40,206 research outputs found
Systemization of Pluggable Transports for Censorship Resistance
An increasing number of countries implement Internet censorship at different
scales and for a variety of reasons. In particular, the link between the
censored client and entry point to the uncensored network is a frequent target
of censorship due to the ease with which a nation-state censor can control it.
A number of censorship resistance systems have been developed thus far to help
circumvent blocking on this link, which we refer to as link circumvention
systems (LCs). The variety and profusion of attack vectors available to a
censor has led to an arms race, leading to a dramatic speed of evolution of
LCs. Despite their inherent complexity and the breadth of work in this area,
there is no systematic way to evaluate link circumvention systems and compare
them against each other. In this paper, we (i) sketch an attack model to
comprehensively explore a censor's capabilities, (ii) present an abstract model
of a LC, a system that helps a censored client communicate with a server over
the Internet while resisting censorship, (iii) describe an evaluation stack
that underscores a layered approach to evaluate LCs, and (iv) systemize and
evaluate existing censorship resistance systems that provide link
circumvention. We highlight open challenges in the evaluation and development
of LCs and discuss possible mitigations.Comment: Content from this paper was published in Proceedings on Privacy
Enhancing Technologies (PoPETS), Volume 2016, Issue 4 (July 2016) as "SoK:
Making Sense of Censorship Resistance Systems" by Sheharbano Khattak, Tariq
Elahi, Laurent Simon, Colleen M. Swanson, Steven J. Murdoch and Ian Goldberg
(DOI 10.1515/popets-2016-0028
The control over personal data: True remedy or fairy tale ?
This research report undertakes an interdisciplinary review of the concept of
"control" (i.e. the idea that people should have greater "control" over their
data), proposing an analysis of this con-cept in the field of law and computer
science. Despite the omnipresence of the notion of control in the EU policy
documents, scholarly literature and in the press, the very meaning of this
concept remains surprisingly vague and under-studied in the face of
contemporary socio-technical environments and practices. Beyond the current
fashionable rhetoric of empowerment of the data subject, this report attempts
to reorient the scholarly debates towards a more comprehensive and refined
understanding of the concept of control by questioning its legal and technical
implications on data subject\^as agency
Eavesdropping Whilst You're Shopping: Balancing Personalisation and Privacy in Connected Retail Spaces
Physical retailers, who once led the way in tracking with loyalty cards and
`reverse appends', now lag behind online competitors. Yet we might be seeing
these tables turn, as many increasingly deploy technologies ranging from simple
sensors to advanced emotion detection systems, even enabling them to tailor
prices and shopping experiences on a per-customer basis. Here, we examine these
in-store tracking technologies in the retail context, and evaluate them from
both technical and regulatory standpoints. We first introduce the relevant
technologies in context, before considering privacy impacts, the current
remedies individuals might seek through technology and the law, and those
remedies' limitations. To illustrate challenging tensions in this space we
consider the feasibility of technical and legal approaches to both a) the
recent `Go' store concept from Amazon which requires fine-grained, multi-modal
tracking to function as a shop, and b) current challenges in opting in or out
of increasingly pervasive passive Wi-Fi tracking. The `Go' store presents
significant challenges with its legality in Europe significantly unclear and
unilateral, technical measures to avoid biometric tracking likely ineffective.
In the case of MAC addresses, we see a difficult-to-reconcile clash between
privacy-as-confidentiality and privacy-as-control, and suggest a technical
framework which might help balance the two. Significant challenges exist when
seeking to balance personalisation with privacy, and researchers must work
together, including across the boundaries of preferred privacy definitions, to
come up with solutions that draw on both technology and the legal frameworks to
provide effective and proportionate protection. Retailers, simultaneously, must
ensure that their tracking is not just legal, but worthy of the trust of
concerned data subjects.Comment: 10 pages, 1 figure, Proceedings of the PETRAS/IoTUK/IET Living in the
Internet of Things Conference, London, United Kingdom, 28-29 March 201
Systematizing Decentralization and Privacy: Lessons from 15 Years of Research and Deployments
Decentralized systems are a subset of distributed systems where multiple
authorities control different components and no authority is fully trusted by
all. This implies that any component in a decentralized system is potentially
adversarial. We revise fifteen years of research on decentralization and
privacy, and provide an overview of key systems, as well as key insights for
designers of future systems. We show that decentralized designs can enhance
privacy, integrity, and availability but also require careful trade-offs in
terms of system complexity, properties provided, and degree of
decentralization. These trade-offs need to be understood and navigated by
designers. We argue that a combination of insights from cryptography,
distributed systems, and mechanism design, aligned with the development of
adequate incentives, are necessary to build scalable and successful
privacy-preserving decentralized systems
Systematizing Genome Privacy Research: A Privacy-Enhancing Technologies Perspective
Rapid advances in human genomics are enabling researchers to gain a better
understanding of the role of the genome in our health and well-being,
stimulating hope for more effective and cost efficient healthcare. However,
this also prompts a number of security and privacy concerns stemming from the
distinctive characteristics of genomic data. To address them, a new research
community has emerged and produced a large number of publications and
initiatives.
In this paper, we rely on a structured methodology to contextualize and
provide a critical analysis of the current knowledge on privacy-enhancing
technologies used for testing, storing, and sharing genomic data, using a
representative sample of the work published in the past decade. We identify and
discuss limitations, technical challenges, and issues faced by the community,
focusing in particular on those that are inherently tied to the nature of the
problem and are harder for the community alone to address. Finally, we report
on the importance and difficulty of the identified challenges based on an
online survey of genome data privacy expertsComment: To appear in the Proceedings on Privacy Enhancing Technologies
(PoPETs), Vol. 2019, Issue
Privacy in crowdsourcing:a systematic review
The advent of crowdsourcing has brought with it multiple privacy challenges. For example, essential monitoring activities, while necessary and unavoidable, also potentially compromise contributor privacy. We conducted an extensive literature review of the research related to the privacy aspects of crowdsourcing. Our investigation revealed interesting gender differences and also differences in terms of individual perceptions. We conclude by suggesting a number of future research directions.</p
- …