Privacy-Preserving Multi-Operator Contact Tracing for Early Detection of Covid19 Contagions

The outbreak of coronavirus disease 2019 (covid-19) is imposing a severe worldwide lock-down. Contact tracing based on smartphones' applications (apps) has emerged as a possible solution to trace contagions and enforce a more sustainable selective quarantine. However, a massive adoption of these apps is required to reach the critical mass needed for effective contact tracing. As an alternative, geo-location technologies in next generation networks (e.g., 5G) can enable Mobile Operators (MOs) to perform passive tracing of users' mobility and contacts with a promised accuracy of down to one meter. To effectively detect contagions, the identities of positive individuals, which are known only by a Governmental Authority (GA), are also required. Note that, besides being extremely sensitive, these data might also be critical from a business perspective. Hence, MOs and the GA need to exchange and process users' geo-locations and infection status data in a privacy-preserving manner. In this work, we propose a privacy-preserving protocol that enables multiple MOs and the GA to share and process users' data to make only the final users discover the number of their contacts with positive individuals. The protocol is based on existing privacy-enhancing strategies that guarantee that users' mobility and infection status are only known to their MOs and to the GA, respectively. From extensive simulations, we observe that the cost to guarantee total privacy (evaluated in terms of data overhead introduced by the protocol) is acceptable, and can also be significantly reduced if we accept a negligible compromise in users' privacy

PRIMA — Privacy research through the perspective of a multidisciplinary mash up

Based on a summary description of privacy protection research within three fields of inquiry, viz. social sciences, legal science, and computer and systems sciences, we discuss multidisciplinary approaches with regard to the difficulties and the risks that they entail as well as their possible advantages. The latter include the identification of relevant perspectives of privacy, increased expressiveness in the formulation of research goals, opportunities for improved research methods, and a boost in the utility of invested research efforts

Systemization of Pluggable Transports for Censorship Resistance

An increasing number of countries implement Internet censorship at different scales and for a variety of reasons. In particular, the link between the censored client and entry point to the uncensored network is a frequent target of censorship due to the ease with which a nation-state censor can control it. A number of censorship resistance systems have been developed thus far to help circumvent blocking on this link, which we refer to as link circumvention systems (LCs). The variety and profusion of attack vectors available to a censor has led to an arms race, leading to a dramatic speed of evolution of LCs. Despite their inherent complexity and the breadth of work in this area, there is no systematic way to evaluate link circumvention systems and compare them against each other. In this paper, we (i) sketch an attack model to comprehensively explore a censor's capabilities, (ii) present an abstract model of a LC, a system that helps a censored client communicate with a server over the Internet while resisting censorship, (iii) describe an evaluation stack that underscores a layered approach to evaluate LCs, and (iv) systemize and evaluate existing censorship resistance systems that provide link circumvention. We highlight open challenges in the evaluation and development of LCs and discuss possible mitigations.Comment: Content from this paper was published in Proceedings on Privacy Enhancing Technologies (PoPETS), Volume 2016, Issue 4 (July 2016) as "SoK: Making Sense of Censorship Resistance Systems" by Sheharbano Khattak, Tariq Elahi, Laurent Simon, Colleen M. Swanson, Steven J. Murdoch and Ian Goldberg (DOI 10.1515/popets-2016-0028

Towards a Secure Smart Grid Storage Communications Gateway

This research in progress paper describes the role of cyber security measures undertaken in an ICT system for integrating electric storage technologies into the grid. To do so, it defines security requirements for a communications gateway and gives detailed information and hands-on configuration advice on node and communication line security, data storage, coping with backend M2M communications protocols and examines privacy issues. The presented research paves the road for developing secure smart energy communications devices that allow enhancing energy efficiency. The described measures are implemented in an actual gateway device within the HORIZON 2020 project STORY, which aims at developing new ways to use storage and demonstrating these on six different demonstration sites.Comment: 6 pages, 2 figure

Enhancing the Senses: How Technological Advances Shape Our View of the Law

This memorial lecture was given at West Virginia University, which houses, among other relevant programs, the Biometric Knowledge Center. The lecture surveys the application of a variety of legal topics to biometrics. Covered areas include basic research funding choices, freedom of speech, association and religion, search and seizure, and informational privacy

Secure Vehicular Communication Systems: Implementation, Performance, and Research Challenges

Vehicular Communication (VC) systems are on the verge of practical deployment. Nonetheless, their security and privacy protection is one of the problems that have been addressed only recently. In order to show the feasibility of secure VC, certain implementations are required. In [1] we discuss the design of a VC security system that has emerged as a result of the European SeVeCom project. In this second paper, we discuss various issues related to the implementation and deployment aspects of secure VC systems. Moreover, we provide an outlook on open security research issues that will arise as VC systems develop from today's simple prototypes to full-fledged systems

In/Visible Bodies. On patients and privacy in a networked world

In the networked world, privacy and visibility become entangled in new and unexpected ways. This article uses the concept of networked visibility to explore the entanglement of technology and the visibility of patient bodies. Based\ud on semi-structured interviews with patients active in social media, this paper describes how multiple patient bodies are produced in the negotiations between the need for privacy and the need for social interaction. Information technology is actively involved in these negotiations: patients use technology to make their bodies both visible and invisible. At the same time technology collects data on these patients, which can be used for undesired commercial and surveillance\ud purposes. The notion of visibility by design may infuse design efforts that enable online privacy, supporting patients in the multiple ways they want to be visible and invisible online

Mind your step! : How profiling location reveals your identity - and how you prepare for it

Location-based services (LBS) are services that position your mobile phone to provide some context-based service for you. Some of these services – called ‘location tracking’ applications - need frequent updates of the current position to decide whether a service should be initiated. Thus, internet-based systems will continuously collect and process the location in relationship to a personal context of an identified customer. This paper will present the concept of location as part of a person’s identity. I will conceptualize location in information systems and relate it to concepts like privacy, geographical information systems and surveillance. The talk will present how the knowledge of a person's private life and identity can be enhanced with data mining technologies on location profiles and movement patterns. Finally, some first concepts about protecting location information