42 research outputs found
3G UMTS man in the middle attacks and policy reform considerations
Man in the middle attacks on 3G UMTS have been a known vulnerability since at least 2004. Many experts have presented solutions to resolve this issue. The first attempt to mitigate the issue in the form of mutual authentication fell short. It is now public knowledge that law enforcement and the FBI have used this man in the middle style attack to collect intelligence within the United States. It is imperative we openly acknowledge that while the man in the middle attack has immediate benefits, there are also inherent risks to maintaining a lower standard of security.
There has been no official documentation from these agencies on the protocol used to conduct these collections. This paper will outline the deficiency in GSM and UMTS, show how a man in the middle style attack would work and what is keeping the attack still possible after so many years.
Finally, there will be four points to consider for preliminary policy reform; constitutionality, oversight, vulnerability, and protection
Privacy, Security and the Cyber Dilemma: An Examination of New Zealand’s Response to the Rising Threat of Cyber-attack
Cyber-attacks present significant challenges to a modern, globalised world. Progressively used by criminal and terrorist organisations to attack or victimise non-state actors, governments are increasingly forced to pursue cyber-security strategies to ensure the security of their citizens and private sectors. An examination of New Zealand’s response to the threat of cyber-attacks shows that successive governments have taken steps to enhance New Zealand’s domestic cyber-security capacity and international cyber-security partnerships. These steps have been highly contentious where they have resulted in greater domestic surveillance capabilities. Despite this, New Zealand has enacted significant oversight mechanisms that provide reassurance that the New Zealand Government is mindful of the delicate steps it must take to maintain an appropriate balance between privacy and security
An assessment of the knowledge processing environment in an organisation : a case study
Knowledge Management is associated with organisational initiatives in response to the demands of a knowledge-based economy in which the potential value of knowledge as a source for competitive advantage is recognised. However, the lack of a common understanding about knowledge itself, its characteristics and how it is constructed has led to diverse approaches about how to "manage" it. This study presents a critical overview of traditional and contemporary KM approaches. The main focus of this study was to discover and apply a suitable methodology for assessing an organisation's knowledge processing environment. This includes an analysis of the current practices and behaviours of people within the organisation relating to the creation of new knowledge and integrating such knowledge into day-to-day work. It also includes inferring from the above practices those policies and programmes that affect knowledge outcomes. This research makes extensive use of the Knowledge Life Cycle (KLC) framework and the Policy Synchronisation Method (PSM) developed by advocates of the New Knowledge Management movement. A case study approach was followed using a range of data collection methods, which included personal interviews, a social network survey and focus group discussions. The selected case is the small IT department at the East London campus of Rhodes University. Evidence from the case suggests that the knowledge processing environment within the IT department is unhealthy. The current knowledge processing practices and behaviours are undesirable and not geared towards the creation of new knowledge and the integration of such knowledge within the business processes of the IT department. There is little evidence of individual and organisational learning occurring and the problem solving process itself is severely hampered by dysfunctional knowledge practices. The study concludes that the above state of affairs is a reflection of the quality and appropriateness of policies and programmes in the extended organisation. Equally, the local definition of rules, procedures and the execution thereof at a business unit level is mostly lacking. The study illustrates that a systematic assessment of the knowledge processing environment provides the organisation with a sound baseline from where knowledge-based interventions can be launched
TRACK UP - Capturing user profile in a mobile platform
An Android application showing to the users what an application can know about them, their profile and their behaviour, combining data obtained from the phone and from cloud services. There is also an investigation about "user profiling" and an evaluation report[ANGLÈS] Nowadays, with the
rise of the smartphones, internet services and technology in general, the
life of millions of people has changed dras
tically. Specifically, people use smartphones every day
and those
store personal and important information about their lives. Therefore, smartphones
may know some personal and dangerous user information such as h
abits, interests and
relations. That informa
tion has been used by applications and services to improve the
experience between the user and the device, because knowing user information allow the
devices to anticipate the user’s actions. However, it’s known that that information is not only
used to im
prove the experience, but is also used by companies and government
s
to take own
advantage of the users information. The process to obtain user information is called user
profiling. So, proved that user profiling has good and bad things, it creates the dile
mma about
personalization vs privacy.
My project’s aim is to
build
an android application showing which kind of information the
applications are capable to obtain from the user life. Therefore, the application
tracks the user
during the whole day and s
tores some powerful information at the database. Finally, the user
can check which information has been obtained during the last days. Looking at the final result,
the application developed is running even when the application is closed, obtaining informat
ion
such as the whole day location, user wake up times, phone usages, friends, browse hist
ory,
personal information, etc.
Therefore, the project includes planning and management, research about the topic and the
moment situation, the study of requiremen
ts and software design, the application developing,
the project viva and the evaluation report
The developing process is preceded by a research report. The research consist
s in analysing
how
user profiling works nowadays and which information is importan
t in user profiling. The
research also studies how the term big data has changed our world and how it may be
dangerous, contrasting that some experts’ opinions. In addition, different ways to obtain
valuable information in android devices is studied in the
research and used later in the
developing process.
Finally, the evaluation report includes an evaluation of every part executed during the project.
This report analyses
extensively the
methodology used and the project planning and
management, comparing
the dates planned at the beginning and modified during the project.
Finally, the report also evaluates the application’s usability to find problems, using the
experience of some users and their opinion.[CASTELLÀ] En
estos días donde el uso de los smartphones, servicios de internet y la tecn
ología en general
ha crecido
rápidamente
, la vida de millones
de personas ha cambiado de forma sustancial.
Actualmente, mucha gente utiliza el
móvil
cada día,
ofreciéndoles
la oportunidad de o
btener
información personal
.
Por lo tanto, los smartphones pueden saber información personal
y
peligrosa del usuario como hábitos, intereses y relaci
ones sociales. Esta información es utilizada
por aplicacion
es y servicios para mejorar
la experiencia de usuario
, ya que conociendo
información del usuario los dispositivos se pueden anticipar a sus acciones.
Aun
así,
es
sabido
que esta información no es solo utilizada para mejorar la
experi
encia
sino que también la usan
empresas y gobiernos para sacar
un
provecho
,
ya sea económico o de otro tipo. Este proceso de
obtener información d
el usuari
o y guardarla es conocido como
“
user pr
ofiling
”
. Por lo tanto,
viendo que
“
user profiling
”
tiene ventajas e inconvenientes
para los usuarios, llegamos a la
discusión sobre si preferimos personalización o pri
vacidad
,
ya que normalmente una cosa va en
detrimento
de la otra.
El objetivo del proyecto consiste
en desarrollar una aplicación
Android
que muestre a los
usuarios que tipo de información suya son la
s aplicaciones capaces de obtener. Por lo tanto, la
aplicación
espía
el usuario durante todo el día y guarda
valiosa
i
nformación en la base de datos.
Finalmente
, el usuario puede comprobar qué
información ha sido obtenida durante los últimos
d
ías. Si nos fijamos en el resultado final, la aplicación desarrollada se está ejecutando incluso
cuando la aplicación está cerrada y obtiene información como la localización del usuario, las
horas que se despierta, los usos del teléfono
, amigos, el histori
al de búsqueda, información
personal, etc.
El proy
ecto incluye la planificación,
el
estudio sobre el tema y la situación actual
, el estudio de
requisitos y diseño del software, el desarrollo de la aplicación, la present
ación del proyecto y la
información de avaluación.
El desarrollo va prec
edido por el informe de investigación. La investigación consiste en analizar
como
“
user profiling
”
funciona hoy en dí
a y que
inf
ormación es importante.
Por otro lado, el
documente también analiza como el t
érmino
“
big data
”
ha cambiado el mundo y como eso
puede ser peligroso, contrastando con la opinión de expertos. Además, también se estudian
varias formas de obtener i
nformación en dispositivos
Android
que después se utilizan en el
desarrollo.
Finalmente, el informe de evaluación incluye la evaluación de cada parte del proyecto. Este
informe analiza extendidamente la metodología usada y
la planificación del pro
yecto,
5
comparando las fechas previstas en el inicio
con su modificación durante todo el proceso. Por
otra parte, la usabilidad de la aplicación también es analizada en este apartado, usando la
experi
encia
y
opini
ón de algunos usuarios.[CATALÀ] Avui en dia, amb
l’augment de l’ús dels
smartphones, serveis d’internet i la tecnologia en
general, la vida de milions de persones ha canviat de manera substancial. Actualment, molta
gent fa servir el mòbil cada dia, i aquests poden guardar informació personal dels usuaris. Per
tant, els smartp
hones poden
guardar
informació personal i perillosa de l’usuari com poden ser
hàbits, interessos i relacions socials. Aquesta informació és utilitzada per aplicacions i serveis
per millorar la experiència d’usuari, ja que saber informació de l’usuari perme
t als dispositius
anticipar
-
se a les seves accions. Tot i així, és sabut que aquesta informació no és només utilitzada
per millorar l’experiència, sinó que també la fan servir empreses i governs per treure ́n un profit
,
ja sigui econòmic o per altres motius
.
Aquest procés d’obtenir informació de l’usuari i guardar
-
la és anomenat “user profiling”. Per tant, veient que “user profiling” té coses bones i dolentes
arribem al dilema sobre si preferim personalització o privacitat ja que normalment una cosa va
en de
triment de l’altra.
L’objectiu del
projecte consisteix en desenvolupar una aplicació android ensenyant a l’usuari
quin tipus de informació
personal
són les aplicacions capaces d’obtenir. Per tant, l’aplicació espia
l’usuari durant tot el dia i guard
a valuosa informació a la base de dades. Finalment, l’usuari pot
comprovar quina informació ha estat obtinguda durant els últims dies. Si ens fixem en el resultat
final, l’aplicació desenvolupada s’està executant fins i tot quan l’aplicació està tancada i
obté
informació com la localització de l’usuari, les hores que l’usuari es lleva, els usos del telèfon,
amics, l’historial de cerca, informació personal, etc.
El projecte inclou
la planificació, recerca sobre el tema i la situació del moment, l’estudi d
els
requisits i del disseny del software, el desenvolupament de l’aplicació, la presentació del
projecte i l’informe d’avaluació.
El desenvolupament va precedit per l’informe de recerca. La recerca consisteix en analitzar com
“user profiling” funciona av
ui en dia i quina informació és important. D’altra banda, el document
també analitza com el terme de “big data” ha canviat el món i com això pot ser perillós
contrastant la opinió de diferents experts. A més a més, diverses maneres d’obtenir informació
val
uosa en dispositius android és estudiada a la recerca i utilitzada en el desenvolupament.
Finalment, l’informe d’avaluació inclou l’avaluació de cada part del projecte. Aquest informe
analitza extensament la metodologia usada i la planificació del proje
cte, comparant les dates
previstes a l’inici amb la seva modificació durant tot el procés. Per altra banda, la usabilitat de
l’aplicació també és analitzada en aquest apartat, fent servir l’experiència i l’opinió d’alguns
usuaris
Privacy in the internet of Things. Fostering user empowerment fhrough digital literacy
Os dispositivos da Internet das Coisas estão por todo o lado, desde o nascimento da computação
ubíqua que se prevê que a vida quotidiana do ser humano contenha milhões de dispositivos que con trolam todos os aspectos da nossa vida. Hoje em dia, temos veículos inteligentes, casas inteligentes,
cidades inteligentes, dispositivos vestíveis, entre outros, que utilizam vários tipos de dispositivos e
vários tipos de redes para comunicar. Estes dispositivos criam novas formas de recolha e tratamento
de dados pessoais de utilizadores e não utilizadores. A maioria dos utilizadores nais nem sequer
tem conhecimento ou tem pouco controlo sobre a informação que está a ser recolhida por estes
sistemas. Este trabalho adopta uma abordagem holística a este problema, começando por realizar
uma revisão da literatura para compilar as soluções actuais, os desa os e as oportunidades de
investigação futura. Realizando, em seguida, um inquérito para saber mais sobre o conhecimento
geral dos indivíduos acerca da privacidade, da Internet das Coisas e hábitos online e, nalmente,
com base na informação recolhida, é proposta uma aplicação móvel que fornece aos utilizadores
informações sobre os dispositivos que estão próximos e como proteger os dados que não querem
partilhar com estes dispositivos. Os testes com utilizadores revelaram que os participantes val orizam ter acesso a mais informações sobre termos relacionados com a privacidade. Esta aplicação
é capaz de detetar que tipo de dispositivos estão próximos, que tipo de dados são recolhidos por
esses dispositivos e apresentar opções de privacidade ao utilizador, quando possível, com o objetivo
de fornecer aos indivíduos uma ferramenta para tomarem decisões informadas sobre os seus dados
privados.Internet of Things devices are everywhere, since the birth of ubiquitous computing, human everyday
life is expected to contain millions of devices that control every aspect of our lives. Today we
have smart vehicles, smart houses, smart cities, wearables among other things that use various
types of devices, and various types of networks to communicate. These devices create new ways
of collecting and processing personal data from users, and non-users. Most end users are not even
aware or have little control over the information that is being collected by these systems. This work
takes a holistic approach to this problem by rst conducting a literature review to compile current
solutions, challenges and future research opportunities. Then conducting a survey to learn more
about the general knowledge of individuals about privacy, the Internet of Things and online habits,
and nally, based on the information gathered, a mobile application is proposed that gives users
information about nearby devices, and how to protect the data that they do not want to share
with them. User testing revealed that participants valued having access to more information about
privacy related terms. This application is capable of detecting what type of devices are nearby,
what kind of data is collected by these devices, and displaying privacy options to the user, when it
is possible to do so, with the goal of providing individuals a tool to make informed decisions about
their private data
The Prosecutor in your pocket: a study on the constitutional issues arising out of the use of social media evidence in government investigations with a specific focus on the right to privacy
Full textToday, individuals network and interact with each other in radically different ways, using social networking sites such as Facebook and Twitter. Utilizing this new media, individuals are able to share intimate details of their lives, coordinate activities, and exchange ideas with friends, family and others in ways previously accomplished only in person, by telephone, or in written letters stored in one 's home. At the same time, social networking sites are increasingly being utilized by terrorist entities for both recruiting purposes and for the planning, financing , and execution of terrorist acts, as well as by other criminal actors. As such social networks have become a valuable source of intelligence for the law enforcement and intelligence communities, enabling the collection of information pertaining to individuals in ways not previously possible. However, the law pertaining to surveillance in cyberspace has failed to keep pace with society's adoption of social networking and other cloud computing technologies. This paper examines the privacy safeguards inherent in the article 31 of the Kenyan Constitution 2010 and Fourth Amendment to the American Constitution and the need to strike an appropriate balance between an individual 's reasonable expectations of privacy in one's online communications and the government's intelligence requirements necessary to combat emerging criminal and terrorist threats
When Cyber Systems Crash: Attitudes Towards Cyber Utilization And Security
This research focused on examining attitudinal differences of Internet utilization and security with the objective of understanding the relationships that cyber usability have with cybercrime and then determine best practices needed to promote the secure use of the Internet. The research was designed as a quantitative study that used judgment sampling to survey 433 cases to explain the relationship that exists between cyber utilization and security. To achieve this objective, research questions and hypothesis were designed to guide the analysis. Cross tabulation analysis was used to compare the dependent and independent variables while Chi-square, Lambda and Gamma statistical tests were used to verify the relationship and identify statistical significance of the relationship. The findings revealed that while variables like being IT savvy, amount of financial loss, education, age, gender and residence location did not have evidence of a relationship with security, research participants had concern for secure cyber use and thought that cybersecurity awareness training and type of transaction conducted on the Internet were associated to security even though the strength of each relationship was weak. The study highlighted the damaging effects of cybercrime and recommended that cyber users should embrace best practice principles as they browse the Internet and utilize cybersecurity awareness training as an important function of secure IT utilization
IRISS (Increasing Resilience in Surveillance Societies) FP7 European Research Project, Deliverable 4.2: Doing privacy in everyday encounters with surveillance.
The main idea of IRISS WP 4 was to analyse surveillance as an element of everyday life of citizens. The starting point was a broad understanding of surveillance, reaching beyond the narrowly defined and targeted (nonetheless encompassing) surveillance practices of state authorities, justified with the need to combat and prevent crime and terrorism. We were interested in the mundane effects of surveillance practices emerging in the sectors of electronic commerce, telecommunication, social media and other areas. The basic assumption of WP 4 was that being a citizen in modern surveillance societies amounts to being transformed into a techno-social hybrid, i.e. a human being inexorably linked with data producing technologies, becoming a data-leaking container. While this “ontological shift” is not necessarily reflected in citizens’ understanding of who they are, it nonetheless affects their daily lives in many different ways. Citizens may entertain ideas of privacy, autonomy and selfhood rooted in pre-electronic times while at the same time acting under a regime of “mundane governance”. We started to enquire about the use of modern technologies and in the course of the interviews focussed on issues of surveillance in a more explicit manner. Over 200 qualitative interviews were conducted in a way that produced narratives (stories) of individual experiences with different kinds of technologies and/or surveillance practices. These stories then were analysed against the background of theoretical hypotheses of what it means in objective terms to live in a surveillance society. We assume that privacy no longer is the default state of mundane living, but has to be actively created. We captured this with the term privacy labour. Furthermore we construed a number of dilemmas or trade-off situations to guide our analysis. These dilemmas address the issue of privacy as a state or “good” which is traded in for convenience (in electronic commerce), security (in law enforcement surveillance contexts), sociality (when using social media), mutual trust (in social relations at the workplace as well as in the relationship between citizens and the state), and engagement (in horizontal, neighbourhood watch-type surveillance relations). For each of these dilemmas we identified a number of stories demonstrating how our respondents as “heroes” in the narrative solved the problems they encountered, strived for the goals they were pursuing or simply handled a dilemmatic situation. This created a comprehensive and multi-dimensional account of the effects of surveillance in everyday life. Each of the main chapters does focus on one of these different dilemmas