| 1. |
- Berthold, Stefan
(författare)
-
Inter-temporal Privacy Metrics
- 2014
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Informational privacy of individuals has significantly gained importance after information technology has become widely deployed. Data, once digitalised, can be copied, distributed, and long-term stored at negligible costs. This has dramatic consequences for individuals that leave traces in the form of personal data whenever they interact with information technology, for instance, computers and phones; or even when information technology is recording the personal data of aware or unaware individuals. The right of individuals for informational privacy, in particular to control the flow and use of their personal data, is easily undermined by those controlling the information technology.The objective of this thesis is to study the measurement of informational privacy with a particular focus on scenarios where an individual discloses personal data to a second party which uses this data for re-identifying the individual within a set of other individuals. We contribute with privacy metrics for several instances of this scenario in the publications included in this thesis, most notably one which adds a time dimension to the scenario for modelling the effects of the time passed between data disclosure and usage. The result is a new framework for inter-temporal privacy metrics.
|
|
| 2. |
- Bisztray, Tamas, et al.
(författare)
-
Data Protection Impact Assessment in Identity Control Management with a Focus on Biometrics
- 2020
-
Ingår i: Open Identity Summit 2020. - Bonn : Gesellschaft für Informatik e.V.. - 9783885796992 ; , s. 185-192
-
Konferensbidrag (refereegranskat)abstract
- Privacy issues concerning biometric identification are becoming increasingly relevant due to their proliferation in various fields, including identity and access control management (IAM). The General Data Protection Regulation (GDPR) requires the implementation of a data protection impact assessment for privacy critical systems. In this paper, we analyse the usefulness of two different privacy impact assessment frameworks in the context of biometric data protection. We use experiences from the SWAN project that processes four different biometric characteristics for authentication purposes. The results of this comparison elucidate how useful these frameworks are in identifying sector-specific privacy risks related to IAM and biometric identification.
|
|
| 3. |
- Colesky, Michael, et al.
(författare)
-
Helping Software Architects Familiarize with the General Data Protection Regulation
- 2019
-
Ingår i: 2019 IEEE International Conference on Software Architecture Companion (ICSA-C). - : IEEE. - 9781728118772 - 9781728118765 ; , s. 226-229
-
Konferensbidrag (refereegranskat)abstract
- Abstract—The General Data Protection Regulation (GDPR)impacts any information systems that process personal datain or from the European Union. Yet its enforcement is stillrecent. Organizations under its effect are slow to adopt itsprinciples. One particular difficulty is the low familiarity withthe regulation among software architects and designers. Thedifficulty to interpret the content of the legal regulation ata technical level adds to that. This results in problems inunderstanding the impact and consequences that the regulationmay have in detail for a particular system or project context.In this paper we present some early work and emergingresults related to supporting software architects in this situation.Specifically, we target those who need to understand how theGDPR might impact their design decisions. In the spirit ofarchitectural tactics and patterns, we systematically identifiedand categorized 155 forces in the regulation. These results formthe conceptual base for a first prototypical tool. It enablessoftware architects to identify the relevant forces by guidingthem through an online questionnaire. This leads them to relevantfragments of the GDPR and potentially relevant privacy patterns.We argue that this approach may help software professionals,in particular architects, familiarize with the GDPR and outlinepotential paths for evaluation.
|
|
| 4. |
- Deng, Ming, et al.
(författare)
-
Personal rights management : Taming camera-phones for individual privacy enforcement
- 2006
-
Ingår i: Privacy Enhancing Technologies. - Berlin, Heidelberg : Springer. - 9783540687900 ; , s. 172-189
-
Konferensbidrag (refereegranskat)abstract
- With ubiquitous use of digital camera devices, especially in mobile phones, privacy is no longer threatened by governments and companies only. The new technology creates a new threat by ordinary people, who could take and distribute pictures of an individual with no risk and little cost in any situation in public or private spaces. Fast distribution via web based photo albums, online communities and web pages expose an individual's private life to the public. Social and legal measures are increasingly taken to deal with this problem, but they are hard to enforce in practice. In this paper, we proposed a model for privacy infrastructures aiming for the distribution channel such that as soon as the picture is publicly available, the exposed individual has a chance to find it and take proper action in the first place. The implementation issues of the proposed protocol are discussed. Digital rights management techniques are applied in our proposed infrastructure, and data identification techniques such as digital watermarking and robust perceptual hashing are proposed to enhance the distributed content identification.
|
|
| 5. |
- Fischer-Hübner, Simone, 1963-, et al.
(författare)
-
A MOOC on Privacy by Design and the GDPR
- 2018
-
Ingår i: Information Security Education. - Cham, Switzerland : Springer. - 9783319997346 ; , s. 95-107
-
Konferensbidrag (refereegranskat)abstract
- In this paper we describe how we designed a massive open online course (mooc) on Privacy by Design with a focus on how to achieve compliance with the eu gdpr principles and requirements in it engineering and management. This mooc aims at educating both professionals and undergraduate students, i.e., target groups with distinct educational needs and requirements, within a single course structure. We discuss why developing and publishing such a course is a timely decision and fulfills the current needs of the professional and undergraduate education. The mooc is organized in five modules, each of them with its own learning outcomes and activities. The modules focus on different aspects of the gdpr that data protection officers have to be knowledgeable about, ranging from the legal basics, to data protection impact assessment methods, and privacy-enhancing technologies. The modules were delivered using hypertext, digital content and three video production styles: slides with voice-over, talking heads and interviews. The main contribution of this work is the roadmap on how to design a highly relevant mooc on privacy by design and the gdpr aimed at an heterogeneous audience.
|
|
| 6. |
- Fritsch, Lothar, 1970-, et al.
(författare)
-
A holistic approach to Open-Source VoIP security : Preliminary results from the EUX2010sec project
- 2009
-
Ingår i: Networks, 2009. ICN '09. Eighth International Conference on. - : IEEE. ; , s. 275-280
-
Konferensbidrag (refereegranskat)abstract
- This paper describes the approach and preliminary results from the research project EUX2010sec. The project works closely with Voice-over-IP (VoIP) companies and users. It aims at providing better security of opera source VoIP installations. The work towards this goal is organized by gathering researchers and practitioners around several scientific activities that range from security modeling and verification up to testbed testing. The expected outcomes of the project are a solid scientific and practical understanding of the security options for setting tip VoIP infrastructures, particular guidance on secure, typical setups of such infrastructures, The project's special focus is on producing results relevant to the practitioners in the project, aiming at the stimulation of innovation and the provision of highest quality in open-source based VoIP products and services.
|
|
| 7. |
- Fritsch, Lothar, 1970-, et al.
(författare)
-
Applications of Privacy and Security Research in the Upcoming Battlefield of Things
- 2018
-
Ingår i: Proceedings of the 17th European Conference on Cyber Warfare and Security. - Reading : Academic Conferences and Publishing International Limited. - 9781911218852 - 9781911218869
-
Konferensbidrag (refereegranskat)abstract
- This article presents the results of a trend scouting study on the applicability of contemporary information privacy and information security research in future defence scenarios in a 25-year-horizon. We sketch the expected digital warfare and defence environment as a “battlefield of things” where connected objects, connected soldiers and automated and autonomous sensing and acting systems are core elements. Based on this scenario, we discuss current research in information security and information privacy and their relevance and applicability for the future scenario.
|
|
| 8. |
- Fritsch, Lothar, 1970-
(författare)
-
Comments on ”The grant life cycle – a researcher’s handbook”
- 2017
-
Rapport (övrigt vetenskapligt/konstnärligt)abstract
- The grant proposing introduction tutorial for young researchers is undergoing revision at Karlstad University. The Grants and Innovation Office (GIO) has requested suggestions for improvements from researchers. This document is a review of the existing document, including suggestions, critique and recommendations for complementary information in support of the GIO presentation at the Computer Science Department on March 29, 2017.
|
|
| 9. |
- Fritsch, Lothar, 1970-, et al.
(författare)
-
Derived Partial Identities Generated from App Permissions
- 2017
-
Ingår i: Open Identity Summit 2017. - Bonn : Gesellschaft für Informatik. - 9783885796718 ; , s. 117-130
-
Konferensbidrag (refereegranskat)abstract
- This article presents a model of partial identities derived from app permissions that is based on Pfitzmann and Hansen’s terminology for privacy [PH10]. The article first shows how app permissions accommodate the accumulation of identity attributes for partial digital identities by building a model for identity attribute retrieval through permissions. Then, it presents an experimental survey of partial identity access for selected app groups. By applying the identity attribute retrieval model on the permission access log from the experiment, we show how apps’ permission usage is providing to identity profiling.
|
|
| 10. |
|
|
