809 resultados para Privacy.
Resumo:
We consider the following problem: members in a dynamic group retrieve their encrypted data from an untrusted server based on keywords and without any loss of data confidentiality and member’s privacy. In this paper, we investigate common secure indices for conjunctive keyword-based retrieval over encrypted data, and construct an efficient scheme from Wang et al. dynamic accumulator, Nyberg combinatorial accumulator and Kiayias et al. public-key encryption system. The proposed scheme is trapdoorless and keyword-field free. The security is proved under the random oracle, decisional composite residuosity and extended strong RSA assumptions.
Resumo:
The first generation e-passport standard is proven to be insecure and prone to various attacks. To strengthen, the European Union (EU) has proposed an Extended Access Control (EAC) mechanism for e-passports that intends to provide better security in protecting biometric information of the e-passport bearer. But, our analysis shows, the EU proposal fails to address many security and privacy issues that are paramount in implementing a strong security mechanism. In this paper we propose an on-line authentication mechanism for electronic passports that addresses the weakness in existing implementations, of both The International Civil Aviation Organisation (ICAO) and EU. Our proposal utilises ICAO PKI implementation, thus requiring very little modifications to the existing infrastructure which is already well established.
Resumo:
Motivated by the need of private set operations in a distributed environment, we extend the two-party private matching problem proposed by Freedman, Nissim and Pinkas (FNP) at Eurocrypt’04 to the distributed setting. By using a secret sharing scheme, we provide a distributed solution of the FNP private matching called the distributed private matching. In our distributed private matching scheme, we use a polynomial to represent one party’s dataset as in FNP and then distribute the polynomial to multiple servers. We extend our solution to the distributed set intersection and the cardinality of the intersection, and further we show how to apply the distributed private matching in order to compute distributed subset relation. Our work extends the primitives of private matching and set intersection by Freedman et al. Our distributed construction might be of great value when the dataset is outsourced and its privacy is the main concern. In such cases, our distributed solutions keep the utility of those set operations while the dataset privacy is not compromised. Comparing with previous works, we achieve a more efficient solution in terms of computation. All protocols constructed in this paper are provably secure against a semi-honest adversary under the Decisional Diffie-Hellman assumption.
Resumo:
Security models for two-party authenticated key exchange (AKE) protocols have developed over time to provide security even when the adversary learns certain secret keys. In this work, we advance the modelling of AKE protocols by considering more granular, continuous leakage of long-term secrets of protocol participants: the adversary can adaptively request arbitrary leakage of long-term secrets even after the test session is activated, with limits on the amount of leakage per query but no bounds on the total leakage. We present a security model supporting continuous leakage even when the adversary learns certain ephemeral secrets or session keys, and give a generic construction of a two-pass leakage-resilient key exchange protocol that is secure in the model; our protocol achieves continuous, after-the-fact leakage resilience with not much more cost than a previous protocol with only bounded, non-after-the-fact leakage.
Resumo:
The shared nature of genetic information presents new challenges for legal understandings of the self. Within traditional legal discourses the individual is conceptualised as separate and autonomous. In contrast, the genetic individual is understood as inherently relational. This paper analyses the transformation of our understandings of the personal. The transformative processes are assessed through discussion of the changing meanings of privacy in the context of genetic information within families; changing views over access to information about biological parentage by children conceived through assisted reproductive technology; preimplantation genetic diagnosis and the changing context of reproductive decisionmaking.
Resumo:
This article presents an overview of two aspects of the role the internet now plays in the court system - first, the extent to which judges, administrators and court officials at the different levels in the court hierarchy are using the internet to deliver enhanced access to the Australian justice system for the community as a whole, and second, how they have embraced that same technology as an aid for accessing information for better judgment delivery and administration.
Resumo:
In the developing digital economy, the notion of traditional attack on enterprises of national significance or interest has transcended into different modes of electronic attack, surpassing accepted traditional forms of physical attack upon a target. The terrorist attacks that took place in the United States on September 11, 2001 demonstrated the physical devastation that could occur if any nation were the target of a large-scale terrorist attack. Therefore, there is a need to protect criticalnational infrastructure and critical information infrastructure. In particular,this protection is crucial for the proper functioning of a modern society and for a government to fulfill one of its most important prerogatives – namely, the protection of its people. Computer networks have many benefits that governments, corporations, and individuals alike take advantage of in order to promote and perform their duties and roles. Today, there is almost complete dependence on private sector telecommunication infrastructures and the associated computer hardware and software systems.1 These infrastructures and systems even support government and defense activity.2 This Article discusses possible attacks on critical information infrastructures and the government reactions to these attacks.
Resumo:
This paper investigates the outsourcing of income tax return preparation by Australian accounting firms. It identifies the extent to which firms are currently outsourcing accounting services or considering outsourcing accounting services, with a focus on personal and business income tax return preparation. The motivations and barriers for outsourcing by Australian accounting firms are also considered in this paper. Privacy, security of client data, and the competence of the outsourcing provider's staff have been identified as risks associated with outsourcing. An expectation relating to confidentiality of client data is also examined in this paper. Statistical analysis of data collected from a random sample of Australian accounting firms using a survey questionnaire provided the empirical data for the paper. The results indicate that the majority of Australian accounting firms are either currently outsourcing or considering outsourcing accounting services, and firms are outsourcing taxation preparation both onshore and offshore. The results also indicate that firms expect the volume of outsourced work to increase in the future. In contrast to the literature identifying labour arbitrage as the primary driver for organisations choosing to outsource, this study found that the main factors considered by accounting firms in the decision to outsource were to expedite delivery of services to clients and to enable the firm to focus on core competencies. Data from this study also supports the literature which ndicates that not all tax practitioners are adhering to codes of conduct in relation to client confidentiality. Research identifying the extent to which accounting services are outsourced is limited, therefore significant contributions to the academic literature and the accounting profession are provided by this ndicates that not all tax practitioners are adhering to codes of conduct in relation to client confidentiality. Research identifying the extent to which accounting services are outsourced is limited, therefore significant contributions to the academic literature and the accounting profession are provided by this study.
Resumo:
Objective: The study aimed to examine the difference in response rates between opt-out and opt-in participant recruitment in a population-based study of heavy-vehicle drivers involved in a police-attended crash. Methods: Two approaches to subject recruitment were implemented in two different states over a 14-week period and response rates for the two approaches (opt-out versus opt-in recruitment) were compared. Results: Based on the eligible and contactable drivers, the response rates were 54% for the optout group and 16% for the opt-in group. Conclusions and Implications: The opt-in recruitment strategy (which was a consequence of one jurisdiction’s interpretation of the national Privacy Act at the time) resulted in an insufficient and potentially biased sample for the purposes of conducting research into risk factors for heavy-vehicle crashes. Australia’s national Privacy Act 1988 has had a long history of inconsistent practices by state and territory government departments and ethical review committees. These inconsistencies can have profound effects on the validity of research, as shown through the significantly different response rates we reported in this study. It is hoped that a more unified interpretation of the Privacy Act across the states and territories, as proposed under the soon-to-be released Australian Privacy Principles will reduce the recruitment challenges outlined in this study.
Resumo:
With the introduction of the Personally Controlled Health Record (PCEHR), the Australian public is being asked to accept greater responsibility for their healthcare by taking an active role in the management of personal health information. Although well designed, constructed and intentioned, policy and privacy concerns have resulted in an eHealth model that may impact future health sharing requirements. Hence, as a case study for a consumer eHealth initative in the Australian context, eHealth-as-a-Service (eHaaS) serves as a disruptive step in in the aggregation and transformation of health information for use as real-world knowledge. The strategic value of extending the community Health Record Bank (HRB) model lies in the ability to automatically draw on a multitude of relevant data repositories and sources to create a single source of the truth and to engage market forces to create financial sustainability. The opportunity to transform the beleaguered Australian PCEHR into a realisable and sustainable technology consumption model for patient safety is explored. Moreover, the current clerical focus of healthcare practitioners acting in the role of de facto record keepers is renegotiated to establish a shared knowledge creation landscape of action for safer patient interventions. To achieve this potential however requires a platform that will facilitate efficient and trusted unification of all health information available in real-time across the continuum of care. eHaaS provides a sustainable environment and encouragement to realise this potential.
Resumo:
In this paper, we present the results of a survey conducted to measure the attitudes of the consumers of eHealth towards Accountable-eHealth systems which are designed for information privacy management. A research model is developed that can identify the factors contributing to system acceptance and is validated using quantitative data from 187 completed survey responses from university students studying non-health related courses at a university in Queensland, Australia. The research model is validated using structural equation modelling and can be used to identify how specific characteristics of Accountable-eHealth systems would affect their overall acceptance by future eHealth consumers.
Resumo:
Social contexts are possible information sources that can foster connections between mobile application users, but they are also minefields of privacy concerns and have great potential for misinterpretation. This research establishes a framework for guiding the design of context-aware mobile social applications from a socio-technical perspective. Agile ridesharing was chosen as the test domain for the research because its success relies upon effectively connecting people through mobile technologies.
Resumo:
Cheating detection in linear secret sharing is considered. The model of cheating extends the Tompa-Woll attack and includes cheating during multiple (unsuccessful) recovery of the secret. It is shown that shares in most linear schemes can be split into subshares. Subshares can be used by participants to trade perfectness of the scheme with cheating prevention. Evaluation of cheating prevention is given in the context of different strategies applied by cheaters.
Resumo:
Social Engineering (ES) is now considered the great security threat to people and organizations. Ever since the existence of human beings, fraudulent and deceptive people have used social engineering tricks and tactics to trick victims into obeying them. There are a number of social engineering techniques that are used in information technology to compromise security defences and attack people or organizations such as phishing, identity theft, spamming, impersonation, and spaying. Recently, researchers have suggested that social networking sites (SNSs) are the most common source and best breeding grounds for exploiting the vulnerabilities of people and launching a variety of social engineering based attacks. However, the literature shows a lack of information about what types of social engineering threats exist on SNSs. This study is part of a project that attempts to predict a persons’ vulnerability to SE based on demographic factors. In this paper, we demonstrate the different types of social engineering based attacks that exist on SNSs, the purposes of these attacks, reasons why people fell (or did not fall) for these attacks, based on users’ opinions. A qualitative questionnaire-based survey was conducted to collect and analyse people’s experiences with social engineering tricks, deceptions, or attacks on SNSs.
