Perceived risk and sensitive data on mobile devices

This paper reports on a survey to investigate the behaviour and assumptions of smartphone users, with reference to the security practices adopted by such users. The primary objective was to shed light on the level of information security awareness in smartphone users and determine the extent of sensitive information such users typically hold on these mobile devices

Shopping For Privacy: How Technology in Brick-and-Mortar Retail Stores Poses Privacy Risks for Shoppers

As technology continues to rapidly advance, the American legal system has failed to protect individual shoppers from the technology implemented into retail stores, which poses significant privacy risks but does not violate the law. In particular, I examine the technologies implemented into many brick-and-mortar stores today, many of which the average everyday shopper has no idea exists. This Article criticizes these technologies, suggesting that many, if not all of them, are questionable in their legality taking advantage of their status in a legal gray zone. Because the American judicial system cannot adequately protect the individual shopper from these questionable privacy practices, I call upon the Federal Trade Commission, the de facto privacy regulator in the United States, to increase its policing of physical retail stores to protect the shopper from any further harm

What do they know about me? Contents and Concerns of Online Behavioral Profiles

Data aggregators collect large amount of information about individual users and create detailed online behavioral profiles of individuals. Behavioral profiles benefit users by improving products and services. However, they have also raised concerns regarding user privacy, transparency of collection practices and accuracy of data in the profiles. To improve transparency, some companies are allowing users to access their behavioral profiles. In this work, we investigated behavioral profiles of users by utilizing these access mechanisms. Using in-person interviews (n=8), we analyzed the data shown in the profiles, elicited user concerns, and estimated accuracy of profiles. We confirmed our interview findings via an online survey (n=100). To assess the claim of improving transparency, we compared data shown in profiles with the data that companies have about users. More than 70% of the participants expressed concerns about collection of sensitive data such as credit and health information, level of detail and how their data may be used. We found a large gap between the data shown in profiles and the data possessed by companies. A large number of profiles were inaccurate with as much as 80% inaccuracy. We discuss implications for public policy management.Comment: in Ashwini Rao, Florian Schaub, and Norman Sadeh What do they know about me? Contents and Concerns of Online Behavioral Profiles (2014) ASE BigData/SocialInformatics/PASSAT/BioMedCom Conferenc

A Survey on Smart Home Authentication: Toward Secure, Multi-Level and Interaction-based Identification

With the increased number and reduced cost of smart devices, Internet of Things (IoT) applications such as smart home (SHome) are increasingly popular. Owing to the characteristics of IoT environments such as resource constrained devices, existing authentication solutions may not be suitable to secure these environments. As a result, a number of authentication solutions specifically designed for IoT environments have been proposed. This paper provides a critical analysis of existing authentication solutions. The major contributions of the paper are as follows. First, it presents a generic model derived from an SHome use-case scenario. Secondly, based on the model, it performs a threat analysis to identify possible means of attacks. The analysis leads to the specification of a set of desirable security requirements for the design of authentication solutions for SHome. Thirdly, based on the requirements, existing authentication solutions are analysed and some ideas for achieving effective and efficient authentication in IoT environments are proposed

Big Brother is Listening to You: Digital Eavesdropping in the Advertising Industry

In the Digital Age, information is more accessible than ever. Unfortunately, that accessibility has come at the expense of privacy. Now, more and more personal information is in the hands of corporations and governments, for uses not known to the average consumer. Although these entities have long been able to keep tabs on individuals, with the advent of virtual assistants and “always-listening” technologies, the ease by which a third party may extract information from a consumer has only increased. The stark reality is that lawmakers have left the American public behind. While other countries have enacted consumer privacy protections, the United States has no satisfactory legal framework in place to curb data collection by greedy businesses or to regulate how those companies may use and protect consumer data. This Article contemplates one use of that data: digital advertising. Inspired by stories of suspiciously well-targeted advertisements appearing on social media websites, this Article additionally questions whether companies have been honest about their collection of audio data. To address the potential harms consumers may suffer as a result of this deficient privacy protection, this Article proposes a framework wherein companies must acquire users\u27 consent and the government must ensure that businesses do not use consumer information for harmful purposes

Online banking customization via tag-based interaction

In this paper, we describe ongoing work on online banking customization with a particular focus on interaction. The scope of the study is confined to the Australian banking context where the lack of customization is evident. This paper puts forward the notion of using tags to facilitate personalized interactions in online banking. We argue that tags can afford simple and intuitive interactions unique to every individual in both online and mobile environments. Firstly, through a review of related literature, we frame our work in the customization domain. Secondly, we define a range of taggable resources in online banking. Thirdly, we describe our preliminary prototype implementation with respect to interaction customization types. Lastly, we conclude with a discussion on future work

Cyber security investigation for Raspberry Pi devices

Big Data on Cloud application is growing rapidly. When the cloud is attacked, the investigation relies on digital forensics evidence. This paper proposed the data collection via Raspberry Pi devices, in a healthcare situation. The significance of this work is that could be expanded into a digital device array that takes big data security issues into account. There are many potential impacts in health area. The field of Digital Forensics Science has been tagged as a reactive science by some who believe research and study in the field often arise as a result of the need to respond to event which brought about the needs for investigation; this work was carried as a proactive research that will add knowledge to the field of Digital Forensic Science. The Raspberry Pi is a cost-effective, pocket sized computer that has gained global recognition since its development in 2008; with the wide spread usage of the device for different computing purposes. Raspberry Pi can potentially be a cyber security device, which can relate with forensics investigation in the near future. This work has used a systematic approach to study the structure and operation of the device and has established security issues that the widespread usage of the device can pose, such as health or smart city. Furthermore, its evidential information applied in security will be useful in the event that the device becomes a subject of digital forensic investigation in the foreseeable future. In healthcare system, PII (personal identifiable information) is a very important issue. When Raspberry Pi plays a processor role, its security is vital; consequently, digital forensics investigation on the Raspberry Pies becomes necessary