COVID-19 Contact Tracing: Challenges and Future Directions.

Contact tracing has become a vital tool for public health officials to effectively combat the spread of new diseases, such as the novel coronavirus disease COVID-19. Contact tracing is not new to epidemiologist rather, it used manual or semi-manual approaches that are incredibly time-consuming, costly and inefficient. It mostly relies on human memory while scalability is a significant challenge in tackling pandemics. The unprecedented health and socio-economic impacts led researchers and practitioners around the world to search for technology-based approaches for providing scalable and timely answers. Smartphones and associated digital technologies have the potential to provide a better approach due to their high level of penetration, coupled with mobility. While data-driven solutions are extremely powerful, the fear among citizens is that information like location or proximity associated with other personal data can be weaponised by the states to enforce surveillance. Low adoption rate of such apps due to the lack of trust questioned the efficacy and demanded researchers to find innovative solution for building digital-trust, and appropriately balancing privacy and accuracy of data. In this paper, we have critically reviewed such protocols and apps to identify the strength and weakness of each approach. Finally, we have penned down our recommendations to make the future contact tracing mechanisms more universally inter-operable and privacy-preserving

Towards an Accountable Web of Personal Information: the Web-of-Receipts

Consent is a corner stone in any Privacy practice or public policy. Much beyond a simple "accept" button, we show in this paper that obtaining and demonstrating valid Consent can be a complex matter since it is a multifaceted problem. This is important for both Organisations and Users. As shown in recent cases, not only cannot an individual prove what they accepted at any point in time, but also organisations are struggling with proving such consent was obtained leading to inefficiencies and non-compliance. To a large extent, this problem has not obtained sufficient visibility and research effort. In this paper, we review the current state of Consent and tie it to a problem of Accountability. We argue for a different approach to how the Web of Personal Information operates: the need of an accountable Web in the form of Personal Data Receipts which are able to protect both individuals and organisation. We call this evolution the Web-of-Receipts: online actions, from registration to real-time usage, is preceded by valid consent and is auditable (for Users) and demonstrable (for Organisations) at any moment by using secure protocols and locally stored artefacts such as Receipts. The key contribution of this paper is to elaborate on this unique perspective, present proof-of-concept results and lay out a research agenda

IEEE Access Special Section Editorial: Security and Trusted Computing for Industrial Internet of Things: Research Challenges and Opportunities

Industrial IoT (IIoT) interconnects critical devices and sensors in critical infrastructure sectors with existing Internet of Things (IoT) devices and applications. Generally, IIoT deployment allows organizations and users to gain invaluable insights into industrial processes and achieve high-productivity gains while reducing cost. Their role will be increasingly important as we move toward Industry 5.0. Hence, it is also crucial to understand and address any security and privacy risks that may arise, including those discussed in the articles accepted in this Special Section

Location-Based Services and Privacy

In this paper we begin by describing location-based services, their evolution and their future directions. We then outline privacy issues raised by such services. In Part III we consider how current Canadian data protection laws apply to location-based services, and indicate where such laws fall short of addressing the full range of issues raised by location-based services. Part IV of the paper explores some technological methods to address the privacy challenges raised by location-based services. The paper concludes with a series of recommendations

BAMBI: BLUETOOTH ACCESS MANAGEMENT & BEACON IDENTIFICATION

Cybersecurity is a constantly developing field. Patches that secured yesterday’s technology do not safeguard against occurring threats, necessitating continuous research in the field. The outbreak of Bluetooth Low Energy (BLE) devices dramatically expands the attack surface. BLE is one of the most widely applicable low-power connectivity standards. The low cost, low power consumption, and ready availability of BLE modules have made them a popular wireless technology for Internet of Things (IoT) devices and power constrained applications. However, the deployment of BLE-enabled devices enlarges the network attack surface. In spite of that, access management is insufficient for Bluetooth Low Energy devices. To elucidate, understanding the difference between known and unknown, malicious and non-malicious devices within a perimeter can be crucial in today’s cyberspace. This research proposes an approach called BAMBI - Beacon Access Management and Beacon Identification, which sought to develop an efficient, accurate, and easy-to implement solution for device/beacon identification and access management. The proposed solution, BAMBI, addresses these areas for the Bluetooth Low Energy Protocol. There are a few components to BAMBI that make up this solution. Device Identification, Device Classification, and Access Management are components that make BAMBI the first of its kind for the BLE protocol. Although this research is limited to the BLE protocol, it does introduce avenues for other connectivity standards such as Zig-bee and Bluetooth to adapt without much overhead

Global Examples of COVID-19 Surveillance Technologies : Flash Report

The fast spread of coronavirus (COVID-19) around the world has put health services under an enormous strain. Turning to digital means for collating data on the spread of the virus, the associated symptoms, as well as the routes through which it may be spreading has been a common response. The situation, the associated technologies and the practices of their use vary across the globe and evolve rapidly. This report provides a global snapshot of the different types of technologies in use or in development for surveillance of COVID-19 at the beginning of April 2020. By the time this report is published, the situation will have developed further. The body of the report presents short descriptions of a selection of different apps from around the world. More detailed data tables are in Appendix 1 and include references used

Understanding and Measuring Privacy and Security Assertions of Mobile and VR Applications

The emergence of the COVID-19 pandemic has catalysed a profound transformation in the way mobile applications are utilised and engaged with by consumers. There has been a noticeable surge in people relying on applications for various purposes such as entertainment, remote work, and daily activities. These services collect large amounts of users’ personal information and use them in many areas, such as in medical and financial systems, but they also pose an unprecedented threat to users’ privacy and security. Many international jurisdictions have enacted privacy laws and regulations to restrict the behaviour of apps and define the obligations of app developers. Although various privacy assertions are required in app stores, such as the permission list and the privacy policies, it is usually difficult for regular users to understand the potential threats the app may pose, let alone identify undesired or malicious application behaviours. In this thesis, I have developed a comprehensive framework to assess the current privacy practices of mobile applications. The framework first establishes a knowledge base (including datasets) to model privacy and security assertions. It then builds a sound evaluation system to analyse the privacy practices of mobile applications. Large-scale privacy evaluations were conducted on different realworld datasets, including privacy policies, contact tracing apps, and children’s apps, with the aim of revealing the risks associated with mobile application privacy. Lastly, a novel approach to applying differential privacy on streamed spatial data in VR applications is proposed. This thesis provides a comprehensive guideline for the mobile software industry and legislators to build a stronger and safer privacy ecosystem.Thesis (Ph.D.) -- University of Adelaide, School of Computer and Mathematical Sciences, 202

User-Centric Security and Privacy Mechanisms in Untrusted Networking and Computing Environments

Our modern society is increasingly relying on the collection, processing, and sharing of digital information. There are two fundamental trends: (1) Enabled by the rapid developments in sensor, wireless, and networking technologies, communication and networking are becoming more and more pervasive and ad hoc. (2) Driven by the explosive growth of hardware and software capabilities, computation power is becoming a public utility and information is often stored in centralized servers which facilitate ubiquitous access and sharing. Many emerging platforms and systems hinge on both dimensions, such as E-healthcare and Smart Grid. However, the majority information handled by these critical systems is usually sensitive and of high value, while various security breaches could compromise the social welfare of these systems. Thus there is an urgent need to develop security and privacy mechanisms to protect the authenticity, integrity and confidentiality of the collected data, and to control the disclosure of private information. In achieving that, two unique challenges arise: (1) There lacks centralized trusted parties in pervasive networking; (2) The remote data servers tend not to be trusted by system users in handling their data. They make existing security solutions developed for traditional networked information systems unsuitable. To this end, in this dissertation we propose a series of user-centric security and privacy mechanisms that resolve these challenging issues in untrusted network and computing environments, spanning wireless body area networks (WBAN), mobile social networks (MSN), and cloud computing. The main contributions of this dissertation are fourfold. First, we propose a secure ad hoc trust initialization protocol for WBAN, without relying on any pre-established security context among nodes, while defending against a powerful wireless attacker that may or may not compromise sensor nodes. The protocol is highly usable for a human user. Second, we present novel schemes for sharing sensitive information among distributed mobile hosts in MSN which preserves user privacy, where the users neither need to fully trust each other nor rely on any central trusted party. Third, to realize owner-controlled sharing of sensitive data stored on untrusted servers, we put forward a data access control framework using Multi-Authority Attribute-Based Encryption (ABE), that supports scalable fine-grained access and on-demand user revocation, and is free of key-escrow. Finally, we propose mechanisms for authorized keyword search over encrypted data on untrusted servers, with efficient multi-dimensional range, subset and equality query capabilities, and with enhanced search privacy. The common characteristic of our contributions is they minimize the extent of trust that users must place in the corresponding network or computing environments, in a way that is user-centric, i.e., favoring individual owners/users

When Mobile Phones are RFID-Equipped - Finding E.U.-U.S. Solutions to Protect Consumer Privacy and Facilitate Mobile Commerce

New mobile phones have been designed to include delivery of mobile advertising and other useful location-based services, but have they also been designed to protect consumers\u27 privacy? One of the key enabling technologies for these new types of phones and new mobile services is Radio Frequency Identification (RFID), a wireless communication technology that enables the unique identification of tagged objects. In the case of RFID-enabled mobile phones, the personal nature of the devices makes it very likely that, by locating a phone, businesses will also be able to locate its owner. Consumers are currently testing new RFID-enabled phones around the globe, but the phones are not yet in general use by consumers in the United States and Europe. The incorporation of RFID into cell phones in order to deliver mobile advertising and other location-based services raises a host of important privacy questions that urgently need to be addressed before the phones become widely available. Analyzing the risks to consumer privacy in this new context, this paper offers a comparative law analysis of the applicable regulatory frameworks and recent policy developments in the European Union and the United States and concludes that there are many privacy concerns not presently addressed by E.U. and U.S. laws. This article also offers specific ideas to protect consumers\u27 privacy through applications of fair information practices and privacy-enhancing technologies. When mobile phones are RFID-equipped, consumers will need new privacy protections in order to understand the risks and make knowledgeable decisions about their privacy

Geographic Citizen Science Design

Little did Isaac Newton, Charles Darwin and other ‘gentlemen scientists’ know, when they were making their scientific discoveries, that some centuries later they would inspire a new field of scientific practice and innovation, called citizen science. The current growth and availability of citizen science projects and relevant applications to support citizen involvement is massive; every citizen has an opportunity to become a scientist and contribute to a scientific discipline, without having any professional qualifications. With geographic interfaces being the common approach to support collection, analysis and dissemination of data contributed by participants, ‘geographic citizen science’ is being approached from different angles. Geographic Citizen Science Design takes an anthropological and Human-Computer Interaction (HCI) stance to provide the theoretical and methodological foundations to support the design, development and evaluation of citizen science projects and their user-friendly applications. Through a careful selection of case studies in the urban and non-urban contexts of the Global North and South, the chapters provide insights into the design and interaction barriers, as well as on the lessons learned from the engagement of a diverse set of participants; for example, literate and non-literate people with a range of technical skills, and with different cultural backgrounds. Looking at the field through the lenses of specific case studies, the book captures the current state of the art in research and development of geographic citizen science and provides critical insight to inform technological innovation and future research in this area