31 |
GDPR - Are We Ready? A Comparative and Explorative Study of the Changes in Personal Data Privacy and Its Impact on ICT CompaniesTherése Nielsen, Johannes Wind January 2018 (has links)
Personlig data genomsyrar hela vårt samhälle och hanteras digitalt via informationsteknologi. Detta försvårar för individer att ha kontroll över den personliga data som hanteras av företag. Den 25 maj 2018 ersätts den svenska Personuppgiftslagen (PuL) med den nya Dataskyddsförordningen GDPR. Förordningen är utformad för att sätta en enhetlig standard gällande hur vi samlar in, hanterar och delar europeiska medborgares personliga data. Den här forskningen är uppdelad i två steg. I det första steget genomförs en komparativ undersökning av de två lagtexterna för att identifiera de nya lagkraven som Dataskyddsförordningen medför. I det andra steget används resultatet från den komparativa jämförelsen som grund för en explorativ undersökning av hur ICT-företag förbereder sig inför de nya lagkraven. Vårt resultat visar att de deltagande ICT-företagen förbereder sig genom att implementera nya processer och åtgärder för att följa förordningen. Inga av de deltagande företagen är vid tiden av denna undersökning fullständigt kompatibla med de krav den nya förordningen ställer. Vår forskning visar att svårigheterna med att bli fullständigt kompatibel ligger i bristen på resurser och tvetydigheten i tolkningen av förordningen. / Personal data flows through our entire society in the shape of technological processing. This makes it difficult for individuals to have control over their personal data being processed by companies. On the 25th of May 2018 the Swedish Personal Data Act (PuL) is replaced by the General Data Protection Regulation (GDPR). The regulation is designed to set a uniform standard with regards to the way we collect, use and share personal data of European citizens. This research uses a two-step research approach. The first step is to perform a comparative legal research to identify the new requirements that comes with the upcoming Regulation in relation to the current Swedish legislation. The second step is to use the findings of the comparative legal research as a foundation for an explorative survey of how ICT companies are preparing for the new requirements of the GDPR. Our result shows that the participating ICT companies are preparing by implementing new processes and measures in order to comply with the Regulation. Additionally, all of the participating companies are at the time of our research not fully compliant with the Regulation. Our research concludes that the difficulties in achieving full compliance lies in the lack of resources and ambiguities of the interpretation of the Regulation.
|
32 |
Web browser privacy: Popular desktop web browsers ability to continuously spoof their fingerprintHenningsson, Sebastian, Karlsson, Anton January 2022 (has links)
Background. Web tracking is a constant threat to our privacy when browsing the web. There exist multiple methods of tracking, but browser fingerprinting is more elusive and difficult to control. Browser fingerprinting works by a website collecting all kinds of browser and system information on visiting clients and then combining those into one set of information that can uniquely identify users. Objectives. In this thesis, we tested three of today's most used web browsers for the desktop platform to determine their ability to utilize one type of countermeasure, attribute spoofing. We aimed at determining how the browsers perform in two cases. The first case is when running with a default configuration. The second case is when the attribute spoofing is improved with the help of both altered settings and installed extensions. We also aimed at determining if the choice of browser matters in this aspect. Methods. The method for determining these goals was to conduct an experiment to collect 60 fingerprints from each browser and determine the effectiveness of the attribute spoofing via a weight-based system. We also used statistics to see the value range for spoofed attributes and to determine if any browser restart is required for certain spoofing to occur. Results. Our results show little to no attribute spoofing when browsers run in their default configuration. However, significant improvements were made through anti-fingerprint extensions. Conclusions. Our conclusion is, if the tested browsers' do not utilize any other type of countermeasure than attribute spoofing, using browsers at their default configuration can result in a user being alarmingly vulnerable to browser fingerprinting. Installing extensions aimed at improving our protection is therefore advised.
|
33 |
Spectrum Management Issues in Centralized and Distributed Dynamic Spectrum AccessLin, Yousi 22 July 2021 (has links)
Dynamic spectrum access (DSA) is a powerful approach to mitigate the spectrum scarcity problem caused by rapid increase in wireless communication demands. Based on architecture design, DSA systems can be categorized as centralized and distributed. To successfully enable DSA, both centralized and distributed systems have to deal with spectrum management issues including spectrum sensing, spectrum decision, spectrum sharing and spectrum mobility. Our work starts by investigating the challenges of efficient spectrum monitoring in centralized spectrum sensing. Since central controllers usually require the presence information of incumbent users/primary users (IUs) for decision making, which is obtained during spectrum sensing, privacy issues of IUs become big concerns in some DSA systems where IUs have strong operation security needs. To aid in this, we design novel location privacy protection schemes for IUs. Considering the general drawbacks of centralized systems including high computational overhead for central controllers, single point failure and IU privacy issues, in many scenarios, a distributed DSA system is required. In this dissertation, we also cope with the spectrum sharing issues in distributed spectrum management, specifically the secondary user (SU) power control problem, by developing distributed and secure transmit power control algorithms for SUs.
In centralized spectrum management, the common approach for spectrum monitoring is to build infrastructures (e.g. spectrum observatories), which cost much money and manpower yet have relatively low coverage. To aid in this, we propose a crowdsourcing based spectrum monitoring system to capture the accurate spectrum utilization at a large geographical area, which leverages the power of masses of portable mobile devices. The central controller can accurately predict future spectrum utilization and intelligently schedule the spectrum monitoring tasks among mobile SUs accordingly, so that the energy of mobile devices can be saved and more spectrum activities can be monitored. We also demonstrate our system's ability to capture not only the existing spectrum access patterns but also the unknown patterns where no historical spectrum information exists. The experiment shows that our spectrum monitoring system can obtain a high spectrum monitoring coverage with low energy consumption.
Environmental Sensing Capability (ESC) systems are utilized in DSA in 3.5 GHz to sense the IU activities for protecting them from SUs' interference. However, IU location information is often highly sensitive in this band and hence it is preferable to hide its true location under the detection of ESCs. As a remedy, we design novel schemes to preserve both static and moving IU's location information by adjusting IU's radiation pattern and transmit power. We first formulate IU privacy protection problems for static IU. Due to the intractable nature of this problem, we propose a heuristic approach based on sampling. We also formulate the privacy protection problem for moving IUs, in which two cases are analyzed: (1) protect IU's moving traces; (2) protect its real-time current location information. Our analysis provides insightful advice for IU to preserve its location privacy against ESCs. Simulation results show that our approach provides great protection for IU's location privacy.
Centralized DSA spectrum management systems has to bear several fundamental issues, such as the heavy computational overhead for central controllers, single point failure and privacy concerns of IU caused by large amounts of information exchange between users and controllers and often untrusted operators of the central controllers. In this dissertation, we propose an alternative distributed and privacy-preserving spectrum sharing design for DSA, which relies on distributed SU power control and security mechanisms to overcome the limitations of centralized DSA spectrum management. / Doctor of Philosophy / Due to the rapid growth in wireless communication demands, the frequency spectrum is becoming increasingly crowded. Traditional spectrum allocation policy gives the unshared access of fixed bands to the licensed users, and there is little unlicensed spectrum left now to allocate to newly emerged communication demands. However, studies on spectrum occupancy show that many licensed users who own the license of certain bands are only active for a small percentage of time, which results in plenty of underutilized spectrum. Hence, a new spectrum sharing paradigm, called dynamic spectrum access (DSA), is proposed to mitigate this problem. DSA enables the spectrum sharing between different classes of users, generally, the unlicensed users in the DSA system can access the licensed spectrum opportunistically without interfering with the licensed users. Based on architecture design, DSA systems can be categorized as centralized and distributed. In centralized systems, a central controller will make decisions on spectrum usage for all unlicensed users. Whereas in distributed systems, unlicensed users can make decisions for themselves independently. To successfully enable DSA, both centralized and distributed DSA systems need to deal with spectrum management issues, such as resource allocation problems and user privacy issues, etc. The resource allocation problems include, for example, the problems to discover and allocate idle bands and the problems to control users' transmit power for successful coexistence. Privacy issues may also arise during the spectrum management process since certain information exchange is inevitable for global decision making. However, due to the Federal Communications Commission's (FCC) regulation, licensed users' privacy such as their location information must be protected in any case. As a result, dynamic and efficient spectrum management techniques are necessary for DSA users.
In this dissertation, we investigate the above-mentioned spectrum management issues in both types of DSA systems, specifically, the spectrum sensing challenges with licensed user location privacy issues in centralized DSA, and the spectrum sharing problems in distributed DSA systems. In doing so, we propose novel schemes for solving each related spectrum management problem and demonstrate their efficacy through the results from extensive evaluations and simulations. We believe that this dissertation provides insightful advice for DSA users to solve different spectrum management issues for enabling DSA implementation, and hence helps in a wider adoption of dynamic spectrum sharing.
|
34 |
Exploiting Competition Relationship for Robust Visual RecognitionDU, LIANG January 2015 (has links)
Leveraging task relatedness has been proven to be beneficial in many machine learning tasks. Extensive researches has been done to exploit task relatedness in various forms. A common assumption for the tasks is that they are intrinsically similar to each other. Based on this assumption, joint learning algorithms are usually implemented via some forms of information sharing. Various forms of information sharing have been proposed, such as shared hidden units of neural networks, common prior distribution in hierarchical Bayesian model, shared weak learners of a boosting classifier, distance metrics and a shared low rank structure for multiple tasks. However, another very common and important task relationship, i.e., task competition, has been largely overlooked. Task competition means that tasks are competing with each other if there are competitions or conflicts between their goals. Considering that tasks with competition relationship are universal, this dissertation is to accommodate this intuition from an algorithmic perspectives and apply the algorithms to various visual recognition problems. Focus on exploiting the task competition relationships in visual recognition, the dissertation presents three types of algorithms and applied them to different visual recognition tasks. First, hypothesis competition has been exploited in a boosting framework. The proposed algorithm CompBoost jointly model the target and auxiliary tasks with a generalized additive regression model regularized by competition constraints. This model treats the feature selection as the weak learner (\ie, base functions) selection problem, and thus provides a mechanism to improve feature filtering guided by task competition. More specifically, following a stepwise optimization scheme, we iteratively add a new weak learner that balances between the gain for the target task and the inhibition on the auxiliary ones. We call the proposed algorithm CompBoost, since it shares similar structures with the popular AdaBoost algorithm. In this dissertation, we use two test beds for evaluation of CompBoost: (1) content-independent writer identification by exploiting competing tasks of handwriting recognition, and (2) actor-independent facial expression recognition by exploiting competing tasks of face recognition. In the experiments for both applications, the approach demonstrates promising performance gains by exploiting the between-task competition relationship. Second, feature competition has been instantiated through an alternating coordinate gradient algorithm. Sharing the same feature pool, two tasks are modeled together in a joint loss framework, with feature interaction encouraged via an orthogonal regularization over feature importance vectors. Then, an alternating greedy coordinate descent learning algorithm (AGCD) is derived to estimate the model. The algorithm effectively excludes distracting features in a fine-grained level for improving face verification. In other words, the proposed algorithm does not forbid feature sharing between competing tasks in a macro level; it instead selectively inhibits distracting features while preserving discriminative ones. For evaluation, the proposed algorithm is applied to two widely tested face-aging benchmark datasets: FG-Net and MORPH. On both datasets, our algorithm achieves very promising performances and outperforms all previously reported results. These experiments, together with detailed experimental analysis, show clearly the benefit of coordinating conflicting tasks for improving visual recognition. Third, two ad-hoc feature competition algorithms have been proposed to apply to visual privacy protection problems. Visual privacy protection problem is a practical case of competition factors in real world application. Algorithms are specially designed to achieve best balance between competing factors in visual privacy protection based on different modeling frameworks. Two algorithms are developed to apply to two applications, license plate de-identification and face de-identification. / Computer and Information Science
|
35 |
Ochrana soukromí v cloudu / Privacy protection in cloudChernikau, Ivan Unknown Date (has links)
In the Master’s thesis were described privacy protection problems while using cloud technologies. Some of the problems can be solved with help of homomorphic encryption, data splitting or searchable encryption. These techniques were described and compared by provided security, privacy protection and efficiency. The data splitting technique was chosen and implemented in the C language. Afterwards a performance of the implemented solution was compared to AES encryption/decryption performance. An application for secured data storing in cloud was designed and implemented. This application is using the implemented data splitting technique and third-party application CloudCross. The designed application provides command line interface (CLI) and graphical user interface (GUI). GUI extends the capabilities of CLI with an ability to register cloud and with an autodetection of registered clouds. The process of uploading/downloading the data to/from cloud storage is transparent and it does not overload the user with technical details of used data splitting technique.
|
36 |
Enhancing privacy protection in social network systems through decentralization and policy conflict management / Amélioration de la protection de la vie privée dans les systèmes de réseaux sociaux par la décentralisation et la gestion des conflits de politiquesPaiva Melo Marin, Regina 07 September 2015 (has links)
Le partage d'informations dans les systèmes de réseaux sociaux (SRS) suscite des inquiétudes concernant de possibles abus impactant la vie privée. La possibilité pour les utilisateurs de contrôler les informations qu'ils partagent avec le fournisseur de SRS et avec les autres utilisateurs peut être améliorée par la décentralisation des données personnelles et par une gestion appropriée des conflits entre politiques. Prenant son inspiration dans l'approche de décentralisation, la première contribution de cette thèse est la proposition de propriétés relevant de la conception du SRS et impactant la vie privée lorsqu'elles sont considérées par rapport à une gradation de la décentralisation. Ces propriétés ont été organises dans une grille d'analyse multicritères conçue pour analyser et comparer les SRS. L'application de la théorie des treillis à cette grille permet d'évaluer, de classifier et de visualiser différents SRS dans une hiérarchie partielle. Alors que la décentralisation résoudre des problèmes impliquant le fournisseur de SRS, les politiques de vie privée jouent un rôle majeur dans la protection contre les accès non autorisés par d'autres utilisateurs. La seconde contribution de cette thèse consiste en l'introduction du concept d'équité dans le contexte de la gestion des conflits entre politiques. Un algorithme conçu pour maintenir l'équité entre les utilisateurs de SRS est introduit pour résoudre les conflits pouvant survenir entre les politiques de plusieurs utilisateurs, évitant que certains puissent gagner un avantage sur d'autres. L'évaluation montre que l'approche introduite dans cette thèse conduit à de meilleurs résultats que les stratégies classiques de résolution de conflits, réduisant ainsi les iniquités existantes en termes d'application des politiques. / In Social Network Systems (SNSs), the sharing of information leads to many privacy concerns about potential abuses of personal information. Users’ control over information shared with the SNS provider and with other users could be improved in SNSs through the decentralization of personal data, and the proper management of policy conflicts. Inspired by the decentralization approach, the firrst contribution of this thesis is the proposal of SNS design properties relevant to privacy when considered along a gradation of decentralization. These properties are organized in a multi-criteria analysis grid, designed to analyze and compare SNSs. The application of a lattice structure on this grid allows to evaluate, classify and visualize different SNSs within a partial hierarchy. While decentralization solves issues involving the SNS provider, privacy policies play a leading role in the protection of unauthorized data access from other users. The second contribution of this thesis consists in the introduction of the concept of equity in the context of policy conflict management. An algorithm to maintain equity between users in SNSs is introduced to solve conflicts that may arise between the privacy policies of several users, avoiding that some users take advantage over others. The evaluation shows that the equity approach introduced in this thesis leads to better results than classical conflict resolution strategies, reducing existing inequities in terms of policy enforcement.
|
37 |
Protección de la Privacidad Visual basada en el Reconocimiento del ContextoPadilla López, José Ramón 16 October 2015 (has links)
En la actualidad, la cámara de vídeo se ha convertido en un dispositivo omnipresente. Debido a su miniaturización, estas se pueden encontrar integradas en multitud de dispositivos de uso diario, desde teléfonos móviles o tabletas, hasta ordenadores portátiles. Aunque estos dispositivos son empleados por millones de personas diariamente de forma inofensiva, capturando vídeo, realizando fotografías que luego son compartidas, etc.; el empleo de videocámaras para tareas de videovigilancia levanta cierta preocupación entre la población, sobre todo cuando estas forman parte de sistemas inteligentes de monitorización. Esto supone una amenaza para la privacidad debido a que las grabaciones realizadas por estos sistemas contienen una gran cantidad de información que puede ser extraída de forma automática mediante técnicas de visión artificial. Sin embargo, la aplicación de esta tecnología en diversas áreas puede suponer un impacto muy positivo para las personas. Por otro lado, la población mundial está envejeciendo rápidamente. Este cambio demográfico provocará que un mayor número de personas en situación de dependencia, o que requieren apoyo en su vida diaria, vivan solas. Por lo que se hace necesario encontrar una solución que permita extender su autonomía. La vida asistida por el entorno (AAL por sus siglas en inglés) ofrece una solución aportando inteligencia al entorno donde residen la personas de modo que este les asista en sus actividades diarias. Estos entornos requieren la instalación de sensores para la captura de datos. La utilización de videocámaras, con la riqueza en los datos que ofrecen, en entornos privados haría posible la creación de servicios AAL orientados hacia el cuidado de las personas como, por ejemplo, la detección de accidentes en el hogar, detección temprana de problemas cognitivos y muchos otros. Sin embargo, dada la sencilla interpretación de imágenes por las personas, esto plantea problemas éticos que afectan a la privacidad. En este trabajo se propone una solución para poder hacer uso de videocámaras en entornos privados con el objetivo de dar soporte a las personas y habilitar así el desarrollo de servicios de la vida asistida por el entorno en un hogar inteligente. En concreto, se propone la protección de la privacidad en aquellos servicios AAL de monitorización que requieren acceso al vídeo por parte de un cuidador, ya sea profesional o informal. Esto sucede, por ejemplo, cuando se detecta un accidente en un sistema de monitorización y ese evento requiere la confirmación visual de lo ocurrido. Igualmente, en servicios AAL de telerehabilitación puede ser requerida la supervisión por parte de un humano. En este tipo de escenarios es fundamental proteger la privacidad en el momento en que se esté accediendo u observando el vídeo. Como parte de este trabajo se ha llevado a cabo el estudio del estado de la cuestión en la cual se han revisado los métodos de protección de la privacidad visual presentes en la literatura. Esta revisión es la primera en realizar un análisis exhaustivo de este tema centrándose, principalmente, en los métodos de protección. Como resultado, se ha desarrollado un esquema de protección de la privacidad visual basado en el reconocimiento del contexto que permite adecuar el nivel de privacidad durante la observación cuando las preferencias del usuario coinciden con el contexto. La detección del contexto es necesaria para poder detectar en la escena las circunstancias en que el usuario demanda determinado nivel de privacidad. Mediante la utilización de este esquema, cada uno de los fotogramas que componen un flujo de vídeo en directo es modificado antes de su transmisión teniendo en cuenta los requisitos de privacidad del usuario. El esquema propuesto hace uso de diversas técnicas de modificación de imágenes para proteger la privacidad, así como de visión artificial para reconocer dicho contexto. Por tanto, en esta tesis doctoral se realizan diversas contribuciones en distintas áreas con el objetivo de llevar a cabo el desarrollo del esquema propuesto de protección de la privacidad visual. De este modo, se espera que los resultados obtenidos nos sitúen un paso más cerca de la utilización de videocámaras en entornos privados, incrementando su aceptación y haciendo posible la implantación de servicios AAL basados en visión artificial que permitan aumentar la autonomía de las personas en situación de dependencia.
|
38 |
AFFECT-PRESERVING VISUAL PRIVACY PROTECTIONXu, Wanxin 01 January 2018 (has links)
The prevalence of wireless networks and the convenience of mobile cameras enable many new video applications other than security and entertainment. From behavioral diagnosis to wellness monitoring, cameras are increasing used for observations in various educational and medical settings. Videos collected for such applications are considered protected health information under privacy laws in many countries. Visual privacy protection techniques, such as blurring or object removal, can be used to mitigate privacy concern, but they also obliterate important visual cues of affect and social behaviors that are crucial for the target applications. In this dissertation, we propose to balance the privacy protection and the utility of the data by preserving the privacy-insensitive information, such as pose and expression, which is useful in many applications involving visual understanding.
The Intellectual Merits of the dissertation include a novel framework for visual privacy protection by manipulating facial image and body shape of individuals, which: (1) is able to conceal the identity of individuals; (2) provide a way to preserve the utility of the data, such as expression and pose information; (3) balance the utility of the data and capacity of the privacy protection.
The Broader Impacts of the dissertation focus on the significance of privacy protection on visual data, and the inadequacy of current privacy enhancing technologies in preserving affect and behavioral attributes of the visual content, which are highly useful for behavior observation in educational and medical settings. This work in this dissertation represents one of the first attempts in achieving both goals simultaneously.
|
39 |
Ochrana soukromí v cloudu / Privacy protection in cloudChernikau, Ivan Unknown Date (has links)
In the Master’s thesis were described privacy protection problems while using cloud technologies. Some of the problems can be solved with help of homomorphic encryption, data splitting or searchable encryption. These techniques were described and compared by provided security, privacy protection and efficiency. The data splitting technique was chosen and implemented in the C language. Afterwards a performance of the implemented solution was compared to AES encryption/decryption performance. An application for secured data storing in cloud was designed and implemented. This application is using the implemented data splitting technique and third-party application CloudCross. The designed application provides command line interface (CLI) and graphical user interface (GUI). GUI extends the capabilities of CLI with an ability to register cloud and with an autodetection of registered clouds. The process of uploading/downloading the data to/from cloud storage is transparent and it does not overload the user with technical details of used data splitting technique.
|
40 |
Enhancing privacy protection in social network systems through decentralization and policy conflict management / Amélioration de la protection de la vie privée dans les systèmes de réseaux sociaux par la décentralisation et la gestion des conflits de politiquesPaiva Melo Marin, Regina 07 September 2015 (has links)
Le partage d'informations dans les systèmes de réseaux sociaux (SRS) suscite des inquiétudes concernant de possibles abus impactant la vie privée. La possibilité pour les utilisateurs de contrôler les informations qu'ils partagent avec le fournisseur de SRS et avec les autres utilisateurs peut être améliorée par la décentralisation des données personnelles et par une gestion appropriée des conflits entre politiques. Prenant son inspiration dans l'approche de décentralisation, la première contribution de cette thèse est la proposition de propriétés relevant de la conception du SRS et impactant la vie privée lorsqu'elles sont considérées par rapport à une gradation de la décentralisation. Ces propriétés ont été organises dans une grille d'analyse multicritères conçue pour analyser et comparer les SRS. L'application de la théorie des treillis à cette grille permet d'évaluer, de classifier et de visualiser différents SRS dans une hiérarchie partielle. Alors que la décentralisation résoudre des problèmes impliquant le fournisseur de SRS, les politiques de vie privée jouent un rôle majeur dans la protection contre les accès non autorisés par d'autres utilisateurs. La seconde contribution de cette thèse consiste en l'introduction du concept d'équité dans le contexte de la gestion des conflits entre politiques. Un algorithme conçu pour maintenir l'équité entre les utilisateurs de SRS est introduit pour résoudre les conflits pouvant survenir entre les politiques de plusieurs utilisateurs, évitant que certains puissent gagner un avantage sur d'autres. L'évaluation montre que l'approche introduite dans cette thèse conduit à de meilleurs résultats que les stratégies classiques de résolution de conflits, réduisant ainsi les iniquités existantes en termes d'application des politiques. / In Social Network Systems (SNSs), the sharing of information leads to many privacy concerns about potential abuses of personal information. Users’ control over information shared with the SNS provider and with other users could be improved in SNSs through the decentralization of personal data, and the proper management of policy conflicts. Inspired by the decentralization approach, the firrst contribution of this thesis is the proposal of SNS design properties relevant to privacy when considered along a gradation of decentralization. These properties are organized in a multi-criteria analysis grid, designed to analyze and compare SNSs. The application of a lattice structure on this grid allows to evaluate, classify and visualize different SNSs within a partial hierarchy. While decentralization solves issues involving the SNS provider, privacy policies play a leading role in the protection of unauthorized data access from other users. The second contribution of this thesis consists in the introduction of the concept of equity in the context of policy conflict management. An algorithm to maintain equity between users in SNSs is introduced to solve conflicts that may arise between the privacy policies of several users, avoiding that some users take advantage over others. The evaluation shows that the equity approach introduced in this thesis leads to better results than classical conflict resolution strategies, reducing existing inequities in terms of policy enforcement.
|
Page generated in 0.123 seconds