Extended Abstracts of the Fourth Privacy Enhancing Technologies Convention (PET-CON 2009.1)

PET-CON, the Privacy Enhancing Technologies Convention, is a forum for researchers, students, developers, and other interested people to discuss novel research, current development and techniques in the area of Privacy Enhancing Technologies. PET-CON was first conceived in June 2007 at the 7th International PET Symposium in Ottawa, Canada. The idea was to set up a bi-annual convention in or nearby Germany to be able to meet more often than only once a year at some major conference

New statistical disclosure attacks on anonymous communications networks

Tesis inédita de la Universidad Complutense de Madrid, Facultad de Informática, Departamento de Ingeniería del Software e Inteligencia Artificial, leída el 5-02-2016.El anonimato es una dimensi on de la privacidad en la que una persona se reserva su identidad en las relaciones sociales que mantiene. Desde el punto de vista del area de las comunicaciones electr onicas, el anonimato posibilita mantener oculta la informaci on que pueda conducir a la identi caci on de las partes involucradas en una transacci on. Actualmente, conservar el anonimato en las transacciones de informaci on en red representa uno de los aspectos m as importantes. Con este n se han desarrollado diversas tecnolog as, com unmente denominadas tecnolog as para la mejora de la privacidad. Una de las formas m as populares y sencillas de proteger el anonimato en las comunicaciones entre usuarios son los sistemas de comunicaci on an onima de baja latencia basados en redes de mezcladores. Estos sistemas est an expuestos a una serie de ataques basados en an alisis de tr a co que comprometen la privacidad de las relaciones entre los usuarios participantes en la comunicaci on, esto es, que determinan, en mayor o menor medida, las identidades de emisores y receptores. Entre los diferentes tipos de ataques destacan los basados en la inundaci on de la red con informaci on falsa para obtener patrones en la red de mezcladores, los basados en el control del tiempo, los basados en el contenido de los mensajes, y los conocidos como ataques de intersecci on, que pretenden inferir, a trav es de razonamientos probabil sticos o de optimizaci on, patrones de relaciones entre usuarios a partir de la informaci on recabada en lotes o durante un per odo de tiempo por parte del atacante. Este ultimo tipo de ataque es el objeto de la presente tesis...Anonymity is a privacy dimension related to people's interest in preserving their identity in social relationships. In network communications, anonymity makes it possible to hide information that could compromise the identity of parties involved in transactions. Nowadays, anonymity preservation in network information transactions represents a crucial research eld. In order to address this issue, a number of Privacy Enhancing Technologies have been developed. Low latency communications systems based on networks of mixes are very popular and simple measures to protect anonymity in users communications. These systems are exposed to a series of attacks based on tra c analysis that compromise the privacy of relationships between user participating in communications, leading to determine the identity of sender and receiver in a particular information transaction. Some of the leading attacks types are attacks based on sending dummy tra c to the network, attacks based on time control, attacks that take into account the textual information within the messages, and intersections attacks, that pretend to derive patterns of communications between users using probabilistic reasoning or optimization algorithms. This last type of attack is the subject of the present work. Intersection attacks lead to derive statistical estimations of the communications patterns (mean number of sent messages between a pair of users, probability of relationship between users, etc). These models were named Statistical Disclosure Attacks, and were soon considered able to compromise seriously the anonymity of networks based on mixes. Nevertheless, the hypotheses assumed in the rst publications for the concrete development of the attacks were excessively demanding and unreal. It was common to suppose that messages were sent with uniform probability to the receivers, to assume the knowledge of the number of friends an user has or the knowledge a priori of some network parameters, supposing similar behavior between users, etc...Depto. de Ingeniería de Software e Inteligencia Artificial (ISIA)Fac. de InformáticaTRUEunpu

Privacy protection of user profiles in personalized information systems

In recent times we are witnessing the emergence of a wide variety of information systems that tailor the information-exchange functionality to meet the specific interests of their users. Most of these personalized information systems capitalize on, or lend themselves to, the construction of profiles, either directly declared by a user, or inferred from past activity. The ability of these systems to profile users is therefore what enables such intelligent functionality, but at the same time, it is the source of serious privacy concerns. Although there exists a broad range of privacy-enhancing technologies aimed to mitigate many of those concerns, the fact is that their use is far from being widespread. The main reason is that there is a certain ambiguity about these technologies and their effectiveness in terms of privacy protection. Besides, since these technologies normally come at the expense of system functionality and utility, it is challenging to assess whether the gain in privacy compensates for the costs in utility. Assessing the privacy provided by a privacy-enhancing technology is thus crucial to determine its overall benefit, to compare its effectiveness with other technologies, and ultimately to optimize it in terms of the privacy-utility trade-off posed. Considerable effort has consequently been devoted to investigating both privacy and utility metrics. However, most of these metrics are specific to concrete systems and adversary models, and hence are difficult to generalize or translate to other contexts. Moreover, in applications involving user profiles, there are a few proposals for the evaluation of privacy, and those existing are not appropriately justified or fail to justify the choice. The first part of this thesis approaches the fundamental problem of quantifying user privacy. Firstly, we present a theoretical framework for privacy-preserving systems, endowed with a unifying view of privacy in terms of the estimation error incurred by an attacker who aims to disclose the private information that the system is designed to conceal. Our theoretical analysis shows that numerous privacy metrics emerging from a broad spectrum of applications are bijectively related to this estimation error, which permits interpreting and comparing these metrics under a common perspective. Secondly, we tackle the issue of measuring privacy in the enthralling application of personalized information systems. Specifically, we propose two information-theoretic quantities as measures of the privacy of user profiles, and justify these metrics by building on Jaynes' rationale behind entropy-maximization methods and fundamental results from the method of types and hypothesis testing. Equipped with quantifiable measures of privacy and utility, the second part of this thesis investigates privacy-enhancing, data-perturbative mechanisms and architectures for two important classes of personalized information systems. In particular, we study the elimination of tags in semantic-Web applications, and the combination of the forgery and the suppression of ratings in personalized recommendation systems. We design such mechanisms to achieve the optimal privacy-utility trade-off, in the sense of maximizing privacy for a desired utility, or vice versa. We proceed in a systematic fashion by drawing upon the methodology of multiobjective optimization. Our theoretical analysis finds a closed-form solution to the problem of optimal tag suppression, and to the problem of optimal forgery and suppression of ratings. In addition, we provide an extensive theoretical characterization of the trade-off between the contrasting aspects of privacy and utility. Experimental results in real-world applications show the effectiveness of our mechanisms in terms of privacy protection, system functionality and data utility

Analyses on tech-enhanced and anonymous Peer Discussion as well as anonymous Control Facilities for tech-enhanced Learning

An increasing number of university freshmen has been observable in absolute number as well as percentage of population over the last decade. However, at the same time the drop-out rate has increased significantly. While a drop in attendance could be observed at the same time, statistics show that young professionals consider only roughly thirty percent of their qualification to originate in their university education. Taking this into consideration with the before mentioned, one conclusion could be that students fail to see the importance of fundamental classes and choose to seek knowledge elsewhere, for example in free online courses. However, the so acquired knowledge is a non-attributable qualification. One solution to this problem must be to make on-site activities more attractive. A promising approach for raised attractiveness would be to support students in self-regulated learning processes, making them experience importance and value of own decisions based on realistic self-assessment and self-evaluation. At the same time, strict ex-cathedra teaching should be replaced by interactive forms of education, ideally activating on a meta-cognitive level. Particularly, as many students bring mobile communication devices into classes, this promising approach could be extended by utilising these mobile devices as second screens. That way, enhanced learning experiences can be provided. The basic idea is simple, namely to contribute to psychological concepts with the means of computer science. An example for this idea are audience response systems. There has been numerous research into these and related approaches for university readings, but other forms of education have not been sufficiently considered, for example tutorials. This technological aspect can be combined with recent didactics research and concepts like peer instruction or visible learning. Therefore, this dissertation presents an experimental approach at providing existing IT solutions for on-site tutorials, specifically tools for audience responses, evaluations, learning demand assessments, peer discussion, and virtual interactive whiteboards. These tools are provided under observation of anonymity and cognisant incidental utilisation. They provide insight into students\' motivation to attend classes, their motivation to utilise tools, and into their tool utilisation itself. Experimental findings are combined into an extensible system concept consisting of three major tool classes: anonymous peer discussion means, anonymous control facilities, and learning demand assessment. With the exception of the latter, promising findings in context of tutorials are presented, for example the reduction of audience response systems to an emergency brake, the versatility of (peer) discussion systems, or a demand for retroactive deanonymisation of contributions. The overall positive impact of tool utilisation on motivation to attend and perceived value of tutorials is discussed and supplemented by a positive impact on the final exams\' outcomes.:List of Definitions, Theorems and Proofs List of Figures List of Tables Introduction and Motivation Part I: Propaedeutics 1 Working Theses 1.1 Definitions 1.2 Context of Working Theses and Definitions 2 Existing Concepts 2.1 Psychology 2.1.1 Self-Regulation and self-regulated Learning 2.1.2 Peer Instruction, Peer Discussion 2.1.3 Learning Process Supervision: Learning Demand Assessment 2.1.4 Cognitive Activation 2.1.5 Note on Gamification 2.1.6 Note on Blended Learning 2.2 Computer Science 2.2.1 Learning Platforms 2.2.2 Audience Response Systems (ARS) 2.2.3 Virtual Interactive Whiteboard Systems (V-IWB) 2.2.4 Cognisant Incidential Utilisation (CIU) 2.3 Appraisal 3 Related Work 3.1 Visible Learning 3.2 auditorium 3.3 Auditorium Mobile Classroom Service 3.4 ARSnova and other Audience Response Systems 3.5 Google Classroom 3.6 StackOverflow 3.7 AwwApp Part II: Proceedings 4 Global Picture and Prototype 4.1 Global Picture 4.2 System Architecture 4.2.1 Anonymous Discussion Means 4.2.2 Anonymous Control Facilities 4.3 Implementation 4.3.1 The Prototype 5 Investigated Tools 5.1 Note on Methodology 5.2 Anonymity 5.2.1 Methodology 5.2.2 Visible Learning Effects 5.2.3 Assertion 5.2.4 Experiments 5.2.5 Results 5.2.6 Conclusions 5.3 Learning Demand Assessment 5.3.1 Methodology 5.3.2 Visible Learning Effects 5.3.3 Tool Description 5.3.4 Assertion 5.3.5 Experiments 5.3.6 Results 5.3.7 Conclusions 5.4 Peer Discussion System 5.4.1 Methodology 5.4.2 Visible Learning Effects 5.4.3 Tool Description 5.4.4 Assertion 5.4.5 Experiments 5.4.6 Results 5.4.7 Conclusions 5.5 Virtual Interactive Whiteboard 5.5.1 Methodology 5.5.2 Visible Learning Effects 5.5.3 Tool Description 5.5.4 Assertion 5.5.5 Experiments 5.5.6 Results 5.5.7 Conclusions 5.6 Audience Response System and Emergency Brake 5.6.1 Methodology 5.6.2 Visible Learning Effects 5.6.3 Tool Description 5.6.4 Assertion 5.6.5 Experiments 5.6.6 Results 5.6.7 Conclusions 5.7 Evaluation System 5.7.1 Methodology 5.7.2 Visible Learning Effects 5.7.3 Tool Description 5.7.4 Assertion 5.7.5 Experiments 5.7.6 Results and Conclusion 6 Exam Outcome 7 Utilisation and Motivation 7.1 Prototype Utilisation 7.2 Motivational Aspects Part III: Appraisal 8 Lessons learned 9 Discussion 9.1 Working Theses’ Validity 9.2 Research Community: Impact and Outlook 9.2.1 Significance to Learning Psychology 9.3 Possible Extension of existing Solutions 10 Conclusion 10.1 Summary of scientific Contributions 10.2 Future Work Part IV: Appendix A Experimental Arrangement B Questionnaires B.1 Platform Feedback Sheet B.1.1 Original PFS in 2014 B.1.2 Original PFS in 2015 B.2 Minute Paper B.3 Motivation and Utilisation Questionnaires B.3.1 Motivation 2013 and 2014 B.3.2 Motivation 2015 B.3.3 Utilisation 2014 B.3.4 Utilisation 2015, Rev. I B.3.5 Utilisation 2015, Rev. II C References C.1 Auxiliary Means D Publications D.1 Original Research Contributions D.2 Student Theses E Glossary F Index G Milestones AcknowledgementsÜber die vergangene Dekade ist eine zunehmende Zahl Studienanfänger beobachtbar, sowohl in der absoluten Anzahl, als auch im Bevölkerungsanteil. Demgegenüber steht aber eine überproportional hohe Steigerung der Abbruchquote. Während gleichzeitig die Anwesenheit in universitären Lehrveranstaltungen sinkt, zeigen Statistiken, dass nur etwa ein Drittel der Berufseinsteiger die Grundlagen ihrer Qualifikation im Studium sieht. Daraus könnte man ableiten, dass Studierende den Wert und die Bedeutung universitärer Ausbildung unterschätzen und stattdessen Wissen in anderen Quellen suchen, beispielsweise unentgeltlichen Online-Angeboten. Das auf diese Art angeeignete Wissen stellt aber eine formell nicht nachweise Qualifikation dar. Ein Weg aus diesem Dilemma muss die Steigerung der Attraktivität der universitären Lehrveranstaltungen sein. Ein vielversprechender Ansatz ist die Unterstützung der Studierenden im selbst-regulierten Lernen, wodurch sie die Wichtigkeit und den Wert eigener Entscheidung(sfindungsprozesse) auf Basis realistischer Selbsteinschätzung und Selbstevaluation erlernen. Gleichzeitig sollte Frontalunterricht durch interaktive Lehrformen ersetzt werden, idealerweise durch Aktivierung auf meta-kognitiver Ebene. Dies ist vielversprechend insbesondere, weil viele Studierende ihre eigenen mobilen Endgeräte in Lehrveranstaltungen bringen. Diese Geräte können als Second Screen für die neuen Lehrkonzepte verwendet werden. Auf diese Art kann dann eine verbesserte Lernerfahrung vermittelt werden. Die Grundidee ist simpel, nämlich in der Psychologie bewährte Didaktik-Konzepte durch die Mittel der Informatik zu unterstützen. Ein Beispiel dafür sind Audience Response Systeme, die hinlänglich im Rahmen von Vorlesungen untersucht worden sind. Andere Lehrformen wurden dabei jedoch unzureichend berücksichtigt, beispielsweise Tutorien. Ähnliche Überlegungen gelten natürlich auch für bewährte didaktische Konzepte wie Peer Instruction oder Betrachtungen in Form von Visible Learning. Deshalb präsentiert diese Dissertation einen experimentellen Ansatz, informationstechnische Lösungen für vor-Ort-Übungen anzubieten, nämlich Werkzeuge für Audience Response Systeme, Evaluationen, Lernbedarfsermittlung, Peer Discussion, sowie virtuelle interaktive Whiteboards. Die genannten Werkzeuge wurden unter Beachtung von Anonymitäts- und Beiläufigkeitsaspekten bereitgestellt. Sie erlauben einen Einblick in die Motivation der Studierenden Tutorien zu besuchen und die Werkzeuge zu nutzen, sowie ihr Nutzungsverhalten selbst. Die experimentellen Ergebnisse werden in ein erweiterbares Systemkonzept kombiniert, das drei Werkzeugklassen unterstützt: anonyme Peer Discussion, anonyme Kontrollwerkzeuge und Lernbedarfsermittlung. Für die ersten beiden Klassen liegen vielversprechende Ergebnisse vor, beispielsweise die notwendige Reduktion des Audience Response Systems auf eine Art Notbremse, die Vielseitigkeit von (Peer-)Discussion-Systemen, oder aber auch der Bedarf für eine retroaktive Deanonymisierung von initial anonymen Beiträgen. Der allgemein positive Einfluss der Werkzeugnutzung auf die Motivation an Tutorien teilzunehmen sowie den wahrgenommenen Wert der Tutorien werden abschließend diskutiert und durch verbesserte Abschlussklausurergebnisse untermauert.:List of Definitions, Theorems and Proofs List of Figures List of Tables Introduction and Motivation Part I: Propaedeutics 1 Working Theses 1.1 Definitions 1.2 Context of Working Theses and Definitions 2 Existing Concepts 2.1 Psychology 2.1.1 Self-Regulation and self-regulated Learning 2.1.2 Peer Instruction, Peer Discussion 2.1.3 Learning Process Supervision: Learning Demand Assessment 2.1.4 Cognitive Activation 2.1.5 Note on Gamification 2.1.6 Note on Blended Learning 2.2 Computer Science 2.2.1 Learning Platforms 2.2.2 Audience Response Systems (ARS) 2.2.3 Virtual Interactive Whiteboard Systems (V-IWB) 2.2.4 Cognisant Incidential Utilisation (CIU) 2.3 Appraisal 3 Related Work 3.1 Visible Learning 3.2 auditorium 3.3 Auditorium Mobile Classroom Service 3.4 ARSnova and other Audience Response Systems 3.5 Google Classroom 3.6 StackOverflow 3.7 AwwApp Part II: Proceedings 4 Global Picture and Prototype 4.1 Global Picture 4.2 System Architecture 4.2.1 Anonymous Discussion Means 4.2.2 Anonymous Control Facilities 4.3 Implementation 4.3.1 The Prototype 5 Investigated Tools 5.1 Note on Methodology 5.2 Anonymity 5.2.1 Methodology 5.2.2 Visible Learning Effects 5.2.3 Assertion 5.2.4 Experiments 5.2.5 Results 5.2.6 Conclusions 5.3 Learning Demand Assessment 5.3.1 Methodology 5.3.2 Visible Learning Effects 5.3.3 Tool Description 5.3.4 Assertion 5.3.5 Experiments 5.3.6 Results 5.3.7 Conclusions 5.4 Peer Discussion System 5.4.1 Methodology 5.4.2 Visible Learning Effects 5.4.3 Tool Description 5.4.4 Assertion 5.4.5 Experiments 5.4.6 Results 5.4.7 Conclusions 5.5 Virtual Interactive Whiteboard 5.5.1 Methodology 5.5.2 Visible Learning Effects 5.5.3 Tool Description 5.5.4 Assertion 5.5.5 Experiments 5.5.6 Results 5.5.7 Conclusions 5.6 Audience Response System and Emergency Brake 5.6.1 Methodology 5.6.2 Visible Learning Effects 5.6.3 Tool Description 5.6.4 Assertion 5.6.5 Experiments 5.6.6 Results 5.6.7 Conclusions 5.7 Evaluation System 5.7.1 Methodology 5.7.2 Visible Learning Effects 5.7.3 Tool Description 5.7.4 Assertion 5.7.5 Experiments 5.7.6 Results and Conclusion 6 Exam Outcome 7 Utilisation and Motivation 7.1 Prototype Utilisation 7.2 Motivational Aspects Part III: Appraisal 8 Lessons learned 9 Discussion 9.1 Working Theses’ Validity 9.2 Research Community: Impact and Outlook 9.2.1 Significance to Learning Psychology 9.3 Possible Extension of existing Solutions 10 Conclusion 10.1 Summary of scientific Contributions 10.2 Future Work Part IV: Appendix A Experimental Arrangement B Questionnaires B.1 Platform Feedback Sheet B.1.1 Original PFS in 2014 B.1.2 Original PFS in 2015 B.2 Minute Paper B.3 Motivation and Utilisation Questionnaires B.3.1 Motivation 2013 and 2014 B.3.2 Motivation 2015 B.3.3 Utilisation 2014 B.3.4 Utilisation 2015, Rev. I B.3.5 Utilisation 2015, Rev. II C References C.1 Auxiliary Means D Publications D.1 Original Research Contributions D.2 Student Theses E Glossary F Index G Milestones Acknowledgement

Contemporary Issues in Digital Marketing

Web-marketing;Customer services;International busines

Cyber Infrastructure Protection: Vol. II

View the Executive SummaryIncreased reliance on the Internet and other networked systems raise the risks of cyber attacks that could harm our nation’s cyber infrastructure. The cyber infrastructure encompasses a number of sectors including: the nation’s mass transit and other transportation systems; banking and financial systems; factories; energy systems and the electric power grid; and telecommunications, which increasingly rely on a complex array of computer networks, including the public Internet. However, many of these systems and networks were not built and designed with security in mind. Therefore, our cyber infrastructure contains many holes, risks, and vulnerabilities that may enable an attacker to cause damage or disrupt cyber infrastructure operations. Threats to cyber infrastructure safety and security come from hackers, terrorists, criminal groups, and sophisticated organized crime groups; even nation-states and foreign intelligence services conduct cyber warfare. Cyber attackers can introduce new viruses, worms, and bots capable of defeating many of our efforts. Costs to the economy from these threats are huge and increasing. Government, business, and academia must therefore work together to understand the threat and develop various modes of fighting cyber attacks, and to establish and enhance a framework to assess the vulnerability of our cyber infrastructure and provide strategic policy directions for the protection of such an infrastructure. This book addresses such questions as: How serious is the cyber threat? What technical and policy-based approaches are best suited to securing telecommunications networks and information systems infrastructure security? What role will government and the private sector play in homeland defense against cyber attacks on critical civilian infrastructure, financial, and logistical systems? What legal impediments exist concerning efforts to defend the nation against cyber attacks, especially in preventive, preemptive, and retaliatory actions?https://press.armywarcollege.edu/monographs/1527/thumbnail.jp

From Dataveillance to Data Economy: Firm View on Data Protection

The increasing availability of electronic records and the expanded reliance on online communications and services have made available a huge amount of data about people’s behaviours, characteristics, and preferences. Advancements in data processing technology, known as big data, offer opportunities to increase organisational efficiency and competitiveness. Analytically sophisticated companies excel in their ability to extract value from the analysis of digital data. However, in order to exploit the potential economic benefits produced by big data and analytics, issues of data privacy and information security need to be addressed. In Europe, organisations processing personal data are being required to implement basic data protection principles, which are considered difficult to implement in big data environments. Little is known in the privacy studies literature about how companies manage the trade-off between data usage and data protection. This study contributes to explore the corporate data privacy environment, by focusing on the interrelationship between the data protection legal regime, the application of big data analytics to achieve corporate objectives, and the creation of an organisational privacy culture. It also draws insights from surveillance studies, particularly the idea of dataveillance, to identify potential limitations of the current legal privacy regime. The findings from the analysis of survey data show that big data and data protection support each other, but also that some frictions can emerge around data collection and data fusion. The demand for the integration of different data sources poses challenges to the implementation of data protection principles. However, this study finds no evidence that data protection laws prevent data gathering. Implications relevant for the debate on the reform of European data protection law are also drawn from these findings