242 research outputs found
Evaluating the Contextual Integrity of Privacy Regulation: Parents' IoT Toy Privacy Norms Versus COPPA
Increased concern about data privacy has prompted new and updated data
protection regulations worldwide. However, there has been no rigorous way to
test whether the practices mandated by these regulations actually align with
the privacy norms of affected populations. Here, we demonstrate that surveys
based on the theory of contextual integrity provide a quantifiable and scalable
method for measuring the conformity of specific regulatory provisions to
privacy norms. We apply this method to the U.S. Children's Online Privacy
Protection Act (COPPA), surveying 195 parents and providing the first data that
COPPA's mandates generally align with parents' privacy expectations for
Internet-connected "smart" children's toys. Nevertheless, variations in the
acceptability of data collection across specific smart toys, information types,
parent ages, and other conditions emphasize the importance of detailed
contextual factors to privacy norms, which may not be adequately captured by
COPPA.Comment: 18 pages, 1 table, 4 figures, 2 appendice
Machine Learning DDoS Detection for Consumer Internet of Things Devices
An increasing number of Internet of Things (IoT) devices are connecting to
the Internet, yet many of these devices are fundamentally insecure, exposing
the Internet to a variety of attacks. Botnets such as Mirai have used insecure
consumer IoT devices to conduct distributed denial of service (DDoS) attacks on
critical Internet infrastructure. This motivates the development of new
techniques to automatically detect consumer IoT attack traffic. In this paper,
we demonstrate that using IoT-specific network behaviors (e.g. limited number
of endpoints and regular time intervals between packets) to inform feature
selection can result in high accuracy DDoS detection in IoT network traffic
with a variety of machine learning algorithms, including neural networks. These
results indicate that home gateway routers or other network middleboxes could
automatically detect local IoT device sources of DDoS attacks using low-cost
machine learning algorithms and traffic data that is flow-based and
protocol-agnostic.Comment: 7 pages, 3 figures, 3 tables, appears in the 2018 Workshop on Deep
Learning and Security (DLS '18
A Developer-Friendly Library for Smart Home IoT Privacy-Preserving Traffic Obfuscation
The number and variety of Internet-connected devices have grown enormously in
the past few years, presenting new challenges to security and privacy. Research
has shown that network adversaries can use traffic rate metadata from consumer
IoT devices to infer sensitive user activities. Shaping traffic flows to fit
distributions independent of user activities can protect privacy, but this
approach has seen little adoption due to required developer effort and overhead
bandwidth costs. Here, we present a Python library for IoT developers to easily
integrate privacy-preserving traffic shaping into their products. The library
replaces standard networking functions with versions that automatically
obfuscate device traffic patterns through a combination of payload padding,
fragmentation, and randomized cover traffic. Our library successfully preserves
user privacy and requires approximately 4 KB/s overhead bandwidth for IoT
devices with low send rates or high latency tolerances. This overhead is
reasonable given normal Internet speeds in American homes and is an improvement
on the bandwidth requirements of existing solutions.Comment: 6 pages, 6 figure
Exchanging Culture For Politics: Stratagems Of Recourse To Tribe And Tradition In Development Discourse
RUP Occasional Paper.The general subject of this paper (1) is the exploration of some common elements in utterance patterns in commentary on, and analysis of, public affairs and development. In brief: spoken or written recourse to a mode or style of cultural discourse is examined. Specifically the focus is on a development discourse, which turns heavily on 'culture exchanged for politics'. Since politics is partly about economics, one could add '... and for economics'. This paper aims to examine such exchange
Bougainville reconstruction aid: what are the issues?
‘Today, mipela finisim war bilong Bougainville’, (‘Today, the war in Bougainville has ended’) said Sam Kauona, the Commander of the Bougainville Revolutionary Army, at the ceasefire signed 30 April 1998. This followed the previous November’s truce. It had become clear by 1997 that a military solution was not possible, that the conflict ‘had many basic sources’, and that a desire for peace was widespread and growing especially in the areas most affected by the conflict (Interdepartmental Committee 1997). It was recognised also that the conflict began because of problems peculiar to Bougainville, and has extended and deepened to a large degree because of tensions within Bougainville. Any lasting solutions…must as much as possible come from Bougainvilleans. By a non-Bougainvillean, but also someone who has never even visited that Province or worked anywhere in Papua New Guinea for decades (and then only for a few months in Port Moresby at the Central Planning Office), this essay on aid issues is therefore highly speculative. It proceeds only by generalization and deduction from what appear to be comparable situations in other parts of the world. No two wars are the same. Obviously Biafra decades ago, then Mozambique, Somalia, Liberia and Rwanda more recently, Bosnia and Afghanistan still, Cambodia, and Rwanda again, are not Papua New Guinea ten or five years ago or now. But some commonalities can perhaps be found. At the time of writing (May 1998), the Prime Minister of Papua New Guinea is assuring Bougainvilleans that they have his support for the task of peace and re-building in a spirit of self-reliance and autonomy. It appears that all Bougainville parties now wish for some types of aid, using mainly Bougainvillean inputs, to rehabilitate basic services so as to meet immediate health, education and local roads needs. To judge from reports of demands for more of the types of basic livelihood packs AusAID has provided thus far, this aid response seems to have been appropriate. What is not requested (nor, thus far, supplied) is aid for projects such as airport and seaport rebuilding. This is ruled out because of the strategic implications of such projects for what is feared might become a return to the ‘development’ of old in the province, before the crisis, now in its tenth year. And this, overall, is the position taken here. Contrary to the development-led approach to reconstruction proposed in an inter-agency UNDP document (Rogge 1995), this paper takes the position that ‘development’ ought not to be the watchword. Rather, as post-war aid needs for reconstruction are ascertained, it is a word in reconstruction aid discourse to watch. Humanitarian concerns, rules and conditionalities should be uppermost. Confronted with such situations, perhaps there are new challenges for ways of thinking about aid responses. This paper attempts to identify some.AusAI
User Perceptions of Smart Home IoT Privacy
Smart home Internet of Things (IoT) devices are rapidly increasing in
popularity, with more households including Internet-connected devices that
continuously monitor user activities. In this study, we conduct eleven
semi-structured interviews with smart home owners, investigating their reasons
for purchasing IoT devices, perceptions of smart home privacy risks, and
actions taken to protect their privacy from those external to the home who
create, manage, track, or regulate IoT devices and/or their data. We note
several recurring themes. First, users' desires for convenience and
connectedness dictate their privacy-related behaviors for dealing with external
entities, such as device manufacturers, Internet Service Providers,
governments, and advertisers. Second, user opinions about external entities
collecting smart home data depend on perceived benefit from these entities.
Third, users trust IoT device manufacturers to protect their privacy but do not
verify that these protections are in place. Fourth, users are unaware of
privacy risks from inference algorithms operating on data from non-audio/visual
devices. These findings motivate several recommendations for device designers,
researchers, and industry standards to better match device privacy features to
the expectations and preferences of smart home owners.Comment: 20 pages, 1 tabl
- …