| 1. |
- Akil, Mahdi, et al.
(author)
-
Privacy-Preserving Identifiers for IoT : A Systematic Literature Review
- 2020
-
In: IEEE Access. - : IEEE. - 2169-3536. ; 8, s. 168470-168485
-
Research review (peer-reviewed)abstract
- The Internet of Things (IoT) paves the way for smart applications such as in E-health, E-homes, transportation, or energy production. However, IoT technologies also pose privacy challenges for their users, as they allow the tracking and monitoring of the users' behavior and context. The EU General Data Protection Regulation (GDPR) mandates data controller to follow a data protection by design and default approach by implementing for instance pseudonymity for achieving data minimisation. This paper provides a systematic literature review for answering the question of what types of privacy-preserving identifiers are proposed by the literature in IoT environments for implementing pseudonymity. It contributes with classifications and analyses of IoT environments for which privacy-preserving identifiers have been proposed and of the pseudonym types and underlying identity management architectures used. Moreover, it discusses trends and gaps in regard to addressing privacy trade-offs.
|
|
| 2. |
- Alaqra, Ala(a), et al.
(author)
-
Signatures for Privacy, Trust and Accountability in the Cloud : Applications and Requirements
- 2015
-
In: Privacy and Identity Management. Time for a Revolution?. - Cham : Springer Publishing Company. - 9783319417622 ; , s. 79-96
-
Conference paper (peer-reviewed)abstract
- This paper summarises the results of a workshop at the IFIP Summer School 2015 introducing the EU Horizon 2020 project PRISMACLOUD, that is, Privacy and Security Maintaining Services in the Cloud. The contributions of this summary are three-fold. Firstly, it provides an overview to the PRISMACLOUD cryptographic tools and use-case scenarios that were presented as part of this workshop. Secondly, it distills the discussion results of parallel focus groups. Thirdly, it summarises a ``Deep Dive on Crypto'' session that offered technical information on the new tools. Overall, the workshop aimed at outlining application scenarios and eliciting end-user requirements for PRISMACLOUD.
|
|
| 3. |
- Alaqra, Ala Sarah, et al.
(author)
-
Enhancing Privacy Controls for Patients via a Selective Authentic Electronic Health Record Exchange Service : Qualitative Study of Perspectives by Medical Professionals and Patients
- 2018
-
In: Journal of Medical Internet Research. - : JMIR Publications. - 1438-8871. ; 20:12
-
Journal article (peer-reviewed)abstract
- Background: Patients' privacy is regarded as essential for the patient-doctor relationship. One example of a privacy-enhancing technology for user-controlled data minimization on content level is a redactable signature. It enables users to redact personal information from signed documents while preserving the validity of the signature, and thus the authenticity of the document. In this study, we present end users' evaluations of a Cloud-based selective authentic electronic health record (EHR) exchange service (SAE-service) in an electronic health use case. In the use case scenario, patients were given control to redact specified information fields in their EHR, which were signed by their doctors with a redactable signature and transferred to them into a Cloud platform. They can then selectively disclose the remaining information in the EHR, which still bears the valid digital signature, to third parties of their choice. Objective: This study aimed to explore the perceptions, attitudes, and mental models concerning the SAE-service of 2 user roles: signers (medical professionals) and redactors (patients with different technical knowledge) in Germany and Sweden. Another objective was to elicit usability requirements for this service based on the analysis of our investigation. Methods: We chose empirical qualitative methods to address our research objective. Designs of mock-ups for the service were used as part of our user-centered design approach in our studies with test participants from Germany and Sweden. A total of 13 individual walk-throughs or interviews were conducted with medical staff to investigate the EHR signers' perspectives. Moreover, 5 group walk-throughs in focus groups sessions with (N=32) prospective patients with different technical knowledge to investigate redactor's perspective of EHR data redaction control were used. Results: We found that our study participants had correct mental models with regard to the redaction process. Users with some technical models lacked trust in the validity of the doctor's signature on the redacted documents. Main results to be considered are the requirements concerning the accountability of the patients' redactions and the design of redaction templates for guidance and control. Conclusions: For the SAE-service to be means for enhancing patient control and privacy, the diverse usability and trust factors of different user groups should be considered.
|
|
| 4. |
- Alaqra, Ala Sarah, et al.
(author)
-
Machine Learning–Based Analysis of Encrypted Medical Data in the Cloud : Qualitative Study of Expert Stakeholders’ Perspectives
- 2021
-
In: JMIR Human Factors. - : JMIR Publications. - 2292-9495. ; 8:3, s. 1-15
-
Journal article (peer-reviewed)abstract
- Background:Third-party cloud-based data analysis applications are proliferating in electronic health (eHealth) because of the expertise offered and their monetary advantage. However, privacy and security are critical concerns when handling sensitive medical data in the cloud. Technical advances based on “crypto magic” in privacy-preserving machine learning (ML) enable data analysis in encrypted form for maintaining confidentiality. Such privacy-enhancing technologies (PETs) could be counterintuitive to relevant stakeholders in eHealth, which could in turn hinder adoption; thus, more attention is needed on human factors for establishing trust and transparency.Objective:The aim of this study was to analyze eHealth expert stakeholders’ perspectives and the perceived tradeoffs in regard to data analysis on encrypted medical data in the cloud, and to derive user requirements for development of a privacy-preserving data analysis tool.Methods:We used semistructured interviews and report on 14 interviews with individuals having medical, technical, or research expertise in eHealth. We used thematic analysis for analyzing interview data. In addition, we conducted a workshop for eliciting requirements.Results:Our results show differences in the understanding of and in trusting the technology; caution is advised by technical experts, whereas patient safety assurances are required by medical experts. Themes were identified with general perspectives on data privacy and practices (eg, acceptance of using external services), as well as themes highlighting specific perspectives (eg, data protection drawbacks and concerns of the data analysis on encrypted data). The latter themes result in requiring assurances and conformance testing for trusting tools such as the proposed ML-based tool. Communicating privacy, and utility benefits and tradeoffs with stakeholders is essential for trust. Furthermore, stakeholders and their organizations share accountability of patient data. Finally, stakeholders stressed the importance of informing patients about the privacy of their data.Conclusions:Understanding the benefits and risks of using eHealth PETs is crucial, and collaboration among diverse stakeholders is essential. Assurances of the tool’s privacy, accuracy, and patient safety should be in place for establishing trust of ML-based PETs, especially if used in the cloud.
|
|
| 5. |
- Alaqra, Ala Sarah, et al.
(author)
-
Structural and functional explanations for informing lay and expert users: the case of functional encryption
- 2023
-
In: Proceedings on Privacy Enhancing Technologies. - : Privacy Enhancing Technologies Board. - 2299-0984. ; 2023:4, s. 359-380
-
Journal article (peer-reviewed)abstract
- Usable explanations of privacy-enhancing technologies (PETs) help users make more informed privacy decisions, but the explanations of PETs are generally geared toward individuals with more technical knowledge. To explain functional encryption (FE) to experts and laypersons, we investigate structural and functional explanations and explore users' interests and preferences, as well as how they affect users' comprehension and decisions about sharing data. To this end (with an EU-based population), we conducted four focus groups, in combination with walk-throughs, with 13 participants in the first study, followed by an online survey with 347 experts and 370 laypersons. Both explanations were considered useful in fulfilling the different needs of participants interested in the privacy policy information. Participants, regardless of their expertise, trusted and were more satisfied with the structural explanation. However, functional explanations had a higher contribution to all participants' comprehension. We, therefore, recommend combining both types of explanations for a usable privacy policy.
|
|
| 6. |
- Alaqra, Ala Sarah
(author)
-
Tinkering the Wicked Problem of Privacy : Design Challenges and Opportunities for Crypto-based Services
- 2020
-
Doctoral thesis (other academic/artistic)abstract
- Data privacy has been growing in importance in recent years, especially with the constant increase of online activity. Consequently, researchers study, design, and develop solutions aimed at enhancing users' data privacy. The wicked problem of data privacy is a dynamic challenge that defies straightforward solutions. Since there are many factors involved in data privacy, such as technological, legal, and human aspects, we can only aim at mitigating rather than solving this wicked problem.Our aim was to explore challenges and opportunities with a focus on human aspects for designing usable crypto-based privacy-enhancing technologies (PETs). Mainly, there were three PETs in the cloud context included in our studies: malleable signatures, secret sharing, and homomorphic encryption. Based on the three PETs, services were developed within European research projects that were the scope of our user studies. We followed a user-centered design approach by using empirical qualitative and quantitative means for collecting study data. Our results and tinkering conveyed (i) analysis of different categories of user's perspectives, mental models, and trade-offs, (ii) user requirements for PET services, and (iii) user interface design guidelines for PET services. In our contributions, we highlight considerations and guidelines for supporting the design of future solutions.
|
|
| 7. |
- Alaqra, Ala Sarah, et al.
(author)
-
Transparency of Privacy Risks Using PIA Visualizations
- 2023
-
In: HCI for Cybersecurity, Privacy and Trust. - Cham : Springer. - 9783031358210 - 9783031358227 ; 14045 LNCS, s. 3-17
-
Conference paper (peer-reviewed)abstract
- Privacy enhancing technologies allow the minimization of risks to online data. However, the transparency of the minimization process is not so clear to all types of end users. Privacy Impact Assessments (PIAs) is a standardized tool that identifies and assesses privacy risks associated with the use of a system. In this work, we used the results of the PIA conducted in our use case to visualize privacy risks to end users in the form of User Interface (UI) mock ups. We tested and evaluated the UI mock-ups via walkthroughs to investigate users' interests by observing their clicking behavior, followed by four focus group workshops. There were 13 participants (two expert groups and two lay user groups) in total. Results reveal general interests in the transparency provided by showing the risks reductions. Generally, although participants appreciate the concept of having detailed information provided about risk reductions and the type of risks, the visualization and usability of the PIA UIs require future development. Specifically, it should be tailored to the target group's mental models and background knowledge.
|
|
| 8. |
- Alaqra, Ala Sarah, et al.
(author)
-
Using PAPAYA for eHealth – Use Case Analysis and Requirements
- 2020
-
In: 2020 IEEE 33rd International Symposium on Computer-Based Medical Systems (CBMS). - : IEEE. - 9781728194295 ; , s. 437-442
-
Conference paper (peer-reviewed)abstract
- This paper presents an eHealth use case basedon a privacy-preserving machine learning platform to detectarrhythmia developed by the PAPAYA project that can run inan untrusted domain. It discusses legal privacy and user requirementsthat we elicited for this use case from the GDPR andvia stakeholder interviews. These include requirements for securepseudonymisation schemes, for allowing also pseudonymous usersto exercise their data subjects rights, for not making diagnosticdecisions fully automatically and for assurance guarantees, conformancewith specified standards and informing clinicians andpatients about the privacy protection. The requirements are notonly relevant for our use case but also for other use cases utilisingprivacy-preserving data analytics to classify medical data.
|
|
| 9. |
- Alaqra, Ala, et al.
(author)
-
Stakeholders’ Perspectives on Malleable Signatures in a Cloud-based eHealth Scenario
- 2016
-
In: Proceedings of the International Symposium on Human Aspects of Information Security & Assurance. - 9781841024134 ; , s. 220-230
-
Conference paper (peer-reviewed)abstract
- In this paper, we discuss end user requirements that we elicited for the use of malleable signatures in a Cloud-based eHealth scenario. The concept of a malleable signature, which is a privacy enhancing cryptographic scheme that enables the redaction of personal information from signed documents while preserving the validity of the signature, might be counter- intuitive to end users as its functionality does not correspond to the one of a traditional signature scheme. A qualitative study via a series of semi-structured interviews and focus groups has been conducted to understand stakeholders’ opinions and concerns in regards to the possible applications of malleable signatures in the eHealth area, where a medical record is first digitally signed by a doctor and later redacted by the patient in the cloud. Results from this study yielded user requirements such as the need for suitable metaphors and guidelines, usable templates, and clear redaction policies.
|
|
| 10. |
|
|
| 11. |
|
|
| 12. |
|
|
| 13. |
|
|
| 14. |
- Angulo, Julio, 1980-, et al.
(author)
-
HCI for Policy Display and Administration
- 2011. - 1
-
In: Privacy and Identity Management for Life. - Berlin : Springer Berlin/Heidelberg. - 9783642203176 ; , s. 261-277
-
Book chapter (peer-reviewed)abstract
- The PrimeLife Policy Language (PPL) has the objective of helping end users make the data handling practices of data controllers more transparent, allowing them to make well-informed decisions about the release of personal data in exchange for services. In this chapter, we present our work on user interfaces for the PPL policy engine, which aims at displaying the core elements of a data controller's privacy policy in an easily understandable way as well as displaying how far it corresponds with the user's privacy preferences. We also show how privacy preference management can be simplified for end users.
|
|
| 15. |
|
|
| 16. |
- Angulo, Julio, 1980-, et al.
(author)
-
Towards Usable Privacy Policy Display & Management
- 2012
-
In: Information Management & Computer Security. - Bingley, UK : Emerald Group Publishing Limited. - 0968-5227. ; 20, s. 4-17
-
Journal article (peer-reviewed)abstract
- This paper discusses the approach taken within the PrimeLife project for providing user-friendly privacy policy interfaces for the PrimeLife Policy Language (PPL).We present the requirements, design process and usability testing of the “Send Data?” prototype, a browser extension designed and developed to deal with the powerful features provided by PPL. Our interface introduces the novel features of “on the fly” privacy management, predefined levels of privacy settings, and simplified selectionof anonymous credentials. Results from usability tests showed that users understand and appreciate these features and perceive them as being privacy-friendly, and they are therefore suggested as a good approach towards usable privacy policy display and management. Additionally, we present our lessons learnt in the design process of privacy policy interfaces.
|
|
| 17. |
- Angulo, Julio, 1980-, et al.
(author)
-
Understanding the user experience of secure mobile online transactions in realistic contexts of use
- 2012
-
In: Symposium on Usable Privacy and Security (SOUPS) 2012. - Washington D.C.,USA : Association for Computing Machinery (ACM). ; , s. 8-
-
Conference paper (peer-reviewed)abstract
- Possible attacks on mobile smart devices demand higher security for applications handling payments or sensitive information. The introduction of a tamper-proof area on future generations of mobile devices, called Trusted Execution Environment (TEE), is being implemented. Before devices with embedded TEEs can be deployed to the public, investigations on usability aspects of Trusted User Interfaces (TUI) are needed. This article describes the process we have followed at gathering requirements, prototyping and testing suitable designs for TUIs in combination with a touch-screen biometric system. At the end, we present relevant findings of a pilot study that we have conducted using an Experience Sampling Method (ESM) as part of our ongoing work.
|
|
| 18. |
- Angulo, Julio, 1980-, et al.
(author)
-
Usable Transparency with the Data Track : A Tool for Visualizing Data Disclosures
- 2015
-
In: CHI EA '15 Proceedings of the 33rd Annual ACM Conference Extended Abstracts on Human Factors in Computing Systems. - New York, NY, USA : Association for Computing Machinery (ACM). - 9781450331463 ; , s. 1803-18098
-
Conference paper (peer-reviewed)abstract
- We present a prototype of the user interface of a transparency tool that displays an overview of a user's data disclosures to different online service providers and allows them to access data collected about them stored at the services' sides. We explore one particular type of visualization method consisting of tracing lines that connect a user's disclosed personal attributes to the service to which these attributes have been disclosed. We report on the ongoing iterative process of design of such visualization, the challenges encountered and the possibilities for future improvements.
|
|
| 19. |
|
|
| 20. |
|
|
| 21. |
|
|
| 22. |
- Chiaro, Pasquale, et al.
(author)
-
Secure and privacy-friendly storage and data processing in the cloud
- 2018
-
In: Privacy and Identity Management. The Smart Revolution. - Cham : Springer. - 9783319929248 - 9783319929255 ; , s. 153-169
-
Conference paper (peer-reviewed)abstract
- At the IFIP Summer School 2017, the two H2020 projects credential and prismacloud co-organized a workshop dedicated to introducing the necessary background knowledge and demonstrating prototypes of privacy-preserving solutions for storing, sharing, and processing potentially sensitive data in untrusted cloud environments. This paper summarizes the given presentations and presents the discussions and feedback given by the workshop attendees, including students and senior researchers from different domains as well as relevant non-academic stakeholders such as public data protection agencies. © IFIP International Federation for Information Processing 2018.
|
|
| 23. |
- De Cock, Martine, et al.
(author)
-
Privacy enhancing technologies
- 2023
-
In: Privacy in Speech and Language Technology. - : Schloss Dagstuhl, Leibniz-Zentrum für Informatik. ; , s. 90-99
-
Book chapter (peer-reviewed)abstract
- Privacy-enhancing technologies (PETs) provide technical building blocks for achieving privacyby design and can be defined as technologies that embody fundamental data protection goals[13 ] including the goals of unlinkability, interveneability, transparency and the classical CIA(confidentiality, integrity, availability) security goals by minimizing personal data collectionand use, maximizing data security, and empowering individuals.The privacy by design principle of a positive sum for speech and language technologiesshould enable users to benefit from the rich functions of these technologies while protectingthe users’ privacy at the same time. The fundamental question is how to achieve privacyby design for speech and language technology without hampering the services. To achievethis goal, different PETs exist that can be utilized for this purpose. Below, we first discusswhat type of personal data are accessible via speech and text and should be the target ofprotection by PETs. Then, we provide an overview of PETs that can provide protectionand discuss their limitations and challenges that arise when used for speech and languagetechnologies.
|
|
| 24. |
- Fernández Gago, M. Carmen, et al.
(author)
-
Tools for Cloud Accountability : A4Cloud Tutorial
- 2015
-
In: Privacy and Identity Management for the Future Internet in the Age of Globalisation. - Cham : Springer. - 9783319186207 ; , s. 219-236
-
Book chapter (peer-reviewed)abstract
- Cloud computing is becoming a key IT infrastructure technology being adopted progressively by companies and users. Still, there are issues and uncertainties surrounding its adoption, such as security and how users data is dealt with that require attention from developers, researchers, providers and users. The A4Cloud project tries to help solving the problem of accountability in the cloud by providing tools that support the process of achieving accountability. This paper presents the contents of the first A4Cloud tutorial. These contents include basic concepts and tools developed within the project. In particular, we will review how metrics can aid the accountability process and some of the tools that the A4Cloud project will produce such as the Data Track Tool (DTT) and the Cloud Offering Advisory Tool (COAT).
|
|
| 25. |
- Fischer-Hübner, Simone, 1963-, et al.
(author)
-
A MOOC on Privacy by Design and the GDPR
- 2018
-
In: Information Security Education. - Cham, Switzerland : Springer. - 9783319997346 ; , s. 95-107
-
Conference paper (peer-reviewed)abstract
- In this paper we describe how we designed a massive open online course (mooc) on Privacy by Design with a focus on how to achieve compliance with the eu gdpr principles and requirements in it engineering and management. This mooc aims at educating both professionals and undergraduate students, i.e., target groups with distinct educational needs and requirements, within a single course structure. We discuss why developing and publishing such a course is a timely decision and fulfills the current needs of the professional and undergraduate education. The mooc is organized in five modules, each of them with its own learning outcomes and activities. The modules focus on different aspects of the gdpr that data protection officers have to be knowledgeable about, ranging from the legal basics, to data protection impact assessment methods, and privacy-enhancing technologies. The modules were delivered using hypertext, digital content and three video production styles: slides with voice-over, talking heads and interviews. The main contribution of this work is the roadmap on how to design a highly relevant mooc on privacy by design and the gdpr aimed at an heterogeneous audience.
|
|
