You are probably not the weakest link: Towards practical prediction of susceptibility to semantic social engineering attacks

Semantic social engineering attacks are a pervasive threat to computer and communication systems. By employing deception rather than by exploiting technical vulnerabilities, spear-phishing, obfuscated URLs, drive-by downloads, spoofed websites, scareware, and other attacks are able to circumvent traditional technical security controls and target the user directly. Our aim is to explore the feasibility of predicting user susceptibility to deception-based attacks through attributes that can be measured, preferably in real-time and in an automated manner. Toward this goal, we have conducted two experiments, the first on 4333 users recruited on the Internet, allowing us to identify useful high-level features through association rule mining, and the second on a smaller group of 315 users, allowing us to study these features in more detail. In both experiments, participants were presented with attack and non-attack exhibits and were tested in terms of their ability to distinguish between the two. Using the data collected, we have determined practical predictors of users' susceptibility against semantic attacks to produce and evaluate a logistic regression and a random forest prediction model, with the accuracy rates of. 68 and. 71, respectively. We have observed that security training makes a noticeable difference in a user's ability to detect deception attempts, with one of the most important features being the time since last self-study, while formal security education through lectures appears to be much less useful as a predictor. Other important features were computer literacy, familiarity, and frequency of access to a specific platform. Depending on an organisation's preferences, the models learned can be configured to minimise false positives or false negatives or maximise accuracy, based on a probability threshold. For both models, a threshold choice of 0.55 would keep both false positives and false negatives below 0.2

Are you my motherboard? : the effects of technology on the parent-child relationship

New technologies have been evolving at a rapid pace over the last few decades. The convenience afforded by many technologies presents interesting questions in terms of attachment. Recent research on internet addiction disorder (IAD) has revealed that technology may be affecting people on a social, familial, and neurophysiological basis. This research explores the effects of technology on the parent-child relationship. The research interviewed six participants through telephone interviews: treatment participants (TP, n=2) in this research are both young men who meet criteria for IAD and completed treatment relative to their technology addiction; clinical participants (CP, n=4) in this research are clinicians that work in treatment centers that serve clients that meet criteria for IAD. Interviews were transcribed, coded, and analyzed. Due to the small sample size, this study\u27s findings are not generalizable; however, there were still some interesting findings and considerations. This research identified some common behavioral patterns in people with IAD and their families. Additionally, study participants suggest that failure to recognize and treat IAD will likely result in persistence of symptoms. Findings may be of interest to clinicians in addition to future research

DESIGN AND EXPLORATION OF NEW MODELS FOR SECURITY AND PRIVACY-SENSITIVE COLLABORATION SYSTEMS

Collaboration has been an area of interest in many domains including education, research, healthcare supply chain, Internet of things, and music etc. It enhances problem solving through expertise sharing, ideas sharing, learning and resource sharing, and improved decision making. To address the limitations in the existing literature, this dissertation presents a design science artifact and a conceptual model for collaborative environment. The first artifact is a blockchain based collaborative information exchange system that utilizes blockchain technology and semi-automated ontology mappings to enable secure and interoperable health information exchange among different health care institutions. The conceptual model proposed in this dissertation explores the factors that influences professionals continued use of video- conferencing applications. The conceptual model investigates the role the perceived risks and benefits play in influencing professionals’ attitude towards VC apps and consequently its active and automatic use

Privacy in online advertising platforms

Online advertising is consistently considered as the pillar of the "free• content on the Web since it is commonly the funding source of websites. Furthermore, the option of delivering personalizad ads has tumed advertising into a really valuable service for users, who receive ads tailored to their interests. Given its success in getting paying customers, online advertising is fueling a billionaire business. The current advertising model builds upon an intricate infrastructure whose main aim is to deliver personalized ads. For this purpose, a wealth of user data is collected, aggregated, processed and traded at an unprecedented rate. However, the intrusiveness and ubiquity of these practices prorrpt serious privacy concems. In view of the inherent corrplexity behind the operation of ad platforms, privacy risks in the online advertising ecosystem could be studied from multiple perspectives. Naturally, most of the efforts unveiling these privacy issues concentrate on a specific entity, technology, behavior or context. However, such a segmented approach rright underestimate the benefits of a wider vision of a systerric problem. A lot of privacy protection echanisms have been proposed from the industry and acaderria. The most popular ones resort to radical strategies that hinder the ad distribution process, thus seriously affecting the online advertising ecosystem. Others involve significantly changing the ecosystem, which unfortunately may not be suitable in these times. Consequently, to encourage the adoption of privacy protection in this context, it is fundamental to pose mechanisms that aim at balancing the trade-off between user privacy and the web business model. First, this thesis deals with the need to have a wide perspective of the privacy risks for users within the online advertising ecosystem and the protection approaches available. We survey the online advertising infrastructure and its supporting technologies, and present a thorough overview of the undertying privacy risks and the solutions that may rritigate them. Through a systematic effort, we analyze the threats and potential privacy attackers in this scenario of online advertising.Then, we conduct a corrprehensive survey of the most relevant privacy mechanisms, and classify and con-pare them on the basis of their privacy guarantees and irrpact on the Web. Subsequently, we study the privacy risks derived from real-time bidding, a key enabling technology of modem online advertising. We experimentally explore the potential abuse of the process of user data sharing, necessary to support the auction-based system in online advertising. Accordingly, we propase a system to regula te the distribution of u ser tracking data to potentially interested entities, depending on their previous behavior.This consists in reducing the nurnber of advertising agencies receiving user data. Doing so may affect the ad platform's revenue, thus the proposed system is designed to maxirrize the revenue while the abuse by advertising agencies is prevented to a large degree. Experimentally, the results of evaluation suggest that this system is able to correct rrisbehaving entities, consequently enhancing user privacy. Finally, we analyze the irrpact of online advertising and tracking from the particular perspective of lberoamerica.We study the third-party and ad tracking triggered within local websites in this heterogeneous region not previously studied. We found out that user location in this context would affect privacy since the intensity of third-party traffic, including advertising related flows of information, varies from country to country when local web traffic is simulated, although the total nurnber of entities behind this traffic seems stable. The type of content served by websites is also a parameter affecting the leve! of third-party tracking:publishers assiciated with news shopping categories generate more third-party traffic and such intensity is exarbated for top-world sitesLa publicitat en línia té un paper important a Internet que permet finançar habitualment l'operació de llocs web que ofereixen contingut lliure als usuaris. A més, la personalització dels anuncis ha tornat la publicitat en línia un servei valuós per als usuaris. Si aconseguirem que hi hagi molts compradors siguin més que possibles, es promourà un negoci milionari. El model d'anuncis vigents es basa en una infraestructura completa que lliura els anuncis personalitzats. Pera això, es pot recopilar una gran quantitat de dades d'ús, agregar, processar i vendre molt ràpidament. Malauradament, aquestes pràctiques generen riscos de privadesa. Donada la complexitat de l'operació de les plataformes d'anuncis, els riscos de privacitat es poden estudiar des de diverses perspectives. Naturalment, els esforços per desenvolupar aquests problemes de privacitat es concentren en una entitat, tecnologia, comportament o context específic. Però aquest enfocament subestima els beneficis d'una perspectiva més àmplia d'un problema integral. Molts mecanismes de protecció han estat proposats des de la indústria i l’àmbit acadèmic. Els més populars apliquen estratègies radicals que obstrueixen la distribució d'anuncis, afectant seriosament l’ecosistema d'anuncis. També es pot modificar significativament l’ecosistema, el que no és factible per la seva conflictivitat. Així, amb la finalitat de fomentar l'adopció de protecció de privacitat, és fonamental plantejar solucions orientades a equilibrar les necessitats de privacitat amb el model de negocis de la web. Inicialment, la tesi ofereix una visió amplia dels riscos de privacitat i els mecanismes de protecció a ecosistema d'anuncis en línia. Això es pot aconseguir basant-se en una revisió de la infraestructura i tecnologies subjacents en aquest context. Analitza sistemàticament les amenaces i potencies atacants. A continuació es revisa exhaustivament els mecanismes de privacitat més rellevants, i es classifica i es compara segons les garanties de privacitat que s'ofereixen i el seu possible impacte a la web. Seguidament, s'estudia els riscos de privadesa derivats de les ofertes en temps real, una tecnologia clau del sistema d'anuncis en línia modern. Experimentalment, s'inverteixen els riscos del procés de distribució de dades d'ús, part del sistema basat en licitacions de la publicitat en línia. Es proposa un sistema que regula la distribució de dades d'ús a tercers, depenent del seu comportament previ. Això consisteix en reduir el nombre d’agències anunciants que rebin dades d'ús. Per mitigar l’impacte sobre els ingressos del sistema d'anuncis, aquesta reducció és malaltia i l'objectiu de maximitzar els declaracions ingressades. Experimentalment, es troba que el sistema proposat corregir els comportaments maliciosos, millorant la privacitat dels usuaris. Finalment, s'analitza l'impacte del rastre i la publicitat en línia des de la perspectiva iberoamericana. Estudiem el rastreig de tercers i allò relacionat amb els anuncis que se generen en llocs web locals en aquesta regió heterogènia. Trobem que la ubicació de l'usuari en aquest context afecta la privacitat de l'usuari ja que aquest rastreig varia de país a país, tot i que el nombre total d'entitats darrere d'aquest transit sembla estable. El tipus de contingut afecta també el nivell de rastreig: llocs web de noticies o de compres generen més transit cap a tercers i aquesta intensitat s'exacerba en els llocs més populars

Privacy in online advertising platforms

Online advertising is consistently considered as the pillar of the "free• content on the Web since it is commonly the funding source of websites. Furthermore, the option of delivering personalizad ads has tumed advertising into a really valuable service for users, who receive ads tailored to their interests. Given its success in getting paying customers, online advertising is fueling a billionaire business. The current advertising model builds upon an intricate infrastructure whose main aim is to deliver personalized ads. For this purpose, a wealth of user data is collected, aggregated, processed and traded at an unprecedented rate. However, the intrusiveness and ubiquity of these practices prorrpt serious privacy concems. In view of the inherent corrplexity behind the operation of ad platforms, privacy risks in the online advertising ecosystem could be studied from multiple perspectives. Naturally, most of the efforts unveiling these privacy issues concentrate on a specific entity, technology, behavior or context. However, such a segmented approach rright underestimate the benefits of a wider vision of a systerric problem. A lot of privacy protection echanisms have been proposed from the industry and acaderria. The most popular ones resort to radical strategies that hinder the ad distribution process, thus seriously affecting the online advertising ecosystem. Others involve significantly changing the ecosystem, which unfortunately may not be suitable in these times. Consequently, to encourage the adoption of privacy protection in this context, it is fundamental to pose mechanisms that aim at balancing the trade-off between user privacy and the web business model. First, this thesis deals with the need to have a wide perspective of the privacy risks for users within the online advertising ecosystem and the protection approaches available. We survey the online advertising infrastructure and its supporting technologies, and present a thorough overview of the undertying privacy risks and the solutions that may rritigate them. Through a systematic effort, we analyze the threats and potential privacy attackers in this scenario of online advertising.Then, we conduct a corrprehensive survey of the most relevant privacy mechanisms, and classify and con-pare them on the basis of their privacy guarantees and irrpact on the Web. Subsequently, we study the privacy risks derived from real-time bidding, a key enabling technology of modem online advertising. We experimentally explore the potential abuse of the process of user data sharing, necessary to support the auction-based system in online advertising. Accordingly, we propase a system to regula te the distribution of u ser tracking data to potentially interested entities, depending on their previous behavior.This consists in reducing the nurnber of advertising agencies receiving user data. Doing so may affect the ad platform's revenue, thus the proposed system is designed to maxirrize the revenue while the abuse by advertising agencies is prevented to a large degree. Experimentally, the results of evaluation suggest that this system is able to correct rrisbehaving entities, consequently enhancing user privacy. Finally, we analyze the irrpact of online advertising and tracking from the particular perspective of lberoamerica.We study the third-party and ad tracking triggered within local websites in this heterogeneous region not previously studied. We found out that user location in this context would affect privacy since the intensity of third-party traffic, including advertising related flows of information, varies from country to country when local web traffic is simulated, although the total nurnber of entities behind this traffic seems stable. The type of content served by websites is also a parameter affecting the leve! of third-party tracking:publishers assiciated with news shopping categories generate more third-party traffic and such intensity is exarbated for top-world sitesLa publicitat en línia té un paper important a Internet que permet finançar habitualment l'operació de llocs web que ofereixen contingut lliure als usuaris. A més, la personalització dels anuncis ha tornat la publicitat en línia un servei valuós per als usuaris. Si aconseguirem que hi hagi molts compradors siguin més que possibles, es promourà un negoci milionari. El model d'anuncis vigents es basa en una infraestructura completa que lliura els anuncis personalitzats. Pera això, es pot recopilar una gran quantitat de dades d'ús, agregar, processar i vendre molt ràpidament. Malauradament, aquestes pràctiques generen riscos de privadesa. Donada la complexitat de l'operació de les plataformes d'anuncis, els riscos de privacitat es poden estudiar des de diverses perspectives. Naturalment, els esforços per desenvolupar aquests problemes de privacitat es concentren en una entitat, tecnologia, comportament o context específic. Però aquest enfocament subestima els beneficis d'una perspectiva més àmplia d'un problema integral. Molts mecanismes de protecció han estat proposats des de la indústria i l’àmbit acadèmic. Els més populars apliquen estratègies radicals que obstrueixen la distribució d'anuncis, afectant seriosament l’ecosistema d'anuncis. També es pot modificar significativament l’ecosistema, el que no és factible per la seva conflictivitat. Així, amb la finalitat de fomentar l'adopció de protecció de privacitat, és fonamental plantejar solucions orientades a equilibrar les necessitats de privacitat amb el model de negocis de la web. Inicialment, la tesi ofereix una visió amplia dels riscos de privacitat i els mecanismes de protecció a ecosistema d'anuncis en línia. Això es pot aconseguir basant-se en una revisió de la infraestructura i tecnologies subjacents en aquest context. Analitza sistemàticament les amenaces i potencies atacants. A continuació es revisa exhaustivament els mecanismes de privacitat més rellevants, i es classifica i es compara segons les garanties de privacitat que s'ofereixen i el seu possible impacte a la web. Seguidament, s'estudia els riscos de privadesa derivats de les ofertes en temps real, una tecnologia clau del sistema d'anuncis en línia modern. Experimentalment, s'inverteixen els riscos del procés de distribució de dades d'ús, part del sistema basat en licitacions de la publicitat en línia. Es proposa un sistema que regula la distribució de dades d'ús a tercers, depenent del seu comportament previ. Això consisteix en reduir el nombre d’agències anunciants que rebin dades d'ús. Per mitigar l’impacte sobre els ingressos del sistema d'anuncis, aquesta reducció és malaltia i l'objectiu de maximitzar els declaracions ingressades. Experimentalment, es troba que el sistema proposat corregir els comportaments maliciosos, millorant la privacitat dels usuaris. Finalment, s'analitza l'impacte del rastre i la publicitat en línia des de la perspectiva iberoamericana. Estudiem el rastreig de tercers i allò relacionat amb els anuncis que se generen en llocs web locals en aquesta regió heterogènia. Trobem que la ubicació de l'usuari en aquest context afecta la privacitat de l'usuari ja que aquest rastreig varia de país a país, tot i que el nombre total d'entitats darrere d'aquest transit sembla estable. El tipus de contingut afecta també el nivell de rastreig: llocs web de noticies o de compres generen més transit cap a tercers i aquesta intensitat s'exacerba en els llocs més populars.Postprint (published version