Mobile User\u27s Privacy Decision Making: Integrating Economic Exchange and Social Justice Perspectives

Recent advances in wireless computing and communication have led to the proliferation of location-based services (LBS). While LBS offer users the flexibility of accessing network services on the move, potential privacy violations have emerged as a contentious issue because details of user identities, movements and behaviors are available to LBS providers. Drawing on the economic exchange and social justice theories, this research addresses privacy issues by examining key mechanisms that can alleviate users’ privacy concerns. A theoretical framework is developed to link three privacy assurance mechanisms (technology control, industry self-regulation, and government legislation) to the individual privacy decision making process. In addition, as the individual privacy decision making is usually dynamic and context-specific, the research model will be tested in three different contexts with three different types of LBS applications (safety, advertising, and social networking applications). This research contributes to a better understanding of the dynamic and dialectic nature of information privacy through a combination of theoretical and empirical research efforts. The interplay between social and technological issues associated with the privacy assurance will be the interests for application developers, service providers and policy makers

Healthcare Professionals’ Attitudes towards Privacy in Healthcare Information Systems

As a result of the Health Information Technology for Economic and Clinical Health Act (HITECH), healthcare organizations are finding themselves scrambling to digitize their Electronic Medical Records (EMRs). A concern of the widespread implementation of digital health records is the assurance of privacy for the sensitive information held by healthcare organizations (Greenberg, 2010; Hoffmann, 2009). There have been many studies that examine patient’s perspectives and expectations of privacy (Agarwal & Anderson, 2011; Cannoy & Salam, 2010) but the literature is lacking analysis of healthcare providers’ privacy perspectives with regards to EMRs. Using Information Boundary Theory (Stanton, 2002) as a theoretical framework, this study seeks to determine healthcare providers’ attitudes towards privacy with regards to EMRs. Analysis of survey data collected from healthcare providers found that healthcare providers do not value patient privacy over personal or organizational gain

Pseudo Identities Based on Fingerprint Characteristics

This paper presents the integrated project TURBINE which is funded under the EU 7th research framework programme. This research is a multi-disciplinary effort on privacy enhancing technology, combining innovative developments in cryptography and fingerprint recognition. The objective of this project is to provide a breakthrough in electronic authentication for various applications in the physical world and on the Internet. On the one hand it will provide secure identity verification thanks to fingerprint recognition. On the other hand it will reliably protect the biometric data through advanced cryptography technology. In concrete terms, it will provide the assurance that (i) the data used for the authentication, generated from the fingerprint, cannot be used to restore the original fingerprint sample, (ii) the individual will be able to create different "pseudo-identities" for different applications with the same fingerprint, whilst ensuring that these different identities (and hence the related personal data) cannot be linked to each other, and (iii) the individual is enabled to revoke an biometric identifier (pseudo-identity) for a given application in case it should not be used anymore

Ranking based search in the encrypted cloud environment

Cloud computing is emerging as a promising technology for outsourcing of data and quality of data services. However, information which is sensitive when upload on cloud eventually cause privacy problems. Data encryption provides security of data to some level, but at the cost of compromised efficiency. This paper focus on addressing data privacy problems. For the first time, the privacy issue is formulated from the aspect of similarity relevance of data and scheme robustness. Privacy of data is not assured if Server-side ranking based on order-preserving encryption is maintained. For the assurance of data privacy, multi-keyword ranked search over encrypted data in cloud computing (MRSE) scheme is proposed which supports top-k multi keyword retrieval. In MRSE, vector space model and Homomorphic encryption were employed. The vector space model helps to provide accuracy sufficient search of data and the Homomorphic encryption enables users to involve in the encryption of data. The majority of computing work is done on the server side. As a result, leakage of information can be eliminated and data security is ensured. DOI: 10.17762/ijritcc2321-8169.15028

A roadmap towards improving managed security services from a privacy perspective

Published version of an article in the journal: Ethics and Information Technology. Also available from the publisher at: http://dx.doi.org/10.1007/s10676-014-9348-3This paper proposes a roadmap for how privacy leakages from outsourced managed security services using intrusion detection systems can be controlled. The paper first analyses the risk of leaking private or confidential information from signature-based intrusion detection systems. It then discusses how the situation can be improved by developing adequate privacy enforcement methods and privacy leakage metrics in order to control and reduce the leakage of private and confidential information over time. Such metrics should allow for quantifying how much information that is leaking, where these information leakages are, as well as showing what these leakages mean. This includes adding enforcement mechanisms ensuring that operation on sensitive information is transparent and auditable. The data controller or external quality assurance organisations can then verify or certify that the security operation operates in a privacy friendly manner. The roadmap furthermore outlines how privacy-enhanced intrusion detection systems should be implemented by initially providing privacy-enhanced alarm handling and then gradually extending support for privacy enhancing operation to other areas like digital forensics, exchange of threat information and big data analytics based attack detection

Authentication and authorisation in entrusted unions

This paper reports on the status of a project whose aim is to implement and demonstrate in a real-life environment an integrated eAuthentication and eAuthorisation framework to enable trusted collaborations and delivery of services across different organisational/governmental jurisdictions. This aim will be achieved by designing a framework with assurance of claims, trust indicators, policy enforcement mechanisms and processing under encryption to address the security and confidentiality requirements of large distributed infrastructures. The framework supports collaborative secure distributed storage, secure data processing and management in both the cloud and offline scenarios and is intended to be deployed and tested in two pilot studies in two different domains, viz, Bio-security incident management and Ambient Assisted Living (eHealth). Interim results in terms of security requirements, privacy preserving authentication, and authorisation are reported

Service Level Agreement-based GDPR Compliance and Security assurance in (multi)Cloud-based systems

Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679) and security assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security mechanisms definition, enforcement and control, including evidence collection. This paper presents a novel DevOps framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any) and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security level objectives in the system Service Level Agreement (SLA) and in their continuous monitoring and enforcement at runtime.The research leading to these results has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 644429 and No 780351, MUSA project and ENACT project, respectively. We would also like to acknowledge all the members of the MUSA Consortium and ENACT Consortium for their valuable help