<b>EXPLORING FACTORS INFLUENCING ADOPTION AND USAGE OF PRIVACY-ENHANCING TOOLS AMONG SMARTPHONE USERS</b>

Renusree Varma Mudduluru (18859075)

24 June 2024

<p dir="ltr">In this era of digital surveillance and data breaches, it is important to understand how users protect their smartphone privacy. There needs to be more detailed information regarding the prevalence, factors, and motivations influencing the adoption of privacy-enhancing tools and settings on mobile devices. This study aimed to address this knowledge gap by investigating the use of privacy tools among smartphone users and examining the impact of factors like demographics, awareness levels, and device platforms.</p><p dir="ltr">The study surveyed 342 participants recruited through Amazon Mechanical Turk (MTurk), and the data were analyzed. The survey gathered data on user characteristics, privacy concerns, experiences with breaches, and use of various privacy tools. Statistical analysis showed that demographic factors, particularly age, significantly influenced the use of privacy tools, aligning with previous research. Users with a higher awareness of digital privacy risks were likelier to adopt privacy-enhancing tools. The study found no significant difference in the prevalence and type of privacy tools used between iOS and Android users.</p><p dir="ltr">The study's focus on privacy-enhancing tools among smartphone users and the proposed hypotheses provide valuable insights for law enforcement and forensic practitioners, aiding in digital investigations, evidence collection, and understanding user behavior related to smartphone privacy measures. The study's outcomes contribute to digital forensics, cybersecurity, and privacy domains by providing insights into user behaviors, motivations, and the factors shaping privacy tool adoption on smartphones. These findings can inform the development of more user-centric privacy tools, policies, and educational campaigns, ultimately enhancing digital privacy protection and supporting law enforcement investigations in the digital age.</p>

Smartphone Privacy

Privacy-enhancing tools

Extended Abstracts of the Fourth Privacy Enhancing Technologies Convention (PET-CON 2009.1)

21 February 2012

PET-CON, the Privacy Enhancing Technologies Convention, is a forum for researchers, students, developers, and other interested people to discuss novel research, current development and techniques in the area of Privacy Enhancing Technologies. PET-CON was first conceived in June 2007 at the 7th International PET Symposium in Ottawa, Canada. The idea was to set up a bi-annual convention in or nearby Germany to be able to meet more often than only once a year at some major conference.

Abstracts

PET-CON

Abstracts

PET-CON

ddc:004

rvk:SS 5514

Extended Abstracts of the Fourth Privacy Enhancing Technologies Convention (PET-CON 2009.1)

Köpsell, Stefan, Loesing, Karsten

21 February 2012

PET-CON, the Privacy Enhancing Technologies Convention, is a forum for researchers, students, developers, and other interested people to discuss novel research, current development and techniques in the area of Privacy Enhancing Technologies. PET-CON was first conceived in June 2007 at the 7th International PET Symposium in Ottawa, Canada. The idea was to set up a bi-annual convention in or nearby Germany to be able to meet more often than only once a year at some major conference.

info:eu-repo/classification/ddc/004

ddc:004

Towards Usable Privacy and Identity Management for Smart Environments

Islami, Lejla

January 2022

Smart environments provide users with a large number of new services that will improve their lives, however, they also have the potential for collecting staggering amounts of personal information, which, if misused, poses a multitude of privacy threats to users ranging from identification, tracking, stalking, monitoring and profiling. Consequently, the users’ right to informational self-determination is at stake in smart environments. Usable Privacy-Enhancing Identity Management (PE-IdM) can re-establish user control by offering users a selection of meaningful privacy preference settings that they could choose from. However, different privacy trade-offs need to be considered and managed for the configuration of the identity management system as well as cultural privacy aspects influencing user's privacy preferences. Guidelines for usable management of privacy settings that address varying end user preferences for control and privacy conflicting goals are needed.   The objective of this thesis is to explore approaches for enforcing usable PE-IdM for smart environments, with a focus on vehicular ad hoc networks (VANETs). To that end, we unravel the technical state of the art regarding the problem space and solutions, as well as investigating users’ privacy preferences cross-culturally in Sweden and South Africa. We elicit requirements for achieving usable PE-IdM, which are based on usable configuration options, offering suitable selectable privacy settings that will cater for the needs and preferences of users with different cultural backgrounds.

Privacy-enhancing technologies (PETs)

Usability

Smart environments

Intelligent transportation systems

Privacy preferences

Qualitative research

Computer Systems

Datorsystem

Preserving Privacy in Transparency Logging

Pulls, Tobias

January 2015

The subject of this dissertation is the construction of privacy-enhancing technologies (PETs) for transparency logging, a technology at the intersection of privacy, transparency, and accountability. Transparency logging facilitates the transportation of data from service providers to users of services and is therefore a key enabler for ex-post transparency-enhancing tools (TETs). Ex-post transparency provides information to users about how their personal data have been processed by service providers, and is a prerequisite for accountability: you cannot hold a controller accountable for what is unknown. We present three generations of PETs for transparency logging to which we contributed. We start with early work that defined the setting as a foundation and build upon it to increase both the privacy protections and the utility of the data sent through transparency logging. Our contributions include the first provably secure privacy-preserving transparency logging scheme and a forward-secure append-only persistent authenticated data structure tailored to the transparency logging setting. Applications of our work range from notifications and deriving data disclosures for the Data Track tool (an ex-post TET) to secure evidence storage. / The subject of this dissertation is the construction of privacy-enhancing technologies (PETs) for transparency logging, a technology at the intersection of privacy, transparency, and accountability. Transparency logging facilitates the transportation of data from service providers to users of services and is therefore a key enabler for ex-post transparency-enhancing tools (TETs). Ex-post transparency provides information to users about how their personal data have been processed by service providers, and is a prerequisite for accountability: you cannot hold a controller accountable for what is unknown. We present three generations of PETs for transparency logging to which we contributed. We start with early work that defined the setting as a foundation and build upon it to increase both the privacy protections and the utility of the data sent through transparency logging. Our contributions include the first provably secure privacy-preserving transparency logging scheme and a forward-secure append-only persistent authenticated data structure tailored to the transparency logging setting. Applications of our work range from notifications and deriving data disclosures for the Data Track tool (an ex-post TET) to secure evidence storage.

Privacy-enhancing technologies

transparency-enhancing tools

transparency logging

authenticated data structures

A model for compound purposes and reasons as a privacy enhancing technology in a relational database

Van Staden, W.J.S. (Wynand Johannes Christiaan)

29 July 2011

The protection of privacy related information of the individual is receiving increasing attention. Particular focus is on the protection of user interaction with other users or service providers. Protection of this interaction centres on anonymising the user’s actions, or protecting “what we do”. An equally important aspect is protecting the information related to a user that is stored in some electronic way (or protecting “who we are”). This may be profile information on a social networking site, or personal information in a bank’s database. A typical approach to protecting the user (data owner) in this case is to tag their data with the “purpose” the collecting entity (data controller) has for the data. These purposes are in most cases singular in nature (there is “one” purpose – no combinations of purposes – of the data), and provide little in the way of flexibility when specifying a privacy policy. Moreover, in all cases the user accessing the data (data user) does little to state their intent with the data. New types of purposes called compound purposes, which are combinations of singular or other compound purposes, are proposed and examined in this text. In addition to presenting the notion of compound purposes, compound reasons are also presented. Compound reasons represent the intent of the entity using the data (the data user) with the data. Also considered are the benefits of having the data user specifying their intent with data explicitly, the verification of compound reasons (the data user’s statement of intent) against compound purposes, the integration of compound statements in existing technologies such as SQL by providing a model for using compound purposes and reasons in a relational database management system for protecting privacy, and the use of compounds (purposes and reasons) as a method for managing privacy agreements. / Thesis (PhD)--University of Pretoria, 2011. / Computer Science / unrestricted

Purposes

Privacy enhancing technologies

Privacy

Compound purposes

Verification

Privacy agreements

UCTD

Encrypted Documents Retrieval From The Cloud With Searchable Encryption : A Searchable Encryption Scheme Implementation / Hämtning av Krypterade Dokument Från Molnet Med Sökbar Kryptering : Implementering av ett sökbart krypteringsschema

Rabat, Salim

January 2021

Encrypting data is a solution to enhance the privacy and confidentiality of the data owners when outsourcing storage to cloud storage providers. However, using conventional encryption algorithms would render search queries based on the content of the data useless. One solution to that problem is encrypting the data using a searchable encryption scheme which allows querying the encrypted data by its contents while keeping it encrypted on the cloud to maintain the privacy and confidentiality of the data. One sector that might benefit from using a searchable encryption scheme is the public procurement sector. Preparing to bid on public procurement can be complex because the potential bidder needs to fulfill requirements to confirm that they are eligible. The information and documents needed to win a bid are confidential. Thus, privacy is essential. Tendium offers services to potential bidders to manage their documents with potentially sensitive data in a cloud-based environment. Clients using this service can benefit from using a searchable encryption scheme. A searchable encryption scheme was designed and implemented as a proof of concept. The implemented scheme builds an index database based on keywords extracted from the documents where each keyword is encrypted and stored in the database. Each entry in the database has encrypted keywords and associated identifiers for the corresponding document that the keyword occurs in. The documents are then encrypted using the AES encryption algorithm. Searching the database is performed by utilizing deterministic cryptographic primitives to encrypt the searched keywords and query the database for the resulting ciphertext, which returns its corresponding document identifiers. The document identifiers are used to retrieve the encrypted documents. The documents are decrypted after they are retrieved. The implemented scheme has a linear time complexity relative to the number of words in the document when encrypting a document. The implemented scheme utilizes MongoDB for its index database. It is demonstrated that the scheme is efficient and performs queries for single keyword search and multi-keyword search in less than one millisecond. / Kryptering av data är en lösning för att förbättra integriteten och sekretessen för dataägarna vid outsourcing av lagring till molnlagringsleverantörer. Använ- -dning av konventionella krypteringsalgoritmer skulle dock göra sökfrågor baserat på innehållet i data värdelös. En lösning på det problemet är att kryptera data med hjälp av ett sökbart krypteringsschema som gör det möjligt att söka efter krypterade data med dess innehåll och samtidigt hålla den krypterad på molnet för att upprätthålla upprätthålla dataskyddet och konfident- -ialiteten. En sektor som kan ha nytta av att använda ett sökbart krypteringssche- -ma är sektorn för offentliga upphandlingar. Att förbereda sig för att lägga ett bud på en offentlig upphandling kan vara komplext eftersom den potentiella budgivaren måste uppfylla kraven för att bekräfta att de är berättigade. Informat- -ionen och dokumenten som behövs för att vinna ett bud är konfidentiella. Därför är integritet viktigt. Tendium erbjuder tjänster för att hjälpa potentiella anbudsgivare hantera sina dokument i en molnbaserad miljö. Kunder som använder denna tjänst kan dra nytta av att använda ett sökbart krypteringssc- -hema. Ett sökbart krypteringsschema utformades och implementerades som ett bevis på koncept. Det implementerade schemat bygger en indexdatabas baserad på nyckelord extraherade från dokumenten där varje nyckelord är krypterat och lagrat i databasen. Varje objekt i databasen har krypterade sökord och tillhörande identifierare för motsvarande dokument som sökordet förekommer i. Dokumenten krypteras sedan med AES-krypteringsalgoritmen. Sökning i databasen utförs genom att använda deterministiska kryptografiska primitiv för att kryptera de sökte sökorden och söka databasen efter den resulterande krypterade texten, som returnerar motsvarande dokumentidentifierare. Dokum- -entidentifierarna används för att hämta de krypterade dokumenten. Dokument- -en avkrypteras efter att de har hämtats. Det implementerade schemat har en linjär tidskomplexitet i förhållande till antalet ord i dokumentet vid kryptering av ett dokument. Det implementerade schemat använder MongoDB för sin indexdatabas. Det har visat sig att schemat är effektivt och utför sökfrågor för enstaka nyckelord och flera nyckelord på mindre än en millisekund.

searchable encryption

cloud storage

security

privacy-enhancing

sökbar kryptering

molnlagring

säkerhet

integritetsförbättring

Computer Sciences

Datavetenskap (datalogi)

Technologies respectueuses de la vie privée pour le covoiturage / Privacy-enhancing technologies for ridesharing

Aïvodji, Ulrich Matchi

24 January 2018

L'émergence des téléphones mobiles et objets connectés a profondément changé notre vie quotidienne. Ces dispositifs, grâce à la multitude de capteurs qu'ils embarquent, permettent l'accès à un large spectre de services. En particulier, les capteurs de position ont contribué au développement des services de localisation tels que la navigation, le covoiturage, le suivi de la congestion en temps réel... En dépit du confort offert par ces services, la collecte et le traitement des données de localisation portent de sérieuses atteintes à la vie privée des utilisateurs. En effet, ces données peuvent renseigner les fournisseurs de services sur les points d'intérêt (domicile, lieu de travail, orientation sexuelle), les habitudes ainsi que le réseau social des utilisateurs. D'une façon générale, la protection de la vie privée des utilisateurs peut être assurée par des dispositions légales ou techniques. Même si les mesures d'ordre légal peuvent dissuader les fournisseurs de services et les individus malveillants à enfreindre le droit à la vie privée des utilisateurs, les effets de telles mesures ne sont observables que lorsque l'infraction est déjà commise et détectée. En revanche, l'utilisation des technologies renforçant la protection de la vie privée (PET) dès la phase de conception des systèmes permet de réduire le taux de réussite des attaques contre la vie privée des utilisateurs. L'objectif principal de cette thèse est de montrer la viabilité de l'utilisation des PET comme moyens de protection des données de localisation dans les services de covoiturage. Ce type de service de localisation, en aidant les conducteurs à partager les sièges vides dans les véhicules, contribue à réduire les problèmes de congestion, d'émissions et de dépendance aux combustibles fossiles. Dans cette thèse, nous étudions les problèmes de synchronisation d'itinéraires et d'appariement relatifs au covoiturage avec une prise en compte explicite des contraintes de protection des données de localisation (origine, destination). Les solutions proposées dans cette thèse combinent des algorithmes de calcul d'itinéraires multimodaux avec plusieurs techniques de protection de la vie privée telles que le chiffrement homomorphe, l'intersection sécurisée d'ensembles, le secret partagé, la comparaison sécurisée d'entier. Elles garantissent des propriétés de protection de vie privée comprenant l'anonymat, la non-chainabilité et la minimisation des données. De plus, elles sont comparées à des solutions classiques, ne protégeant pas la vie privée. Nos expérimentations indiquent que les contraintes de protection des données privées peuvent être prise en compte dans les services de covoiturage sans dégrader leurs performances. / The emergence of mobile phones and connected objects has profoundly changed our daily lives. These devices, thanks to the multitude of sensors they embark, allow access to a broad spectrum of services. In particular, position sensors have contributed to the development of location-based services such as navigation, ridesharing, real-time congestion tracking... Despite the comfort offered by these services, the collection and processing of location data seriously infringe the privacy of users. In fact, these data can inform service providers about points of interests (home, workplace, sexual orientation), habits and social network of the users. In general, the protection of users' privacy can be ensured by legal or technical provisions. While legal measures may discourage service providers and malicious individuals from infringing users' privacy rights, the effects of such measures are only observable when the offense is already committed and detected. On the other hand, the use of privacy-enhancing technologies (PET) from the design phase of systems can reduce the success rate of attacks on the privacy of users. The main objective of this thesis is to demonstrate the viability of the usage of PET as a means of location data protection in ridesharing services. This type of location-based service, by allowing drivers to share empty seats in vehicles, helps in reducing congestion, CO2 emissions and dependence on fossil fuels. In this thesis, we study the problems of synchronization of itineraries and matching in the ridesharing context, with an explicit consideration of location data (origin, destination) protection constraints. The solutions proposed in this thesis combine multimodal routing algorithms with several privacy-enhancing technologies such as homomorphic encryption, private set intersection, secret sharing, secure comparison of integers. They guarantee privacy properties including anonymity, unlinkability, and data minimization. In addition, they are compared to conventional solutions, which do not protect privacy. Our experiments indicate that location data protection constraints can be taken into account in ridesharing services without degrading their performance.

Vie privée

Covoiturage

Technologies renforçant la vie privée

Privacy

Ridesharing

Privacy enhancing technologies

PET-Exchange: A Privacy Enhanced Trading Framework : A Framework for Limit-Order Matching using Homomorphic Encryption in Trading / PET-Exchange: Ett Ramverk för Integritetsbevarande Limitordrar i Kontinuerliga Auktioner med Homomorfisk Kryptering

Wahlman, Jacob

January 2022

Over the recent decades, an increasing amount of new traders has entered the securities markets in order to trade securities such as stocks and bonds on electronic and physical exchanges. This increase in trader activity can largely be attributed to a simpler trading process including the growth of the electronic securities exchanges allowing for more dynamic and global trading platforms. Ever since their introduction, electronic exchanges have grown in terms of volume traded. The underlying trading mechanisms have mostly stayed the same over the years with some additions and improvements. However, over the recent decade, high-frequency traders (HFT) using algorithmic trading have shifted the playing field using practices that many consider unethical. Furthermore, insider trading continues to cause trust issues in certain trading platforms. Multiple solutions to these kinds of unethical trading behaviors have been proposed. Homomorphic encryption has been proposed as a potential preventative mechanism among the proposed solutions. This thesis analyses the properties and effects of a privacy-preserving framework for trading securities on an electronic stock exchange. The method used to evaluate the effects on trading was to implement a framework for handling trading and matching encrypted orders. The framework was then evaluated against its unencrypted counterpart to compare their performance properties in terms of volume handled, amount of orders matched, and timings of certain instructions. Finally, their security properties were analyzed to understand the proposed solution's potential impact on transparency, fairness, and opportunities for financial crime in an electronic securities exchange. The implementation was evaluated on its privacy-preserving properties by evaluating its ability to prevent information disclosure in trading processes. Furthermore, the performance of the implementation was evaluated using a generated trading session to simulate the market with sample trade data. Finally, from the proposed framework and the findings from this evaluation regarding privacy preservation and performance, a conclusion regarding its applicability as an alternative to off-exchange trading and preventative method against unfair practices and financial crime in trading is presented. The evaluation showed that the privacy-preserving and cryptographic properties of the suggested encrypted exchange were reasonably strong and were able to fulfill its goal of preventing unfair advantages in trading stemming from access to plaintext order information. However, the performance of the suggested implementation shows that more work needs to be performed for it to be viable in public electronic stock exchanges, although the solution could be suitable for small scale trading and privacy-preserving auctions.

Homomorphic Encryption

Privacy

Securities Exchange

Privacy Enhancing Technologies

Computer Sciences

Datavetenskap (datalogi)

Usability Issues in the User Interfaces of Privacy-Enhancing Technologies

LaTouche, Lerone W.

01 January 2013

Privacy on the Internet has become one of the leading concerns for Internet users. These users are not wrong in their concerns if personally identifiable information is not protected and under their control. To minimize the collection of Internet users' personal information and help solve the problem of online privacy, a number of privacy-enhancing technologies have been developed. These so-called privacy-enhancing technologies still have usability issues in the user interfaces because Internet users do not have the choices required to monitor and control their personal data when released in online repositories. Current research shows a need exists to improve the overall usability of privacy-enhancing technology user interfaces. A properly designed privacy-enhancing technology user interface will give the Internet users confidence they can monitor and control all aspects of their personal data. Specific methods and criteria for assessing the usability of privacy-enhancing technology user interfaces either have not been developed or have not been widely published leading to the complexity of the user interfaces, which negatively affects the privacy and security of Internet users' personal data. This study focused on the development of a conceptual framework, which will provide a sound foundation for use in assessing the user interfaces of Web-based privacy-enhancing technologies for user-controlled e-privacy features. The study investigated the extent to which user testing and heuristic evaluation help identify the lack of user-controlled e-privacy features and usability problems in selected privacy-enhancing technology user interfaces. The outcome of this research was the development of a domain-specific heuristics checklist with criteria for the future evaluation of privacy-enhancing technologies' applications user interfaces. The results of the study show the domain-specific heuristics checklist generated more usability problems and a higher number of severe problems than the general heuristics. This suggests domain-specific heuristics can be used as a discount usability technique, which enforces the concept of usability that the heuristics are easy to use and learn. The domain-specific heuristics checklist should be of interest to privacy and security practitioners involved in the development of privacy-enhancing technologies' user interfaces. This research should supplement the literature on human-computer interaction, personal data protection, and privacy management.

Domain-Specific Heuristics

Human-Computer Interaction

Personal Data Protection

Privacy-Enhancing Technologies

Privacy Management

Usability

Computer Sciences