Dictionary of privacy, data protection and information security

The Dictionary of Privacy, Data Protection and Information Security explains the complex technical terms, legal concepts, privacy management techniques, conceptual matters and vocabulary that inform public debate about privacy. The revolutionary and pervasive influence of digital technology affects numerous disciplines and sectors of society, and concerns about its potential threats to privacy are growing. With over a thousand terms meticulously set out, described and cross-referenced, this Dictionary enables productive discussion by covering the full range of fields accessibly and comprehensively. In the ever-evolving debate surrounding privacy, this Dictionary takes a longer view, transcending the details of today''s problems, technology, and the law to examine the wider principles that underlie privacy discourse. Interdisciplinary in scope, this Dictionary is invaluable to students, scholars and researchers in law, technology and computing, cybersecurity, sociology, public policy and administration, and regulation. It is also a vital reference for diverse practitioners including data scientists, lawyers, policymakers and regulators

PRISM: Privacy Preserving Healthcare Internet of Things Security Management

Consumer healthcare Internet of Things (IoT) devices are gaining popularity in our homes and hospitals. These devices provide continuous monitoring at a low cost and can be used to augment high-precision medical equipment. However, major challenges remain in applying pre-trained global models for anomaly detection on smart health monitoring, for a diverse set of individuals that they provide care for. In this paper, we propose PRISM, an edge-based system for experimenting with in-home smart healthcare devices. We develop a rigorous methodology that relies on automated IoT experimentation. We use a rich real-world dataset from in-home patient monitoring from 44 households of People Living With Dementia (PLWD) over two years. Our results indicate that anomalies can be identified with accuracy up to 99% and mean training times as low as 0.88 seconds. While all models achieve high accuracy when trained on the same patient, their accuracy degrades when evaluated on different patients

Live Demonstration: Hacking Health: Unveiling Vulnerabilities in Wireless Wearable Sensors

This live demonstration showcases the potential vulnerabilities in some wireless wearable sensors that use Bluetooth Low Energy (BLE) for communication, focusing on the risks of Man-in-the-Middle (MITM) attacks, sabotaging and data manipulation attacks. We show how these attacks can compromise not only the confidentiality and integrity of potentially sensitive medical data transmitted by wearable medical devices, but also patients’ privacy and safety as well as sensors’ reliability

COPSEC: Compliance-Oriented IoT Security and Privacy Evaluation Framework

A rising number of Internet of Things (IoT) security and privacy threats have been documented over the last few years. However, IoT devices' domain designs are out-of-date and do not take into consideration the changing dangers associated with them. In this paper, we present COPSEC, a novel framework for evaluating whether IoT devices are compliant with security guidelines and privacy regulations. We extract metrics from existing guidelines and regulations and test them on a set of devices by performing hundreds of automated experiments. Our results indicate not only that these devices are not compliant with basic security guidelines, but also that their data collection operations may introduce privacy risks for the users that adopt them

Protected or Porous: A Comparative Analysis of Threat Detection Capability of IoT Safeguards

Consumer Internet of Things (IoT) devices are increasingly common, from smart speakers to security cameras, in homes. Along with their benefits come potential privacy and security threats. To limit these threats a number of commercial services have become available (IoT safeguards). The safeguards claim to provide protection against IoT privacy risks and security threats. However, the effectiveness and the associated privacy risks of these safeguards remains a key open question. In this paper, we investigate the threat detection capabilities of IoT safeguards for the first time. We develop and release an approach for automated safeguards experimentation to reveal their response to common security threats and privacy risks. We perform thousands of automated experiments using popular commercial IoT safeguards when deployed in a large IoT testbed. Our results indicate not only that these devices may be ineffective in preventing risks, but also their cloud interactions and data collection operations may introduce privacy risks for the households that adopt them

Food Matrix Effects of Polyphenol Bioaccessibility from Almond Skin during Simulated Human Digestion

The goal of the present study was to quantify the rate and extent of polyphenols released in the gastrointestinal tract (GIT) from natural (NS) and blanched (BS) almond skins. A dynamic gastric model of digestion which provides a realistic simulation of the human stomach was used. In order to establish the effect of a food matrix on polyphenols bioaccessibility, NS and BS were either digested in water (WT) or incorporated into home-made biscuits (HB), crisp-bread (CB) and full-fat milk (FM). Phenolic acids were the most bioaccessible class (68.5% release from NS and 64.7% from BS). WT increased the release of flavan-3-ols (p < 0.05) and flavonols (p < 0.05) from NS after gastric plus duodenal digestion, whereas CB and HB were better vehicles for BS. FM lowered the % recovery of polyphenols, the free total phenols and the antioxidant status in the digestion medium, indicating that phenolic compounds could bind protein present in the food matrix. The release of bioactives from almond skins could explain the beneficial effects associated with almond consumption

Analysis of DNS Dependencies and their Security Implications in Australia:A Comparative Study of General and Indigenous Populations

This paper investigates the impact of internet centralization on DNS provisioning, particularly its effects on vulnerable populations such as the indigenous people of Australia. We analyze the DNS dependencies of Australian government domains that serve indigenous communities compared to those serving the general population. Our study categorizes DNS providers into leading (hyperscaler, US-headquartered companies), non-leading (smaller Australian-headquartered or non-Australian companies), and Australian government-hosted providers. Then, we build dependency graphs to demonstrate the direct dependency between Australian government domains and their DNS providers and the indirect dependency involving further layers of providers. Additionally, we conduct an IP location analysis of DNS providers to map out the geographical distribution of DNS servers, revealing the extent of centralization on DNS services within or outside of Australia. Finally, we introduce an attacker model to categorize potential cyber attackers based on their intentions and resources. By considering attacker models and DNS dependency results, we discuss the security vulnerability of each population group against any group of attackers and analyze whether the current setup of the DNS services of Australian government services contributes to a digital divide