3,256 research outputs found
Privacy-safe network trace sharing via secure queries
Privacy concerns relating to sharing network traces have traditionally been handled via sanitization, which includes removal of sensitive data and IP address anonymization. We argue that sanitization is a poor solution for data sharing that offers insufficient research utility to users and poor privacy guarantees to data providers. We claim that a better balance in the utility/privacy tradeoff, inherent to network data sharing, can be achieved via a new paradigm we propose: secure queries. In this paradigm, a data owner publishes a query language and an online portal, allowing researchers to submit sets of queries to be run on data. Only certain operations are allowed on certain data fields, and in specific contexts. Query restriction is achieved via the provider’s privacy policy, and enforced by the language’s interpreter. Query results, returned to researchers, consist of aggregate information such as counts, histograms, distributions, etc. and not of individual packets. We discuss why secure queries provide higher privacy guarantees and higher research utility than sanitization, and present a design of the secure query language and a privacy policy
Using Process Mining to Reduce Fraud in Digital Onboarding
In the context of online banking, new users have to register their information to become clients through mobile applications; this process is called digital onboarding. Fraudsters often commit identity fraud by impersonating other people to obtain access to banking services by using personal data obtained illegally and causing damage to the organisation’s reputation and resources. Detecting fraudulent users by their onboarding process is not a trivial task, as it is difficult to identify possible vulnerabilities in the process to be exploited. Furthermore, the modus operandi for differentiating the behaviour of fraudulent actors and legitimate users is unclear. In this work, we propose the usage of a process mining (PM) approach to detect identity fraud in digital onboarding using a real fintech event log. The proposed PM approach is capable of modelling the behaviour of users as they go through a digital onboarding process, while also providing insight into the process itself. The results of PM techniques and the machine learning classifiers showed a promising 80% accuracy rate in classifying users as fraudulent or legitimate. Furthermore, the application of process discovery in the event log dataset produced an insightful visual model of the onboarding process
SoK: Decentralized Finance (DeFi) Attacks
Within just four years, the blockchain-based Decentralized Finance (DeFi)
ecosystem has accumulated a peak total value locked (TVL) of more than 253
billion USD. This surge in DeFi's popularity has, unfortunately, been
accompanied by many impactful incidents. According to our data, users,
liquidity providers, speculators, and protocol operators suffered a total loss
of at least 3.24 billion USD from Apr 30, 2018 to Apr 30, 2022. Given the
blockchain's transparency and increasing incident frequency, two questions
arise: How can we systematically measure, evaluate, and compare DeFi incidents?
How can we learn from past attacks to strengthen DeFi security?
In this paper, we introduce a common reference frame to systematically
evaluate and compare DeFi incidents, including both attacks and accidents. We
investigate 77 academic papers, 30 audit reports, and 181 real-world incidents.
Our data reveals several gaps between academia and the practitioners'
community. For example, few academic papers address "price oracle attacks" and
"permissonless interactions", while our data suggests that they are the two
most frequent incident types (15% and 10.5% correspondingly). We also
investigate potential defenses, and find that: (i) 103 (56%) of the attacks are
not executed atomically, granting a rescue time frame for defenders; (ii) SoTA
bytecode similarity analysis can at least detect 31 vulnerable/23 adversarial
contracts; and (iii) 33 (15.3%) of the adversaries leak potentially
identifiable information by interacting with centralized exchanges
Third Party Tracking in the Mobile Ecosystem
Third party tracking allows companies to identify users and track their
behaviour across multiple digital services. This paper presents an empirical
study of the prevalence of third-party trackers on 959,000 apps from the US and
UK Google Play stores. We find that most apps contain third party tracking, and
the distribution of trackers is long-tailed with several highly dominant
trackers accounting for a large portion of the coverage. The extent of tracking
also differs between categories of apps; in particular, news apps and apps
targeted at children appear to be amongst the worst in terms of the number of
third party trackers associated with them. Third party tracking is also
revealed to be a highly trans-national phenomenon, with many trackers operating
in jurisdictions outside the EU. Based on these findings, we draw out some
significant legal compliance challenges facing the tracking industry.Comment: Corrected missing company info (Linkedin owned by Microsoft). Figures
for Microsoft and Linkedin re-calculated and added to Table
Assessing the Solvency of Virtual Asset Service Providers: Are Current Standards Sufficient?
Entities like centralized cryptocurrency exchanges fall under the business
category of virtual asset service providers (VASPs). As any other enterprise,
they can become insolvent. VASPs enable the exchange, custody, and transfer of
cryptoassets organized in wallets across distributed ledger technologies
(DLTs). Despite the public availability of DLT transactions, the cryptoasset
holdings of VASPs are not yet subject to systematic auditing procedures. In
this paper, we propose an approach to assess the solvency of a VASP by
cross-referencing data from three distinct sources: cryptoasset wallets,
balance sheets from the commercial register, and data from supervisory
entities. We investigate 24 VASPs registered with the Financial Market
Authority in Austria and provide regulatory data insights such as who are the
customers and where do they come from. Their yearly incoming and outgoing
transaction volume amount to 2 billion EUR for around 1.8 million users. We
describe what financial services they provide and find that they are most
similar to traditional intermediaries such as brokers, money exchanges, and
funds, rather than banks. Next, we empirically measure DLT transaction flows of
four VASPs and compare their cryptoasset holdings to balance sheet entries.
Data are consistent for two VASPs only. This enables us to identify gaps in the
data collection and propose strategies to address them. We remark that any
entity in charge of auditing requires proof that a VASP actually controls the
funds associated with its on-chain wallets. It is also important to report fiat
and cryptoasset and liability positions broken down by asset types at a
reasonable frequency
Mobile phone technology as an aid to contemporary transport questions in walkability, in the context of developing countries
The emerging global middle class, which is expected to double by 2050 desires more walkable, liveable neighbourhoods, and as distances between work and other amenities increases, cities are becoming less monocentric and becoming more polycentric. African cities could be described as walking cities, based on the number of people that walk to their destinations as opposed to other means of mobility but are often not walkable. Walking is by far the most popular form of transportation in Africa’s rapidly urbanising cities, although it is not often by choice rather a necessity. Facilitating this primary mode, while curbing the growth of less sustainable mobility uses requires special attention for the safety and convenience of walking in view of a Global South context. In this regard, to further promote walking as a sustainable mobility option, there is a need to assess the current state of its supporting infrastructure and begin giving it higher priority, focus and emphasis. Mobile phones have emerged as a useful alternative tool to collect this data and audit the state of walkability in cities. They eliminate the inaccuracies and inefficiencies of human memories because smartphone sensors such as GPS provides information with accuracies within 5m, providing superior accuracy and precision compared to other traditional methods. The data is also spatial in nature, allowing for a range of possible applications and use cases. Traditional inventory approaches in walkability often only revealed the perceived walkability and accessibility for only a subset of journeys. Crowdsourcing the perceived walkability and accessibility of points of interest in African cities could address this, albeit aspects such as ease-of-use and road safety should also be considered. A tool that crowdsources individual pedestrian experiences; availability and state of pedestrian infrastructure and amenities, using state-of-the-art smartphone technology, would over time also result in complete surveys of the walking environment provided such a tool is popular and safe. This research will illustrate how mobile phone applications currently in the market can be improved to offer more functionality that factors in multiple sensory modalities for enhanced visual appeal, ease of use, and aesthetics. The overarching aim of this research is, therefore, to develop the framework for and test a pilot-version mobile phone-based data collection tool that incorporates emerging technologies in collecting data on walkability. This research project will assess the effectiveness of the mobile application and test the technical capabilities of the system to experience how it operates within an existing infrastructure. It will continue to investigate the use of mobile phone technology in the collection of user perceptions of walkability, and the limitations of current transportation-based mobile applications, with the aim of developing an application that is an improvement to current offerings in the market. The prototype application will be tested and later piloted in different locations around the globe. Past studies are primarily focused on the development of transport-based mobile phone applications with basic features and limited functionality. Although limited progress has been made in integrating emerging advanced technologies such as Augmented Reality (AR), Machine Learning (ML), Big Data analytics, amongst others into mobile phone applications; what is missing from these past examples is a comprehensive and structured application in the transportation sphere. In turn, the full research will offer a broader understanding of the iii information gathered from these smart devices, and how that large volume of varied data can be better and more quickly interpreted to discover trends, patterns, and aid in decision making and planning. This research project attempts to fill this gap and also bring new insights, thus promote the research field of transportation data collection audits, with particular emphasis on walkability audits. In this regard, this research seeks to provide insights into how such a tool could be applied in assessing and promoting walkability as a sustainable and equitable mobility option. In order to get policy-makers, analysts, and practitioners in urban transport planning and provision in cities to pay closer attention to making better, more walkable places, appealing to them from an efficiency and business perspective is vital. This crowdsourced data is of great interest to industry practitioners, local governments and research communities as Big Data, and to urban communities and civil society as an input in their advocacy activities. The general findings from the results of this research show clear evidence that transport-based mobile phone applications currently available in the market are increasingly getting outdated and are not keeping up with new and emerging technologies and innovations. It is also evident from the results that mobile smartphones have revolutionised the collection of transport-related information hence the need for new initiatives to help take advantage of this emerging opportunity. The implications of these findings are that more attention needs to be paid to this niche going forward. This research project recommends that more studies, particularly on what technologies and functionalities can realistically be incorporated into mobile phone applications in the near future be done as well as on improving the hardware specifications of mobile phone devices to facilitate and support these emerging technologies whilst keeping the cost of mobile devices as low as possible
- …