Global ETD Search

121	Analyzing and Improving Security-Enhanced Communication Protocols Weicheng Wang (17349748) 08 November 2023 (has links) <p dir="ltr">Security and privacy are one of the top concerns when experts select for communication protocols. When a protocol is confirmed with problems, such as leaking users’ privacy, the protocol developers will upgrade it to an advanced version to cover those concerns in a short interval, or the protocol will be discarded or replaced by other secured ones. </p><p dir="ltr">There are always communication protocols failing to protect users’ privacy or exposing users’ accounts under attack. A malicious user or an attacker can utilize the vulnerabilities in the protocol to gain private information, or even take control of the users’ devices. Hence, it is important to expose those protocols and improve them to enhance the security properties. Some protocols protect users’ privacy but in a less efficient way. Due to the new cryptography technique or the modern hardware support, the protocols can be improved with less overhead and enhanced security protection. </p><p dir="ltr">In this dissertation, we focus on analyzing and improving security-enhanced communication protocols in three aspects: </p><p dir="ltr">(1) We systematically analyzed an existing and widely used communication protocol: Zigbee. We identified the vulnerabilities of the existing Zigbee protocols during the new device joining process and proposed a security-enhanced Zigbee protocol. The new protocol utilized public-key primitives with little extra overhead with capabilities to protect against the outsourced attackers. The new protocol is formally verified and implemented with a prototype. </p><p dir="ltr">(2) We explored one type of communication detection system: Keyword-based deep packet inspection. The system has several protocols, such as BlindBox, PrivDPI, PE-DPI, mbTLS, and so on. We analyzed those protocols and identified their vulnerabilities or inefficiencies. To address those issues, we proposed three enhanced protocols: MT-DPI, BH-DPI, and CE-DPI which work readily with AES-based encryption schemes deployed and well-supported by AES-NI. Specifically, MT-DPI utilized multiplicative triples to support multi-party computation. </p><p dir="ltr">(3) We developed a technique to support Distributed confidential computing with the use of a trusted execution environment. We found that the existing confidential computing cannot handle multiple-stakeholder scenarios well and did not give reasonable control over derived data after computation. We analyzed six real use cases and pointed out what is missing in the existing solutions. To bridge the gap, we developed a language SeDS policy that was built on top of the trusted execution environment. It works well for specific privacy needs during the collaboration and gives protection over the derived data. We examined the language in the use cases and showed the benefits of applying the new policies.</p> Data and information privacy Data security and protection security privacy communication protocol
122	Individanpassad marknadsföring : En kvalitativ studie om individanpassad marknadsföring ur ett integritetsperspektiv Wallin, Gustav, Sundqvist, Linus January 2024 (has links) Individanpassad marknadsföring blir ett allt mer kraftfullt verktyg för företag. Den fortsatta framväxten av digitala medier leder till en ökad insamling av konsumenters persondata som används för att skräddarsy individuella erbjudanden. Företagens användande av individanpassad marknadsföring ger dock upphov till problematik gällande konsumentens integritet. Marknadsförare måste beakta flertalet faktorer för att undvika en integritetskränkande respons hos konsumenterna och istället frambringa marknadsföring som upplevs gynnande. Genom fokusgruppsintervjuer ämnar denna studie att undersöka diverse faktorer som påverkar hur konsumenter upplever individanpassad marknadsföring. Med teoretisk grund rotad i privacy paradox och privacy calculus, undersöker denna studie faktorerna som påverkar konsumenters inställning ur ett integritetsperspektiv. Resultaten belyser hur en majoritet av intervjudeltagarna anser att individanpassad marknadsföring medför vissa gynnande aspekter, dock i ganska låg utsträckning, samt hur allt för personlig och direkt marknadsföring upplevs integritetskränkande i större grad. Individanpassad marknadsföring Integritet Privacy Calculus Privacy Paradox Business Administration Företagsekonomi
123	New Approaches for Ensuring User Online Privacy Bian, Kaigui 03 January 2008 (has links) With the increase of requesting personal information online, unauthorized disclosure of user privacy is a significant problem faced by today's Internet. As a typical identity theft, phishing usually employs fraudulent emails and spoofed web sites to trick unsuspecting users into divulging their private information. Even legitimate web sites may collect private information from unsophisticated users such as children for commercial purposes without their parents' consent. The Children's Online Privacy Protection Act (COPPA) of 1998 was enacted in reaction to the widespread collection of information from children and subsequent abuses identified by the Federal Trade Commission (FTC). COPPA is aimed at protecting child's privacy by requiring parental consent before collecting information from children under thirteen. In this thesis, we propose two solutions for ensuring user online privacy. By analyzing common characteristics of phishing pages, we propose a client-side tool, Trident, which works as a browser plug-in for filtering phishes. The experiment results show that Trident can identify 98-99% online and valid phishing pages, as well as automatically validate legitimate pages. To protect child's privacy, we introduce the POCKET (parental online consent on kids' electronic privacy) framework, which is a technically feasible and legally sound solution to enforce COPPA. Parents answer a questionnaire on their privacy requirements and the POCKET user agent generates a privacy preferences file. Meantime, the merchants are required to possess a privacy policy that is authenticated by a trusted third party. Only web sites that possess and adhere to their privacy policies are allowed to collect child's information; web sites whose policies do not match the client's preferences are blocked. POCKET framework incorporates a transaction protocol to secure the data exchange between an authenticated client and a POCKET-compliant merchant. / Master of Science phishing attack child's online privacy COPPA online privacy disclosure
124	Τεχνολογίες ταυτοποίησης ατόμου με σεβασμό της ιδιωτικότητας του : Θεωρία και εφαρμογές Τόμουζου, Λοΐζος 13 October 2013 (has links) Η καθημερινή χρήση ηλεκτρονικών υπηρεσιών έχει αυξηθεί σημαντικά. Για την διεκπεραίωση τέτοιου είδους συναλλαγών δεν υπάρχει άλλη επιλογή από το να παρέχουμε πλήθος προσωπικών πληροφοριών για σκοπούς εξουσιοδότησης (authorization), διεκπεραίωση χρηματικών συναλλαγών ή απλά επειδή το απαιτούν οι όροι χρήσης της υπηρεσίας από το πάροχο. Η έλευση τεχνολογιών όπως τα Big Data, τα διάχυτα περιβάλλοντα(pervasive environments) και τα πανταχού παρόντα συστήματα(ubiquitous systems), ευνοούν ακόμα πιο πολύ την διασπορά όλων αυτών των προσωπικών πληροφοριών. Ως αποτέλεσμα, αποδυναμώνεται η ιδιωτικότητα (privacy) του ατόμου-χρήστη και επομένως δημιουργούνται κίνδυνοι κατάχρησης αυτής της πληροφορίας. Η εργασία αυτή εστιάζει στην μελέτη Privacy by Design τεχνικών προστασίας της ιδιωτικότητας που ενσωματώνονται σε τεχνολογίες ταυτοποίησης. Ένας αποδοτικός και διαδεδομένος τρόπος προστασίας της ιδιωτικότητας επιτυγχάνεται με την χρήση συστημάτων ανωνύμων credentials. Η επικρατούσα τεχνολογία στην κατηγορία των ανώνυμων credentials είναι το σύστημα Identity Mixer(idemix) το οποίο αναπτύχθηκε από την IBM Research με σκοπό την παροχή ισχυρών μηχανισμών αυθεντικοποίησης (authentication) και προστασίας της ιδιωτικότητας ταυτόχρονα. Επιλέξαμε την τεχνολογία Idemix για να παρουσιάσουμε ένα σενάριο χρήσης της τεχνολογίας για υλοποίηση εφαρμογών που σέβονται την ιδιωτικότητα του χρήστη. Τέλος, παρουσιάζεται η αξιολόγηση ευχρηστίας της διεπιφάνειας χρήστη, για ένα υποθετικό σενάριο online αγοράς όπου ενσωματώνονται αρχές προστασίας της ιδιωτικότητας / At this thesis we study Privacy by Design techniques used in identification technologies. We focus on implementing an easy way to issue and embed the use of anonymous credentials in applications, by using the existent protocols for anonymous credential systems and libraries. While there are already protocols describing anonymous credential systems there is lack of applications using these systems. In our use case we use Idemix open source library, which provide strong authentication mechanisms in a privacy preserving way. Our java based application, provide user control over his data without affecting systems functionality and usability. Ιδιωτικότητα Εμπιστοσύνη 323.448 Privacy Trust
125	Hardening the Browser: Protecting Patron Privacy on the Internet Phetteplace, Eric, Kern, Mary Kathleen January 2012 (has links) As more and more time is spent accessing and producing content online, libraries need to position themselves to offer Internet privacy to patrons as well. This column reviews tactics for securing web browsers, from selecting a high-quality piece of software to strong default settings to add-ons that extend the capabilities of the browser. Internet Privacy Security Web Browsers
126	Changing Privacy Concerns in the Internet Era. Demir, Irfan 08 1900 (has links) Privacy has always been a respected value regardless of national borders, cultural differences, and time in every society throughout history. This study focuses on the unprecedented changes in the traditional forms of privacy and consequent concerns with regard to invasion of privacy along with the recent emergence and wide use of the Internet. Government intrusion into private domains through the Internet is examined as a major concern. Privacy invasions by Web marketers, hacker threats against privacy, and employer invasion of employee privacy at the workplace are discussed respectively. Then a set of possible solutions to solve the current problems and alleviate the concerns in this field is offered. Legal remedies that need to be performed by the government are presented as the initial solution. Then encryption is introduced as a strong technical method that may be helpful. Finally, a set of individual measures emphasized as complementary practical necessities. Nevertheless, this study indicates that technology will keep making further changes in the form and concerns of privacy that possibly may outdate these findings in the near future, however, privacy itself will always remain as a cherished social value as it has always been so far. Privacy, Right of. Internet -- Security measures. Computer security. Privacy online Internet data protection information privacy concerns violation of privacy
127	Paradoxní zveřejňování soukromí v prostředí Facebooku / Facebooks and the puzzling publishing of the private in teenagers Dědečková, Adéla January 2012 (has links) The main goal of this thesis was to monitor experience of users of social networking websites with privacy issues in the environment of the Facebook network. This thesis concentrated on contexts of paradox situations of releasing private information. Perspectives of communication (what information is shared and with whom) in the environment of Facebook are institutionalised into technical functions. These perspectives were extended to a subject- object level thanks to a typology of invasions of privacy and thanks to architecture of privacy.
128	The protection of genetic privacy in South Africa : towards a legislative response based on a cross-jurisdictional review of legal developments Govender, Sandra 20 February 2013 (has links) The deciphering of the human genetic code in 2003 has been widely acknowledged as a major achievement in genetic science but it has given rise to a number of legal and ethical concerns, most notably that of the protection of genetic information. Universally, there are ongoing attempts to address this concern. This research proposes a suitable approach for South African law. It proceeds from the premise that the privacy paradigm, rather than the anti-discrimination paradigm, is better suited to the protection of genetic information, hence the discourse on genetic privacy. The unique challenges posed by genetic information are identified, with a focus on forensic DNA databases, genetic research databases, life insurance, employment, and genetic research involving human participants. An in-depth analysis of the South African privacy protection framework is undertaken in order to determine its adequacy for the purpose of meeting the legal and ethical demands of genetic information. Aspects of the law of privacy, insurance, labour, evidence; medical law; philosophy and bioethics are accordingly traversed. A cross-jurisdictional review is undertaken with the aim of identifying lessons to be learnt from the experiences of the United Kingdom, Australia, Canada, the Netherlands, and the United States of America. Legislation, common law, codes of practice, court decisions, international conventions, legal literature, ethical guidelines, and industry developments pertaining to the selected jurisdictions, are studied with the aim of identifying strengths and weaknesses in the various approaches. It is found that the current South African position is fragmented, complex, and in urgent need of reform. Another finding is that existing national and international ethical guidelines are not entirely adequate for the protection of genetic privacy. These findings, together with the lessons gleaned from the cross-jurisdictional review, lead to the conclusion that South Africa needs a specific genetic information protection statute for the protection of genetic privacy. This research culminates with recommendations regarding the content of the proposed statute. Genetic information Privacy Protection Ethics
129	Arquitetura de ambientes de IPTV com serviços de privacidade. / Architecture for IPTV environments with privacy services. Redígolo, Fernando Frota 25 July 2008 (has links) A crescente digitalização das mídias, disponibilidade de banda larga e convergência tecnológica possibilitam o surgimento de novos serviços, como o IPTV (Internet Protocol TeleVision), que visa disponibilizar serviços de televisão via TCP/IP sobre uma rede de banda larga privativa. Sem os devidos cuidados, entidades ou indivíduos monitorando o tráfego deste serviço passam a ter uma maior quantidade de informações sobre os indivíduos que os utilizam, muitas vezes violando a privacidade dos mesmos em um ambiente no qual tradicionalmente não há esta preocupação, como a sala de estar ou outro ambiente doméstico. O objetivo deste trabalho é propor uma arquitetura de IPTV que apresente mecanismos capazes de garantir um nível de privacidade maior do que o existente em sistemas de IPTV tradicionais, de maneira a inviabilizar para um observador o correlacionamento entre um usuário do serviço e os conteúdos por ele assistidos. / The increase in media digitalization, broadband availability and technological convergence, allows new services, such as the IPTV (Internet Protocol Television) service, which offers television-related services over a private broadband TCP/IP network. Without proper care, entities or individuals monitoring these services traffic obtain a large amount of information on the service users, and could violate their privacies in an environment in which traditionally there is no such preoccupation, like in a living-room or another domestic environment. The goal of this work is to propose an IPTV architecture capable of guaranteeing a higher privacy level than the existing in traditional IPTV systems, so that it is not viable for an observer to correlate a service user with the content he/she watches. IPTV Privacidade Privacy Redes multimídia
130	A public interest approach to data protection law : the meaning, value and utility of the public interest for research uses of data Stevens, Leslie Anne January 2017 (has links) Due to legal uncertainty surrounding the application of key provisions of European and UK data protection law, the public interest in protecting individuals’ informational privacy is routinely neglected, as are the public interests in certain uses of data. Consent or anonymisation are often treated as the paradigmatic example of compliance with data protection law, even though both are unable to attend to the full range of rights and interests at stake in data processing. Currently, where data processing may serve a realisable public interest, and consent or anonymisation are impracticable (if not impossible to obtain) the public interest conditions to processing are the rational alternative justifications for processing. However, the public interest conditions are poorly defined in the legislation, and misunderstood and neglected in practice. This thesis offers a much-needed alternative to the predominant consent-or-anonymise paradigm by providing a new understanding of the public interest concept in data protection law and to suggest a new approach to deploying the concept in a way that is consistent with the protective and facilitative aims of the legislation. Through undertaking legislative analysis new insight is provided on the purpose of the public interest conditions in data protection law, revealing critical gaps in understanding. By engaging with public interest theory and discovering the conceptual contours of the public interest, these gaps are addressed. Combined with the insight obtained from the legislative history, we can determine the reasonable range of circumstances and types of processing where it may be justifiable to use personal data based on the public interest. On this basis, and to develop a new approach for deploying the concept, other legal uses of the public interest are examined. The lessons learned suggest legislative and procedural elements that are critical to successful deployment of the public interest concept in data protection. The thesis concludes with the identification of key components to allow a clearer understanding of the public interest in this field. Further, these insights enable recommendations to be made, to reform the law, procedure and guidance. In doing so, the concept of the public interest can be confidently deployed in line with the aims of data protection law, to both protect and facilitate the use of personal data.

Search results