection by addressing the underlying root-cause of a problem, instead of enabling partial mitigation.</p> <p><br></p> <p>Finally, in addition to the stride made by our work, future research thrust is required to make TEEs ubiquitous for cloud usage. We propose several such research directions to pursue the essential goal of strong user data protection in cloud machines.</p>

Data security and protection

Hardware security

System and network security

Cloud data protection

Trusted Execution Environments (TEEs)

Intel Software Guard eXtensions (SGX)

Oblivious RAM (ORAM)

Hardware extensions

Compiler-aided protection

[pt] VULNERABILIDADE, HIPOSSUFICIÊNCIA E PROTEÇÃO DE DADOS NA JORNADA DE CONSUMO EM AMBIENTE DIGITAL / [en] VULNERABILITY, HYPOSUFFICIENCY AND DATA PROTECTION IN THE CONSUMER JOURNEY IN DIGITAL ENVIRONMENT

MARIANA DE MORAES PALMEIRA

03 October 2022

[pt] Nessa tese são investigadas as transformações no ambiente digital circunscritas às interseções entre as novas práticas do marketing e a proteção do consumidor-titular de dados pessoais. O fio condutor é a consolidação da informação como um importante ativo na sociedade de consumo contemporânea. A partir da perspectiva do capitalismo de vigilância, os principais fenômenos que contribuem para o estabelecimento de uma estrutura de estímulos e controles que permeiam, de maneira imperceptível aos olhos do consumidor, a sua jornada de consumo, são analisados. Verifica-se que a publicidade digital, em especial a chamada publicidade comportamental direcionada conforme o perfil do consumidor, apesar de alvo de críticas da doutrina e de interesse por parte da legislação, é apenas a parte visível de uma arquitetura de escolhas permeada por dark patterns que atrapalham a proteção do consumidor em ambiente digital. Nesse cenário, a pesquisa investiga a suficiência dos mecanismos de proteção de dados pessoais, bem como a existência de uma nova e universal vulnerabilidade do consumidor. Trata-se da vulnerabilidade digital, que dá origem a um estado, também universal, de hipossuficiência do consumidor diante das práticas comerciais em ambiente digital. / [en] In this thesis examines the transformations in the digital environment circumscribed to the intersections between new marketing practices and the protection of the consumer-data subjects. The main drive is the strengthening of information as an important asset in contemporary consumer society. From the perspective of surveillance capitalism, it analyzes the central phenomena that contributes to the establishment of a structure of stimuli and controls that permeate, imperceptibly to the consumer s eyes, his journey. It is verified that digital advertising, especially the so-called behavioral advertising, directed according to the consumer s profile, despite being target of criticism by the doctrine and of interest by the legislation, is only the visible part of an architecture of choices permeated by dark patterns that hinder consumer protection in the digital environment. In this scenario, the research investigates the sufficiency of personal data protection mechanisms, as well as the existence of a new and universal consumer vulnerability. Which is the digital vulnerability that gives rise as well to a universal state of consumer hyposufficiency before commercial practices in the digital environment.

[pt] VULNERABILIDADE

[pt] DARK PATTERNS

[pt] PUBLICIDADE DIGITAL

[pt] CAPITALISMO DE VIGILANCIA

[pt] PROTECAO DE DADOS

[en] VULNERABILITY

[en] DARK PATTERNS

[en] DIGITAL ADVERTISING

[en] SURVEILLANCE CAPITALISM

[en] DATA PROTECTION

On the application areas of blockchain

Ghaffari, Zahra

January 2016

The goal of this study is to identify the current application areas and some possible application areas for blockchain; blockchain is a distributed database that is currently most known for being the technology used for storing transaction information of digital currencies such as the Bitcoin. Through a literature review and interviews with domain experts, we identified some current application areas for blockchain, that is, money transactions, decentralized data and privacy protection, and decentralized autonomous organizations (DAO). Within the area of decentralized data and privacy protection, we further identified the two sub-areas of smart contracts and secure identities. In addition, we identified some possible application areas by conducting a second literature review. Some of these application areas are: storing mind files and human intelligence, on-line voting, supply chain management, stock trading, Internet of Things (IoT), and banking. The contribution of this study can be used for further studies through each of the above application areas in order to identify possible advantages and disadvantages.

Blockchain

Bitcoin

cryptocurrency

decentralized privacy

application area

data protection

secure identity

smart contract

decentralized autonomous organization

DAO

Internet of Things

IoT

Engineering and Technology

Teknik och teknologier

Tredje gången gillt? : En analys av EU-US Data Privacy Framework / Third time’s the charm? : An analysis of the EU-US Data Privacy Framework

Bjerselius, Nathalie

January 2023

Through the GDPR, the member states of the EU and the EEA countries ensure equivalent protection for personal data which is why personal data within this area can be transferred freely. Transfers of personal data to a country outside the EU/EEA area, such as the U.S., are only permitted under the General Data Protection Regulation (GDPR) under cer­tain conditions, including if the EU Commission has decided that the country in ques­tion en­sures an adequate level of protection. The EU Commission has previously adopted two such decisions for the U.S., based on Safe Harbour and Privacy Shield. Those decisions were, how­ever, struck down by the Court of Justice of the European Union (CJEU) in Schrems I and II since the CJEU did not consider that the U.S. could ensure an adequate level of protection for per­sonal data that was transferred from the EU to the U.S. In July 2023, the EU Commission announced that it had once again adopted an adequacy decision for the U.S. meaning that personal data can now flow freely from the EU to companies and organ­izations in the U.S. certified under the EU-US Data Protection Framework (EU-US DPF). The adequacy decision followed a presidential order signed by U.S. President Biden in October 2022, which introduced new security measures intended to remedy the problems iden­tified by the CJEU in Schrems I and II. On the one hand, the US intelli­gence agencies’ access to personal data is limited to what is proportionate. On the other hand, a data protection court is established.  The purpose of this essay is to examine whether the changes that the presidential order has given rise to has changed the legal situation after Schrems II in such a way that the U.S. can now be considered to ensure an adequate level of protection for personal data that is being transferred from the EU to the U.S. By analyzing the EU-US DPF against the background of the jurisprudence of the CJEU and the European Court of Justice, I find that this is not the case. The U.S. intelligence agencies’ use of and access to EU citizens’ personal data is still not lim­ited to what is proportionate and EU citizens whose personal data is processed still do not have access to an effective remedy to challenge surveillance measures. Thus, the new adequacy decision for the U.S. is likely to be struck down by the CJEU in the coming years. The conse­quences of such an invalidation are examined to some extent in this essay, particularly in rela­tion to other transfer mechanisms in Chapter V of the GDPR, namely standard contractual clauses and binding corporate rules.

EU-US Data Protection Framework

EU-US DPF

GDPR

tredjelandsöverföringar

adekvansbeslut

Schrems I

Schrems II

Safe Harbour

Privacy Shield

personuppgifter

Law

Juridik

Using privacy calculus theory to explore entrepreneurial directions in mobile location-based advertising: Identifying intrusiveness as the critical risk factor

Gutierrez, A., O'Leary, S., Rana, Nripendra P., Dwivedi, Y.K., Calle, T.

25 October 2019

Yes / Location-based advertising is an entrepreneurial and innovative means for advertisers to reach out through personalised messages sent directly to mobile phones using their geographic location. The mobile phone users' willingness to disclose their location and other personal information is essential for the successful implementation of mobile location-based advertising (MLBA). Despite the potential enhancement of the user experience through such personalisation and the improved interaction with the marketer, there is an increasing tension between that personalisation and mobile users' concerns about privacy. While the privacy calculus theory (PCT) suggests that consumers make privacy-based decisions by evaluating the benefits any information may bring against the risk of its disclosure, this study examines the specific risks and benefits that influence consumers' acceptance of MLBA. A conceptual model is proposed based on the existing literature and a standardised survey was developed and targeted at individuals with known interests in the subject matter. From these requests, 252 valid responses were received and used to evaluate the key benefits and risks of MLBA from the users' perspectives. While the results confirmed the importance of internet privacy concerns (IPC) as an important determinant, they also indicate that monetary rewards and intrusiveness have a notably stronger impact on acceptance intentions towards MLBA. Intrusiveness is the most important risk factor in determining mobile users' intentions to accept MLBA and therefore establishing effective means of minimising the perceived intrusiveness of MLBA can be expected to have the greatest impact on achieving effective communications with mobile phone users.

Mobile location-based advertising (MLBA)

Privacy calculus theory (PCT)

Internet privacy concerns (IPC)

Intrusiveness

Personalisation

Monetary rewards

Разработка методов детектирования искажения обучающих данных в задаче диагностики электрооборудования методами стеганоанализа : магистерская диссертация / Development of Methods for Detecting Distortion of Training Data in the Diagnosis of Electrical Equipment Using Steganalysis Techniques

Шуркин, В. А., Shurkin, V. A.

January 2024

The object of research is the information security of machine learning models in the electric power industry. The aim of the work is to develop an improved method for detecting the insertion of malicious software into a machine learning system for diagnosing electrical equipment using steganalysis. During the research, a literature review of steganography and steganalysis methods was conducted, as well as an examination of attacks on machine learning and ways to protect against them. Software was developed to simulate the real process of machine learning based on time series data. An analysis of embedding and detection methods for hidden messages based on the use of least significant bits was carried out. Parameters for representation applicable to training data were obtained to enhance the security of the intelligent system. / Объект исследования — информационная безопасность моделей на базе машинного обучения в электроэнергетике. Цель работы — разработка улучшенного метода обнаружения внедрения вредоносного программного обеспечения в систему машинного обучения в диагностике электрооборудования методом стегоанализа. В ходе работы проведен литературный обзор методов стеганографии и стегоанализа, а также рассмотрены атаки на машинное обучение и способы защиты от них. Разработано программное обеспечение, имитирующее реальный процесс машинного обучения на основе временных рядов. Проведен анализ методов встраивания и обнаружения скрытых сообщений на основе использования младших бит данных. Получены параметры представления, применимые к обучающим данным для увеличения безопасности интеллектуальной системы.

MASTER'S THESIS

STEGANOGRAPHY

STEGANALYSIS

LEAST SIGNIFICANT BIT METHOD

MACHINE LEARNING

DATA PROTECTION

СТЕГАНОГРАФИЯ

СТЕГОАНАЛИЗ

МЕТОД МЛАДШИХ БИТ

МАШИННОЕ ОБУЧЕНИЕ

ЗАЩИТА ДАННЫХ

General Purpose Computing in Gpu - a Watermarking Case Study

Hanson, Anthony (CAD drafter)

08 1900

The purpose of this project is to explore the GPU for general purpose computing. The GPU is a massively parallel computing device that has a high-throughput, exhibits high arithmetic intensity, has a large market presence, and with the increasing computation power being added to it each year through innovations, the GPU is a perfect candidate to complement the CPU in performing computations. The GPU follows the single instruction multiple data (SIMD) model for applying operations on its data. This model allows the GPU to be very useful for assisting the CPU in performing computations on data that is highly parallel in nature. The compute unified device architecture (CUDA) is a parallel computing and programming platform for NVIDIA GPUs. The main focus of this project is to show the power, speed, and performance of a CUDA-enabled GPU for digital video watermark insertion in the H.264 video compression domain. Digital video watermarking in general is a highly computationally intensive process that is strongly dependent on the video compression format in place. The H.264/MPEG-4 AVC video compression format has high compression efficiency at the expense of having high computational complexity and leaving little room for an imperceptible watermark to be inserted. Employing a human visual model to limit distortion and degradation of visual quality introduced by the watermark is a good choice for designing a video watermarking algorithm though this does introduce more computational complexity to the algorithm. Research is being conducted into how the CPU-GPU execution of the digital watermark application can boost the speed of the applications several times compared to running the application on a standalone CPU using NVIDIA visual profiler to optimize the application.

H.264 video compression domain

digital video watermark

CUDA

compute unified device architecture

NVIDIA visual profiler

Graphics processing units

CUDA (Computer architecture)

Data protection