A Survey on Trust and Privacy Negotiability in the Norwegian Mobile Telecom Market

AbstractWe investigate, by method of statistical survey, people's attitudes toward privacy, trust and personal information sharing in the context of price discrimination effects in the mobile telecom market, by asking a selection of 546 individuals, a sample size that is sufficient to be representative for the Norwegian mobile market of consumers. Common wisdom tells that people value their privacy, but not much facts have been collected about how much people value privacy, say, as consumers of specific services in the mobile market. Moreover, it is reasonable to expect that individuals will differ in their negotiability of personal information vs price of service. In this study, we measure a strong privacy negotiability correlated to age and income, thus confirming common intuition about this. We find that technically assuring anonymity of service will significantly affect and facilitate the user's willingness to release personal information to the service provider, in particular with respect to information about specific buying preferences and frequent travel destinations. Somewhat surprising, a practice of targeted advertisement in exchange for lower mobile service price is acceptable to about half the population

Experimental Analysis of Subscribers' Privacy Exposure by LTE Paging

Over the last years, considerable attention has been given to the privacy of individuals in wireless environments. Although significantly improved over the previous generations of mobile networks, LTE still exposes vulnerabilities that attackers can exploit. This might be the case of paging messages, wake-up notifications that target specific subscribers, and that are broadcasted in clear over the radio interface. If they are not properly implemented, paging messages can expose the identity of subscribers and furthermore provide information about their location. It is therefore important that mobile network operators comply with the recommendations and implement the appropriate mechanisms to mitigate attacks. In this paper, we verify by experiment that paging messages can be captured and decoded by using minimal technical skills and publicly available tools. Moreover, we present a general experimental method to test privacy exposure by LTE paging messages, and we conduct a case study on three different LTE mobile operators

Attacks on cMix - Some Small Overlooked Details

Chaum et al. have very recently introduced cMix as the first practical system that offers senders-recipients unlinkability at scale. cMix is claimed by its authors to be secure unless all nodes collude. We argue their assertion does not hold for the basic description of the protocol and sustain our statement by two different types of attacks: tagging attack and insider attack. For each one, we discuss the settings that make it feasible and possible countermeasures. By this, we highlight the necessity of implementing additional mechanisms that at first have been overlooked or have only been mentioned as additional features

A framework for compositional verification of security protocols

Automatic security protocol analysis is currently feasible only for small protocols. Since larger protocols quite often are composed of many small protocols, compositional analysis is an attractive, but non-trivial approach. We have developed a framework for compositional analysis of a large class of security protocols. The framework is intended to facilitate automatic as well as manual verification of large structured security protocols. Our approach is to verify properties of component protocols in a multi-protocol environment, then deduce properties about the composed protocol. To reduce the complexity of multi-protocol verification, we introduce a notion of protocol independence and prove a number of theorems that enable analysis of independent component protocols in isolation. To illustrate the applicability of our framework to real-world protocols, we study a key establishment sequence in WiMAX consisting of three subprotocols. Except for a small amount of trivial reasoning, the analysis is done using automatic tools

A multidisciplinary introduction to information security / [edited by] Stig F. Mjølsnes.

Includes bibliographical references and index.Book fair 2013.xxv, 322 p. :"Preface The problems of information security is a truly multidisciplinary field of study, ranging from the methods of pure mathematics through computer and telecommunication sciences to social sciences. The intention of this multiauthored book is to o er an introduction to a wide set of topics in ICT information security, privacy and safety. Certainly, the aim has not been to present a complete treatment of this vast and expanding area of practical and theoretical knowledge. Rather, the hope is that the selected range of topics presented here may attract a wider audience of students and professionals than would each specialized topic by itself. Some of the information security topics contained in this book may be familiar turf for the reader already. However, the reader will likely also nd some new interesting topics presented here that are relevant to his or her professional needs, or for enhancement of knowledge and competence, or as an attractive starting point for further reading and in-depth studies. For instance, the book may provide an entrance and a guide to seek out more specialized courses available at universities and elsewhere, or as an inspiration for further work in projects and assignments. The start of this collection of information security topics goes back to a master level continuing education course that I organized in 2005, where more than 10 professors and researchers contributed from 6 di erent departments at the Norwegian University of Science and Technology. The topics included cryptography, hardware security, software security, communication and network security, intrusion detection systems, access policy and control, risk and vulnerability analysis, and security technology management"-