| Evaluating the Usability of System-Generated and User-Generated Passwords of Approximately Equal Security | | BIBAK | Full-Text | 3-12 | |
| Sourav Bhuyan; Joel S. Greenstein; Kevin A. Juang | |||
| System-generated and user-generated text-based passwords are commonly used
to authenticate access to electronic assets. Users typically have multiple web
accounts ranging from banking to retail, each with a different password,
creating a significant usability problem. The passwords authenticated by these
applications may vary in usability and memorability depending on the type of
password generation, composition and length. Researchers have compared the
usability of different user-generated password composition schemes. The
passwords created using different composition schemes in these studies achieved
different levels of minimum security, making comparisons across them difficult.
This research compares the usability and memorability of three password
generation schemes that each exceed a specified minimum entropy for the sake of
security. Keywords: passwords; usability; security | |||
| Multicriteria Optimization to Select Images as Passwords in Recognition Based Graphical Authentication Systems | | BIBAK | Full-Text | 13-22 | |
| Soumyadeb Chowdhury; Ron Poet; Lewis Mackenzie | |||
| Usability and guessability are two conflicting criteria in assessing the
suitability of an image to be used as password in the recognition based
graphical authentication systems (RGBSs). We present the first work in this
area that uses a new approach, which effectively integrates a series of
techniques in order to rank images taking into account the values obtained for
each of the dimensions of usability and guessability, from two user studies.
Our approach uses fuzzy numbers to deal with non commensurable criteria and
compares two multicriteria optimization methods namely, TOPSIS and VIKOR. The
results suggest that VIKOR method is the most applicable to make an objective
statement about which image type is better suited to be used as password. The
paper also discusses some improvements that could be done to improve the
ranking assessment. Keywords: image password; TOPSIS; VIKOR; multiple criteria analysis | |||
| Investigating an Intrusion Prevention System for Brain-Computer Interfaces | | BIBA | Full-Text | 23-28 | |
| Saul D. Costa; Dale R. Stevens; Jeremy A. Hansen | |||
| Neurosecurity focuses on the security of the increasingly intimate coupling of human brains and computers, addressing issues surrounding modern computer security and how they relate to brain-computer interfaces (BCIs). Although several elements of this field are not yet relevant in today's society, the goal is to examine what can be done to avoid the post-patch-just-in-time security solution seen in today's computer architectures and networks. Modern computer security has been the unfortunate result of afterthought; patched on out of necessity, often just-in-time at best. | |||
| Inconspicuous Personal Computer Protection with Touch-Mouse | | BIBA | Full-Text | 29-38 | |
| Ming-Chun Huang; Wenyao Xu; Jason J. Liu; Yi Su; Lei He; Majid Sarrafzadeh | |||
| We present a hassle-free personal information protection design that continuously monitors user identity with a Microsoft touchmouse [1] under a windows-based computer environment. This is the first design which investigates the relationship between time-indexed pressure map trajectories extracted from a touch-mouse and user behavior patterns categorized by common mouse action primitives. This design serves as an assistive method to enhance existing password and biometric based security mechanisms, enabling continuous and unobtrusive personal identity monitoring. Commercialized windows-based systems can be seamlessly integrated with the proposed system and this design can offer a convenient and lightweight solution for physical computer intrusion detection. | |||
| Gamified CAPTCHA | | BIBAK | Full-Text | 39-48 | |
| Junya Kani; Masakatsu Nishigaki | |||
| The Completely Automated Public Turing test to tell Computers and Humans
Apart (CAPTCHA) has been widely used as a technique that will allow a machine
to distinguish between input from a human and that of another machine. The
security of current CAPTCHA methods is not sufficient to protect against
advanced modern malware. This paper focuses on applying gamification, the use
of game elements in non-game human interaction systems, in order to improve the
security and usability of CAPTCHA systems. We propose to use movie-based
quizzes to achieve a Gamified CAPTCHA system that employs the human capability
to recognize the strangeness of a short movie story. Keywords: CAPTCHA; Entertainment; strangeness; quiz | |||
| Recognition of Human Identity by Detection of User Activity | | BIBA | Full-Text | 49-58 | |
| Giuseppe Scardino; Ignazio Infantino; Filippo Vella | |||
| The paper describes a system able to recognize the users identity according how she/he looks at the monitor while using a given interface. The system does not need invasive measurements that could limit the naturalness of her/his actions. The proposed approach clusters the sequences of observed points on the screen and characterizes the user identity according the relevant detected patterns. Moreover, the system is able to identify patterns in order to have a more accurate recognition and to create prototypes of natural facial dynamics in user expressions. The possibility to characterize people through facial movements introduces a new perspective on human-machine interaction. For example, a user can obtain different contents according her/his mood or a software interface can modify itself to keep a higher attention from a bored user. The success rate of the classification using only 7 parameters is around 68%. The approach is based on k-means that is tuned to maximize an index involving the number of true-positive detections and conditional probabilities. A different evaluation of this parameter allows to focus on the identification of a single user or to spot a general movement for a wide range of people The experiments show that the performance can reach the 90% of correct recognition. | |||
| Learning a Policy for Gesture-Based Active Multi-touch Authentication | | BIBA | Full-Text | 59-68 | |
| Raquel Torres Peralta; Anton Rebguns; Ian R. Fasel; Kobus Barnard | |||
| Multi-touch tablets can offer a large, collaborative space where several users can work on a task at the same time. However, the lack of privacy in these situations makes standard password-based authentication easily compromised. This work presents a new gesture-based authentication system based on users' unique signature of touch motion when drawing a combination of one-stroke gestures following two different policies, one fixed for all users and the other selected by a model of control to maximize the expected long-term information gain. The system is able to achieve high user recognition accuracy with relatively few gestures, demonstrating that human touch patterns have a distinctive "signature" that can be used as a powerful biometric measure for user recognition and personalization. | |||
| Studying the Effect of Human Cognition on Text and Image Recognition CAPTCHA Mechanisms | | BIBAK | Full-Text | 71-79 | |
| Marios Belk; Panagiotis Germanakos; Christos Fidas; George Spanoudis; George Samaras | |||
| This paper investigates the effect of individual differences in human
cognition on user performance in CAPTCHA tasks. In particular, a three-month
ecological valid user study was conducted with a total of 107 participants who
interacted with a text-recognition and an image-recognition CAPTCHA mechanism.
The study included a series of psychometric tests for eliciting users' speed of
processing, controlled attention and working memory capacity, with the aim to
examine the effect of these cognitive processes on the efficiency and
effectiveness of user interactions in CAPTCHA tasks. Preliminary results
provide interesting insights for the design and deployment of adaptive CAPTCHA
mechanisms based on individual differences in cognitive processing since it has
been initially shown that specific cognitive processing abilities of
individuals could be a determinant factor on the personalization of CAPTCHA
mechanisms. Keywords: Individual Differences; Cognitive Processing Abilities; CAPTCHA; Efficiency;
Effectiveness; User Study | |||
| Relationships between Password Choices, Perceptions of Risk and Security Expertise | | BIBA | Full-Text | 80-89 | |
| Sadie Creese; Duncan Hodges; Sue Jamison-Powell; Monica Whitty | |||
| 'Despite technological advances, humans remain the weakest link in Internet
security' [1], this weakness is typically characterised in one of two domains.
First, systems may not enable humans to interface securely, or the security
mechanisms themselves are unusable or difficult to use effectively. Second,
there may be something fundamental about the behaviour of some people which
leads them to become vulnerable.
This paper examines the links between perceptions of risk associated with online tasks and password choice. We also explore the degrees to which the said perceptions of risk differ according to whether the password user is a security expert or not, and whether they have experienced some form of attack. | |||
| Influence of Trust Assurances in Mobile Commerce Applications on the Formation of Online Trust | | BIBA | Full-Text | 90-99 | |
| Martin Hesseler; Gerhard Hartmann; Stefan Karsch | |||
| In this paper we investigate the influence of Trust Assurances in Mobile Commerce Applications on the formation of Online Trust. In comparison to existing measuring approaches we therefore developed a more detailed approach of capturing Online Trust. We carried out a study in which Online Trust was captured after an initial interaction with an unknown business partner in form of a fictional Mobile Commerce Application. The generated quantitative and qualitative data allowed for conclusions concerning the formation of Online Trust as well as the influence of Trust Assurances. | |||
| A Comparison of American and German Folk Models of Home Computer Security | | BIBAK | Full-Text | 100-109 | |
| Michaela Kauer; Sebastian Günther; Daniel Storck; Melanie Volkamer | |||
| Although many security solutions exist, home computer systems are vulnerable
against different type of attacks. The main reason is that users are either not
motivated to use these solutions or not able to correctly use them. In order to
make security software more usable and hence computers more secure, we re-ran
the study by Wash about "Folk Models of Home Computer Security" in Germany. We
classified the different mental models in eleven folk models. Eight of the
identified folk models are similar to the models Wash presented. We describe
each folk model and illustrate how users think about computer security. Keywords: (ACM classification) H.5.2 Information Interfaces and Presentation: User
Interfaces evaluation/methodology; user-centered design; H.5.3 Information
Interfaces and Presentation: Group and Organization Interfaces; collaborative
computing | |||
| Health Is Silver, Beauty Is Golden? | | BIBAK | Full-Text | 110-118 | |
| Johanna Kluge; Martina Ziefle | |||
| The acceptance of novel technology is one if not the most decisive component
of the success of the technology rollout. Though, acceptance criteria differ
not only across the diversity of users, but might also differ across the
different usage context. This is especially valid for technologies in the
health and beauty context, in which the balance between pro-using arguments and
contra-using arguments is especially fragile. This paper focuses on the impact
of the context towards the motivation to use an invasive technology. A survey
was conducted in which 170 participants of a wide age range (17-89 years) took
part. In the study, three different usage scenarios were presented (medical
scenario, preventative healthcare scenario and beauty scenario). After an
introduction into each scenario the participants had to evaluate usage motives
and barriers. The results corroborated the impact of the situational context
and the dependency of acceptance outcomes on the reasons for which technology
might be used. Overall, acceptance was highest for medical technology and
lowest for the beauty context. Considering the single reasons for or against
the technology, we find that nature and weighing of perceived barriers and
concerns are quite similar, independently of the context. Keywords: invasive; usage context; motives and barriers; medical technology; beauty;
cosmetic surgery | |||
| A Study Using TAM on the Recognition of Individuals' Privacy and the Acceptance of Risk | | BIBAK | Full-Text | 119-126 | |
| Ayako Komatsu | |||
| In this paper, a survey was conducted on the current status of social
networking services (SNS) with an emphasis on privacy concerns, which are often
deemed an obstruction factor in the use of such services on the Internet.
Anxiety over personal privacy and other factors were analyzed based on the
technology acceptance model (TAM). The results of the survey show that
"perceived usefulness" scored highest with respect to SNS, although, on the
demerit side, there were marked anxieties over privacy. Keywords: TAM; privacy risk; SNS; Trust; SEM | |||
| Personality's Influence on Facebook's Privacy Settings: A Case of College Students in Taiwan | | BIBAK | Full-Text | 127-134 | |
| Tingya Kuo; Hung-Lian Tang | |||
| Social networking sites such as Facebook have been experiencing tremendous
growth for the last several years. In order to get connected with people,
Facebook users have to create personal profile with real data about themselves,
such as name, home address, email address, phone numbers, relationship status
etc. However, there have been ongoing concerns about information disclosure and
privacy. Research has indicated personality is one of many factors may have
some influence on Facebook's usage, information disclosure, and privacy. The
purpose of this research was to investigate possible influence of personality
on Facebook privacy settings. Five hypotheses about personality and Facebook
privacy settings were developed. Data were collected from 500 college students
in Taiwan, with 441 valid data. Four hypotheses about personality and privacy
settings were partial supported. People with high extraversion had low privacy
settings on family and relationships, religious and political view, and
birthday. People with high agreeableness had high privacy settings on wall,
photos and videos, religious and political view, birthday, and comments. People
with high continuousness had high privacy settings on browsing personal profile
and searching personal profile. People with high emotional stability had high
privacy settings on religious and political views, and birthday. However, one
hypothesis about openness and privacy settings was not supported. Keywords: Personality; Facebook's privacy settings; Taiwan | |||
| An Influence of Self-evaluated Gender Role on the Privacy Management Behavior in Online Social Networks | | BIBAK | Full-Text | 135-144 | |
| Kijung Lee; Il-Yeol Song | |||
| The primary goal of this paper is testing a causal model of privacy
management indicating the influence of gender on the user behavior of privacy
management in OSNs. We adopted communication privacy management theory and the
theory of planned behavior, developed a causal model showing the influence of
self-evaluated gender role on the behavior of privacy management in online
social networks, and tested a set of hypotheses using structural equation
modeling (SEM). The results of SEM indicate that self-evaluation of masculinity
and femininity did not have significant relationship with user's behavior of
privacy management in OSN. Keywords: privacy; privacy management; gender role; bem sex role inventory; online
social networks; causal modeling; confirmatory factor analysis; structural
equation modeling | |||
| A Taxonomy of Cyber Awareness Questions for the User-Centered Design of Cyber Situation Awareness | | BIBAK | Full-Text | 145-154 | |
| Celeste Lyn Paul; Kirsten Whitley | |||
| This paper offers insights to how cyber security analysts establish and
maintain situation awareness of a large computer network. Through a series of
interviews, observations, and a card sorting activity, we examined the
questions analysts asked themselves during a network event. We present the
results of our work as a taxonomy of cyber awareness questions that represents
a mental model of situation awareness in cyber security analysts. Keywords: Computer security; situation awareness; user-centered design | |||
| Click Me If You Can! | | BIBAK | Full-Text | 155-166 | |
| Thomas Pfeiffer; Heike Theuerling; Michaela Kauer | |||
| Being able to predict how internet users react when confronted with a
potentially dangerous call for action in an online message (such as an e-mail)
is important for several reasons. On the one hand, users have to be protected
from fraudulent e-mails such as phishing. On the other hand, over-cautious
users would be difficult to communicate with on the internet, so senders of
legitimate messages have to know how to convince recipients of the authenticity
of their messages. Extensive research already exists from both of these
perspectives, but each study only explores certain aspects of the complex
system of factors influencing users' reactions. In this paper the results of
our efforts to integrate the various existing findings into one comprehensive
model are presented, along with the results of a preliminary evaluation of some
of the model's predictions using quantitative as well as qualitative measures
and eye-tracking. Keywords: decision model; e-mail; phishing; social engineering; e-commerce; trust;
risk | |||
| Increasing Trust Perceptions in the Internet of Things | | BIBA | Full-Text | 167-175 | |
| Trenton Schulz; Ingvar Tjøstheim | |||
| When interacting with objects and services in the Internet of Things, people will need to trust that their data is safe, and that "things" will do what they promise they will do. As part of a user evaluation of a toolkit for providing security and privacy information to users, we created two models to find a pattern in changes in the perception of trust in the participants. The model based on demographics was not very descriptive. But, the model based on participants' privacy concerns and trust traits revealed a good match between changes in trust based on information from our toolkit. While there were some limitations in the current study, it showed how TFT can be improved for future evaluations. | |||
| Perception of Risky Security Behaviour by Users: Survey of Current Approaches | | BIBAK | Full-Text | 176-185 | |
| Lynsay A. Shepherd; Jacqueline Archibald; R. I. Ferguson | |||
| What constitutes risky security behaviour is not necessarily obvious to
users and as a consequence end-user devices could be vulnerable to compromise.
This paper seeks to lay the groundwork for a project to provide instant warning
via automatic recognition of risky behaviour. It examines three aspects of the
problem, behaviour taxonomy, techniques for its monitoring and recognition and
means of giving appropriate feedback. Consideration is given to a way of
quantifying the perception of risk a user may have. An ongoing project is
described in which the three aspects are being combined in an attempt to better
educate users to the risks and consequences of poor security behaviour. The
paper concludes that affective feedback may be an appropriate method for
interacting with users in a browser-based environment. Keywords: End-user security behaviours; usable security; affective computing; user
monitoring techniques; user feedback; risk perception; security awareness | |||
| Understanding People's Preferences for Disclosing Contextual Information to Smartphone Apps | | BIBA | Full-Text | 186-196 | |
| Fuming Shih; Julia Boortz | |||
| Smartphones have become the primary and most intimate computing devices that
people rely on for their daily tasks. Sensor-based and network technologies
have turned smartphones into a "context-aware" information hub and a vehicle
for information exchange. These information provide apps and third party with a
wealth of sensitive information to mine and profile user behavior. However, the
Orwellian implications created by context-awareness technology have caused
uneasiness to people when using smartphone applications and reluctance of using
them [6]. To mitigate people's privacy concerns, previous research suggests
giving controls to people on how their information should be collected,
accessed and shared. However, deciding who (people or the application) gets to
access to what (types of information) could be an unattainable task. In order
to develop appropriate applications and privacy policies it is important to
understand under what circumstances people are willing to disclose information. Note: Best paper award | |||
| Constructing Positive Influences for User Security Decisions to Counter Corporate or State Sponsored Computer Espionage Threats | | BIBAK | Full-Text | 197-206 | |
| Martyn Styles | |||
| This paper presents an analysis of employees' security behavior, which
focuses upon improving user awareness to counter computer espionage attempts by
corporate or state sponsored activity. The author examines existing literature,
presents the results from initial experiments in security awareness and
proposes further work. Keywords: Security awareness; user behavior; APT; corporate espionage; employee
psychology; social engineering | |||
| Strategic Interaction Analysis of Privacy-Sensitive End-Users of Cloud-Based Mobile Apps | | BIBAK | Full-Text | 209-216 | |
| Kalliopi Anastasopoulou; Theo Tryfonas; Spyros Kokolakis | |||
| Free mobile applications of cloud computing offer a range of diverse
services (e.g. gaming, storage etc.) usually in return for delivering
personalized advertising to their consenting end-users. In order to do so they
may retain a range of personal information such as location and personal
preferences. Thus, privacy-related interactions between service providers and
end users are important to be studied as personal data are valuable in a
subscription-based cloud system. In this paper, game theory is used as a tool
to identify and analyze such interactions in order to understand stakeholder
choices, as well as how to improve the quality of the service offered in a
cloud computing setting. Keywords: Privacy; mobile apps; cloud; game theory; strategic interactions | |||
| Essential Lessons Still Not Learned? Examining the Password Practices of End-Users and Service Providers | | BIBAK | Full-Text | 217-225 | |
| Steven Furnell; Nina Bär | |||
| Password authentication remains the dominant form of user authentication for
online systems. As such, from a user perspective, it is an approach that they
are very much expected to understand and use. However, a survey of 246 users
revealed that about one third chose weak passwords, including personal
information or dictionary words. To prevent such forms of bad security
behavior, service providers should offer support, but the reality of the
situation suggests that tangible weaknesses can exist amongst both parties, and
thus despite their long-recognised importance, good password practices have yet
to become an established part of our security culture. An experimental study
was conducted in order to investigate the effect of providing password guidance
upon end users' password choices. The findings revealed that the mere
presentation of guidance (without any accompanying enforcement of good
practice) had a significant effect upon the resulting password quality. Keywords: Password guidance; authentication; end user; security behavior | |||
| Ethical Issues Surrounding the Asymmetric Nature of Workplace Monitoring | | BIBAK | Full-Text | 226-235 | |
| John D. Bustard | |||
| Public discussion of the privacy concerns of individuals has focused on
protecting them from criminal attacks, government spying and the manipulation
of consumers by businesses. While these are important areas of concern, there
is also a significant ethical and societal risk from privacy intrusion from
other sources, such as employers. Many employers gather extensive and highly
personal information on their staff. The availability of this information is
often asymmetric, with higher status employees having correspondingly greater
access to the personal data of others. This paper examines some of the risks
inherent in this asymmetry and discusses to what extent existing legal and
social measures are sufficient to protect individuals, organisations and
society. Keywords: Ethics; privacy; workplace monitoring | |||
| A Reasonable Expectation of Privacy? Secrecy and National Security in a Democracy | | BIBAK | Full-Text | 236-245 | |
| Kathleen M. Hogan | |||
| Citizens do not routinely agree to sacrifice their privacy. When cases come
to light that the government has been spying on its citizens, there is outrage.
Still, citizens' fierce protection of personal privacy does not obviate their
expectation of government to ensure national security. Public support for
secret government operations is cyclical, self-interested, influenced by
citizens' knowledge of political affairs, and related to the public's level of
trust in its leaders and the perception of threats. Polls indicate that
citizens are protective of their personal privacy but willing to give up a
degree of control to trusted leaders. Keywords: Secrecy; privacy; public opinion polls about national security; government;
public preferences | |||
| Towards Usable Generation and Enforcement of Trust Evidence from Programmers' Intent | | BIBA | Full-Text | 246-255 | |
| Michael Huth; Jim Huan-Pu Kuo; Angela Sasse; Iacovos Kirlappos | |||
| Programmers develop code with a sense of purpose and with expectations on how units of code should interact with other units of code. But this intent of programmers is typically implicit and undocumented, goes beyond considerations of functional correctness, and may depend on trust assumptions that programmers make. At present, neither programming languages nor development environments offer a means of articulating such intent in a manner that could be used for controlling whether software executions meet such intentions and their associated expectations. We here study how extant research on trust can inform approaches to articulating programmers' intent so that it may help with creating trust evidence for more trustworthy interaction of software units. | |||
| Modeling Security Policy and the Effect for End-Users | | BIBA | Full-Text | 256-265 | |
| Kevin D. Jones; Kizito Salako | |||
| Many "good practices" in computer security are based on assumptions and local evidence that do not generalize. There are few quantifiable methods of establishing or refuting the validity of these practices from a user perspective. We propose a formal model of security policies that allows us to evaluate the claimed benefits to the user of the system quantitatively. We illustrate the use of the model by looking at a security policy we all live with daily: The Password Policy. | |||
| Legal Protection for Personal Information Privacy | | BIBAK | Full-Text | 266-275 | |
| Yinan Liu | |||
| While the privacy concerns raised by advances in information technologies
are widely recognized, recent developments have led to a convergence of these
technologies in many situations, presenting new challenges to the right to
privacy. This paper examines the information technologies and its potential
impact on individual privacy interests. The paper first discusses the right to
privacy, personal information and information privacy separately, noting ways
that new technologies create privacy concerns. The paper then examines the
legislation in U.S., E.U. Finally, the paper examines existing protections for
privacy in China, considers why they are insufficient, and proposes measures to
enhance the legal protection of privacy interests to address these new
technologies. Keywords: personal information; right to privacy; information privacy; legal
protection | |||
| "The Four Most-Used Passwords Are Love, Sex, Secret, and God": Password Security and Training in Different User Groups | | BIBAK | Full-Text | 276-283 | |
| Birgy Lorenz; Kaido Kikkas; Aare Klooster | |||
| Picking good passwords is a cornerstone of computer security. Yet already
since the early days (e.g. The Stockings Were Hung by the Chimney with Care
from 1973; we have also borrowed our title from the 1995 movie Hackers),
insecure passwords have been a major liability. Ordinary users want simple and
fast solutions -- they either choose a trivial (to remember and to guess)
password, or pick a good one, write it down and stick the paper under the mouse
pad, inside the pocket book or to the monitor. They are also prone to
reflecting their personal preferences in their password choices, providing
telling hints online and giving them out on just a simple social engineering
attack. Kevin Mitnick has said that security is not a product that can be
purchased off the shelf, but consists of policies, people, processes, and
technology. This applies fully to password security as well. We studied several
different groups (students, educators, ICT specialists etc -- more than 300
people in total) and their password usage. The methods included password
practices survey, password training sessions, discussions and also simulated
social engineering attacks (the victims were informed immediately about their
mistakes).
We suggest that password training should be adjusted for different focus groups. For example, we found that schoolchildren tend to grasp new concepts faster -- often, a simple explanation is enough to improve the password remarkably. Thus, we would stress the people and process aspects of the Mitnick formula mentioned above. At the same time, many officials and specialists tend to react to password training with dismissal and scorn (our study suggests that 'you cannot guess my password' is an alarmingly common mindset). Examples like 'admin', 'Password', '123456' etc have occurred even at qualified security professionals, more so at educators. Yet, as Estonia is increasingly relying on the E-School system, these passwords are becoming a prime target. Therefore, for most adult users we suggest putting the emphasis on policy and technology aspects (strict, software-enforced lower limits of acceptable password length, character variability checks, but also clearly written rulesets etc). Keywords: passwords; security awareness; training; privacy; user behavior | |||
| The Privacy Paradox between Users' Attitudes, Stringent Legal Framework and (the Lack of) Adequate Implementation Tools | | BIBAK | Full-Text | 284-294 | |
| Shara Monteleone | |||
| This paper discusses the phenomenon, typical of our Digital Age, called as
the 'privacy paradox': although users are aware of the threats to their
privacy, the analysis of their online behavior seemingly shows a lack of
interest in their privacy, as they keep using online services and products, and
even if they know their privacy rights and the existing legal measures to
protect them, they appear unwilling of using available protection tools. This
paper will show that the reason of this (apparent) paradox is not necessarily
the users' neglectful attitude towards their privacy but should be found in the
lack of effective implementation tools, at both legal and technical level (e.g.
privacy policies). Keywords: privacy paradox; European DP legal framework; privacy policies | |||
| Addressing User Privacy and Experience in Distributed Long Lifetime Systems | | BIBA | Full-Text | 297-305 | |
| Scott W. Cadzow | |||
| Very large distributed systems that aim to offer natural interaction with their human users fail to address the everyday nature of trust and its establishment at their peril. In human interactions trust builds slowly, it builds contextually, and it builds by association. In contrast most software systems make assumptions regarding user behaviour and do little to learn at the natural pace of the user, this leads to an unnatural relationship between the user and the software, system or service they are using. The claims of social networking to address this only go so far as in many cases the objectives of the service and those of the user do not align or one melds to the other -- treating a person as a social network entity quite distinct from that same person as a natural person. What this paper intends to show is how the privacy and security problem is being addressed across the smart city projects in Europe with particular emphasis placed on material from case studies taken from the i-Tour and i-SCOPE projects. | |||
| Secure and Energy-Efficient Life-Logging in Wireless Pervasive Environments | | BIBA | Full-Text | 306-315 | |
| Alexandros Fragkiadakis; Ioannis Askoxylakis; Elias Tragos | |||
| The current proliferation of ubiquitous networking (e.g. WiFi, bluetooth) along with the high penetration of the pervasive devices (smart phones, tablets) have provided a substantial boost to life-logging; a framework for the every-day recording of sensitive and personal data of individuals. Life-logging systems usually consist of resource-constrained devices (sensors). Moreover, as for every emerging technology, life-logging is susceptible to a number of security threats. In this paper, we implement and evaluate a joint encryption and compression scheme using the current advances in compressed sensing theory. The evaluation shows that the reconstruction error is kept low even for high compression ratios, and the power consumption of the life-logging system significantly reduces. | |||
| Supporting Human Decision-Making Online Using Information-Trustworthiness Metrics | | BIBAK | Full-Text | 316-325 | |
| Jason R. C. Nurse; Sadie Creese; Michael Goldsmith; Syed Sadiqur Rahman | |||
| The vast amount of information available online places decision makers
wishing to use this content in an advantageous but also very difficult
position. The advantages stem from the volume of content from a variety of
sources that is readily available; the difficulties arise because of the often
unknown quality and trustworthiness of the information -- is it fact, opinion
or purely meant to deceive? In this paper we reflect on and extend current work
on information trust and quality metrics which can be used to address this
difficulty. Specifically, we propose new metrics as worthy of consideration and
the new combinatorics required to take measurements of the various trust
factors into a single score. These feed into our existing overarching
policy-based approach that uses trustworthiness metrics to support
decision-making online. Keywords: information trustworthiness; information quality; metrics; human
decision-making; open-source content; social-media; online risks | |||
| On the Secure and Safe Data Synchronization | | BIBAK | Full-Text | 326-331 | |
| Pavel Ocenasek; Jaromir Karmazin | |||
| This paper deals the aspects of data synchronization. The first part focuses
on existing technologies and their features. We follow with the proposal of
application that can be used as an alternative to the existing solutions. The
proposed peer-to-peer application includes several safety improvements as well
as it supports secure communication and data storage. Keywords: Synchrnozation; security; safety; cloud; networking | |||
| The Practice of Global Internet Filtering | | BIBAK | Full-Text | 332-337 | |
| Pavel Ocenasek | |||
| This paper deals with Global Internet Filtering.. Various technical
solutions for Internet filtering are presented together with filtering analysis
options. Several possibilities for blocked content access and filtering
circumvention in general are discussed. Keywords: Internet filtering; filtering circumvention; surveillance; blocking;
firewall | |||
| A Privacy-Level Model of User-Centric Cyber-Physical Systems | | BIBAK | Full-Text | 338-347 | |
| Nikolaos E. Petroulakis; Ioannis G. Askoxylakis; Apostolos Traganitis; George Spanoudakis | |||
| In an interconnected cyber-world, Cyber-Physical Systems (CPSs) appear to
play an increasingly important role in smart ecosystems. A variety of
resource-constrained thin clients, such as sensors, RFIDs, actuators and smart
devices, are included in the list of CPS. These devices can be used in a number
of medical, vehicular, aviation, military and smart cities applications. A
plethora of sensitive data is transmitted in insecure wireless or wired
environments whilst adversaries are eager to eavesdrop, modify or destroy
sensed data invading the privacy of user-centric CPSs. This work presents an
overview and analysis of the most effective attacks, privacy challenges and
mitigation techniques for preserving the privacy of users and their
interconnected devices. In order to preserve privacy, a privacy-level model is
proposed in which users have the capability of assigning different privacy
levels based on the variety and severity of privacy challenges and devices'
capabilities. Finally, we evaluate the performance of specific CPSs at
different privacy-levels in terms of time and consumed energy in an
experimental test-bed that we have developed. Keywords: Privacy; Privacy-level model; Security; Cyber-Physical Systems | |||
| High-Level Design for a Secure Mobile Device Management System | | BIBAK | Full-Text | 348-356 | |
| Keunwoo Rhee; Sun-Ki Eun; Mi-Ri Joo; Jihoon Jeong; Dongho Won | |||
| Corporate security is threatened by Bring-Your-Own-Device trend. As mobile
devices that provide high computing and wireless communication capabilities are
increasingly being used in business, leakage of personal information and
confidential data stored in a mobile device increases and bypass routes to
corporate internal network are created by the mobile devices. A mobile device
management system is a security solution to cope with these problems. This
paper proposes platform-independent mobile device management system with using
the Common Criteria for Information Technology Security Evaluation. As a
result, the proposed design improves the security of the mobile device
management system and guarantees high usability. Keywords: mobile device management system; high-level design; Security Target; Common
Criteria | |||
| Factors Influencing Adoption of Encryption to Secure Data in the Cloud | | BIBA | Full-Text | 357-365 | |
| Kenneth E. Stavinoha | |||
| This research measured factors that influence the adoption of encryption to secure data in the cloud and provided guidance on when encryption might be most appropriate. Additionally, the study investigated the important elements necessary to develop a framework for a secure cloud computing environment. The objective of this research was to provide normative guidance and empirical data that assists both cloud service providers and users of cloud technology in selecting the best mitigation, or suite of mitigations, that most effectively protect data in the cloud. This research helps to fill a gap by examining issues affecting cloud consumers, the elements that play a role in the decision to use a cloud service, and the influencing factors in the decision to use encryption to secure data in the cloud. | |||
| Cloudopsy: An Autopsy of Data Flows in the Cloud | | BIBA | Full-Text | 366-375 | |
| Angeliki Zavou; Vasilis Pappas; Vasileios P. Kemerlis; Michalis Polychronakis; Georgios Portokalidis; Angelos D. Keromytis | |||
| Despite the apparent advantages of cloud computing, the fear of unauthorized exposure of sensitive user data [3,4,8,13] and non-compliance to privacy restrictions impedes its adoption for security-sensitive tasks. For the common setting in which the cloud infrastructure provider and the online service provider are different, end users have to trust the efforts of both of these parties for properly handling their private data as intended. To address this challenge, in this work, we take a step towards elevating the confidence of users for the safety of their cloud-resident data by introducing Cloudopsy, a service with the goal to provide a visual autopsy of the exchange of user data in the cloud premises. Cloudopsy offers a user-friendly interface to the customers of the cloud-hosted services to independently monitor and get a better understanding of the handling of their cloud-resident sensitive data by the third-party cloud-hosted services. While the framework is targeted mostly towards the end users, Cloudopsy provides also the service providers with an additional layer of protection against illegitimate data flows, e.g., inadvertent data leaks, by offering a graphical more meaningful representation of the overall service dependencies and the relationships with third-parties outside the cloud premises, as they derive from the collected audit logs. The novelty of Cloudopsy lies in the fact that it leverages the power of visualization when presenting the final audit information to the end users (and the service providers), which adds significant benefits to the understanding of rich but ever-increasing audit trails. One of the most obvious benefits of the resulting visualization is the ability to better understand ongoing events, detect anomalies, and reduce decision latency, which can be particularly valuable in real-time environments. | |||