2,011 research outputs found

    A framework for analyzing RFID distance bounding protocols

    Get PDF
    Many distance bounding protocols appropriate for the RFID technology have been proposed recently. Unfortunately, they are commonly designed without any formal approach, which leads to inaccurate analyzes and unfair comparisons. Motivated by this need, we introduce a unied framework that aims to improve analysis and design of distance bounding protocols. Our framework includes a thorough terminology about the frauds, adversary, and prover, thus disambiguating many misleading terms. It also explores the adversary's capabilities and strategies, and addresses the impact of the prover's ability to tamper with his device. It thus introduces some new concepts in the distance bounding domain as the black-box and white-box models, and the relation between the frauds with respect to these models. The relevancy and impact of the framework is nally demonstrated on a study case: Munilla-Peinado distance bounding protocol

    After the Gold Rush: The Boom of the Internet of Things, and the Busts of Data-Security and Privacy

    Get PDF
    This Article addresses the impact that the lack of oversight of the Internet of Things has on digital privacy. While the Internet of Things is but one vehicle for technological innovation, it has created a broad glimpse into domestic life, thus triggering several privacy issues that the law is attempting to keep pace with. What the Internet of Things can reveal is beyond the control of the individual, as it collects information about every practical aspect of an individual’s life, and provides essentially unfettered access into the mind of its users. This Article proposes that the federal government and the state governments bend toward consumer protection while creating a cogent and predictable body of law surrounding the Internet of Things. Through privacy-by-design or self-help, it is imperative that the Internet of Things—and any of its unforeseen progeny—develop with an eye toward safeguarding individual privacy while allowing technological development

    Semantic discovery and reuse of business process patterns

    Get PDF
    Patterns currently play an important role in modern information systems (IS) development and their use has mainly been restricted to the design and implementation phases of the development lifecycle. Given the increasing significance of business modelling in IS development, patterns have the potential of providing a viable solution for promoting reusability of recurrent generalized models in the very early stages of development. As a statement of research-in-progress this paper focuses on business process patterns and proposes an initial methodological framework for the discovery and reuse of business process patterns within the IS development lifecycle. The framework borrows ideas from the domain engineering literature and proposes the use of semantics to drive both the discovery of patterns as well as their reuse

    Exploratory analysis of Internet of Things (IoT): revolutionizing the grocery retail industry

    Get PDF
    This dissertation has investigated the consequences of implementing Internet of Things (IoT) technologies in grocery retailing by analyzing customers' perceptions of eight prominent technologies. The objective was to investigate and explore to what degree implementing these technologies would impact the customer experience. Based on secondary research, this thesis focuses on eight prominent technologies that presumably will encounter an increasing utilization in the visible future; Self-Scanning, Smart Robots, Smart Shelves, Smart Shopping Cart, Smart Fridge, Just Walk Out, Personalized Promotion/Pricing, and Mobile Apps. The technology distribution varies across different stages in the customer journey, and research indicates that IoT has the most significant impact in the pre-purchase stage. A comprehensive exploratory survey was conducted through Amazon mTurk with a wide range of respondents (n=204), giving valuable insight into demographic differences' influence on each technology perception. The investigation uncovered vast differences in several areas such as age, attitude, and privacy. Among other findings, the age segment 35-44 is more confident towards IoT technology than the age segment 55+, and shoppers with a positive attitude towards grocery shopping have higher confidence towards the technologies than shoppers with a negative attitude. On a widespread basis, the findings revealed that all eight technologies would positively affect customer experience to a certain level. Keywords: Internet of Things, Grocery Retailing, Customer Journey, Customer Experience, Autonomous Retail

    Probabilistic yoking proofs for large scale IoT systems

    Get PDF
    Yoking (or grouping) proofs were introduced in 2004 as a security construction for RFID applications in which it is needed to build an evidence that several objects have been scanned simultaneously or, at least, within a short time. Such protocols were designed for scenarios where only a few tags (typically just two) are involved, so issues such as preventing an object from abandoning the proof right after being interrogated simply do not make sense. The idea, however, is very interesting for many Internet of Things (IoT) applications where a potentially large population of objects must be grouped together. In this paper we address this issue by presenting the notion of Probabilistic Yoking Proofs (PYP) and introducing three main criteria to assess their performance: cost, security, and fairness. Our proposal combines the message structure found in classical grouping proof constructions with an iterative Poisson sampling process where the probability of each object being sampled varies over time. We introduce a number of mechanisms to apply fluctuations to each object's sampling probability and present different sampling strategies. Our experimental results confirm that most strategies achieve good security and fairness levels while keeping the overall protocol cost down. (C) 2015 Elsevier B.V. All rights reserved.This work was supported by the MINECO Grant TIN2013 46469 R (SPINY: Security and Privacy in the Internet of You)

    A Hybrid Tracking System of Human Resources: A Case Study in a Canadian University

    Get PDF
    Radio Frequency Identification (RFID), including Real-Time Location Systems (RTLS) and Global Positioning Systems (GPS), are technologies that have evolved considerably in the past few years. They have the potential to provide a means by which organizations can follow employees in real time. However, this permanent surveillance may have unexpected impacts on employees as well as on the organization itself. We followed the systems development research process to build a hybrid RFID-GPS system that allowed for the real-time location of human resources both indoors and outdoors. We tested this system in the security service of a Canadian university and explored its impacts on the workgroup and its employees. Our findings suggest that this kind of system can work in a real-world context, and that it has distinct impacts on the individual and the organization of a type not usually observed with more traditional information systems

    Töötaja privaatsuse kaitse digitaalsel töökohal

    Get PDF
    Väitekirja elektrooniline versioon ei sisalda publikatsiooneTänapäeva töökohad digitaliseeruvad üha enam. Uued rakendused ja nutiseadmed võimaldavad tööandjatel koguda hulgaliselt töötajate isikuandmeid erinevatest allikatest. Taoliste tehniliste võimaluste olemasolu võib kergelt viia töötaja isikuandmete kaitse reeglite rikkumise ja privaatsust riivava käitumiseni. Doktoritöös analüüsin, kuidas Euroopa Liidu privaatsus- ja andmekaitseraamistik tuleb antud väljakutsega toime ning kuivõrd suudab kaitsta töötajat privaatsust riivava jälgimise eest töökeskkonnas. Doktoritöö põhineb viiel eelretsenseeritud publikatsioonil ja keskendub privaatsuse ning andmekaitse küsimustele, mis käsitlevad kolme digitaalset jälgimistehnoloogiat – töötaja sotsiaalmeedia jälgimine, mikrokiibistatud töötajate jälgimine ja kontaktide tuvastamist võimaldavate rakenduste abil töötajate jälgimine COVID-19 leviku ajal. Doktoritöö eesmärk on kindlaks teha, kas EL-is on vaja kehtestada õigusakt, mis reguleerib töötaja privaatsust ja andmekaitset juhul, kui tööandja rakendab digitaalseid jälgimistehnoloogiaid ja millistel tingimustel peaks jälgimine olema lubatud. Doktoritöös väidan, et invasiivsete jälgimispraktikate ja töösuhte osapoole ebavõrdsete positsioonide tõttu on vajalik EL tasandi õigusakt, mis võimaldab töötajal keelduda privaatsust riivavast jälgimistehnoloogiast ja annab tööandjale juhiseid, millistel tingimustel on töötaja jälgimine lubatud. Näiteks tuleb õigusaktiga ette näha, et tööandja ei tohi töötajat jälgida ja tema andmeid töödelda, kui selleks puudub vajadus. Sellest reeglist võib teha erandi näiteks kuriteo, tõsise väärkäitumise või muude õigusaktis üheselt esitatud põhjustel, näiteks tööõnnetuse ennetamiseks. Töökohal ei tohi lubada salajast jälgimist ja liikumisandmete kogumist.Today’s workplaces are becoming increasingly digitalized. New applications and smart devices enable employers to collect enormous quantities of employees’ personal data from a vast array of sources through inexpensive means. These practises may be accompanied by intensification of the processing of employee data and possible intrusions to their privacy. My dissertation examines how the current privacy and data protection framework in the EU is equipped to protect employees from privacy-invasive monitoring practices. The dissertation is based on five peer-reviewed publications and focuses on privacy and data protection issues concerning three specific digital monitoring technologies – social media monitoring, monitoring microchipped employees and digital monitoring technologies, e.g. contact tracing technologies, used during COVID-19 pandemic. The aim of the dissertation is to ascertain whether there is a need for specific rules at the EU level that regulate privacy and data protection if an employer uses digital monitoring technologies and on what conditions employee monitoring using these technologies should be allowed. The findings of this dissertation indicate that due to the increased use of the digital monitoring technologies and imbalance of power in an employment relationship, EU legislation is needed to strengthen employees' ability to reject privacy-invasive monitoring technologies and give employers clarity under what conditions monitoring is allowed. EU legislation should clearly state that if not necessary, employers should refrain from the use of digital monitoring technologies. Exceptions might be allowed only in case of criminal activities, serious malpractice or other just causes e.g. prevention of accidents at work. Legislation should also entail stricter obligations for employers, such as consultations with employees’ representatives. Covert monitoring and the possibility to gather movement data inside the workplace should be prohibited
    corecore