35,167 research outputs found
User Agent and Privacy Compromise
World Wide Web and the graphic user agents(web browsers) have brought the internet to billions of new users who use it hours on end daily to perform a multitude of tasks. However, the user agents also provide a means to compromise the users privacy by employing various tracking mechanisms and use of analytics. The browser was intended to make the use of the internet easy with a simple and intuitive inter-face. It has morphed into a beast which has hidden in it mechanisms to allow suppliers of information content, on-line shopping companies and multitude of third parties to target publicity based on information
gleaned from previous web journeys of users of these browsers. This paper focuses on summarizing privacy problems on the client side and highlights the default settings of some of the popular browsers and points out the difficulty of creating the proper settings even to disable cookies from third parties. We present some independent add-ons to help in preserving some privacy and some of the drawbacks of such band-aid solutions. Finally, we present some suggestions so that the user can know exactly what is being recorded in the cookies based on double encryption giving back some control to the user of his own
data
MOF-BC: A Memory Optimized and Flexible BlockChain for Large Scale Networks
BlockChain (BC) immutability ensures BC resilience against modification or
removal of the stored data. In large scale networks like the Internet of Things
(IoT), however, this feature significantly increases BC storage size and raises
privacy challenges. In this paper, we propose a Memory Optimized and Flexible
BC (MOF-BC) that enables the IoT users and service providers to remove or
summarize their transactions and age their data and to exercise the "right to
be forgotten". To increase privacy, a user may employ multiple keys for
different transactions. To allow for the removal of stored transactions, all
keys would need to be stored which complicates key management and storage.
MOF-BC introduces the notion of a Generator Verifier (GV) which is a signed
hash of a Generator Verifier Secret (GVS). The GV changes for each transaction
to provide privacy yet is signed by a unique key, thus minimizing the
information that needs to be stored. A flexible transaction fee model and a
reward mechanism is proposed to incentivize users to participate in optimizing
memory consumption. Qualitative security and privacy analysis demonstrates that
MOF-BC is resilient against several security attacks. Evaluation results show
that MOF-BC decreases BC memory consumption by up to 25\% and the user cost by
more than two orders of magnitude compared to conventional BC instantiations
Designing privacy for scalable electronic healthcare linkage
A unified electronic health record (EHR) has potentially immeasurable benefits to society, and the current healthcare industry drive to create a single EHR reflects this. However, adoption is slow due to two major factors: the disparate nature of data and storage facilities of current healthcare systems and the security ramifications of accessing and using that data and concerns about potential misuse of that data. To attempt to address these issues this paper presents the VANGUARD (Virtual ANonymisation Grid for Unified Access of Remote Data) system which supports adaptive security-oriented linkage of disparate clinical data-sets to support a variety of virtual EHRs avoiding the need for a single schematic standard and natural concerns of data owners and other stakeholders on data access and usage. VANGUARD has been designed explicit with security in mind and supports clear delineation of roles for data linkage and usage
Keys in the Clouds: Auditable Multi-device Access to Cryptographic Credentials
Personal cryptographic keys are the foundation of many secure services, but
storing these keys securely is a challenge, especially if they are used from
multiple devices. Storing keys in a centralized location, like an
Internet-accessible server, raises serious security concerns (e.g. server
compromise). Hardware-based Trusted Execution Environments (TEEs) are a
well-known solution for protecting sensitive data in untrusted environments,
and are now becoming available on commodity server platforms.
Although the idea of protecting keys using a server-side TEE is
straight-forward, in this paper we validate this approach and show that it
enables new desirable functionality. We describe the design, implementation,
and evaluation of a TEE-based Cloud Key Store (CKS), an online service for
securely generating, storing, and using personal cryptographic keys. Using
remote attestation, users receive strong assurance about the behaviour of the
CKS, and can authenticate themselves using passwords while avoiding typical
risks of password-based authentication like password theft or phishing. In
addition, this design allows users to i) define policy-based access controls
for keys; ii) delegate keys to other CKS users for a specified time and/or a
limited number of uses; and iii) audit all key usages via a secure audit log.
We have implemented a proof of concept CKS using Intel SGX and integrated this
into GnuPG on Linux and OpenKeychain on Android. Our CKS implementation
performs approximately 6,000 signature operations per second on a single
desktop PC. The latency is in the same order of magnitude as using
locally-stored keys, and 20x faster than smart cards.Comment: Extended version of a paper to appear in the 3rd Workshop on
Security, Privacy, and Identity Management in the Cloud (SECPID) 201
Recommended from our members
Integrity protection for code-on-demand mobile agents in e-commerce
The mobile agent paradigm has been proposed as a promising solution to facilitate distributed computing over open and heterogeneous networks. Mobility, autonomy, and intelligence are identified as key features of mobile agent systems and enabling characteristics for the next-generation smart electronic commerce on the Internet. However, security-related issues, especially integrity protection in mobile agent technology, still hinder the widespread use of software agents: from the agent’s perspective, mobile agent integrity should be protected against attacks from malicious hosts and other agents. In this paper, we present Code-on-Demand(CoD) mobile agents and a corresponding agent integrity protection scheme. Compared to the traditional assumption that mobile agents consist of invariant code parts, we propose the use of dynamically upgradeable agent code, in which new agent function modules can be added and redundant ones can be deleted at runtime. This approach will reduce the weight of agent programs, equip mobile agents with more flexibility, enhance code privacy and help the recoverability of agents after attack. In order to meet the security challenges for agent integrity protection, we propose agent code change authorization protocols and a double integrity verification scheme. Finally, we discuss the Java implementation of CoD mobile agents and integrity protection
- …