229,027 research outputs found
MORI: An Innovative Mobile Applications Data Risk Assessment Model
The daily activities of mobile device users range
from making calls and texting to accessing mobile
applications, such as mobile banking and online
social networks. Mobile phones are able to create,
store, and process different types of data, and these
data, whether personal, business, or governmental,
are related to the owner of the mobile device. More
specifically, user activities, such as posting on
Facebook, is sensitive and confidential processes
with varying degrees of social risk. The current
point-of-entry authentication mechanisms,
however, consider all applications on the mobile
device as if they had the same level of importance;
thus maintaining a single level of security for all
applications, without any further access control
rules. In this research, we argue that on a single
mobile application there are different processes
operating on the same data, with different social
risks based on the user’s actions. More specifically,
the unauthorised disclosure or modification of
mobile applications data has the potential to lead
to a number of undesirable consequences for the
user, which in turn means that the risk is changing
within the application. Thus, there is no single risk
for using a single application. Accordingly, there is
a severe lack of protection for user data stored in
mobile phones due to the lack of further
authentication or differentiated protection beyond
the point-of-entry. To remedy that failing, this
paper has introduced a new risk assessment model
for mobile applications data, called MORI (Mobile
Risk) that determines the risk level for each process
on a single application. The findings demonstrate
that this model has introduced a risk matrix which
helps to move the access control system from the
application level to the intra- process application
level, based on the risk for the user action being
performed on these processes
Literature Overview - Privacy in Online Social Networks
In recent years, Online Social Networks (OSNs) have become an important\ud
part of daily life for many. Users build explicit networks to represent their\ud
social relationships, either existing or new. Users also often upload and share a plethora of information related to their personal lives. The potential privacy risks of such behavior are often underestimated or ignored. For example, users often disclose personal information to a larger audience than intended. Users may even post information about others without their consent. A lack of experience and awareness in users, as well as proper tools and design of the OSNs, perpetuate the situation. This paper aims to provide insight into such privacy issues and looks at OSNs, their associated privacy risks, and existing research into solutions. The final goal is to help identify the research directions for the Kindred Spirits project
Recommended from our members
Reducing Third Parties in the Network through Client-Side Intelligence
The end-to-end argument describes the communication between a client and server using functionality that is located at the end points of a distributed system. From a security and privacy perspective, clients only need to trust the server they are trying to reach instead of intermediate system nodes and other third-party entities. Clients accessing the Internet today and more specifically the World Wide Web have to interact with a plethora of network entities for name resolution, traffic routing and content delivery. While individual communications with those entities may some times be end to end, from the user's perspective they are intermediaries the user has to trust in order to access the website behind a domain name. This complex interaction lacks transparency and control and expands the attack surface beyond the server clients are trying to reach directly. In this dissertation, we develop a set of novel design principles and architectures to reduce the number of third-party services and networks a client's traffic is exposed to when browsing the web. Our proposals bring additional intelligence to the client and can be adopted without changes to the third parties.
Websites can include content, such as images and iframes, located on third-party servers. Browsers loading an HTML page will contact these additional servers to satisfy external content dependencies. Such interaction has privacy implications because it includes context related to the user's browsing history. For example, the widespread adoption of "social plugins" enables the respective social networking services to track a growing part of its members' online activity. These plugins are commonly implemented as HTML iframes originating from the domain of the respective social network. They are embedded in sites users might visit, for instance to read the news or do shopping. Facebook's Like button is an example of a social plugin. While one could prevent the browser from connecting to third-party servers, it would break existing functionality and thus be unlikely to be widely adopted. We propose a novel design for privacy-preserving social plugins that decouples the retrieval of user-specific content from the loading of third-party content. Our approach can be adopted by web browsers without the need for server-side changes. Our design has the benefit of avoiding the transmission of user-identifying information to the third-party server while preserving the original functionality of the plugins.
In addition, we propose an architecture which reduces the networks involved when routing traffic to a website. Users then have to trust fewer organizations with their traffic. Such trust is necessary today because for example we observe that only 30% of popular web servers offer HTTPS. At the same time there is evidence that network adversaries carry out active and passive attacks against users. We argue that if end-to-end security with a server is not available the next best thing is a secure link to a network that is close to the server and will act as a gateway. Our approach identifies network vantage points in the cloud, enables a client to establish secure tunnels to them and intelligently routes traffic based on its destination. The proliferation of infrastructure-as-a-service platforms makes it practical for users to benefit from the cloud. We determine that our architecture is practical because our proposed use of the cloud aligns with existing ways end-user devices leverage it today. Users control both endpoints of the tunnel and do not depend on the cooperation of individual websites. We are thus able to eliminate third-party networks for 20% of popular web servers, reduce network paths to 1 hop for an additional 20% and shorten the rest.
We hypothesize that user privacy on the web can be improved in terms of transparency and control by reducing the systems and services that are indirectly and automatically involved. We also hypothesize that such reduction can be achieved unilaterally through client-side initiatives and without affecting the operation of individual websites
WARP: A ICN architecture for social data
Social network companies maintain complete visibility and ownership of the
data they store. However users should be able to maintain full control over
their content. For this purpose, we propose WARP, an architecture based upon
Information-Centric Networking (ICN) designs, which expands the scope of the
ICN architecture beyond media distribution, to provide data control in social
networks. The benefit of our solution lies in the lightweight nature of the
protocol and in its layered design. With WARP, data distribution and access
policies are enforced on the user side. Data can still be replicated in an ICN
fashion but we introduce control channels, named \textit{thread updates}, which
ensures that the access to the data is always updated to the latest control
policy. WARP decentralizes the social network but still offers APIs so that
social network providers can build products and business models on top of WARP.
Social applications run directly on the user's device and store their data on
the user's \textit{butler} that takes care of encryption and distribution.
Moreover, users can still rely on third parties to have high-availability
without renouncing their privacy
Wireless Communications in the Era of Big Data
The rapidly growing wave of wireless data service is pushing against the
boundary of our communication network's processing power. The pervasive and
exponentially increasing data traffic present imminent challenges to all the
aspects of the wireless system design, such as spectrum efficiency, computing
capabilities and fronthaul/backhaul link capacity. In this article, we discuss
the challenges and opportunities in the design of scalable wireless systems to
embrace such a "bigdata" era. On one hand, we review the state-of-the-art
networking architectures and signal processing techniques adaptable for
managing the bigdata traffic in wireless networks. On the other hand, instead
of viewing mobile bigdata as a unwanted burden, we introduce methods to
capitalize from the vast data traffic, for building a bigdata-aware wireless
network with better wireless service quality and new mobile applications. We
highlight several promising future research directions for wireless
communications in the mobile bigdata era.Comment: This article is accepted and to appear in IEEE Communications
Magazin
User's Privacy in Recommendation Systems Applying Online Social Network Data, A Survey and Taxonomy
Recommender systems have become an integral part of many social networks and
extract knowledge from a user's personal and sensitive data both explicitly,
with the user's knowledge, and implicitly. This trend has created major privacy
concerns as users are mostly unaware of what data and how much data is being
used and how securely it is used. In this context, several works have been done
to address privacy concerns for usage in online social network data and by
recommender systems. This paper surveys the main privacy concerns, measurements
and privacy-preserving techniques used in large-scale online social networks
and recommender systems. It is based on historical works on security,
privacy-preserving, statistical modeling, and datasets to provide an overview
of the technical difficulties and problems associated with privacy preserving
in online social networks.Comment: 26 pages, IET book chapter on big data recommender system
- …