441 resultados para privacy violations
Resumo:
We introduce a lightweight biometric solution for user authentication over networks using online handwritten signatures. The algorithm proposed is based on a modified Hausdorff distance and has favorable characteristics such as low computational cost and minimal training requirements. Furthermore, we investigate an information theoretic model for capacity and performance analysis for biometric authentication which brings additional theoretical insights to the problem. A fully functional proof-of-concept prototype that relies on commonly available off-the-shelf hardware is developed as a client-server system that supports Web services. Initial experimental results show that the algorithm performs well despite its low computational requirements and is resilient against over-the-shoulder attacks.
Resumo:
Our daily lives become more and more dependent upon smartphones due to their increased capabilities. Smartphones are used in various ways from payment systems to assisting the lives of elderly or disabled people. Security threats for these devices become increasingly dangerous since there is still a lack of proper security tools for protection. Android emerges as an open smartphone platform which allows modification even on operating system level. Therefore, third-party developers have the opportunity to develop kernel-based low-level security tools which is not normal for smartphone platforms. Android quickly gained its popularity among smartphone developers and even beyond since it bases on Java on top of "open" Linux in comparison to former proprietary platforms which have very restrictive SDKs and corresponding APIs. Symbian OS for example, holding the greatest market share among all smartphone OSs, was closing critical APIs to common developers and introduced application certification. This was done since this OS was the main target for smartphone malwares in the past. In fact, more than 290 malwares designed for Symbian OS appeared from July 2004 to July 2008. Android, in turn, promises to be completely open source. Together with the Linux-based smartphone OS OpenMoko, open smartphone platforms may attract malware writers for creating malicious applications endangering the critical smartphone applications and owners� privacy. In this work, we present our current results in analyzing the security of Android smartphones with a focus on its Linux side. Our results are not limited to Android, they are also applicable to Linux-based smartphones such as OpenMoko Neo FreeRunner. Our contribution in this work is three-fold. First, we analyze android framework and the Linux-kernel to check security functionalities. We survey wellaccepted security mechanisms and tools which can increase device security. We provide descriptions on how to adopt these security tools on Android kernel, and provide their overhead analysis in terms of resource usage. As open smartphones are released and may increase their market share similar to Symbian, they may attract attention of malware writers. Therefore, our second contribution focuses on malware detection techniques at the kernel level. We test applicability of existing signature and intrusion detection methods in Android environment. We focus on monitoring events on the kernel; that is, identifying critical kernel, log file, file system and network activity events, and devising efficient mechanisms to monitor them in a resource limited environment. Our third contribution involves initial results of our malware detection mechanism basing on static function call analysis. We identified approximately 105 Executable and Linking Format (ELF) executables installed to the Linux side of Android. We perform a statistical analysis on the function calls used by these applications. The results of the analysis can be compared to newly installed applications for detecting significant differences. Additionally, certain function calls indicate malicious activity. Therefore, we present a simple decision tree for deciding the suspiciousness of the corresponding application. Our results present a first step towards detecting malicious applications on Android-based devices.
Resumo:
Complex Internet attacks may come from multiple sources, and target multiple networks and technologies. Nevertheless, Collaborative Intrusion Detection Systems (CIDS) emerges as a promising solution by using information from multiple sources to gain a better understanding of objective and impact of complex Internet attacks. CIDS also help to cope with classical problems of Intrusion Detection Systems (IDS) such as zero-day attacks, high false alarm rates and architectural challenges, e. g., centralized designs exposing the Single-Point-of-Failure. Improved complexity on the other hand gives raise to new exploitation opportunities for adversaries. The contribution of this paper is twofold. We first investigate related research on CIDS to identify the common building blocks and to understand vulnerabilities of the Collaborative Intrusion Detection Framework (CIDF). Second, we focus on the problem of anonymity preservation in a decentralized intrusion detection related message exchange scheme. We use techniques from design theory to provide multi-path peer-to-peer communication scheme where the adversary can not perform better than guessing randomly the originator of an alert message.
Resumo:
In the last decade, smartphones have gained widespread usage. Since the advent of online application stores, hundreds of thousands of applications have become instantly available to millions of smart-phone users. Within the Android ecosystem, application security is governed by digital signatures and a list of coarse-grained permissions. However, this mechanism is not fine-grained enough to provide the user with a sufficient means of control of the applications' activities. Abuse of highly sensible private information such as phone numbers without users' notice is the result. We show that there is a high frequency of privacy leaks even among widely popular applications. Together with the fact that the majority of the users are not proficient in computer security, this presents a challenge to the engineers developing security solutions for the platform. Our contribution is twofold: first, we propose a service which is able to assess Android Market applications via static analysis and provide detailed, but readable reports to the user. Second, we describe a means to mitigate security and privacy threats by automated reverse-engineering and refactoring binary application packages according to the users' security preferences.
Resumo:
The evolution of classic power grids to smart grids creates chances for most participants in the energy sector. Customers can save money by reducing energy consumption, energy providers can better predict energy demand and environment benefits since lower energy consumption implies lower energy production including a decrease of emissions from plants. But information and communication systems supporting smart grids can also be subject to classical or new network attacks. Attacks can result in serious damage such as harming privacy of customers, creating economical loss and even disturb the power supply/demand balance of large regions and countries. In this paper, we give an overview about the German smart measuring architecture, protocols and security. Afterwards, we present a simulation framework which enables researchers to analyze security aspects of smart measuring scenarios.
Resumo:
Our daily lives become more and more dependent upon smartphones due to their increased capabilities. Smartphones are used in various ways, e.g. for payment systems or assisting the lives of elderly or disabled people. Security threats for these devices become more and more dangerous since there is still a lack of proper security tools for protection. Android emerges as an open smartphone platform which allows modification even on operating system level and where third-party developers first time have the opportunity to develop kernel-based low-level security tools. Android quickly gained its popularity among smartphone developers and even beyond since it bases on Java on top of "open" Linux in comparison to former proprietary platforms which have very restrictive SDKs and corresponding APIs. Symbian OS, holding the greatest market share among all smartphone OSs, was even closing critical APIs to common developers and introduced application certification. This was done since this OS was the main target for smartphone malwares in the past. In fact, more than 290 malwares designed for Symbian OS appeared from July 2004 to July 2008. Android, in turn, promises to be completely open source. Together with the Linux-based smartphone OS OpenMoko, open smartphone platforms may attract malware writers for creating malicious applications endangering the critical smartphone applications and owners privacy. Since signature-based approaches mainly detect known malwares, anomaly-based approaches can be a valuable addition to these systems. They base on mathematical algorithms processing data that describe the state of a certain device. For gaining this data, a monitoring client is needed that has to extract usable information (features) from the monitored system. Our approach follows a dual system for analyzing these features. On the one hand, functionality for on-device light-weight detection is provided. But since most algorithms are resource exhaustive, remote feature analysis is provided on the other hand. Having this dual system enables event-based detection that can react to the current detection need. In our ongoing research we aim to investigates the feasibility of light-weight on-device detection for certain occasions. On other occasions, whenever significant changes are detected on the device, the system can trigger remote detection with heavy-weight algorithms for better detection results. In the absence of the server respectively as a supplementary approach, we also consider a collaborative scenario. Here, mobile devices sharing a common objective are enabled by a collaboration module to share information, such as intrusion detection data and results. This is based on an ad-hoc network mode that can be provided by a WiFi or Bluetooth adapter nearly every smartphone possesses.
Resumo:
Session Initiation Protocol (SIP) is developed to provide advanced voice services over IP networks. SIP unites telephony and data world, permitting telephone calls to be transmitted over Intranets and Internet. Increase in network performance and new mechanisms for guaranteed quality of service encourage this consolidation to provide toll cost savings. Security comes up as one of the most important issues when voice communication and critical voice applications are considered. Not only the security methods provided by traditional telephony systems, but also additional methods are required to overcome security risks introduced by the public IP networks. SIP considers security problems of such a consolidation and provides a security framework. There are several security methods defined within SIP specifications and extensions. But, suggested methods can not solve all the security problems of SIP systems with various system requirements. In this thesis, a Kerberos based solution is proposed for SIP security problems, including SIP authentication and privacy. The proposed solution tries to establish flexible and scalable SIP system that will provide desired level of security for voice communications and critical telephony applications.
Resumo:
Information privacy is a crucial aspect of eHealth. Appropriate privacy management measures are therefore essential for its success. However, traditional measures for privacy preservation such as rigid access controls (i.e., preventive measures) are not suitable to eHealth because of the specialised and information - intensive nature of healthcare itself, and the nature of the information. Healthcare professionals (HCP) require easy, unrestricted access to as much information as possible towards making well - informed decisions. On the other end of the scale however, consumers (i.e., patients) demand control over their health information and raise concerns for privacy arising from internal activities (i.e., information use by HCPs). A proper balance of these competing concerns is vital for the implementation of successful eHealth systems. Towards reaching this balance, we propose an information accountability framework (IAF) for eHealth systems.
Resumo:
Executive Summary The Australian Psychological Society categorically condemns the practice of detaining child asylum seekers and their families, on the grounds that it is not commensurate with psychological best practice concerning children’s development and mental health and wellbeing. Detention of children in this fashion is also arguably a violation of the UN Convention on the Rights of the Child. A thorough review of relevant psychological theory and available research findings from international research has led the Australian Psychological Society to conclude that: • Detention is a negative socialisation experience. • Detention is accentuates developmental risks. • Detention threatens the bonds between children and significant caregivers. • Detention limits educational opportunities. • Detention has traumatic impacts on children of asylum seekers. • Detention reduces children’s potential to recover from trauma. • Detention exacerbates the impacts of other traumas. • Detention of children from these families in many respects is worse for them than being imprisoned. In the absence of any indication from the Australian Government that it intends in the near future to alter the practice of holding children in immigration detention, the Australian Psychological Society’s intermediate position is that the facilitation of short-term and long-term psychological development and wellbeing of children is the basic tenet upon which detention centres should be audited and judged. Based on that position, the Society has identified a series of questions and concerns that arise directly from the various psychological perspectives that have been brought to bear on estimating the effects of detention on child asylum seekers. The Society argues that, because these questions and concerns relate specifically to improvement and maintenance of child detainees’ educational, social and psychological wellbeing, they are legitimate matters for the Inquiry to consider and investigate. • What steps are currently being taken to monitor the psyc hological welfare of the children in detention? In particular, what steps are being taken to monitor the psychological wellbeing of children arriving from war-torn countries? • What qualifications and training do staff who care for children and their families in detention centres have? What knowledge do they have of psychological issues faced by people who have been subjected to traumatic experiences and are suffering high degrees of anxiety, stress and uncertainty? • What provisions have been made for psycho-educational assessment of children’s specific learning needs prior to their attending formal educational programmes? • who are suffering chronic and/or vicarious trauma as a result of witnessing threatening behaviour whilst in detention? • What provisions have been made for families who have been seriously affected by displacement to participate in family therapy? • What critical incident debriefing procedures are in place for children who have witnessed their parents, other family members, or social acquaintances engaging in acts of self-harm or being harmed while in detention? What psychotherapeutic support is in place for children who themselves have been harmed or have engaged in self- harmful acts while in detention? • What provisions are in place for parenting programmes that provide support for parents of children under extremely difficult psychological and physical circumstances? • What efforts are being made to provide parents with the opportunity to model traditional family roles for children, such as working to earn an income, meal preparation, other household duties, etc.? • What opportunities are in place for the assessment of safety issues such as bullying, and sexual or physical abuse of children or their mothers in detention centres? • How are resources distributed to children and families in detention centres? • What socialization opportunities are available either within detention centres or in the wider community for children to develop skills and independence, engage in social activities, participate in cultural traditions, and communicate and interaction with same-age peers and adults from similar ethnic and religious backgrounds? • What access do children and families have to videos, music and entertainment from their cultures of origin? • What provisions are in place to ensure the maintenance of privacy in a manner commensurate with usual cultural practice? • What is the Government’s rationale for continuing to implement a policy of mandatory detention of child asylum seekers that on the face of it is likely to have a pernicious impact on these children’s mental health? • In view of the evidence on the potential long-term impact of mandatory detention on children, what processes may be followed by Government to avoid such a practice and, more importantly, to develop policies and practices that will have a positive impact on these children’s psychological development and mental health?
Resumo:
The availability of health information is rapidly increasing; its expansion and proliferation is inevitable. At the same time, breeding of health information silos is an unstoppable and relentless exercise. Information security and privacy concerns are therefore major barriers in the eHealth socio-eco system. We proposed Information Accountability as a measurable human factor that should eliminate and mitigate security concerns. Information accountability measures would be practicable and feasible if legislative requirements are also embedded. In this context, information accountability constitutes a key component for the development of effective information technology requirements for health information system. Our conceptual approach to measuring human factors related to information accountability in eHealth is presented in this paper with some limitations.
Resumo:
We consider the problem of maximizing the secure connectivity in wireless ad hoc networks, and analyze complexity of the post-deployment key establishment process constrained by physical layer properties such as connectivity, energy consumption and interference. Two approaches, based on graph augmentation problems with nonlinear edge costs, are formulated. The first one is based on establishing a secret key using only the links that are already secured by shared keys. This problem is in NP-hard and does not accept polynomial time approximation scheme PTAS since minimum cutsets to be augmented do not admit constant costs. The second one extends the first problem by increasing the power level between a pair of nodes that has a secret key to enable them physically connect. This problem can be formulated as the optimal key establishment problem with interference constraints with bi-objectives: (i) maximizing the concurrent key establishment flow, (ii) minimizing the cost. We prove that both problems are NP-hard and MAX-SNP with a reduction to MAX3SAT problem.
Resumo:
This paper explores the similarities and differences between bicycle and motorcycle crashes with other motor vehicles. If similar treatments can be effective for both bicycle and motorcycle crashes, then greater benefits in terms crash costs saved may be possible for the same investment in treatments. To reduce the biases associated with under-reporting of these crashes to police, property damage and minor injury crashes were excluded. The most common crash type for both bicycles (31.1%) and motorcycles (24.5%) was intersection from adjacent approaches. Drivers of other vehicles were coded most at fault in the majority of two-unit bicycle (57.0%) and motorcycle crashes (62.7%). The crash types, patterns of fault and factors affecting fault were generally similar for bicycle and motorcycle crashes. This confirms the need to combat the factors contributing to failure of other drivers to yield right of way to two-wheelers, and suggest that some of these actions should prove beneficial to the safety of both motorized and non-motorized two-wheelers. In contrast, child bicyclists were more often at fault, particularly in crashes involving a vehicle leaving the driveway or footpath. The greater reporting of violations by riders and drivers in motorcycle crashes also deserves further investigation.
Resumo:
Penalties and sanctions to deter risky/illegal behaviours are important components of traffic law enforcement. Sanctions can be applied to the vehicle (e.g., impoundment), the person (e.g., remedial programs or jail), or the licence (e.g., disqualification). For licence sanctions, some offences attract automatic suspension while others attract demerit points which can indirectly lead to licence loss. In China, a licence is suspended when a driver accrues twelve demerit points within one year. When this occurs, the person must undertake a one-week retraining course at their own expense and successfully pass an examination to become relicensed. Little is known about the effectiveness of this program. A pilot study was conducted in Zhejiang Province to examine basic information about participants of a retraining course. The aim was to gather baseline data for future comparison. Participants were recruited at a driver retraining centre in a large city in Zhejiang Province. In total, 239 suspended drivers completed an anonymous questionnaire which included demographic information, driving history, and crash involvement. Overall, 87% were male with an overall mean age of 35.02 years (SD=8.77; range 21-60 years). A large proportion (83.3%) of participants owned a vehicle. Commuting to work was reported by 64% as their main reason for driving, while 16.3% reported driving for work. Only 6.4% reported holding a licence for 1 year or less (M=8.14 years, SD=6.5, range 1-31 years) and people reported driving an average of 18.06 hours/week (SD=14.4, range 1-86 hours). This represents a relatively experienced group, especially given the increase in new drivers in China. The number of infringements reportedly received in the previous year ranged from 2 to 18 (M=4.6, SD=3.18); one third of participants reported having received 5 or more infringements. Approximately one third also reported having received infringements in the previous year but not paid them. Various strategies for avoiding penalties were reported. The most commonly reported traffic violations were: drink driving (DUI; 0.02-0.08 mg/100ml) with 61.5% reporting 1 such violation; and speeding (47.7% reported 1-10 violations). Only 2.2% of participants reported the more serious drunk driving violation (DWI; above 0.08mg/100ml). Other violations included disobeying traffic rules, using inappropriate licence, and licence plate destroyed/not displayed. Two-thirds of participants reported no crash involvement in the previous year while 14.2% reported involvement in 2-5 crashes. The relationship between infringements and crashes was limited, however there was a small, positive significant correlation between crashes and speeding infringements (r=.2, p=.004). Overall, these results indicate the need for improved compliance with the law among this sample of traffic offenders. For example, lower level drink driving (DUI) and speeding were the most commonly reported violations with some drivers having committed a large number in the previous year. It is encouraging that the more serious offence of drunk driving (DWI) was rarely reported. The effectiveness of this driver retraining program and the demerit point penalty system in China is currently unclear. Future research including driver follow up via longitudinal study is recommended to determine program effectiveness to enhance road safety in China.
Resumo:
Predicate encryption (PE) is a new primitive which supports exible control over access to encrypted data. In PE schemes, users' decryption keys are associated with predicates f and ciphertexts encode attributes a that are specified during the encryption procedure. A user can successfully decrypt if and only if f(a) = 1. In this thesis, we will investigate several properties that are crucial to PE. We focus on expressiveness of PE, Revocable PE and Hierarchical PE (HPE) with forward security. For all proposed systems, we provide a security model and analysis using the widely accepted computational complexity approach. Our first contribution is to explore the expressiveness of PE. Existing PE supports a wide class of predicates such as conjunctions of equality, comparison and subset queries, disjunctions of equality queries, and more generally, arbitrary combinations of conjunctive and disjunctive equality queries. We advance PE to evaluate more expressive predicates, e.g., disjunctive comparison or disjunctive subset queries. Such expressiveness is achieved at the cost of computational and space overhead. To improve the performance, we appropriately revise the PE to reduce the computational and space cost. Furthermore, we propose a heuristic method to reduce disjunctions in the predicates. Our schemes are proved in the standard model. We then introduce the concept of Revocable Predicate Encryption (RPE), which extends the previous PE setting with revocation support: private keys can be used to decrypt an RPE ciphertext only if they match the decryption policy (defined via attributes encoded into the ciphertext and predicates associated with private keys) and were not revoked by the time the ciphertext was created. We propose two RPE schemes. Our first scheme, termed Attribute- Hiding RPE (AH-RPE), offers attribute-hiding, which is the standard PE property. Our second scheme, termed Full-Hiding RPE (FH-RPE), offers even stronger privacy guarantees, i.e., apart from possessing the Attribute-Hiding property, the scheme also ensures that no information about revoked users is leaked from a given ciphertext. The proposed schemes are also proved to be secure under well established assumptions in the standard model. Secrecy of decryption keys is an important pre-requisite for security of (H)PE and compromised private keys must be immediately replaced. The notion of Forward Security (FS) reduces damage from compromised keys by guaranteeing confidentiality of messages that were encrypted prior to the compromise event. We present the first Forward-Secure Hierarchical Predicate Encryption (FS-HPE) that is proved secure in the standard model. Our FS-HPE scheme offers some desirable properties: time-independent delegation of predicates (to support dynamic behavior for delegation of decrypting rights to new users), local update for users' private keys (i.e., no master authority needs to be contacted), forward security, and the scheme's encryption process does not require knowledge of predicates at any level including when those predicates join the hierarchy.
Resumo:
This thesis investigates the role of personal Digital Stories shared in public spaces as catalysts for social change. By analysing the influence of workshop facilitators, organisations, digital platforms and networked publics on voice and self-representation, it sheds light on shifting meanings of publicness and privacy, both face to face and online. This thesis argues that, despite numerous obstacles, the cumulative influence of diverse voices dispersed among networked publics shape new cultural norms, thereby contributing to gradual social change.
