Construals of Human Rights Law: Protecting Subgroups As Well As Individual Humans

Nolan, Mark Andrew, mark.nolan@anu.edu.au

January 2003

This research develops the social psychological study of lay perception of human rights and of rights-based reactions to perceived injustice. The pioneering work by social representation theorists is reviewed. Of particular interest is the use of rights-based responses to perceived relative subgroup disadvantage. It is argued that these responses are shaped by the historical development of the legal concept of unique subgroup rights; rights asserted by a subgroup that cannot be asserted by outgroup members or by members of a broader collective that includes all subgroups. The assertion of unique subgroup rights in contrast to individual rights was studied by presenting participants with scenarios suggestive of human rights violations. These included possible violations of privacy rights of indigenous Australians (Study 1), civil and political rights of indigenous Australians under mandatory sentencing schemes (Study 2), privacy rights of students in comparison to public servants (Study 3), refugee rights (Study 4), and reproductive rights of lesbians and single women in comparison to married women and women in de facto relationships (Study 5). The scenarios were based on real policy issues being debated in Australia at the time of data collection. Human rights activists participated in Studies 4 and 5. In Study 5, these activists participated via an online, web-based experiment. Both quantitative and qualitative data were collected. A social identity theory perspective is used drawing on concepts from both social identity theory and self-categorization theory. The studies reveal a preference for an equality-driven construal of the purpose of human rights law (i.e. that all Australians be treated equally regardless of subgroup membership) in contrast to minority support for a vulnerable groups construal of the purpose of human rights (i.e. that the purpose of human rights law is to protect vulnerable subgroups within a broader collective). Tajfelian social belief orientations of social mobility and social change are explicitly measured in Studies 3-5. Consistent with the social identity perspective, these ideological beliefs are conceptualised as background knowledge relevant to the subjective structuring of social reality (violation contexts) and to the process of motivated relative perception from the vantage point of the perceiver. There is some indication from these studies that social belief orientation may determine construals of the purpose of human rights. In Study 5 the observed preference for using inclusive human rights rhetoric in response to perceived subgroup injustice is explained as an identity-management strategy of social creativity. In Studies 4 and 5, explicit measurement of activist identification was also made in an attempt to further explain the apparently-dominant preference for an equality-driven construal of the purpose of human rights law and the preferred use of inclusive, individualised rights rhetoric in response to perceived subgroup injustice. Activist identification explained some action preferences, but did not simply translate into preferences for using subgroup interest arguments. In Study 5, metastereotyping measures revealed that inclusive rights-based protest strategies were used in order to create positive impressions of social justice campaigners in the minds of both outgroup and ingroup audiences. Ideas for future social psychological research on human rights is discussed.

social psychology

legal psychology

human rights law

individual rights

subgroup rights

collective rights

construal

social identity theory

self-categorization theory

identity management strategies

social representations theory

Australia

Design and Evaluation of Anonymity Solutions for Mobile Networks

Andersson, Christer

January 2007

Internet and mobile communications have had a profound effect on today's society. New services are constantly being deployed, in which personal data are being processed in return for personally tailored services. While mobile networks lay the groundwork for new innovative services, at the same time they pose numerous privacy challenges. There is the risk that honest citizens participating in mobile communications will have their privacy invaded for "the greater good". We argue that it is highly important that individuals are empowered to retain control over their personal spheres. Thus, the goal of this thesis is to design and evaluate anonymous overlay networks} adapted for mobile networks that allow users to control which information leaves their personal spheres in a mobile communication. Technically, by using an anonymous overlay network, users can communicate with their communication partners without disclosing their network identities. In this thesis, we propose three different anonymous overlay networks tailored for mobile networks. First, two approaches are proposed for anonymous browsing on the mobile Internet, namely mCrowds and a Tor-based approach. By applying theoretical analysis and\,/\,or practical experiments, we show that these approaches offer an appropriate trade-off between the offered degree of anonymity and performance loss. Second, an anonymous overlay network for use in mobile ad hoc networks - Chameleon - is suggested. Besides the actual design of these anonymous overlay networks, this thesis provides novel contributions in other essential areas of privacy protection and anonymous communication. First, also non-technical aspects of privacy protection are thoroughly discussed, including legal, social, and user interface aspects. Second, we survey existing metrics for quantifying anonymity and also propose new ideas regarding anonymity metrics. Third, we review and classify existing mechanisms for anonymous communication in mobile ad hoc networks. Lastly, we also propose a cryptographic technique for building up the user base of an anonymous overlay network in a secure and privacy-friendly manner.

privacy

anonymity

anonymous overlay networks

anonymity metrics

pseudonymity

identity management

mobile Internet

location based services

mobile ad hoc networks

Computer science

Datavetenskap

Preserving privacy with user-controlled sharing of verified information

Bauer, David Allen

13 November 2009

Personal information, especially certified personal information, can be very valuable to its subject, but it can also be abused by other parties for identify theft, blackmail, fraud, and more. One partial solution to the problem is credentials, whereby personal information is tied to identity, for example by a photo or signature on a physical credential. We present an efficient scheme for large, redactable, digital credentials that allow certified personal attributes to safely be used to provide identification. A novel method is provided for combining credentials, even when they were originally issued by different authorities. Compared to other redactable digital credential schemes, the proposed scheme is approximately two orders of magnitude faster, due to aiming for auditability over anonymity. In order to expand this scheme to hold other records, medical records for example, we present a method for efficient signatures on redactable data where there are dependencies between different pieces of data. Positive results are shown using both artificial datasets and a dataset derived from a Linux package manager. Electronic credentials must of course be held in a physical device with electronic memory. To hedge against the loss or compromise of the physical device holding a user's credentials, the credentials may be split up. An architecture is developed and prototyped for using split-up credentials, with part of the credentials held by a network attached agent. This architecture is generalized into a framework for running identity agents with various capabilities. Finally, a system for securely sharing medical records is built upon the generalized agent framework. The medical records are optionally stored using the redactable digital credentials, for source verifiability.

Merkle hash tree

Credential

Medvault

Identity agent

Dependencies

Disclosure dependencies

Hash graph

Identity management

Security

Cryptography

Hash tree

Privacy

GUIDE-ME

GUCIdA

Identity theft

Computer security

Data protection

Steuerung Service-orientierter Architekturen durch Geschäftsprozessmodelle

Juhrisch, Martin, Weller, Jens

23 April 2014

No description available.

Konferenz

GeNeMe 2007

Neue Medien

Virtuelles Unternehmen

Service-orientierte Architekturen

Identitätsmanagement

conference

new media

online community

Service Oriented Architecture

SOA

identity management

web application

ddc:330

rvk:QR 760

Optimalizace tvorby rolí pomocí RBAC modelu

KLÍMA, Martin

January 2017

The aim of the thesis is to develop algorithm which will be able to optimize roles using RBAC model. The intent of the theoretical part is to analyze RBAC model and present current options which are available for role optimization. The practical part deals with development of algorithm which allows to optimize roles based on defined criteria from user. This algorithm is implemented in programming language Java and builds on Role Process Optimization Model (ROPM). In the last part is showed on example set of data how this algorithm works, step by step, with explanation of each step. Result of this algorithm is new RBAC model defined by user criteria. In this thesis are also listed different approach in role optimization, possible future development and concept of mapping RBAC model to mathematical and data-mining techniques.

Designing for user awareness and usability : An evaluation of authorization dialogs on a mobile device

Lindegren, Daniel

January 2017

Personal data is often disclosed with every registration, sharing, or request of an online service. With the increased usage of things connected to the Internet, users' information being collected and stored, the risks related to unknowingly sharing personal data increases. Sharing of personal information is a sensitive subject and can hurt people’s assets, dignity, personal integrity and other social aspects. In general, users’ concerns have grown regarding protecting their personal information which has led to the development of multiple privacy-oriented systems. In scenarios where users are logging onto a website or system, they rarely notice, understand or have desire to read the conditions to which they are implicitly agreeing. These systems are often referred to as identity management systems or single sign-on systems. Recent studies have shown that users are not aware of what data transactions take place by using various authentication solutions. It is critical for these types of system dealing with privacy that researchers examine users' understanding of the concepts through interface design. The purpose of this study is to investigate the usability and user awareness of data transactions for identity management systems on mobile devices by constructing and evaluating different design concepts. Therefore, four different mobile prototypes were designed (called CREDENTIAL Wallet) and explored to measure the usability and also the user awareness of users’ disclosures. 20 usability tests were conducted per prototype. Multiple conclusions can be drawn from this study. The findings showed that the drag-and-drop prototype scored a high user awareness score in terms of participants remembering their shared data and having a good idea of them not sharing more data than they had actually shared. Consequently, the drag-and-drop prototype achieved the highest usability result. A prototype that utilized swiping was created to fit the mobile medium. The prototype showed the highest user awareness score in the context of participants stating what data they had shared. However, people using the swiping prototype thought they were sharing more data than they actually were. Data show that users have an incorrect mental model of the sharing of their fingerprint pattern. Finally, the writing concerns recommendations and challenges of identity management systems – e.g. the importance of tutorial screens. Future studies within the CREDENTIAL project are already underway concerning users' incorrect mental model of sharing fingerprint to the service provider side. / CREDENTIAL

User awareness

data transaction

usability

usable privacy

privacy enhancing technology

identity management system

CREDENTIAL

mobile

Human Computer Interaction

Vícedimenzionální přístup k WWW aplikacím / Mutli-Dimensional Access Control in Web Applications

Grešša, Pavol

January 2011

This master's thesis deals with the analysis, design and implementation of authentication and authorization subsystem into the environment of distributed web application. It unifies the well-known security models into the one universal security model that can be used for the development of authorization device enabling the user to secure the applications with various security models. Furthermore, it applies this integration of models into the Takeplace system.

Securing Cloud Storage Service

Zapolskas, Vytautas

January 2012

Cloud computing brought flexibility, scalability, and capital cost savings to the IT industry. As more companies turn to cloud solutions, securing cloud based services becomes increasingly important, because for many organizations, the final barrier to adopting cloud computing is whether it is sufficiently secure. More users rely on cloud storage as it is mainly because cloud storage is available to be used by multiple devices (e.g. smart phones, tablets, notebooks, etc.) at the same time. These services often offer adequate protection to user's private data. However, there were cases where user's private data was accessible to other users, since this data is stored in a multi-tenant environment. These incidents reduce the trust of cloud storage service providers, hence there is a need to securely migrate data from one cloud storage provider to another. This thesis proposes a design of a service for providing Security as a Service for cloud brokers in a federated cloud. This scheme allows customers to securely migrate from one provider to another. To enable the design of this scheme, possible security and privacy risks of a cloud storage service were analysed and identified. Moreover, in order to successfully protect private data, data protection requirements (for data retention, sanitization, and processing) were analysed. The proposed service scheme utilizes various encryption techniques and also includes identity and key management mechanisms, such as "federated identity management". While our proposed design meets most of the defined security and privacy requirements, it is still unknown how to properly handle data sanitization, to meet data protection requirements, and provide users data recovery capabilities (backups, versioning, etc.). / Cloud computing erbjuder flexibilitet, skalbarhet, och kapital kostnadsbesparingar till IT-industrin. Eftersom fler företag vänder sig till moln lösningar, trygga molntjänster blir allt viktigare, eftersom det för många organisationer, det slutliga hindret att anta cloud computing är om det är tillräckligt säkert. Fler användare förlita sig påmoln lagring som det är främst pågrund moln lagring är tillgängligt att användas av flera enheter (t.ex. smarta telefoner, tabletter, bärbara datorer, etc.) påsamtidigt. Dessa tjänster erbjuder ofta tillräckligt skydd för användarens privata data. Men det fanns fall där användarens privata uppgifter var tillgängliga för andra användare, eftersom denna data lagras i en flera hyresgäster miljö. Dessa händelser minskar förtroende molnleverantörer lagring tjänsteleverantörer, därför finns det ett behov av att säkert migrera data från en moln lagring till en annan. Denna avhandling föreslår en utformning av en tjänst för att erbjuda säkerhet som tjänst för molnmäklare i en federativ moln. Detta system gör det möjligt för kunderna att säkert flytta från en leverantör till en annan. För att möjliggöra utformningen av detta system, möjliga säkerhet och risker integritet av ett moln lagring tjänst har analyserats och identifierats. Dessutom att man framgångsrikt skydda privata uppgifter, dataskydd krav (för data retention, sanering och bearbetning) analyserades. Den föreslagna tjänsten systemet utnyttjar olika krypteringsteknik och även inkluderar identitet och nyckelhantering mekanismer, såsom "federerad identitetshantering". Även om vår föreslagna utformningen uppfyller de flesta av den definierade säkerhet och integritet krav, är det fortfarande okänt hur korrekt hantera data sanering, för att uppfyller kraven för dataskydd och ge användarna data recovery kapacitet (säkerhetskopior, versionshantering osv.)

Cloud

storage

security

privacy

zero knowledge

Security as a Service

federation

broker

Cloud Service Provider (CSP)

federated cloud

federated identity management

OAuth

OpenID

CDMI

interoperability

Communication Systems

Kommunikationssystem

A trust framework for real-time web communications / Mécanisme de confiance pour les communications web en temps réel

Javed, Ibrahim Tariq

04 October 2018

Les services de conversation Web en temps réel permettent aux utilisateurs d'avoir des appels audio et vidéo et de transférer directement des données sur Internet. Les opérateurs OTT (OTT) tels que Google, Skype et WhatsApp proposent des services de communication économiques avec des fonctionnalités de conversation évoluées. Avec l'introduction de la norme de Web Real Time Communication (WebRTC), n'importe quelle page Web peut désormais offrir des services d'appel. WebRTC est utilisé comme technologie sous-jacente pour déployer de nouvelles plateformes de communication centrées sur le Web. Ces plates-formes visent à offrir de nouvelles méthodes modernes de contact et de communication sur le web. Contrairement aux réseaux de télécommunication traditionnels, les identités sur le Web sont basées sur des profils d'utilisateur et des informations d'identification auto-affirmés. Par conséquent, les opérateurs Web sont incapables d'assurer la fiabilité de leurs abonnés. Les services de communication Web restent exposés à des menaces dans lesquelles le contexte social entre les parties communicantes est manipulé. Un attaquant se définit comme une entité de confiance pour transmettre de fausses informations à l'utilisateur ciblé. Les menaces typiques contre le contexte social comprennent la fausse représentation d'identité, l’hameçonnage, le spam et la distribution illégale de contenu. Afin d'assurer la sécurité sur les services de communication Web, la confiance entre les parties communicantes doit être établie. La première étape consiste à permettre aux utilisateurs d'identifier leurs participants communicants afin de savoir avec qui ils parlent. Cependant, l'authentification seule ne peut garantir la fiabilité d'un appelant. De nouvelles méthodes d'estimation de la réputation de l'appelant devraient également être intégrées dans les services d'appel Web. Par conséquent, dans cette thèse, nous présentons un nouveau cadre de confiance qui fournit des informations sur la fiabilité des appelants dans les réseaux de communication Web. Notre approche est organisée en quatre parties. Premièrement, nous décrivons la notion de confiance dans la communication web en temps réel. Un modèle de confiance est présenté pour identifier les relations de confiance nécessaires entre les entités d'un système de communication. Les paramètres requis pour calculer la confiance dans les services de communication Web sont officiellement introduits. Deuxièmement, nous montrons comment les protocoles Single-Sign-On (SSO) peuvent être utilisés pour authentifier les utilisateurs d'une manière Peer-to-Peer (P2P) sans dépendre de leur fournisseur de service. Nous présentons une comparaison entre trois protocoles d'authentification appropriés (OAuth, BrowserID, OpenID Connect). La comparaison montre que OpenID Connect est le meilleur candidat en termes de confidentialité des utilisateurs. Troisièmement, un modèle de calcul de confiance est proposé pour mesurer la fiabilité des appelants dans un réseau de communication. La légitimité et l'authenticité d'un appelant sont calculées à l'aide de recommandations, tandis que la popularité d'un appelant est estimée en utilisant son comportement de communication. Un abonné d'un service de communication sera capable de visualiser la confiance calculée d'autres membres avant d'initier ou d'accepter une demande d'appel. Enfin, la réputation d'un appelant est utilisée pour lutter contre les appels nuisibles générés sur les réseaux de communication. Les appels de nuisance sont décrits comme des appels de spam non sollicités en masse générés sur un réseau de communication à des fins de marketing et de tromperie. Les enregistrements de données d'appel et les commentaires reçus par les parties communicantes sont utilisés pour déterminer la réputation de l'appelant. La réputation évaluée est utilisée pour différencier les spammeurs et les appelants légitimes du réseau / Real-time web conversational services allow users to have audio and video calls over the Internet. Over-The-Top operators such as Google and Facebook offer cost-effective communication services with advanced conversational features. With the introduction of WebRTC standard, any website or web application can now have built-in communication capabilities. WebRTC technology is expected to boost Voice-Over-IP by making it more robust, flexible and accessible. Telco operators also intend to use the underlying technology to offer communication services to their subscribers over the web. Emerging web-centric communication platforms aims to offer modern methods of contacting and communicating over the web. However, web operators are unable to ensure the trustworthiness of their subscribers, since identities are based on self-asserted user profiles and credentials. Thus, they remain exposed to many social threats in which the context between communicating parties is manipulated. An attacker usually misrepresents himself to convey false information to the targeted victim. Typical social threats include phishing, spam, fraudulent telemarketing and unlawful content distribution. To ensure user security over communication networks, trust between communicating parties needs to be established. Communicating participants should be able to verify each other’s identity to be sure of whom they are talking to. However, authentication alone cannot guarantee the trustworthiness of a caller. New methods of estimating caller’s reputation should also be built in web calling services. In this thesis, we present a novel trust framework that provides information about the trustworthiness of callers in web communication networks. Our approach is organized in four parts. Firstly, we describe the notion of trust in real-time web communication services. A trust model approach is presented to formally introduce the trust computation parameters and relationships in a communication system. Secondly, we detail the mechanism of identity provisioning that allows communicating participants to verify each other’s identity in a Peer-to-Peer fashion. The choice of authentication protocol highly impacts user privacy. We showed how OpenID Connect used for Single-Sign-On authentication purposes can be effectively used for provisioning identities while preserving user privacy. Thirdly, a trust computational model is proposed to measure the trustworthiness of callers in a communication network. The legitimacy and genuineness of a caller’s identity is computed using recommendations from members of the network. On the other hand, the popularity of a caller is estimated by analyzing its behavior in the network. Each subscriber will be able to visualize the computed trust of other members before initiating or accepting a call request. Lastly, the reputation of a caller is used to combat nuisance calls generated over communication networks. Nuisance calls are described as unsolicited bulk spam phone calls generated for marketing and deceptive purposes. Caller’s reputation is computed using the diversity of outgoing calls, call duration, recommendations from called participants, reciprocity and repetitive nature of calls. The reputation is used to differentiate between legitimate and nuisance calls generated over the network

Calcul de confiance

Communication web en temps réel

WebRTC

Spam téléphonique

Gestion de confiance

Gestion des identités

Trust computation

Real-time web communication

WebRTC

Spam over internet telephony

Trust management

Identity management

Towards Usable Privacy and Identity Management for Smart Environments

Islami, Lejla

January 2022

Smart environments provide users with a large number of new services that will improve their lives, however, they also have the potential for collecting staggering amounts of personal information, which, if misused, poses a multitude of privacy threats to users ranging from identification, tracking, stalking, monitoring and profiling. Consequently, the users’ right to informational self-determination is at stake in smart environments. Usable Privacy-Enhancing Identity Management (PE-IdM) can re-establish user control by offering users a selection of meaningful privacy preference settings that they could choose from. However, different privacy trade-offs need to be considered and managed for the configuration of the identity management system as well as cultural privacy aspects influencing user's privacy preferences. Guidelines for usable management of privacy settings that address varying end user preferences for control and privacy conflicting goals are needed.   The objective of this thesis is to explore approaches for enforcing usable PE-IdM for smart environments, with a focus on vehicular ad hoc networks (VANETs). To that end, we unravel the technical state of the art regarding the problem space and solutions, as well as investigating users’ privacy preferences cross-culturally in Sweden and South Africa. We elicit requirements for achieving usable PE-IdM, which are based on usable configuration options, offering suitable selectable privacy settings that will cater for the needs and preferences of users with different cultural backgrounds.

Privacy-enhancing technologies (PETs)

Usability

Smart environments

Intelligent transportation systems

Privacy preferences

Qualitative research

Computer Systems

Datorsystem