102,661 research outputs found
Case study:exploring children’s password knowledge and practices
Children use technology from a very young age, and often have to authenticate themselves. Yet very little attention has been paid to designing authentication specifically for this particular target group. The usual practice is to deploy the ubiquitous password, and this might well be a suboptimal choice. Designing authentication for children requires acknowledgement of child-specific developmental challenges related to literacy, cognitive abilities and differing developmental stages. Understanding the current state of play is essential, to deliver insights that can inform the development of child-centred authentication mechanisms and processes. We carried out a systematic literature review of all research related to children and authentication since 2000. A distinct research gap emerged from the analysis. Thus, we designed and administered a survey to school children in the United States (US), so as to gain insights into their current password usage and behaviors. This paper reports preliminary results from a case study of 189 children (part of a much larger research effort). The findings highlight age-related differences in children’s password understanding and practices. We also discovered that children confuse concepts of safety and security. We conclude by suggesting directions for future research. This paper reports on work in progress.<br/
How to Balance Privacy and Money through Pricing Mechanism in Personal Data Market
A personal data market is a platform including three participants: data
owners (individuals), data buyers and market maker. Data owners who provide
personal data are compensated according to their privacy loss. Data buyers can
submit a query and pay for the result according to their desired accuracy.
Market maker coordinates between data owner and buyer. This framework has been
previously studied based on differential privacy. However, the previous study
assumes data owners can accept any level of privacy loss and data buyers can
conduct the transaction without regard to the financial budget. In this paper,
we propose a practical personal data trading framework that is able to strike a
balance between money and privacy. In order to gain insights on user
preferences, we first conducted an online survey on human attitude to- ward
privacy and interest in personal data trading. Second, we identify the 5 key
principles of personal data market, which is important for designing a
reasonable trading frame- work and pricing mechanism. Third, we propose a
reason- able trading framework for personal data which provides an overview of
how the data is traded. Fourth, we propose a balanced pricing mechanism which
computes the query price for data buyers and compensation for data owners
(whose data are utilized) as a function of their privacy loss. The main goal is
to ensure a fair trading for both parties. Finally, we will conduct an
experiment to evaluate the output of our proposed pricing mechanism in
comparison with other previously proposed mechanism
Quantification of De-anonymization Risks in Social Networks
The risks of publishing privacy-sensitive data have received considerable
attention recently. Several de-anonymization attacks have been proposed to
re-identify individuals even if data anonymization techniques were applied.
However, there is no theoretical quantification for relating the data utility
that is preserved by the anonymization techniques and the data vulnerability
against de-anonymization attacks.
In this paper, we theoretically analyze the de-anonymization attacks and
provide conditions on the utility of the anonymized data (denoted by anonymized
utility) to achieve successful de-anonymization. To the best of our knowledge,
this is the first work on quantifying the relationships between anonymized
utility and de-anonymization capability. Unlike previous work, our
quantification analysis requires no assumptions about the graph model, thus
providing a general theoretical guide for developing practical
de-anonymization/anonymization techniques.
Furthermore, we evaluate state-of-the-art de-anonymization attacks on a
real-world Facebook dataset to show the limitations of previous work. By
comparing these experimental results and the theoretically achievable
de-anonymization capability derived in our analysis, we further demonstrate the
ineffectiveness of previous de-anonymization attacks and the potential of more
powerful de-anonymization attacks in the future.Comment: Published in International Conference on Information Systems Security
and Privacy, 201
- …