A survey on web tracking: mechanisms, implications, and defenses

Privacy seems to be the Achilles' heel of today's web. Most web services make continuous efforts to track their users and to obtain as much personal information as they can from the things they search, the sites they visit, the people they contact, and the products they buy. This information is mostly used for commercial purposes, which go far beyond targeted advertising. Although many users are already aware of the privacy risks involved in the use of internet services, the particular methods and technologies used for tracking them are much less known. In this survey, we review the existing literature on the methods used by web services to track the users online as well as their purposes, implications, and possible user's defenses. We present five main groups of methods used for user tracking, which are based on sessions, client storage, client cache, fingerprinting, and other approaches. A special focus is placed on mechanisms that use web caches, operational caches, and fingerprinting, as they are usually very rich in terms of using various creative methodologies. We also show how the users can be identified on the web and associated with their real names, e-mail addresses, phone numbers, or even street addresses. We show why tracking is being used and its possible implications for the users. For each of the tracking methods, we present possible defenses. Some of them are specific to a particular tracking approach, while others are more universal (block more than one threat). Finally, we present the future trends in user tracking and show that they can potentially pose significant threats to the users' privacy.Peer ReviewedPostprint (author's final draft

A framework for identity and privacy management on mobile devices

More and more online services require user identification. This increases time to fill out extensive forms and results in large amounts of login and identification data to remember. At the same time the number of users that need access to those service while roaming is equally increasing. However, unfortunately many users are not aware that there is a high risk of loosing privacy when disclosing information about oneself’s identity in an unregulated way. To counteract this and to help users in managing and maintaining related identity data, so-called Identity Management Systems have been developed. While available solutions are mainly built for fixed environments, dependencies to central storages and processing units make them unsuitable for application into mobile environments. Thus, a more flexible solution is necessary that supports roaming users with privacy-sensitive handling of identification processes in online transactions. On this background, the project goal was an extension of the Identity Management System concept with mobility aspect. A framework for identity and privacy management on mobile devices, consisting of a procedural method, privacy and security protocols and a user tool has been specified to give users full control over their identity data in flexible and privacy-friendly ways. Thereby, the method has been defined to describe the overall process sequence. The supporting protocols then have been specified to provide ways for users and Service Providers to agree on applied data management practices, enable automated disclosures of identity data and guarantee secure and anonymous transmissions. Finally the tool has been defined to present an application to be installed on mobile phones that integrates the method and the protocols into a user-centered system architecture. Based on an engineering paradigm in combination with the first part of a six-step development strategy, this project covers the background research, requirements and specifications and design and development. This means that the final rollout of the proposed framework solution needs to be handed over to programmers in a possible project continuation. Those are then responsible for subsequent coding, testing and deployment. After requirements and specifications had been derived, the framework has been successfully developed. While the user tool is responsible for all procedures on the mobile phone, a particular network infrastructure design allows secure transmissions by maintaining user anonymity. The solution is developed and the deployment prepared to such detail that programmers can directly start coding and testing. As a conclusion, this project revealed several interesting and new aspects in the combined areas of identity, privacy and mobility. The solution fully meets all defined functional and non-functional requirements. As an application on mobile phones, the proposed framework allows privacy-sensitive handling of identity data in online transactions. Together with mechanisms for data management and maintenance before and after disclosure, it increases user flexibility, simplifies online identification and decreases processing time

A Privacy-Preserving Framework Using Hyperledger Fabric for EHR Sharing Applications

Electronic Health Records, or EHRs, include private and sensitive information of a patient. The privacy of personal healthcare data can be protected through Hyperledger Fabric, a permissioned blockchain framework. A few Hyperledger Fabric- integrated EHR solutions have emerged in recent years. However, none of them implements the privacy-preserving techniques of Hyperledger Fabric to make transactions anonymous or preserve the transaction data privacy during the consensus. Our proposed architecture is built on Hyperledger Fabric and its privacy-preserving mechanisms, such as Identity Mixer, Private Data Collections, Channels and Transient Fields to securely store and transfer patient-sensitive data while providing anonymity and unlinkability of transactions

Multi-way Cloud-Side Access Control for Encrypted Cloud Storage

Individuals support the incredible intensity of cloud computing, however can't completely believe the cloud providers to have protection delicate data, because of the nonattendance of client to-cloud controllability. To guarantee confidentiality, data administrators redistribute scrambled data rather than plaintexts. To impart the scrambled files to different clients, ciphertext-strategy attribute-based encryption can be used to direct fine-grained and administrator driven access control. Yet, this doesn't adequately get secure against different assaults. Numerous past schemes didn't concede the cloud supplier the capacity to check whether a downloader can decode. Along these lines, these files ought to be accessible to everybody open to the cloud storage. A noxious aggressor can download a great many files to dispatch monetary refusal of supportability assaults, which will to a great extent expend the cloud asset. The payer of the cloud service bears the cost. These worries ought to be settled in true open cloud storage. In this paper, we propose an answer for secure encoded cloud storages from EDoS assaults and give asset utilization responsibility. We present two conventions for various settings, trailed by execution and security examination. Furthermore, attribute-based control in the framework additionally empowers the cloud server to confine the entrance to those clients with a similar arrangement of attributes while protecting client security, i.e., the cloud server just realizes that the client satisfies the necessary predicate, however has no clue on the specific identity of the client

Encrypted Data Sharing in Cloud data storage using Cloud Computing

To ensure confidentiality, data owners outsource encrypted data instead of plaintexts. To share the encrypted files with other users, Ciphertext-Policy Attribute-based Encryption (CP-ABE) can be utilized to conduct fine-grained and owner-centric access control. But this does not sufficiently become secure against other attacks. Many previous schemes did not grant the cloud provider the capability to verify whether a downloader can decrypt. Therefore, these files should be available to everyone accessible to the cloud storage. which will largely consume the cloud resource. The payer of the cloud service bears the expense. Besides, the cloud provider serves both as the accountant and the payee of resource consumption fee, lacking the transparency to data owners. These concerns should be resolved in real-world public cloud storage. In this paper, we propose a solution to secure encrypted cloud storages and provide resource consumption accountability. It uses CP-ABE schemes in a black-box manner and complies with arbitrary access policy of CP-ABE. We present two protocols for different settings, followed by performance and security analysis

Peer-assisted Information-Centric Network (PICN): A Backward Compatible Solution

International audienceInformation-Centric Networking (ICN) is a promising solution for most of Internet applications where the content represents the core of the application. However, the proposed solutions for the ICN architecture are associated with many complexities including pervasive caching in the Internet and incompatibility with legacy IP networks, so the deployment of ICN in real networks is still an open problem. In this paper, we propose a backward compatible ICN architecture to address the caching issue in particular. The key idea is implementing edge caching in ICN, using a coalition of end clients and edge servers. Our solution can be deployed in IP networks with HTTP requests. We performed a trace-driven simulation for analyzing PICN benefits using IRCache and Berkeley trace files. The results show that in average, PICN decreases the latency for 78% and increases the content retrieval speed for 69% compared to a direct download from the original web servers. When comparing PICN with a solution based on central proxy servers, we show that the hit ratio obtained using a small cache size in each PICN client is almost 14% higher than the hit ratio obtained with a central proxy server using an unlimited cache storage