35,500 research outputs found
Quantum surveillance and 'shared secrets'. A biometric step too far? CEPS Liberty and Security in Europe, July 2010
It is no longer sensible to regard biometrics as having neutral socio-economic, legal and political impacts. Newer generation biometrics are fluid and include behavioural and emotional data that can be combined with other data. Therefore, a range of issues needs to be reviewed in light of the increasing privatisation of âsecurityâ that escapes effective, democratic parliamentary and regulatory control and oversight at national, international and EU levels, argues Juliet Lodge, Professor and co-Director of the Jean Monnet European Centre of Excellence at the University of Leeds, U
Towards A Well-Secured Electronic Health Record in the Health Cloud
The major concerns for most cloud implementers particularly in the health care industry have remained data security
and privacy. A prominent and major threat that constitutes a hurdle for practitioners within the health industry from exploiting and
benefiting from the gains of cloud computing is the fear of theft of patients health data in the cloud. Investigations and surveys
have revealed that most practitioners in the health care industry are concerned about the risk of health data mix-up amongst the
various cloud providers, hacking to comprise the cloud platform and theft of vital patientsâ health data.An overview of the
diverse issues relating to health data privacy and overall security in the cloud are presented in this technical report. Based on
identifed secure access requirements, an encryption-based eHR security model for securing and enforcing authorised access to
electronic health data (records), eHR is also presented. It highlights three core functionalities for managing issues relating to
health data privacy and security of eHR in health care cloud
Online privacy: towards informational self-determination on the internet : report from Dagstuhl Perspectives Workshop 11061
The Dagstuhl Perspectives Workshop "Online Privacy: Towards Informational Self-Determination on the Internet" (11061) has been held in February 6-11, 2011 at Schloss Dagstuhl. 30 participants from academia, public sector, and industry have identified the current status-of-the-art of and challenges for online privacy as well as derived recommendations for improving online privacy. Whereas the Dagstuhl Manifesto of this workshop concludes the results of the working groups and panel discussions, this article presents the talks of this workshop by their abstracts
Investigating the tension between cloud-related actors and individual privacy rights
Historically, little more than lip service has been paid to the rights of individuals to act to preserve their own privacy. Personal information is frequently exploited for commercial gain, often without the personâs knowledge or permission. New legislation, such as the EU General Data Protection Regulation Act, has acknowledged the need for legislative protection. This Act places the onus on service providers to preserve the confidentiality of their usersâ and customersâ personal information, on pain of punitive fines for lapses. It accords special privileges to users, such as the right to be forgotten. This regulation has global jurisdiction covering the rights of any EU resident, worldwide. Assuring this legislated privacy protection presents a serious challenge, which is exacerbated in the cloud environment. A considerable number of actors are stakeholders in cloud ecosystems. Each has their own agenda and these are not necessarily well aligned. Cloud service providers, especially those offering social media services, are interested in growing their businesses and maximising revenue. There is a strong incentive for them to capitalise on their usersâ personal information and usage information. Privacy is often the first victim. Here, we examine the tensions between the various cloud actors and propose a framework that could be used to ensure that privacy is preserved and respected in cloud systems
Adoption of cloud services in central banks : hindering factors and the recommendations for way forward
Current research on cloud computing often focuses on
the technology itself and the benefits that one company can use and
choose from cloud services. Most of the research has focused on
mainstream enterprises and limited regard to Central Banks' (CBs')
Cloud Computing Adoption (CCA). CBs are continually exploring
opportunities to enhance IT efficacy while minimizing expenditures
and ensuring data protection and network security. This paper investigates
the factors affecting the CBs' CCA by surveying 40 CBs
representing approximately 25% of total CBs worldwide. The main
participants were senior IT managers who are responsible for any IT
decisions in CBs. The findings are also significant for other organizations
or businesses where data privacy is crucial. The study results
indicate that CBs are still reluctant to migrate to the public cloud.
Influential factors preventing CCA are data protection, privacy, and
risks.peer-reviewe
Security and Privacy Issues of Big Data
This chapter revises the most important aspects in how computing
infrastructures should be configured and intelligently managed to fulfill the
most notably security aspects required by Big Data applications. One of them is
privacy. It is a pertinent aspect to be addressed because users share more and
more personal data and content through their devices and computers to social
networks and public clouds. So, a secure framework to social networks is a very
hot topic research. This last topic is addressed in one of the two sections of
the current chapter with case studies. In addition, the traditional mechanisms
to support security such as firewalls and demilitarized zones are not suitable
to be applied in computing systems to support Big Data. SDN is an emergent
management solution that could become a convenient mechanism to implement
security in Big Data systems, as we show through a second case study at the end
of the chapter. This also discusses current relevant work and identifies open
issues.Comment: In book Handbook of Research on Trends and Future Directions in Big
Data and Web Intelligence, IGI Global, 201
Adaptive Traffic Fingerprinting for Darknet Threat Intelligence
Darknet technology such as Tor has been used by various threat actors for
organising illegal activities and data exfiltration. As such, there is a case
for organisations to block such traffic, or to try and identify when it is used
and for what purposes. However, anonymity in cyberspace has always been a
domain of conflicting interests. While it gives enough power to nefarious
actors to masquerade their illegal activities, it is also the cornerstone to
facilitate freedom of speech and privacy. We present a proof of concept for a
novel algorithm that could form the fundamental pillar of a darknet-capable
Cyber Threat Intelligence platform. The solution can reduce anonymity of users
of Tor, and considers the existing visibility of network traffic before
optionally initiating targeted or widespread BGP interception. In combination
with server HTTP response manipulation, the algorithm attempts to reduce the
candidate data set to eliminate client-side traffic that is most unlikely to be
responsible for server-side connections of interest. Our test results show that
MITM manipulated server responses lead to expected changes received by the Tor
client. Using simulation data generated by shadow, we show that the detection
scheme is effective with false positive rate of 0.001, while sensitivity
detecting non-targets was 0.016+-0.127. Our algorithm could assist
collaborating organisations willing to share their threat intelligence or
cooperate during investigations.Comment: 26 page
- âŠ