Search results

This work aims to argue that it is possible to address discrimination issues that naturally arise in contemporary audio CAPTCHA challenges and potentially enhance the effectiveness of audio CAPTCHA systems by adapting the challenges to the user characteristics.

A prototype has been designed, called PrivCAPTCHA, to offer privacy-preserving, user-centric CAPTCHA challenges. Anonymous credential proofs are integrated into the Session Initiation Protocol (SIP) protocol and the approach is evaluated in a real-world Voice over Internet Protocol (VoIP) environment.

The results of this work indicate that it is possible to create VoIP CAPTCHA services offering privacy-preserving, user-centric challenges while maintaining sufficient efficiency.

The proposed approach was evaluated through an experimental implementation to demonstrate its feasibility. Additional features, such as appropriate user interfaces and efficiency optimisations, would be useful for a commercial product. Security measures to protect the system from attacks against the SIP protocol would be useful to counteract the effects of the introduced overhead. Future research could investigate the use of this approach on non-audio CAPTCHA services.

PrivCAPTCHA is expected to achieve fairer, non-discriminating CAPTCHA services while protecting the user’s privacy. Adoption success relies upon the general need for employment of privacy-preserving practices in electronic interactions.

This approach is expected to enhance the quality of life of users, who will now receive CAPTCHA challenges closer to their characteristics. This applies especially to users with disabilities. Additionally, as a privacy-preserving service, this approach is expected to increase trust during the use of services that use it.

To the best of authors’ knowledge, this is the first comprehensive proposal for privacy-preserving CAPTCHA challenge adaptation. The proposed system aims at providing an improved CAPTCHA service that is more appropriate for and trusted by human users.

The aim of this paper is to evaluate the use of blockchain for identity management (IdM) in the context of the Internet of things (IoT) while focusing on privacy-preserving approaches and its applications to healthcare scenarios.

The paper describes the most relevant IdM systems focusing on privacy preserving with or without blockchain and evaluates them against ten selected features grouped into three categories: privacy, usability and IoT. Then, it is important to analyze whether blockchain should be used in all scenarios, according to the importance of each feature for different use cases.

Based on analysis of existing systems, Sovrin is the IdM system that covers more features and is based on blockchain. For each of the evaluated use cases, Sovrin and UniquID were the chosen systems.

This paper opens new lines of research for IdM systems in IoT, including challenges related to device identity definition, privacy preserving and new security mechanisms.

This paper contributes to the ongoing research in IdM systems for IoT. The adequacy of blockchain is not only analyzed considering the technology; instead the authors analyze its application to real environments considering the required features for each use case.

The purpose of this paper is to present the approach taken within the PrimeLife project for designing user‐friendly privacy policy interfaces for the PrimeLife Policy Language (PPL) and report on the lessons learned when designing interfaces for privacy policy management and display.

Taking an iterative process of design, the authors developed the interface of the “Send Data?” prototype, a browser extension designed and developed to deal with the powerful features provided by PPL, and having the purpose of helping users to make conscious decisions on the dissemination of their personal information. The proposed interface introduces the novel features of “on the fly” privacy management, predefined levels of privacy settings, and simplified selection of anonymous credentials. The last iteration of the prototype has been tested using a cognitive walkthrough approach.

Results from usability tests show that users understood and appreciate most of the features contained within the interface and they perceived their benefit for protecting their privacy online. However, improvement is still needed in order to make the display and management of privacy policies more intuitive and seamless. Showing privacy mismatches inside a two‐dimensional table was preferred by users in general.

The paper introduces the novelty of “on the fly” privacy management, which lets users adapt and organize their own privacy preferences whilst an online transaction takes place, Also, it allows users to select credentials to identify themselves in a simpler manner.

The medical advances and historical fluctuations in the demographics are contributing to the rise of the average age. These changes are increasing the pressure to organize adequate care to a growing number of individuals. As a way to provide efficient and cost-effective care, eHealth systems are gaining importance. However, this trend is creating new ethical concerns. Major issues are privacy and patients’ control over their data. To deploy these systems on a large scale, they need to offer strict privacy protection. Even though many research proposals focus on eHealth systems and related ethical requirements, there is an evident lack of practical solutions for protecting users’ personal information. The purpose of this study is to explore the ethical considerations related to these systems and extract the privacy requirements. This paper also aims to put forth a system design which ensures appropriate privacy protection.

This paper investigates the existing work in the area of eHealth systems and the related ethical considerations, which establish privacy as one of the main requirements. It lists the ethical requirements and data protection standards that a system needs to fulfil and uses them as a guideline for creating the proposed design.

Even though privacy is considered to be a paramount aspect of the eHealth systems, the existing proposals do not tackle this issue from the outset of the design. Consequently, introducing privacy at the final stages of the system deployment imposes significant limitations and the provided data protection is not always to the standards expected by the users.

This paper motivates the need for addressing ethical concerns in the eHealth domain with special focus on establishing strict privacy protection. It lists the privacy requirements and offers practical solutions for developing a privacy-friendly system and takes the approach of privacy-by-design. Additionally, the proposed design is evaluated against ethical principles as proposed in the existing literature. The aim is to show that technological advances can be used to improve quality and efficiency of care, while the usually raised concerns can be avoided.

Coronavirus Disease 2019 (COVID-19) necessitated the need for “Hospital-at-home” improvisations that involve wearable technology to classify patients within households before visiting health institutions. Do-It-Yourself wearable devices allow for the collection of health data leading to the detection and/or prediction of the prevalence of the disease. The sensitive nature of health data requires safeguards to ensure patients’ privacy is not violated. The previous work utilized Hyperledger Fabric to verify transmitted data within Smart Homes, allowing for the possible implementation of legal restrictions through smart contracts in the future. This study aims to explore privacy-enhancing authentication schemes that are operated by multiple credential issuers and capable of integration into the Hyperledger ecosystem.

Design Science Research is the methodology that was used in this study. An architecture for ABC-privacy was developed and evaluated.

While the privacy-by-design architecture enhances data privacy through edge and fog computing architecture, there is a need to provide an additional privacy layer that limits the amount of data that patients disclose. Selective disclosure of credentials limits the number of information patients or devices divulge.

The evaluation of this study identified Coconut as the most suitable attribute-based credentials scheme for the Smart Homes Patients and Health Wearables use case Coconut user-centric architecture Hyperledger integration multi-party threshold authorities public and private attributes re-randomization and unlinkable revelation of selective attribute revelations.

This chapter reviews the underlying technologies of cryptoassets, including fundamental cryptographic primitives used in distributed ledger technologies and permissionless blockchain technologies and their consensus protocols such as proof-of-work and proof-of-stake. It discusses the pros and cons of existing approaches to improve blockchain scalability and considers the requirements for security and decentralization. The chapter also examines the following techniques: layer 1 tuning, layer 1 sharding, and layer 2 solutions. It concludes with an overview of technologies to swap cryptoassets off-chain, technical requirements for cross-chain transactions, and reviews cross-chain atomic swap implementation using hashed time lock contracts.

Quality is considered one of the essential competitive priorities for managing the Small, Medium Electronics Enterprises (SMEE) market in China; here, the most critical competing priorities and precondition for sector survival and growth are analysed. Instead, small and medium-sized enterprises are significantly disadvantaged and limited to validation capital.

Quality results are controlled by continuous measurement, irrespective of the product form, as a fundamental issue among firms. Hence, it enables the electronics markets to deal with various aspects of quality programs with effective deployment of IoT-assisted identify management (IIDM) model.

It enables the electronics markets to deal with various aspects of quality programs with effective deployment of IIDM model available to them without wasting in unimportant and non-productive areas. IIDM makes it essential for SMEEs to analyze total quality management (TQM) towards better understanding the relationship between internal structures and external ones to achieve better quality results.

Analyzes TQM towards better understanding shows the relationship between internal and external structures to achieve better quality results.

Facing the dilemma between collaboration and privacy is a continual challenge for users. In this setting, the purpose of this paper is to discuss issues of a highly flexible role management integrated in a privacy‐enhanced collaborative environment (PECE).

The general framework was provided by former findings of several research projects, i.e. collaborative platform BluES and projects of privacy and identity management PRIME and PrimeLife. The role management concept bases on a literature survey and has been proofed by integration into the privacy‐enhanced environment BluES'n.

A three‐dimensional role management concept was developed describing users' rights, tasks, and positions. A discussion on how to fulfill privacy requirements yielded that a semi‐automated decision making regarding the use of roles with different identities is reasonable to support users' control of their privacy when interacting with others.

The concept of flexible role management complies with the requirements of PECEs. However, a fully automated approach of rule‐based information disclosure is not possible as such decisions depend on personal and situational aspects.

Using the example of a flexible role management concept, research described in this paper demonstrates that privacy and interaction concerns can be balanced and should be considered in application design processes.

Concepts of PECEs allow respecting privacy‐related attitudes and could improve the quality of service consumption.

The paper demonstrates contrasts between collaboration and privacy attitudes and presents solutions for the integration of role management to overcome this initially supposed contradiction.

The purpose of this paper is to design, implement and evaluate the usage of the password-authenticated secure channel protocol SRP to protect the communication of a mobile application to a Java Card applet. The usage of security and privacy sensitive systems on mobile devices, such as mobile banking, mobile credit cards, mobile ticketing or mobile digital identities has continuously risen in recent years. This development makes the protection of personal and security sensitive data on mobile devices more important than ever.

A common approach for the protection of sensitive data is to use additional hardware such as smart cards or secure elements. The communication between such dedicated hardware and back-end management systems uses strong cryptography. However, the data transfer between applications on the mobile device and so-called applets on the dedicated hardware is often either unencrypted (and interceptable by malicious software) or encrypted with static keys stored in applications.

To address this issue, this paper presents a solution for fine-grained secure application-to-applet communication based on Secure Remote Password (SRP-6a and SRP-5), an authenticated key agreement protocol, with a user-provided password at run-time.

By exploiting the Java Card cryptographic application programming interfaces (APIs) and minor adaptations to the protocol, which do not affect the security, the authors were able to implement this scheme on Java Cards with reasonable computation time.

The purpose of this study was to identify to identify reasons for the lack of protest against dragnet surveillance in the UK. As part of this investigation, a study was carried out to gauge the understanding of “privacy” and “confidentiality” by the well-informed.

To perform a best-case study, the authors identified a group of well-informed participants in terms of security. To gain insights into their privacy-related mental models, they were asked first to define the three core terms and then to identify the scenarios. Then, the participants were provided with privacy-related scenarios and were asked to demonstrate their understanding by classifying the scenarios and identifying violations.

Although the participants were mostly able to identify privacy and confidentiality scenarios, they experienced difficulties in articulating the actual meaning of the terms privacy, confidentiality and security.

There were a limited number of participants, yet the findings are interesting and justify further investigation. The implications, even of this initial study, are significant in that if citizens’ privacy rights are being violated and they did not seem to know how to protest this and if indeed they had the desire to do so.

Had the citizens understood the meaning of privacy, and their ancient right thereto, which is enshrined in law, their response to the Snowden revelations about ongoing wide-scale surveillance might well have been more strident and insistent.

People in the UK, where this study was carried out, do not seem to protest the privacy invasion effected by dragnet surveillance with any verve. The authors identify a number of possible reasons for this from the literature. One possible explanation is that people do not understand privacy. Thus, this study posits that privacy is unusual in that understanding does not seem to align with the ability to articulate the rights to privacy and their disapproval of such widespread surveillance. This seems to make protests unlikely.