6,378 research outputs found
Web Tracking: Mechanisms, Implications, and Defenses
This articles surveys the existing literature on the methods currently used
by web services to track the user online as well as their purposes,
implications, and possible user's defenses. A significant majority of reviewed
articles and web resources are from years 2012-2014. Privacy seems to be the
Achilles' heel of today's web. Web services make continuous efforts to obtain
as much information as they can about the things we search, the sites we visit,
the people with who we contact, and the products we buy. Tracking is usually
performed for commercial purposes. We present 5 main groups of methods used for
user tracking, which are based on sessions, client storage, client cache,
fingerprinting, or yet other approaches. A special focus is placed on
mechanisms that use web caches, operational caches, and fingerprinting, as they
are usually very rich in terms of using various creative methodologies. We also
show how the users can be identified on the web and associated with their real
names, e-mail addresses, phone numbers, or even street addresses. We show why
tracking is being used and its possible implications for the users (price
discrimination, assessing financial credibility, determining insurance
coverage, government surveillance, and identity theft). For each of the
tracking methods, we present possible defenses. Apart from describing the
methods and tools used for keeping the personal data away from being tracked,
we also present several tools that were used for research purposes - their main
goal is to discover how and by which entity the users are being tracked on
their desktop computers or smartphones, provide this information to the users,
and visualize it in an accessible and easy to follow way. Finally, we present
the currently proposed future approaches to track the user and show that they
can potentially pose significant threats to the users' privacy.Comment: 29 pages, 212 reference
InShopnito: an advanced yet privacy-friendly mobile shopping application
Mobile Shopping Applications (MSAs) are rapidly gaining popularity. They enhance the shopping experience, by offering customized recommendations or incorporating customer loyalty programs. Although MSAs are quite effective at attracting new customers and binding existing ones to a retailer's services, existing MSAs have several shortcomings. The data collection practices involved in MSAs and the lack of transparency thereof are important concerns for many customers. This paper presents inShopnito, a privacy-preserving mobile shopping application. All transactions made in inShopnito are unlinkable and anonymous. However, the system still offers the expected features from a modern MSA. Customers can take part in loyalty programs and earn or spend loyalty points and electronic vouchers. Furthermore, the MSA can suggest personalized recommendations even though the retailer cannot construct rich customer profiles. These profiles are managed on the smartphone and can be partially disclosed in order to get better, customized recommendations. Finally, we present an implementation called inShopnito, of which the security and performance is analyzed. In doing so, we show that it is possible to have a privacy-preserving MSA without having to sacrifice practicality
Security and Privacy Issues in Wireless Mesh Networks: A Survey
This book chapter identifies various security threats in wireless mesh
network (WMN). Keeping in mind the critical requirement of security and user
privacy in WMNs, this chapter provides a comprehensive overview of various
possible attacks on different layers of the communication protocol stack for
WMNs and their corresponding defense mechanisms. First, it identifies the
security vulnerabilities in the physical, link, network, transport, application
layers. Furthermore, various possible attacks on the key management protocols,
user authentication and access control protocols, and user privacy preservation
protocols are presented. After enumerating various possible attacks, the
chapter provides a detailed discussion on various existing security mechanisms
and protocols to defend against and wherever possible prevent the possible
attacks. Comparative analyses are also presented on the security schemes with
regards to the cryptographic schemes used, key management strategies deployed,
use of any trusted third party, computation and communication overhead involved
etc. The chapter then presents a brief discussion on various trust management
approaches for WMNs since trust and reputation-based schemes are increasingly
becoming popular for enforcing security in wireless networks. A number of open
problems in security and privacy issues for WMNs are subsequently discussed
before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the
author's previous submission in arXiv submission: arXiv:1102.1226. There are
some text overlaps with the previous submissio
Trusted Computing in Mobile Action
Due to the convergence of various mobile access technologies like UMTS, WLAN,
and WiMax the need for a new supporting infrastructure arises. This
infrastructure should be able to support more efficient ways to authenticate
users and devices, potentially enabling novel services based on the security
provided by the infrastructure. In this paper we exhibit some usage scenarios
from the mobile domain integrating trusted computing, which show that trusted
computing offers new paradigms for implementing trust and by this enables new
technical applications and business scenarios. The scenarios show how the
traditional boundaries between technical and authentication domains become
permeable while a high security level is maintained.Comment: In: Peer-reviewed Proceedings of the Information Security South
Africa (ISSA) 2006 From Insight to Foresight Conference, 5 to 7 July 2006,
Sandton, South Afric
Migration control for mobile agents based on passport and visa
Research on mobile agents has attracted much attention as this paradigm has demonstrated great potential for the next-generation e-commerce. Proper solutions to security-related problems become key factors in the successful deployment of mobile agents in e-commerce systems. We propose the use of passport and visa (P/V) for securing mobile agent migration across communities based on the SAFER e-commerce framework. P/V not only serves as up-to-date digital credentials for agent-host authentication, but also provides effective security mechanisms for online communities to control mobile agent migration. Protection for mobile agents, network hosts, and online communities is enhanced using P/V. We discuss the design issues in details and evaluate the implementation of the proposed system
Shadow Phone and Ghost SIM: A Step Toward Geolocation Anonymous Calling
abstract: Mobile telephony is a critical aspect of our modern society: through telephone calls,
it is possible to reach almost anyone around the globe. However, every mobile telephone
call placed implicitly leaks the user's location to the telephony service provider (TSP).
This privacy leakage is due to the fundamental nature of mobile telephony calls that
must connect to a local base station to receive service and place calls. Thus, the TSP
can track the physical location of the user for every call that they place. While the
The Internet is similar in this regard, privacy-preserving technologies such as Tor allow
users to connect to websites anonymously (without revealing to their ISP the site
that they are visiting). In this thesis, the scheme presented, called shadow calling,
to allow geolocation anonymous calling from legacy mobile devices. In this way,
the call is placed from the same number, however, the TSP will not know the user's
physical location. The scheme does not require any change on the network side and
can be used on current mobile networks. The scheme implemented is for the GSM
(commonly referred to as 2G) network, as it is the most widely used mode of mobile
telephony communication. The feasibility of our scheme is demonstrated through the
prototype. Shadow calling, which renders the users geolocation anonymous, will be
beneficial for users such as journalists, human rights activists in hostile nations, or
other privacy-demanding users.Dissertation/ThesisMasters Thesis Computer Science 201
Recommended from our members
A modularized electronic payment system for agent-based e-commerce
With the explosive growth of the Internet, electronic-commerce (e-commerce) is an increasingly important segment of commercial activities on the web. The Secure Agent Fabrication, Evolution & Roaming (SAFER) architecture was proposed to further facilitate e-commerce using agent technology. In this paper, the electronic payment aspect of SAFER will be explored. The Secure Electronic Transaction (SET) protocol and E-Cash were selected as the bases for the electronic payment system implementation. The various modules of the payment system and how they interface with each other are shown. An extensible implementation done using JavaTM will also be elaborated. This application incorporates agent roaming functionality and the ability to conduct e-commerce transactions and carry out intelligent e-payment procedures
- …