Reconciling privacy and security

NARCIS (Netherlands)

Lieshout, M.J. van; Friedewald, M.; Wright, D.; Gutwirth, S.

2013-01-01

This paper considers the relationship between privacy and security and, in particular, the traditional "trade-off" paradigm. The issue is this: how, in a democracy, can one reconcile the trend towards increasing security (for example, as manifested by increasing surveillance) with the fundamental

A Novel Multifactor Authentication System Ensuring Usability and Security

OpenAIRE

Mathew, Gloriya; Thomas, Shiney

2013-01-01

User authentication is one of the most important part of information security. Computer security most commonly depends on passwords to authenticate human users. Password authentication systems will be either been usable but not secure, or secure but not usable. While there are different types of authentication systems available alphanumeric password is the most commonly used authentication mechanism. But this method has significant drawbacks. An alternative solution to the text based authenti...

Quantifying privacy and security of biometric fuzzy commitment

NARCIS (Netherlands)

Zhou, Xuebing; Kuijper, Arjan; Veldhuis, Raymond N.J.; Busch, Christoph

2011-01-01

Fuzzy commitment is an efficient template protection algorithm that can improve security and safeguard privacy of biometrics. Existing theoretical security analysis has proved that although privacy leakage is unavoidable, perfect security from information-theoretical points of view is possible when

Security and privacy in biometrics

CERN Document Server

Campisi, Patrizio

2013-01-01

This important text/reference presents the latest secure and privacy-compliant techniques in automatic human recognition. Featuring viewpoints from an international selection of experts in the field, the comprehensive coverage spans both theory and practical implementations, taking into consideration all ethical and legal issues. Topics and features: presents a unique focus on novel approaches and new architectures for unimodal and multimodal template protection; examines signal processing techniques in the encrypted domain, security and privacy leakage assessment, and aspects of standardizati

77 FR 70795 - Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security...

Science.gov (United States)

2012-11-27

... 20598-6036; email: [email protected] . For privacy issues please contact: Jonathan Cantor, (202-343... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security Administration System of Records AGENCY: Privacy...

77 FR 70792 - Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security...

Science.gov (United States)

2012-11-27

..., VA 20598-6036; email: [email protected] . For privacy issues please contact: Jonathan R. Cantor... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary Privacy Act of 1974; Retirement of Department of Homeland Security Transportation Security Administration System of Records AGENCY: Privacy...

Defining Usability of PN Services

DEFF Research Database (Denmark)

Nicolajsen, Hanne Westh; Ahola, Titta; Fleury, Alexandre

In this deliverable usability and user experience are defined in relation to MAGNET Beyond technologies, and it is described how the main MAGNET Beyond concepts can be evaluated through the involvement of users. The concepts include the new "Activity based communication approach" for interacting...... with the MAGNET Beyond system, as well as the core concepts: Personal Network, Personal Network-Federation, Service Discovery, User Profile Management, Personal Network Management, Privacy and Security and Context Awareness. The overall plans for the final usability evaluation are documented based on the present...

Public assessment of new surveillance-oriented security technologies: Beyond the trade-off between privacy and security.

Science.gov (United States)

Pavone, Vincenzo; Esposti, Sara Degli

2012-07-01

As surveillance-oriented security technologies (SOSTs) are considered security enhancing but also privacy infringing, citizens are expected to trade part of their privacy for higher security. Drawing from the PRISE project, this study casts some light on how citizens actually assess SOSTs through a combined analysis of focus groups and survey data. First, the outcomes suggest that people did not assess SOSTs in abstract terms but in relation to the specific institutional and social context of implementation. Second, from this embedded viewpoint, citizens either expressed concern about government's surveillance intentions and considered SOSTs mainly as privacy infringing, or trusted political institutions and believed that SOSTs effectively enhanced their security. None of them, however, seemed to trade privacy for security because concerned citizens saw their privacy being infringed without having their security enhanced, whilst trusting citizens saw their security being increased without their privacy being affected.

Data Security and Privacy in Cloud Computing

OpenAIRE

Yunchuan Sun; Junsheng Zhang; Yongping Xiong; Guangyu Zhu

2014-01-01

Data security has consistently been a major issue in information technology. In the cloud computing environment, it becomes particularly serious because the data is located in different places even in all the globe. Data security and privacy protection are the two main factors of user’s concerns about the cloud technology. Though many techniques on the topics in cloud computing have been investigated in both academics and industries, data security and privacy protection are becoming more impo...

Internet of Cloud: Security and Privacy issues

OpenAIRE

Cook, Allan; Robinson, Michael; Ferrag, Mohamed Amine; Maglaras, Leandros A.; He, Ying; Jones, Kevin; Janicke, Helge

2017-01-01

The synergy between the cloud and the IoT has emerged largely due to the cloud having attributes which directly benefit the IoT and enable its continued growth. IoT adopting Cloud services has brought new security challenges. In this book chapter, we pursue two main goals: 1) to analyse the different components of Cloud computing and the IoT and 2) to present security and privacy problems that these systems face. We thoroughly investigate current security and privacy preservation solutions th...

Security, privacy and trust in cloud systems

CERN Document Server

Nepal, Surya

2013-01-01

The book compiles technologies for enhancing and provisioning security, privacy and trust in cloud systems based on Quality of Service requirements. It is a timely contribution to a field that is gaining considerable research interest, momentum, and provides a comprehensive coverage of technologies related to cloud security, privacy and trust. In particular, the book includes - Cloud security fundamentals and related technologies to-date, with a comprehensive coverage of evolution, current landscape, and future roadmap. - A smooth organization with introductory, advanced and specialist content

Security, privacy, and confidentiality issues on the Internet.

Science.gov (United States)

Kelly, Grant; McKenzie, Bruce

2002-01-01

We introduce the issues around protecting information about patients and related data sent via the Internet. We begin by reviewing three concepts necessary to any discussion about data security in a healthcare environment: privacy, confidentiality, and consent. We are giving some advice on how to protect local data. Authentication and privacy of e-mail via encryption is offered by Pretty Good Privacy (PGP) and Secure Multipurpose Internet Mail Extensions (S/MIME). The de facto Internet standard for encrypting Web-based information interchanges is Secure Sockets Layer (SSL), more recently known as Transport Layer Security or TLS. There is a public key infrastructure process to 'sign' a message whereby the private key of an individual can be used to 'hash' the message. This can then be verified against the sender's public key. This ensures the data's authenticity and origin without conferring privacy, and is called a 'digital signature'. The best protection against viruses is not opening e-mails from unknown sources or those containing unusual message headers.

Factors and Predictors of Online Security and Privacy Behavior

Directory of Open Access Journals (Sweden)

Goran Bubaš

2008-12-01

Full Text Available Assumptions and habits regarding computer and Internet use are among the major factors which influence online privacy and security of Internet users. In our study a survey was performed on 312 subjects (college students who are Internet users with IT skills that investigated how assumptions and habits of Internet users are related to their online security and privacy. The following four factors of online security and privacy related behaviors were revealed in factor analysis: F1 – conscientiousness in the maintenance of the operating system, upgrading of the Internet browser and use of antivirus and antispyware programs; F2 –engagement in risky and careless online activities with lack of concern for personal online privacy; F3 – disbelief that privacy violations and security threats represent possible problems; F4 – lack of fear regarding potential privacy and security threats with no need for change in personal online behavior. Statistically significant correlations were found between some of the discovered factors on the one side, and criteria variables occurrence of malicious code (C1 and data loss on the home computer (C2 on the other. In addition, a regression analysis was performed which revealed that the potentially risky online behaviors of Internet users were associated with the two criteria variables. To properly interpret the results of correlation and regression analyses a conceptual model was developed of the potential causal relationships between the behavior of Internet users and their experiences with online security threats. An additional study was also performed which partly confirmed the conceptual model, as well as the factors of online security and privacy related behaviors.

Security, privacy, and confidentiality issues on the Internet

OpenAIRE

Kelly, Grant; McKenzie, Bruce

2002-01-01

We introduce the issues around protecting information about patients and related data sent via the Internet. We begin by reviewing three concepts necessary to any discussion about data security in a healthcare environment: privacy, confidentiality, and consent. We are giving some advice on how to protect local data. Authentication and privacy of e-mail via encryption is offered by Pretty Good Privacy (PGP) and Secure Multipurpose Internet Mail Extensions (S/MIME). The de facto Internet standa...

Usable Security and E-Banking: ease of use vis-a-vis security

Directory of Open Access Journals (Sweden)

Morten Hertzum

2004-05-01

Full Text Available Electronic banking must be secure and easy to use. An evaluation of six Danish web-based electronic banking systems indicates that the systems have serious weaknesses with respect to ease of use. Our analysis of the weaknesses suggests that security requirements are among their causes and that the weaknesses may in turn cause decreased security. We view the conflict between ease of use and security in the context of usable security, a concept that is intended to match security principles and demands against user knowledge and motivation. Automation, instruction, and understanding can be identified as different approaches to usable security. Instruction is the main approach of the systems evaluated; automation relieves the user from involvement in security, as far as possible; and understanding goes beyond step-by-step instructions, to enable users to act competently and safely in situations that transcend preconceived instructions. We discuss the pros and cons of automation and understanding as alternative approaches to the design of web-based e-banking systems.

Enabling secure and privacy preserving communications in smart grids

CERN Document Server

Li, Hongwei

2014-01-01

This brief focuses on the current research on security and privacy preservation in smart grids. Along with a review of the existing works, this brief includes fundamental system models, possible frameworks, useful performance, and future research directions. It explores privacy preservation demand response with adaptive key evolution, secure and efficient Merkle tree based authentication, and fine-grained keywords comparison in the smart grid auction market. By examining the current and potential security and privacy threats, the author equips readers to understand the developing issues in sma

Review of the model of technological pragmatism considering privacy and security

Directory of Open Access Journals (Sweden)

Kovačević-Lepojević Marina M.

2013-01-01

Full Text Available The model of technological pragmatism assumes awareness that technological development involves both benefits and dangers. Most modern security technologies represent citizens' mass surveillance tools, which can lead to compromising a significant amount of personal data due to the lack of institutional monitoring and control. On the other hand, people are interested in improving crime control and reducing the fear of potential victimization which this framework provides as a rational justification for the apparent loss of privacy, personal rights and freedoms. Citizens' perception on the categories of security and privacy, and their balancing, can provide the necessary guidelines to regulate the application of security technologies in the actual context. The aim of this paper is to analyze the attitudes of students at the University of Belgrade (N = 269 toward the application of security technology and identification of the key dimensions. On the basis of the relevant research the authors have formed assumptions about the following dimensions: security, privacy, trust in institutions and concern about the misuse of security technology. The Prise Questionnaire on Security Technology and Privacy was used for data collection. Factor analysis abstracted eight factors which together account for 58% of variance, with the highest loading of the four factors that are identified as security, privacy, trust and concern. The authors propose a model of technological pragmatism considering security and privacy. The data also showed that students are willing to change their privacy for the purpose of improving security and vice versa.

Query Monitoring and Analysis for Database Privacy - A Security Automata Model Approach.

Science.gov (United States)

Kumar, Anand; Ligatti, Jay; Tu, Yi-Cheng

2015-11-01

Privacy and usage restriction issues are important when valuable data are exchanged or acquired by different organizations. Standard access control mechanisms either restrict or completely grant access to valuable data. On the other hand, data obfuscation limits the overall usability and may result in loss of total value. There are no standard policy enforcement mechanisms for data acquired through mutual and copyright agreements. In practice, many different types of policies can be enforced in protecting data privacy. Hence there is the need for an unified framework that encapsulates multiple suites of policies to protect the data. We present our vision of an architecture named security automata model (SAM) to enforce privacy-preserving policies and usage restrictions. SAM analyzes the input queries and their outputs to enforce various policies, liberating data owners from the burden of monitoring data access. SAM allows administrators to specify various policies and enforces them to monitor queries and control the data access. Our goal is to address the problems of data usage control and protection through privacy policies that can be defined, enforced, and integrated with the existing access control mechanisms using SAM. In this paper, we lay out the theoretical foundation of SAM, which is based on an automata named Mandatory Result Automata. We also discuss the major challenges of implementing SAM in a real-world database environment as well as ideas to meet such challenges.

Security, privacy, and confidentiality issues on the Internet

Science.gov (United States)

Kelly, Grant; McKenzie, Bruce

2002-01-01

We introduce the issues around protecting information about patients and related data sent via the Internet. We begin by reviewing three concepts necessary to any discussion about data security in a healthcare environment: privacy, confidentiality, and consent. We are giving some advice on how to protect local data. Authentication and privacy of e-mail via encryption is offered by Pretty Good Privacy (PGP) and Secure Multipurpose Internet Mail Extensions (S/MIME). The de facto Internet standard for encrypting Web-based information interchanges is Secure Sockets Layer (SSL), more recently known as Transport Layer Security or TLS. There is a public key infrastructure process to `sign' a message whereby the private key of an individual can be used to `hash' the message. This can then be verified against the sender's public key. This ensures the data's authenticity and origin without conferring privacy, and is called a `digital signature'. The best protection against viruses is not opening e-mails from unknown sources or those containing unusual message headers. PMID:12554559

Security and Privacy in Fog Computing: Challenges

OpenAIRE

Mukherjee, Mithun; Matam, Rakesh; Shu, Lei; Maglaras, Leandros; Ferrag, Mohamed Amine; Choudhry, Nikumani; Kumar, Vikas

2017-01-01

open access article Fog computing paradigm extends the storage, networking, and computing facilities of the cloud computing toward the edge of the networks while offloading the cloud data centers and reducing service latency to the end users. However, the characteristics of fog computing arise new security and privacy challenges. The existing security and privacy measurements for cloud computing cannot be directly applied to the fog computing due to its features, such as mobility, heteroge...

Security and privacy in cyber-physical systems foundations, principles, and applications

CERN Document Server

Song, Houbing; Jeschke, Sabina

2017-01-01

Written by a team of experts at the forefront of the cyber-physical systems (CPS) revolution, this book provides an in-depth look at security and privacy, two of the most critical challenges facing both the CPS research and development community and ICT professionals. It explores, in depth, the key technical, social, and legal issues at stake, and it provides readers with the information they need to advance research and development in this exciting area. Cyber-physical systems (CPS) are engineered systems that are built from, and depend upon the seamless integration of computational algorithms and physical components. Advances in CPS will enable capability, adaptability, scalability, resiliency, safety, security, and usability far in excess of what today's simple embedded systems can provide. Just as the Internet revolutionized the way we interact with information, CPS technology has already begun to transform the way people interact with engineered systems. In the years ahead, smart CPS will drive innovat...

Cyber security challenges in Smart Cities: Safety, security and privacy

Science.gov (United States)

Elmaghraby, Adel S.; Losavio, Michael M.

2014-01-01

The world is experiencing an evolution of Smart Cities. These emerge from innovations in information technology that, while they create new economic and social opportunities, pose challenges to our security and expectations of privacy. Humans are already interconnected via smart phones and gadgets. Smart energy meters, security devices and smart appliances are being used in many cities. Homes, cars, public venues and other social systems are now on their path to the full connectivity known as the “Internet of Things.” Standards are evolving for all of these potentially connected systems. They will lead to unprecedented improvements in the quality of life. To benefit from them, city infrastructures and services are changing with new interconnected systems for monitoring, control and automation. Intelligent transportation, public and private, will access a web of interconnected data from GPS location to weather and traffic updates. Integrated systems will aid public safety, emergency responders and in disaster recovery. We examine two important and entangled challenges: security and privacy. Security includes illegal access to information and attacks causing physical disruptions in service availability. As digital citizens are more and more instrumented with data available about their location and activities, privacy seems to disappear. Privacy protecting systems that gather data and trigger emergency response when needed are technological challenges that go hand-in-hand with the continuous security challenges. Their implementation is essential for a Smart City in which we would wish to live. We also present a model representing the interactions between person, servers and things. Those are the major element in the Smart City and their interactions are what we need to protect. PMID:25685517

Cyber security challenges in Smart Cities: Safety, security and privacy

Directory of Open Access Journals (Sweden)

Adel S. Elmaghraby

2014-07-01

Full Text Available The world is experiencing an evolution of Smart Cities. These emerge from innovations in information technology that, while they create new economic and social opportunities, pose challenges to our security and expectations of privacy. Humans are already interconnected via smart phones and gadgets. Smart energy meters, security devices and smart appliances are being used in many cities. Homes, cars, public venues and other social systems are now on their path to the full connectivity known as the “Internet of Things.” Standards are evolving for all of these potentially connected systems. They will lead to unprecedented improvements in the quality of life. To benefit from them, city infrastructures and services are changing with new interconnected systems for monitoring, control and automation. Intelligent transportation, public and private, will access a web of interconnected data from GPS location to weather and traffic updates. Integrated systems will aid public safety, emergency responders and in disaster recovery. We examine two important and entangled challenges: security and privacy. Security includes illegal access to information and attacks causing physical disruptions in service availability. As digital citizens are more and more instrumented with data available about their location and activities, privacy seems to disappear. Privacy protecting systems that gather data and trigger emergency response when needed are technological challenges that go hand-in-hand with the continuous security challenges. Their implementation is essential for a Smart City in which we would wish to live. We also present a model representing the interactions between person, servers and things. Those are the major element in the Smart City and their interactions are what we need to protect.

Cyber security challenges in Smart Cities: Safety, security and privacy.

Science.gov (United States)

Elmaghraby, Adel S; Losavio, Michael M

2014-07-01

The world is experiencing an evolution of Smart Cities. These emerge from innovations in information technology that, while they create new economic and social opportunities, pose challenges to our security and expectations of privacy. Humans are already interconnected via smart phones and gadgets. Smart energy meters, security devices and smart appliances are being used in many cities. Homes, cars, public venues and other social systems are now on their path to the full connectivity known as the "Internet of Things." Standards are evolving for all of these potentially connected systems. They will lead to unprecedented improvements in the quality of life. To benefit from them, city infrastructures and services are changing with new interconnected systems for monitoring, control and automation. Intelligent transportation, public and private, will access a web of interconnected data from GPS location to weather and traffic updates. Integrated systems will aid public safety, emergency responders and in disaster recovery. We examine two important and entangled challenges: security and privacy. Security includes illegal access to information and attacks causing physical disruptions in service availability. As digital citizens are more and more instrumented with data available about their location and activities, privacy seems to disappear. Privacy protecting systems that gather data and trigger emergency response when needed are technological challenges that go hand-in-hand with the continuous security challenges. Their implementation is essential for a Smart City in which we would wish to live. We also present a model representing the interactions between person, servers and things. Those are the major element in the Smart City and their interactions are what we need to protect.

Privacy and security of patient data in the pathology laboratory.

Science.gov (United States)

Cucoranu, Ioan C; Parwani, Anil V; West, Andrew J; Romero-Lauro, Gonzalo; Nauman, Kevin; Carter, Alexis B; Balis, Ulysses J; Tuthill, Mark J; Pantanowitz, Liron

2013-01-01

Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI). In the United States, the Health Insurance Portability and Accountability Act (HIPAA) govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States.

Privacy and security of patient data in the pathology laboratory

Directory of Open Access Journals (Sweden)

Ioan C Cucoranu

2013-01-01

Full Text Available Data protection and security are critical components of routine pathology practice because laboratories are legally required to securely store and transmit electronic patient data. With increasing connectivity of information systems, laboratory work-stations, and instruments themselves to the Internet, the demand to continuously protect and secure laboratory information can become a daunting task. This review addresses informatics security issues in the pathology laboratory related to passwords, biometric devices, data encryption, internet security, virtual private networks, firewalls, anti-viral software, and emergency security situations, as well as the potential impact that newer technologies such as mobile devices have on the privacy and security of electronic protected health information (ePHI. In the United States, the Health Insurance Portability and Accountability Act (HIPAA govern the privacy and protection of medical information and health records. The HIPAA security standards final rule mandate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of ePHI. Importantly, security failures often lead to privacy breaches, invoking the HIPAA privacy rule as well. Therefore, this review also highlights key aspects of HIPAA and its impact on the pathology laboratory in the United States.

75 FR 28042 - Privacy Act of 1974: System of Records; Department of Homeland Security Transportation Security...

Science.gov (United States)

2010-05-19

..., VA 20598-6036 or [email protected] . For privacy issues please contact: Mary Ellen Callahan (703-235... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2010-0013] Privacy Act of..., Transportation Security Enforcement Record System, System of Records AGENCY: Privacy Office, DHS. ACTION: Notice...

Ethical aspects of information security and privacy

NARCIS (Netherlands)

Brey, Philip A.E.; Petkovic, Milan; Jonker, Willem

2007-01-01

This chapter reviews ethical aspects of computer and information security and privacy. After an introduction to ethical approaches to information technology, the focus is first on ethical aspects of computer security. These include the moral importance of computer security, the relation between

The Regulatory Framework for Privacy and Security

Science.gov (United States)

Hiller, Janine S.

The internet enables the easy collection of massive amounts of personally identifiable information. Unregulated data collection causes distrust and conflicts with widely accepted principles of privacy. The regulatory framework in the United States for ensuring privacy and security in the online environment consists of federal, state, and self-regulatory elements. New laws have been passed to address technological and internet practices that conflict with privacy protecting policies. The United States and the European Union approaches to privacy differ significantly, and the global internet environment will likely cause regulators to face the challenge of balancing privacy interests with data collection for many years to come.

Computer Security Issues in Online Banking: An Assessment from the Context of Usable Security

Science.gov (United States)

Mahmadi, FN; Zaaba, ZF; Osman, A.

2016-11-01

Today's online banking is a convenient mode of finance management. Despite the ease of doing online banking, there are people that still sceptical in utilizing it due to perception and its security. This paper highlights the subject of online banking security in Malaysia, especially from the perspective of the end-users. The study is done by assessing human computer interaction, usability and security. An online survey utilising 137 participants was previously conducted to gain preliminary insights on security issues of online banking in Malaysia. Following from those results, 37 participants were interviewed to gauge deeper understanding about end-users perception on online banking within the context of usable security. The results suggested that most of the end-users are continuingly experiencing significant difficulties especially in relation to the technical terminologies, security features and other technical issues. Although the security features are provided to provide a shield or protection, users are still incapable to cope with the technical aspects of such implementation.

Legal, privacy, security, access and regulatory issues in cloud computing

CSIR Research Space (South Africa)

Dlodlo, N

2011-04-01

Full Text Available a gap on reporting are on are legal , privacy, security, access and regulatory issues. This paper raises an awareness of legal, privacy, security, access and regulatory issues that are associated with the advent of cloud computing. An in...

Data security breaches and privacy in Europe

CERN Document Server

Wong, Rebecca

2013-01-01

Data Security Breaches and Privacy in Europe aims to consider data protection and cybersecurity issues; more specifically, it aims to provide a fruitful discussion on data security breaches. A detailed analysis of the European Data Protection framework will be examined. In particular, the Data Protection Directive 95/45/EC, the Directive on Privacy and Electronic Communications and the proposed changes under the Data Protection Regulation (data breach notifications) and its implications are considered. This is followed by an examination of the Directive on Attacks against information systems a

78 FR 54454 - Open Meeting of the Information Security and Privacy Advisory Board

Science.gov (United States)

2013-09-04

... security and privacy issues pertaining to federal computer systems. Details regarding the ISPAB's... Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology, Commerce. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB) will meet...

78 FR 72063 - Open Meeting of the Information Security and Privacy Advisory Board

Science.gov (United States)

2013-12-02

... NIST on information security and privacy issues pertaining to federal computer systems. Details... Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology, Commerce. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB) will meet...

The Privacy Calculus: Mobile Apps and User Perceptions of Privacy and Security

Directory of Open Access Journals (Sweden)

Elizabeth Fife

2012-07-01

Full Text Available A continuing stream of new mobile data services are being released that rely upon the collection of personal data to support a business model. New technologies including facial recognition, sensors and Near Field Communications (NFC will increasingly become a part of everyday services and applications that challenge traditional concepts of individual privacy. The average person as well as the “tech‐savvy” mobile phone user may not yet be fully aware of the extent to which their privacy and security are being affected through their mobile activities and how comparable this situation is to personal computer usage. We investigate perceptions and usage of mobile data services that appear to have specific privacy and security sensitivities, specifically social networking,\tbanking/payments\tand\thealth‐related activities. Our annual survey of smartphone users in the U.S. and Japan is presented from 2011. This nationally representative survey data is used to show demographic and cultural differences, and substantiate our hypotheses about the links between use and privacy concerns

Review of Social Networking Sites' Security and Privacy

OpenAIRE

YANG, SHUN

2015-01-01

Nowadays social media networking has dramatically increased. Social networking sites like Facebook make users create huge amount of profiles and share personal information within networking of different users. Social networking exposes personal information far beyond the group of friends. And that information or data on social media networking could be potential threat to people's information security and privacy. In this review, we are going to view the privacy risks and security problem...

Homomorphic encryption-based secure SIFT for privacy-preserving feature extraction

Science.gov (United States)

Hsu, Chao-Yung; Lu, Chun-Shien; Pei, Soo-Chang

2011-02-01

Privacy has received much attention but is still largely ignored in the multimedia community. Consider a cloud computing scenario, where the server is resource-abundant and is capable of finishing the designated tasks, it is envisioned that secure media retrieval and search with privacy-preserving will be seriously treated. In view of the fact that scale-invariant feature transform (SIFT) has been widely adopted in various fields, this paper is the first to address the problem of secure SIFT feature extraction and representation in the encrypted domain. Since all the operations in SIFT must be moved to the encrypted domain, we propose a homomorphic encryption-based secure SIFT method for privacy-preserving feature extraction and representation based on Paillier cryptosystem. In particular, homomorphic comparison is a must for SIFT feature detection but is still a challenging issue for homomorphic encryption methods. To conquer this problem, we investigate a quantization-like secure comparison strategy in this paper. Experimental results demonstrate that the proposed homomorphic encryption-based SIFT performs comparably to original SIFT on image benchmarks, while preserving privacy additionally. We believe that this work is an important step toward privacy-preserving multimedia retrieval in an environment, where privacy is a major concern.

Security and privacy for implantable medical devices

CERN Document Server

Carrara, Sandro

2014-01-01

 This book presents a systematic approach to analyzing the challenging engineering problems posed by the need for security and privacy in implantable medical devices (IMD).  It describes in detail new issues termed as lightweight security, due to the associated constraints on metrics such as available power, energy, computing ability, area, execution time, and memory requirements. Coverage includes vulnerabilities and defense across multiple levels, with basic abstractions of cryptographic services and primitives such as public key cryptography, block ciphers and digital signatures. Experts from engineering introduce to some IMD systems that have  recently been proposed and developed. Experts from Computer Security and Cryptography present new research, which shows vulnerabilities in existing IMDs and proposes solutions. Experts from Privacy Technology and Policy will discuss the societal, legal and ethical challenges surrounding IMD security as well as technological solutions that build on the latest in C...

Privacy and Security Research Group workshop on network and distributed system security: Proceedings

Energy Technology Data Exchange (ETDEWEB)

1993-05-01

This report contains papers on the following topics: NREN Security Issues: Policies and Technologies; Layer Wars: Protect the Internet with Network Layer Security; Electronic Commission Management; Workflow 2000 - Electronic Document Authorization in Practice; Security Issues of a UNIX PEM Implementation; Implementing Privacy Enhanced Mail on VMS; Distributed Public Key Certificate Management; Protecting the Integrity of Privacy-enhanced Electronic Mail; Practical Authorization in Large Heterogeneous Distributed Systems; Security Issues in the Truffles File System; Issues surrounding the use of Cryptographic Algorithms and Smart Card Applications; Smart Card Augmentation of Kerberos; and An Overview of the Advanced Smart Card Access Control System. Selected papers were processed separately for inclusion in the Energy Science and Technology Database.

Privacy and security disclosures on telecardiology websites

NARCIS (Netherlands)

Dubbeld, L.

2006-01-01

This article discusses telemedicine providers¿ online privacy and security disclosures. It presents the results of an exploratory study of a number of telecardiology companies¿ Web sites, providing insight in some of the current strategies towards data protection and information security in the

75 FR 18863 - Privacy Act of 1974; Department of Homeland Security Transportation Security Administration-006...

Science.gov (United States)

2010-04-13

... 12th Street, Arlington, VA, 20598-6036. For privacy issues please contact: Mary Ellen Callahan (703-235... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2010-0015] Privacy Act of... Matters Tracking Records AGENCY: Privacy Office, DHS. [[Page 18864

Safety, security, hygiene and privacy in migrant farmworker housing.

Science.gov (United States)

Arcury, Thomas A; Weir, Maria M; Summers, Phillip; Chen, Haiying; Bailey, Melissa; Wiggins, Melinda F; Bischoff, Werner E; Quandt, Sara A

2012-01-01

Safety, security, hygiene, and privacy in migrant farmworker housing have not previously been documented, yet these attributes are important for farmworker quality of life and dignity. This analysis describes the safety, security, hygiene, and privacy of migrant farmworker housing and delineates camp characteristics that are associated with these attributes, using data collected in 183 eastern North Carolina migrant farmworker camps in 2010. Migrant farmworker housing is deficient. For example, 73.8 percent of housing had structural damage and 52.7 percent had indoor temperatures that were not safe. Farmworkers in 83.5 percent of the housing reported that they did not feel they or their possessions were secure. Bathing or toileting privacy was absent in 46.2 percent of the housing. Camps with residents having H-2A visas or North Carolina Department of Labor certificates of inspection posted had better safety, security, and hygiene. Regulations addressing the quality of migrant farmworker housing are needed.

Auditing cloud computing a security and privacy guide

CERN Document Server

Halpert, Ben

2011-01-01

The auditor's guide to ensuring correct security and privacy practices in a cloud computing environment Many organizations are reporting or projecting a significant cost savings through the use of cloud computing-utilizing shared computing resources to provide ubiquitous access for organizations and end users. Just as many organizations, however, are expressing concern with security and privacy issues for their organization's data in the "cloud." Auditing Cloud Computing provides necessary guidance to build a proper audit to ensure operational integrity and customer data protection, among othe

76 FR 34650 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Science.gov (United States)

2011-06-14

... Commerce and the Director of NIST on security and privacy issues pertaining to federal computer systems... Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology, Department of Commerce. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB...

75 FR 13258 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Science.gov (United States)

2010-03-19

... Director of OMB on information security and privacy issues pertaining to Federal government information... Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology... hereby given that the Information Security and Privacy Advisory Board (ISPAB) will meet Wednesday, April...

Secure privacy-preserving biometric authentication scheme for telecare medicine information systems.

Science.gov (United States)

Li, Xuelei; Wen, Qiaoyan; Li, Wenmin; Zhang, Hua; Jin, Zhengping

2014-11-01

Healthcare delivery services via telecare medicine information systems (TMIS) can help patients to obtain their desired telemedicine services conveniently. However, information security and privacy protection are important issues and crucial challenges in healthcare information systems, where only authorized patients and doctors can employ telecare medicine facilities and access electronic medical records. Therefore, a secure authentication scheme is urgently required to achieve the goals of entity authentication, data confidentiality and privacy protection. This paper investigates a new biometric authentication with key agreement scheme, which focuses on patient privacy and medical data confidentiality in TMIS. The new scheme employs hash function, fuzzy extractor, nonce and authenticated Diffie-Hellman key agreement as primitives. It provides patient privacy protection, e.g., hiding identity from being theft and tracked by unauthorized participant, and preserving password and biometric template from being compromised by trustless servers. Moreover, key agreement supports secure transmission by symmetric encryption to protect patient's medical data from being leaked. Finally, the analysis shows that our proposal provides more security and privacy protection for TMIS.

76 FR 7818 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Science.gov (United States)

2011-02-11

... advise the Secretary of Commerce and the Director of NIST on security and privacy issues pertaining to... Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology, Commerce. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB) will meet...

75 FR 39920 - Announcing a Meeting of the Information Security and Privacy Advisory Board

Science.gov (United States)

2010-07-13

... advise the Secretary of Commerce and the Director of NIST on security and privacy issues pertaining to... Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB) will meet Wednesday, August...

Security and privacy preserving approaches in the eHealth clouds with disaster recovery plan.

Science.gov (United States)

Sahi, Aqeel; Lai, David; Li, Yan

2016-11-01

Cloud computing was introduced as an alternative storage and computing model in the health sector as well as other sectors to handle large amounts of data. Many healthcare companies have moved their electronic data to the cloud in order to reduce in-house storage, IT development and maintenance costs. However, storing the healthcare records in a third-party server may cause serious storage, security and privacy issues. Therefore, many approaches have been proposed to preserve security as well as privacy in cloud computing projects. Cryptographic-based approaches were presented as one of the best ways to ensure the security and privacy of healthcare data in the cloud. Nevertheless, the cryptographic-based approaches which are used to transfer health records safely remain vulnerable regarding security, privacy, or the lack of any disaster recovery strategy. In this paper, we review the related work on security and privacy preserving as well as disaster recovery in the eHealth cloud domain. Then we propose two approaches, the Security-Preserving approach and the Privacy-Preserving approach, and a disaster recovery plan. The Security-Preserving approach is a robust means of ensuring the security and integrity of Electronic Health Records, and the Privacy-Preserving approach is an efficient authentication approach which protects the privacy of Personal Health Records. Finally, we discuss how the integrated approaches and the disaster recovery plan can ensure the reliability and security of cloud projects. Copyright © 2016 Elsevier Ltd. All rights reserved.

Privacy and data security in E-health: requirements from the user's perspective.

Science.gov (United States)

Wilkowska, Wiktoria; Ziefle, Martina

2012-09-01

In this study two currently relevant aspects of using medical assistive technologies were addressed-security and privacy. In a two-step empirical approach that used focus groups (n = 19) and a survey (n = 104), users' requirements for the use of medical technologies were collected and evaluated. Specifically, we focused on the perceived importance of data security and privacy issues. Outcomes showed that both security and privacy aspects play an important role in the successful adoption of medical assistive technologies in the home environment. In particular, analysis of data with respect to gender, health-status and age (young, middle-aged and old users) revealed that females and healthy adults require, and insist on, the highest security and privacy standards compared with males and the ailing elderly.

Security and Privacy in Video Surveillance: Requirements and Challenges

DEFF Research Database (Denmark)

Mahmood Rajpoot, Qasim; Jensen, Christian D.

2014-01-01

observed by the system. Several techniques to protect the privacy of individuals have therefore been proposed, but very little research work has focused on the specific security requirements of video surveillance data (in transit or in storage) and on authorizing access to this data. In this paper, we...... present a general model of video surveillance systems that will help identify the major security and privacy requirements for a video surveillance system and we use this model to identify practical challenges in ensuring the security of video surveillance data in all stages (in transit and at rest). Our...... study shows a gap between the identified security requirements and the proposed security solutions where future research efforts may focus in this domain....

Security Design Flaws That Affect Usability in Online Banking

Science.gov (United States)

Gurlen, Stephanie

2013-01-01

As the popularity of online banking Websites has increased, the security of these sites has become increasingly critical as attacks against these sites are on the rise. However, the design decisions made during construction of the sites could make usability more difficult, where the user has difficulty making good security decisions. This study…

Privacy, security and access with sensitive health information.

Science.gov (United States)

Croll, Peter

2010-01-01

This chapter gives an educational overview of: * Confidentiality issues and the challenges faced; * The fundamental differences between privacy and security; * The different access control mechanisms; * The challenges of Internet security; * How 'safety and quality' relate to all the above.

Crossing borders: Security and privacy issues of the European e-passport

NARCIS (Netherlands)

Hoepman, J.H.; Hubbers, E.; Jacobs, B.P.F.; Oostdijk, M.D.; Wichers Schreur, R.

2008-01-01

The first generation of European e-passports will be issued in 2006. We discuss how borders are crossed regarding the security and privacy erosion of the proposed schemes, and show which borders need to be crossed to improve the security and the privacy protection of the next generation of

78 FR 25254 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

Science.gov (United States)

2013-04-30

... information security and privacy issues pertaining to federal computer systems. Details regarding the ISPAB's... of the Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology, Commerce. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB...

Do privacy and security regulations need a status update? Perspectives from an intergenerational survey

Science.gov (United States)

Pereira, Stacey; Robinson, Jill Oliver; Gutierrez, Amanda M.; Majumder, Mary A.; McGuire, Amy L.; Rothstein, Mark A.

2017-01-01

Background The importance of health privacy protections in the era of the “Facebook Generation” has been called into question. The ease with which younger people share personal information about themselves has led to the assumption that they are less concerned than older generations about the privacy of their information, including health information. We explored whether survey respondents’ views toward health privacy suggest that efforts to strengthen privacy protections as health information is moved online are unnecessary. Methods Using Amazon’s Mechanical Turk (MTurk), which is well-known for recruitment for survey research, we distributed a 45-item survey to individuals in the U.S. to assess their perspectives toward privacy and security of online and health information, social media behaviors, use of health and fitness devices, and demographic information. Results 1310 participants (mean age: 36 years, 50% female, 78% non-Hispanic white, 54% college graduates or higher) were categorized by generations: Millennials, Generation X, and Baby Boomers. In multivariate regression models, we found that generational cohort was an independent predictor of level of concern about privacy and security of both online and health information. Younger generations were significantly less likely to be concerned than older generations (all P privacy or security of online or health information (all P > 0.05). Limitations This study is limited by the non-representativeness of our sample. Conclusions Though Millennials reported lower levels of concern about privacy and security, this was not related to internet or social media behaviors, and majorities within all generations reported concern about both the privacy and security of their health information. Thus, there is no intergenerational imperative to relax privacy and security standards, and it would be advisable to take privacy and security of health information more seriously. PMID:28926626

Do privacy and security regulations need a status update? Perspectives from an intergenerational survey.

Science.gov (United States)

Pereira, Stacey; Robinson, Jill Oliver; Peoples, Hayley A; Gutierrez, Amanda M; Majumder, Mary A; McGuire, Amy L; Rothstein, Mark A

2017-01-01

The importance of health privacy protections in the era of the "Facebook Generation" has been called into question. The ease with which younger people share personal information about themselves has led to the assumption that they are less concerned than older generations about the privacy of their information, including health information. We explored whether survey respondents' views toward health privacy suggest that efforts to strengthen privacy protections as health information is moved online are unnecessary. Using Amazon's Mechanical Turk (MTurk), which is well-known for recruitment for survey research, we distributed a 45-item survey to individuals in the U.S. to assess their perspectives toward privacy and security of online and health information, social media behaviors, use of health and fitness devices, and demographic information. 1310 participants (mean age: 36 years, 50% female, 78% non-Hispanic white, 54% college graduates or higher) were categorized by generations: Millennials, Generation X, and Baby Boomers. In multivariate regression models, we found that generational cohort was an independent predictor of level of concern about privacy and security of both online and health information. Younger generations were significantly less likely to be concerned than older generations (all P privacy or security of online or health information (all P > 0.05). This study is limited by the non-representativeness of our sample. Though Millennials reported lower levels of concern about privacy and security, this was not related to internet or social media behaviors, and majorities within all generations reported concern about both the privacy and security of their health information. Thus, there is no intergenerational imperative to relax privacy and security standards, and it would be advisable to take privacy and security of health information more seriously.

78 FR 69861 - Privacy Act of 1974; Department of Homeland Security, Federal Emergency Management Agency...

Science.gov (United States)

2013-11-21

... Homeland Security, Washington, DC 20478. For privacy issues, please contact: Karen L. Neuman, (202) 343... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [DHS-2013-0073] Privacy Act of 1974... Defense Executive Reserve System of Records AGENCY: Department of Homeland Security, Privacy Office...

78 FR 89 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

Science.gov (United States)

2013-01-02

... Management and Budget, and the Director of NIST on security and privacy issues pertaining to federal computer... of the Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology, Commerce. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB...

76 FR 81477 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

Science.gov (United States)

2011-12-28

... advise the Secretary of Commerce and the Director of NIST on security and privacy issues pertaining to... of the Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB) will meet...

77 FR 25686 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

Science.gov (United States)

2012-05-01

... Director of the Office of Management and Budget, and the Director of NIST on security and privacy issues... of the Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology, Commerce. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB...

Privacy and security in the digital age: Contemporary ethical challenges and future directions

DEFF Research Database (Denmark)

Hiranandani, Vanmala Sunder

2011-01-01

Privacy is at the core of civil rights from which all other human rights and freedoms flow. Since the twentieth century, and particularly since 9/11, rapid deployment of information and surveillance technologies in the name of national security has grave implications for individual privacy...... and human rights. This article reviews major strands in contemporary privacy-security debate, while critiquing existing conceptualisations of privacy that are inadequate in the context of multifaceted and ubiquitous surveillance technologies post 9/11. Further, this paper contends most privacy...

Aligning the Effective Use of Student Data with Student Privacy and Security Laws

Science.gov (United States)

Winnick, Steve; Coleman, Art; Palmer, Scott; Lipper, Kate; Neiditz, Jon

2011-01-01

This legal and policy guidance provides a summary framework for state policymakers as they work to use longitudinal data to improve student achievement while also protecting the privacy and security of individual student records. Summarizing relevant federal privacy and security laws, with a focus on the Family Educational Records and Privacy Act…

Cloud Security and Privacy An Enterprise Perspective on Risks and Compliance

CERN Document Server

Mather, Tim; Latif, Shahed

2009-01-01

You may regard cloud computing as an ideal way for your company to control IT costs, but do you know how private and secure this service really is? Not many people do. With Cloud Security and Privacy, you'll learn what's at stake when you trust your data to the cloud, and what you can do to keep your virtual infrastructure and web applications secure. Ideal for IT staffers, information security and privacy practitioners, business managers, service providers, and investors alike, this book offers you sound advice from three well-known authorities in the tech security world. You'll learn deta

Do privacy and security regulations need a status update? Perspectives from an intergenerational survey.

Directory of Open Access Journals (Sweden)

Stacey Pereira

Full Text Available The importance of health privacy protections in the era of the "Facebook Generation" has been called into question. The ease with which younger people share personal information about themselves has led to the assumption that they are less concerned than older generations about the privacy of their information, including health information. We explored whether survey respondents' views toward health privacy suggest that efforts to strengthen privacy protections as health information is moved online are unnecessary.Using Amazon's Mechanical Turk (MTurk, which is well-known for recruitment for survey research, we distributed a 45-item survey to individuals in the U.S. to assess their perspectives toward privacy and security of online and health information, social media behaviors, use of health and fitness devices, and demographic information.1310 participants (mean age: 36 years, 50% female, 78% non-Hispanic white, 54% college graduates or higher were categorized by generations: Millennials, Generation X, and Baby Boomers. In multivariate regression models, we found that generational cohort was an independent predictor of level of concern about privacy and security of both online and health information. Younger generations were significantly less likely to be concerned than older generations (all P 0.05.This study is limited by the non-representativeness of our sample.Though Millennials reported lower levels of concern about privacy and security, this was not related to internet or social media behaviors, and majorities within all generations reported concern about both the privacy and security of their health information. Thus, there is no intergenerational imperative to relax privacy and security standards, and it would be advisable to take privacy and security of health information more seriously.

Security and privacy qualities of medical devices: an analysis of FDA postmarket surveillance.

Science.gov (United States)

Kramer, Daniel B; Baker, Matthew; Ransford, Benjamin; Molina-Markham, Andres; Stewart, Quinn; Fu, Kevin; Reynolds, Matthew R

2012-01-01

Medical devices increasingly depend on computing functions such as wireless communication and Internet connectivity for software-based control of therapies and network-based transmission of patients' stored medical information. These computing capabilities introduce security and privacy risks, yet little is known about the prevalence of such risks within the clinical setting. We used three comprehensive, publicly available databases maintained by the Food and Drug Administration (FDA) to evaluate recalls and adverse events related to security and privacy risks of medical devices. Review of weekly enforcement reports identified 1,845 recalls; 605 (32.8%) of these included computers, 35 (1.9%) stored patient data, and 31 (1.7%) were capable of wireless communication. Searches of databases specific to recalls and adverse events identified only one event with a specific connection to security or privacy. Software-related recalls were relatively common, and most (81.8%) mentioned the possibility of upgrades, though only half of these provided specific instructions for the update mechanism. Our review of recalls and adverse events from federal government databases reveals sharp inconsistencies with databases at individual providers with respect to security and privacy risks. Recalls related to software may increase security risks because of unprotected update and correction mechanisms. To detect signals of security and privacy problems that adversely affect public health, federal postmarket surveillance strategies should rethink how to effectively and efficiently collect data on security and privacy problems in devices that increasingly depend on computing systems susceptible to malware.

Behavior Change Support Systems for Privacy and Security

NARCIS (Netherlands)

Kegel, Roeland Hendrik,Pieter; Wieringa, Roelf J.; Kulyk, Olga Anatoliyivna; Kelders, S.; van Gemert-Pijnen, L.; Oinas-Kukkonen, H

2015-01-01

This article proposes to use Behavior Change Support Systems (BCSSs) to improve the security of IT applications and the privacy of its users. We discuss challenges specific to BCSSs applied to information security, list research questions to be answered in order to meet these challenges, and propose

Enforcement of Security and Privacy in a Service-Oriented Smart Grid

DEFF Research Database (Denmark)

Mikkelsen, Søren Aagaard

inhabitants. With the vision, it is therefore necessity to enforce privacy and security of the data in all phases of its life cycle. The life cycle starts from acquiring the data to it is stored. Therefore, this dissertation follows a system-level and application-level approach to manage data with respect...... to privacy and security. This includes first a design of a service-oriented architecture that allows for the deployment of home-oriented and grid-oriented IASs on a Home Energy Management System (HEMS) and in the cloud, respectively. Privacy and security of electricity data are addressed by letting...... the residential consumer control data dissemination in a two-stage process: first from the HEMS to the cloud and from the cloud to the IASs. Then the dissertation focuses on the critical phases in securing the residential home as well as securing the cloud. It presents a system-level threat model of the HEMS...

A compressive sensing based secure watermark detection and privacy preserving storage framework.

Science.gov (United States)

Qia Wang; Wenjun Zeng; Jun Tian

2014-03-01

Privacy is a critical issue when the data owners outsource data storage or processing to a third party computing service, such as the cloud. In this paper, we identify a cloud computing application scenario that requires simultaneously performing secure watermark detection and privacy preserving multimedia data storage. We then propose a compressive sensing (CS)-based framework using secure multiparty computation (MPC) protocols to address such a requirement. In our framework, the multimedia data and secret watermark pattern are presented to the cloud for secure watermark detection in a CS domain to protect the privacy. During CS transformation, the privacy of the CS matrix and the watermark pattern is protected by the MPC protocols under the semi-honest security model. We derive the expected watermark detection performance in the CS domain, given the target image, watermark pattern, and the size of the CS matrix (but without the CS matrix itself). The correctness of the derived performance has been validated by our experiments. Our theoretical analysis and experimental results show that secure watermark detection in the CS domain is feasible. Our framework can also be extended to other collaborative secure signal processing and data-mining applications in the cloud.

IoT Privacy and Security Challenges for Smart Home Environments

OpenAIRE

Huichen Lin; Neil W. Bergmann

2016-01-01

Often the Internet of Things (IoT) is considered as a single problem domain, with proposed solutions intended to be applied across a wide range of applications. However, the privacy and security needs of critical engineering infrastructure or sensitive commercial operations are very different to the needs of a domestic Smart Home environment. Additionally, the financial and human resources available to implement security and privacy vary greatly between application domains. In domestic enviro...

Privacy Information Security Classification for Internet of Things Based on Internet Data

OpenAIRE

Lu, Xiaofeng; Qu, Zhaowei; Li, Qi; Hui, Pan

2015-01-01

A lot of privacy protection technologies have been proposed, but most of them are independent and aim at protecting some specific privacy. There is hardly enough deep study into the attributes of privacy. To minimize the damage and influence of the privacy disclosure, the important and sensitive privacy should be a priori preserved if all privacy pieces cannot be preserved. This paper focuses on studying the attributes of the privacy and proposes privacy information security classification (P...

Security and Privacy Qualities of Medical Devices: An Analysis of FDA Postmarket Surveillance

Science.gov (United States)

Kramer, Daniel B.; Baker, Matthew; Ransford, Benjamin; Molina-Markham, Andres; Stewart, Quinn; Fu, Kevin; Reynolds, Matthew R.

2012-01-01

Background Medical devices increasingly depend on computing functions such as wireless communication and Internet connectivity for software-based control of therapies and network-based transmission of patients’ stored medical information. These computing capabilities introduce security and privacy risks, yet little is known about the prevalence of such risks within the clinical setting. Methods We used three comprehensive, publicly available databases maintained by the Food and Drug Administration (FDA) to evaluate recalls and adverse events related to security and privacy risks of medical devices. Results Review of weekly enforcement reports identified 1,845 recalls; 605 (32.8%) of these included computers, 35 (1.9%) stored patient data, and 31 (1.7%) were capable of wireless communication. Searches of databases specific to recalls and adverse events identified only one event with a specific connection to security or privacy. Software-related recalls were relatively common, and most (81.8%) mentioned the possibility of upgrades, though only half of these provided specific instructions for the update mechanism. Conclusions Our review of recalls and adverse events from federal government databases reveals sharp inconsistencies with databases at individual providers with respect to security and privacy risks. Recalls related to software may increase security risks because of unprotected update and correction mechanisms. To detect signals of security and privacy problems that adversely affect public health, federal postmarket surveillance strategies should rethink how to effectively and efficiently collect data on security and privacy problems in devices that increasingly depend on computing systems susceptible to malware. PMID:22829874

For telehealth to succeed, privacy and security risks must be identified and addressed.

Science.gov (United States)

Hall, Joseph L; McGraw, Deven

2014-02-01

The success of telehealth could be undermined if serious privacy and security risks are not addressed. For example, sensors that are located in a patient's home or that interface with the patient's body to detect safety issues or medical emergencies may inadvertently transmit sensitive information about household activities. Similarly, routine data transmissions from an app or medical device, such as an insulin pump, may be shared with third-party advertisers. Without adequate security and privacy protections for underlying telehealth data and systems, providers and patients will lack trust in the use of telehealth solutions. Although some federal and state guidelines for telehealth security and privacy have been established, many gaps remain. No federal agency currently has authority to enact privacy and security requirements to cover the telehealth ecosystem. This article examines privacy risks and security threats to telehealth applications and summarizes the extent to which technical controls and federal law adequately address these risks. We argue for a comprehensive federal regulatory framework for telehealth, developed and enforced by a single federal entity, the Federal Trade Commission, to bolster trust and fully realize the benefits of telehealth.

75 FR 11191 - Privacy Act of 1974; Retirement of Department of Homeland Security Federal Emergency Management...

Science.gov (United States)

2010-03-10

... 20472. For privacy issues please contact: Mary Ellen Callahan (703-235- 0780), Chief Privacy Officer... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary Privacy Act of 1974; Retirement of Department of Homeland Security Federal Emergency Management Agency System of Records AGENCY: Privacy Office...

77 FR 58980 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

Science.gov (United States)

2012-09-25

... privacy issues pertaining to federal computer systems. Details regarding the ISPAB's activities are... of the Information Security and Privacy Advisory Board AGENCY: National Institute of Standards and Technology, Commerce. ACTION: Notice. SUMMARY: The Information Security and Privacy Advisory Board (ISPAB...

DQC Comments on the Posted Recommendations Regarding Data Security and Privacy Protections

Science.gov (United States)

Data Quality Campaign, 2010

2010-01-01

The U.S. Department of Education is conducting several activities to address privacy and security issues related to education data. Earlier this year a contractor for the Department convened a group of privacy and security experts and produced a report with recommendations to the Department on ways they can address emerging challenges in…

77 FR 43100 - Privacy Act of 1974; Department of Homeland Security, Federal Emergency Management Agency-009...

Science.gov (United States)

2012-07-23

... Homeland Security, Washington, DC 20478. For privacy issues, please contact: Mary Ellen Callahan (703) 235... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2011-0097] Privacy Act of... Assistance Grant Programs System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of Privacy Act system...

Security, Privacy, and Applied Cryptography Engineering

DEFF Research Database (Denmark)

This book constitutes the refereed proceedings of the Second International Conference on Security, Privacy and Applied Cryptography Engineering held in Chennai, India, in November 2012. The 11 papers presented were carefully reviewed and selected from 61 submissions. The papers are organized...... and applications, high-performance computing in cryptology and cryptography in ubiquitous devices....

75 FR 7979 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-027 The...

Science.gov (United States)

2010-02-23

... privacy issues please contact: Mary Ellen Callahan (703-235-0780), Chief Privacy Officer, Privacy Office...] Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-027 The History of the Department of Homeland Security System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of...

78 FR 5565 - Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under...

Science.gov (United States)

2013-01-25

... RIN 0945-AA03 Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules... HIPAA Privacy, Security, Breach Notification, and Enforcement Rules (the HIPAA Rules) to improve their... entities Total cost Notices of Privacy Practices.. 700,000 covered $55.9 million. entities. Breach...

Healthcare information privacy and security regulatory compliance and data security in the age of electronic health records

CERN Document Server

Robichau, Bernard Peter

2014-01-01

Healthcare is a huge market--20% of yearly GDP in the U.S. It employs tens of thousands of computer programmers and IT administrators Regulations mandate electronic health records by 2015 (for anyone dealing with Medicare/Medicaid), which means new concerns for privacy and security Many medical organizations lagging, putting them at risk for government fines and private lawsuits when a breach in security occurs. Healthcare IT is the growth industry right now, and the need for guidance in regard to privacy and security is huge.

Security of electronic medical information and patient privacy: what you need to know.

Science.gov (United States)

Andriole, Katherine P

2014-12-01

The responsibility that physicians have to protect their patients from harm extends to protecting the privacy and confidentiality of patient health information including that contained within radiological images. The intent of HIPAA and subsequent HIPAA Privacy and Security Rules is to keep patients' private information confidential while allowing providers access to and maintaining the integrity of relevant information needed to provide care. Failure to comply with electronic protected health information (ePHI) regulations could result in financial or criminal penalties or both. Protected health information refers to anything that can reasonably be used to identify a patient (eg, name, age, date of birth, social security number, radiology examination accession number). The basic tools and techniques used to maintain medical information security and patient privacy described in this article include physical safeguards such as computer device isolation and data backup, technical safeguards such as firewalls and secure transmission modes, and administrative safeguards including documentation of security policies, training of staff, and audit tracking through system logs. Other important concepts related to privacy and security are explained, including user authentication, authorization, availability, confidentiality, data integrity, and nonrepudiation. Patient privacy and security of medical information are critical elements in today's electronic health care environment. Radiology has led the way in adopting digital systems to make possible the availability of medical information anywhere anytime, and in identifying and working to eliminate any risks to patients. Copyright © 2014 American College of Radiology. Published by Elsevier Inc. All rights reserved.

Security and privacy issues of personal health.

Science.gov (United States)

Blobel, Bernd; Pharow, Peter

2007-01-01

While health systems in developed countries and increasingly also in developing countries are moving from organisation-centred to person-centred health service delivery, the supporting communication and information technology is faced with new risks regarding security and privacy of stakeholders involved. The comprehensively distributed environment puts special burden on guaranteeing communication security services, but even more on guaranteeing application security services dealing with privilege management, access control and audit regarding social implication and connected sensitivity of personal information recorded, processed, communicated and stored in an even internationally distributed environment.

42 CFR 403.812 - HIPAA privacy, security, administrative data standards, and national identifiers.

Science.gov (United States)

2010-10-01

... 42 Public Health 2 2010-10-01 2010-10-01 false HIPAA privacy, security, administrative data... Prescription Drug Discount Card and Transitional Assistance Program § 403.812 HIPAA privacy, security, administrative data standards, and national identifiers. (a) HIPAA covered entities. An endorsed sponsor is a...

A systematic literature review on security and privacy of electronic health record systems: technical perspectives.

Science.gov (United States)

Rezaeibagha, Fatemeh; Win, Khin Than; Susilo, Willy

Even though many safeguards and policies for electronic health record (EHR) security have been implemented, barriers to the privacy and security protection of EHR systems persist. This article presents the results of a systematic literature review regarding frequently adopted security and privacy technical features of EHR systems. Our inclusion criteria were full articles that dealt with the security and privacy of technical implementations of EHR systems published in English in peer-reviewed journals and conference proceedings between 1998 and 2013; 55 selected studies were reviewed in detail. We analysed the review results using two International Organization for Standardization (ISO) standards (29100 and 27002) in order to consolidate the study findings. Using this process, we identified 13 features that are essential to security and privacy in EHRs. These included system and application access control, compliance with security requirements, interoperability, integration and sharing, consent and choice mechanism, policies and regulation, applicability and scalability and cryptography techniques. This review highlights the importance of technical features, including mandated access control policies and consent mechanisms, to provide patients' consent, scalability through proper architecture and frameworks, and interoperability of health information systems, to EHR security and privacy requirements.

Third-year medical students' knowledge of privacy and security issues concerning mobile devices.

Science.gov (United States)

Whipple, Elizabeth C; Allgood, Kacy L; Larue, Elizabeth M

2012-01-01

The use of mobile devices are ubiquitous in medical-care professional settings, but information on privacy and security concerns of mobile devices for medical students is scarce. To gain baseline information about third-year medical students' mobile device use and knowledge of privacy and security issues concerning mobile devices. We surveyed 67 third-year medical students at a Midwestern university on their use of mobile devices and knowledge of how to protect information available through mobile devices. Students were also presented with clinical scenarios to rate their level of concern in regards to privacy and security of information. The most used features of mobile devices were: voice-to-voice (100%), text messaging (SMS) (94%), Internet (76.9%), and email (69.3%). For locking of one's personal mobile phone, 54.1% never physically lock their phone, and 58% never electronically lock their personal PDA. Scenarios considering definitely privacy concerns include emailing patient information intact (66.7%), and posting de-identified information on YouTube (45.2%) or Facebook (42.2%). As the ease of sharing data increases with the use of mobile devices, students need more education and training on possible privacy and security risks posed with mobile devices.

VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security and HIPAA Compliance: Part II.

Science.gov (United States)

Watzlaf, Valerie J M; Moeini, Sohrab; Matusow, Laura; Firouzan, Patti

2011-01-01

In a previous publication the authors developed a privacy and security checklist to evaluate Voice over Internet Protocol (VoIP) videoconferencing software used between patients and therapists to provide telerehabilitation (TR) therapy. In this paper, the privacy and security checklist that was previously developed is used to perform a risk analysis of the top ten VoIP videoconferencing software to determine if their policies provide answers to the privacy and security checklist. Sixty percent of the companies claimed they do not listen into video-therapy calls unless maintenance is needed. Only 50% of the companies assessed use some form of encryption, and some did not specify what type of encryption was used. Seventy percent of the companies assessed did not specify any form of auditing on their servers. Statistically significant differences across company websites were found for sharing information outside of the country (p=0.010), encryption (p=0.006), and security evaluation (p=0.005). Healthcare providers considering use of VoIP software for TR services may consider using this privacy and security checklist before deciding to incorporate a VoIP software system for TR. Other videoconferencing software that is specific for TR with strong encryption, good access controls, and hardware that meets privacy and security standards should be considered for use with TR.

A Novel Cloud Computing Algorithm of Security and Privacy

Directory of Open Access Journals (Sweden)

Chih-Yung Chen

2013-01-01

Full Text Available The emergence of cloud computing has simplified the flow of large-scale deployment distributed system of software suppliers; when issuing respective application programs in a sharing clouds service to different user, the management of material becomes more complex. Therefore, in multitype clouds service of trust environment, when enterprises face cloud computing, what most worries is the issue of security, but individual users are worried whether the privacy material will have an outflow risk. This research has mainly analyzed several different construction patterns of cloud computing, and quite relevant case in the deployment construction security of cloud computing by fit and unfit quality, and proposed finally an optimization safe deployment construction of cloud computing and security mechanism of material protection calculating method, namely, Global Authentication Register System (GARS, to reduce cloud material outflow risk. We implemented a system simulation to test the GARS algorithm of availability, security and performance. By experimental data analysis, the solutions of cloud computing security, and privacy derived from the research can be effective protection in cloud information security. Moreover, we have proposed cloud computing in the information security-related proposals that would provide related units for the development of cloud computing security practice.

Security and Privacy Analyses of Internet of Things Toys

OpenAIRE

Chu, Gordon; Apthorpe, Noah; Feamster, Nick

2018-01-01

This paper investigates the security and privacy of Internet-connected children's smart toys through case studies of three commercially-available products. We conduct network and application vulnerability analyses of each toy using static and dynamic analysis techniques, including application binary decompilation and network monitoring. We discover several publicly undisclosed vulnerabilities that violate the Children's Online Privacy Protection Rule (COPPA) as well as the toys' individual pr...

76 FR 21768 - Privacy Act of 1974; Department of Homeland Security/Office of Health Affairs-001 Contractor...

Science.gov (United States)

2011-04-18

... Homeland Security, Washington, DC 20520. For privacy issues please contact: Mary Ellen Callahan (703-235... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2011-0013] Privacy Act of... Immunization Records System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of Privacy Act system of...

75 FR 69604 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Office of...

Science.gov (United States)

2010-11-15

... Security, Washington, DC 20528. For privacy issues please contact: Mary Ellen Callahan (703-235- [[Page...] Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Office of Operations... System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of proposed rulemaking. SUMMARY: The...

Simple Peer-to-Peer SIP Privacy

Science.gov (United States)

Koskela, Joakim; Tarkoma, Sasu

In this paper, we introduce a model for enhancing privacy in peer-to-peer communication systems. The model is based on data obfuscation, preventing intermediate nodes from tracking calls, while still utilizing the shared resources of the peer network. This increases security when moving between untrusted, limited and ad-hoc networks, when the user is forced to rely on peer-to-peer schemes. The model is evaluated using a Host Identity Protocol-based prototype on mobile devices, and is found to provide good privacy, especially when combined with a source address hiding scheme. The contribution of this paper is to present the model and results obtained from its use, including usability considerations.

Cloud Security Requirements - A checklist with security and privacy requirements for public cloud services

OpenAIRE

Bernsmed, Karin; Meland, Per Håkon; Jaatun, Martin Gilje

2015-01-01

- This document contains a checklist that can be used to develop or evaluate security and privacy requirements for Cloud computing services. The content has been gathered from established industry standards and best practices, supplemented with requirements from European data protection legislation, and taking into account security issues identified in recent research on Cloud security. The document is intended to be used by potential cloud customers that need to assess the security of a c...

Developing a Security Metrics Scorecard for Healthcare Organizations.

Science.gov (United States)

Elrefaey, Heba; Borycki, Elizabeth; Kushniruk, Andrea

2015-01-01

In healthcare, information security is a key aspect of protecting a patient's privacy and ensuring systems availability to support patient care. Security managers need to measure the performance of security systems and this can be achieved by using evidence-based metrics. In this paper, we describe the development of an evidence-based security metrics scorecard specific to healthcare organizations. Study participants were asked to comment on the usability and usefulness of a prototype of a security metrics scorecard that was developed based on current research in the area of general security metrics. Study findings revealed that scorecards need to be customized for the healthcare setting in order for the security information to be useful and usable in healthcare organizations. The study findings resulted in the development of a security metrics scorecard that matches the healthcare security experts' information requirements.

Managing security and privacy concerns over data storage in healthcare research.

Science.gov (United States)

Mackenzie, Isla S; Mantay, Brian J; McDonnell, Patrick G; Wei, Li; MacDonald, Thomas M

2011-08-01

Issues surrounding data security and privacy are of great importance when handling sensitive health-related data for research. The emphasis in the past has been on balancing the risks to individuals with the benefit to society of the use of databases for research. However, a new way of looking at such issues is that by optimising procedures and policies regarding security and privacy of data to the extent that there is no appreciable risk to the privacy of individuals, we can create a 'win-win' situation in which everyone benefits, and pharmacoepidemiological research can flourish with public support. We discuss holistic measures, involving both information technology and people, taken to improve the security and privacy of data storage. After an internal review, we commissioned an external audit by an independent consultant with a view to optimising our data storage and handling procedures. Improvements to our policies and procedures were implemented as a result of the audit. By optimising our storage of data, we hope to inspire public confidence and hence cooperation with the use of health care data in research. Copyright © 2011 John Wiley & Sons, Ltd.

IoT Privacy and Security Challenges for Smart Home Environments

Directory of Open Access Journals (Sweden)

Huichen Lin

2016-07-01

Full Text Available Often the Internet of Things (IoT is considered as a single problem domain, with proposed solutions intended to be applied across a wide range of applications. However, the privacy and security needs of critical engineering infrastructure or sensitive commercial operations are very different to the needs of a domestic Smart Home environment. Additionally, the financial and human resources available to implement security and privacy vary greatly between application domains. In domestic environments, human issues may be as important as technical issues. After surveying existing solutions for enhancing IoT security, the paper identifies key future requirements for trusted Smart Home systems. A gateway architecture is selected as the most appropriate for resource-constrained devices, and for high system availability. Two key technologies to assist system auto-management are identified. Firstly, support for system auto-configuration will enhance system security. Secondly, the automatic update of system software and firmware is needed to maintain ongoing secure system operation.

Toward protocols for quantum-ensured privacy and secure voting

International Nuclear Information System (INIS)

Bonanome, Marianna; Buzek, Vladimir; Ziman, Mario; Hillery, Mark

2011-01-01

We present a number of schemes that use quantum mechanics to preserve privacy, in particular, we show that entangled quantum states can be useful in maintaining privacy. We further develop our original proposal [see M. Hillery, M. Ziman, V. Buzek, and M. Bielikova, Phys. Lett. A 349, 75 (2006)] for protecting privacy in voting, and examine its security under certain types of attacks, in particular dishonest voters and external eavesdroppers. A variation of these quantum-based schemes can be used for multiparty function evaluation. We consider functions corresponding to group multiplication of N group elements, with each element chosen by a different party. We show how quantum mechanics can be useful in maintaining the privacy of the choices group elements.

Toward protocols for quantum-ensured privacy and secure voting

Energy Technology Data Exchange (ETDEWEB)

Bonanome, Marianna [Department of Applied Mathematics and Computer Science, New York City College of Technology, 300 Jay Street, Brooklyn, New York 11201 (United States); Buzek, Vladimir; Ziman, Mario [Research Center for Quantum Information, Slovak Academy of Sciences, Dubravska cesta 9, 845 11 Bratislava (Slovakia); Faculty of Informatics, Masaryk University, Botanicka 68a, 602 00 Brno (Czech Republic); Hillery, Mark [Department of Physics, Hunter College of CUNY, 695 Park Avenue, New York, New York 10021 (United States)

2011-08-15

We present a number of schemes that use quantum mechanics to preserve privacy, in particular, we show that entangled quantum states can be useful in maintaining privacy. We further develop our original proposal [see M. Hillery, M. Ziman, V. Buzek, and M. Bielikova, Phys. Lett. A 349, 75 (2006)] for protecting privacy in voting, and examine its security under certain types of attacks, in particular dishonest voters and external eavesdroppers. A variation of these quantum-based schemes can be used for multiparty function evaluation. We consider functions corresponding to group multiplication of N group elements, with each element chosen by a different party. We show how quantum mechanics can be useful in maintaining the privacy of the choices group elements.

Security and privacy in electronic health records: a systematic literature review.

Science.gov (United States)

Fernández-Alemán, José Luis; Señor, Inmaculada Carrión; Lozoya, Pedro Ángel Oliver; Toval, Ambrosio

2013-06-01

To report the results of a systematic literature review concerning the security and privacy of electronic health record (EHR) systems. Original articles written in English found in MEDLINE, ACM Digital Library, Wiley InterScience, IEEE Digital Library, Science@Direct, MetaPress, ERIC, CINAHL and Trip Database. Only those articles dealing with the security and privacy of EHR systems. The extraction of 775 articles using a predefined search string, the outcome of which was reviewed by three authors and checked by a fourth. A total of 49 articles were selected, of which 26 used standards or regulations related to the privacy and security of EHR data. The most widely used regulations are the Health Insurance Portability and Accountability Act (HIPAA) and the European Data Protection Directive 95/46/EC. We found 23 articles that used symmetric key and/or asymmetric key schemes and 13 articles that employed the pseudo anonymity technique in EHR systems. A total of 11 articles propose the use of a digital signature scheme based on PKI (Public Key Infrastructure) and 13 articles propose a login/password (seven of them combined with a digital certificate or PIN) for authentication. The preferred access control model appears to be Role-Based Access Control (RBAC), since it is used in 27 studies. Ten of these studies discuss who should define the EHR systems' roles. Eleven studies discuss who should provide access to EHR data: patients or health entities. Sixteen of the articles reviewed indicate that it is necessary to override defined access policies in the case of an emergency. In 25 articles an audit-log of the system is produced. Only four studies mention that system users and/or health staff should be trained in security and privacy. Recent years have witnessed the design of standards and the promulgation of directives concerning security and privacy in EHR systems. However, more work should be done to adopt these regulations and to deploy secure EHR systems. Copyright

VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance

Science.gov (United States)

Watzlaf, Valerie J.M.; Moeini, Sohrab; Firouzan, Patti

2010-01-01

Voice over the Internet Protocol (VoIP) systems such as Adobe ConnectNow, Skype, ooVoo, etc. may include the use of software applications for telerehabilitation (TR) therapy that can provide voice and video teleconferencing between patients and therapists. Privacy and security applications as well as HIPAA compliance within these protocols have been questioned by information technologists, providers of care and other health care entities. This paper develops a privacy and security checklist that can be used within a VoIP system to determine if it meets privacy and security procedures and whether it is HIPAA compliant. Based on this analysis, specific HIPAA criteria that therapists and health care facilities should follow are outlined and discussed, and therapists must weigh the risks and benefits when deciding to use VoIP software for TR. PMID:25945172

VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance.

Science.gov (United States)

Watzlaf, Valerie J M; Moeini, Sohrab; Firouzan, Patti

2010-01-01

Voice over the Internet Protocol (VoIP) systems such as Adobe ConnectNow, Skype, ooVoo, etc. may include the use of software applications for telerehabilitation (TR) therapy that can provide voice and video teleconferencing between patients and therapists. Privacy and security applications as well as HIPAA compliance within these protocols have been questioned by information technologists, providers of care and other health care entities. This paper develops a privacy and security checklist that can be used within a VoIP system to determine if it meets privacy and security procedures and whether it is HIPAA compliant. Based on this analysis, specific HIPAA criteria that therapists and health care facilities should follow are outlined and discussed, and therapists must weigh the risks and benefits when deciding to use VoIP software for TR.

Efficient Secure and Privacy-Preserving Route Reporting Scheme for VANETs

Science.gov (United States)

Zhang, Yuanfei; Pei, Qianwen; Dai, Feifei; Zhang, Lei

2017-10-01

Vehicular ad-hoc network (VANET) is a core component of intelligent traffic management system which could provide various of applications such as accident prediction, route reporting, etc. Due to the problems caused by traffic congestion, route reporting becomes a prospective application which can help a driver to get optimal route to save her travel time. Before enjoying the convenience of route reporting, security and privacy-preserving issues need to be concerned. In this paper, we propose a new secure and privacy-preserving route reporting scheme for VANETs. In our scheme, only an authenticated vehicle can use the route reporting service provided by the traffic management center. Further, a vehicle may receive the response from the traffic management center with low latency and without violating the privacy of the vehicle. Experiment results show that our scheme is much more efficiency than the existing one.

Security And Privacy Issues in Healthcare Monitoring Systems: A Case Study

DEFF Research Database (Denmark)

Handler, Daniel Tolboe; Hauge, Lotte; Spognardi, Angelo

2017-01-01

Security and privacy issues are rarely taken into account in automated systems for monitoring elderly people in their home, exposing inhabitants to a number of threats they are usually not aware of. As a case study to expose the major vulnerabilities these systems are exposed to, this paper reviews...... a generic example of automated healthcare monitoring system. The security and privacy issues identified in this case study can be easily generalised and regarded as alarm bells for all the pervasive healthcare professionals....

Privacy and security perceptions of european citizens: A test of the trade-off model

NARCIS (Netherlands)

Friedewald, M.; Lieshout, M. van; Rung, S.; Ooms, M.; Ypma, J.

2015-01-01

This paper considers the relationship between privacy and security and, in particular, the traditional “trade-off” paradigm that argues that citizens might be willing to sacrifice some privacy for more security. Academics have long argued against the trade-off paradigm, but these arguments have

75 FR 8088 - Privacy Act of 1974; Department of Homeland Security/ALL-023 Personnel Security Management System...

Science.gov (United States)

2010-02-23

... risk of harm to economic or property interests, identity theft or fraud, or harm to the security or... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2009-0041] Privacy Act of 1974; Department of Homeland Security/ALL--023 Personnel Security Management System of Records AGENCY...

VOIP for Telerehabilitation: A Risk Analysis for Privacy, Security, and HIPAA Compliance

Directory of Open Access Journals (Sweden)

Valerie J.M. Watzlaf

2010-10-01

Full Text Available Voice over the Internet Protocol (VoIP systems such as Adobe ConnectNow, Skype, ooVoo, etc. may include the use of software applications for telerehabilitation (TR therapy that can provide voice and video teleconferencing between patients and therapists.  Privacy and security applications as well as HIPAA compliance within these protocols have been questioned by information technologists, providers of care, and other health care entities. This paper develops a privacy and security checklist that can be used within a VoIP system to determine if it meets privacy and security procedures and whether it is HIPAA compliant. Based on this analysis, specific HIPAA criteria that therapists and health care facilities should follow are outlined and discussed, and therapists must weigh the risks and benefits when deciding to use VoIP software for TR.   

Business Information Exchange System with Security, Privacy, and Anonymity

Directory of Open Access Journals (Sweden)

Sead Muftic

2016-01-01

Full Text Available Business Information Exchange is an Internet Secure Portal for secure management, distribution, sharing, and use of business e-mails, documents, and messages. It has three applications supporting three major types of information exchange systems: secure e-mail, secure instant messaging, and secure sharing of business documents. In addition to standard security services for e-mail letters, which are also applied to instant messages and documents, the system provides innovative features of privacy and full anonymity of users and their locations, actions, transactions, and exchanged resources. In this paper we describe design, implementation, and use of the system.

Secure and privacy-preserving data communication in Internet of Things

CERN Document Server

Zhu, Liehuang; Xu, Chang

2017-01-01

This book mainly concentrates on protecting data security and privacy when participants communicate with each other in the Internet of Things (IoT). Technically, this book categorizes and introduces a collection of secure and privacy-preserving data communication schemes/protocols in three traditional scenarios of IoT: wireless sensor networks, smart grid and vehicular ad-hoc networks recently. This book presents three advantages which will appeal to readers. Firstly, it broadens reader’s horizon in IoT by touching on three interesting and complementary topics: data aggregation, privacy protection, and key agreement and management. Secondly, various cryptographic schemes/protocols used to protect data confidentiality and integrity is presented. Finally, this book will illustrate how to design practical systems to implement the algorithms in the context of IoT communication. In summary, readers can simply learn and directly apply the new technologies to communicate data in IoT after reading this book.

Privacy and Security Issues Surrounding the Protection of Data Generated by Continuous Glucose Monitors.

Science.gov (United States)

Britton, Katherine E; Britton-Colonnese, Jennifer D

2017-03-01

Being able to track, analyze, and use data from continuous glucose monitors (CGMs) and through platforms and apps that communicate with CGMs helps achieve better outcomes and can advance the understanding of diabetes. The risks to patients' expectation of privacy are great, and their ability to control how their information is collected, stored, and used is virtually nonexistent. Patients' physical security is also at risk if adequate cybersecurity measures are not taken. Currently, data privacy and security protections are not robust enough to address the privacy and security risks and stymies the current and future benefits of CGM and the platforms and apps that communicate with them.

Supporting multi-state collaboration on privacy and security to foster health IT and health information exchange.

Science.gov (United States)

Banger, Alison K; Alakoye, Amoke O; Rizk, Stephanie C

2008-11-06

As part of the HHS funded contract, Health Information Security and Privacy Collaboration, 41 states and territories have proposed collaborative projects to address cross-state privacy and security challenges related to health IT and health information exchange. Multi-state collaboration on privacy and security issues remains complicated, and resources to support collaboration around these topics are essential to the success of such collaboration. The resources outlined here offer an example of how to support multi-stakeholder, multi-state projects.

75 FR 5491 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/U.S. Customs...

Science.gov (United States)

2010-02-03

... addressing privacy concerns. The fifteen- year retention period will allow CBP to access the data when needed... security, law enforcement and counterterrorism missions, while addressing privacy concerns. Legal or...] Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/U.S. Customs and Border...

Privacy and security issues in a digital world

NARCIS (Netherlands)

Petkovic, M.; Jonker, W.; Petkovic, M.; Jonker, W.

2007-01-01

This chapter reviews the most important security and privacy issues of the modern digital world, emphasizing the issues brought by the concept of ambient intelligence. Furthermore, the chapter explains the organization of the book, describing which issues and related technologies are addressed by

Privacy and Security Issues in a Digital World

NARCIS (Netherlands)

Petkovic, M.; Jonker, Willem

2007-01-01

This chapter reviews the most important security and privacy issues of the modern digital world, emphasizing the issues brought by the concept of ambient intelligence. Furthermore, the chapter explains the organization of the book, describing which issues and related technologies are addressed by

SecureMA: protecting participant privacy in genetic association meta-analysis.

Science.gov (United States)

Xie, Wei; Kantarcioglu, Murat; Bush, William S; Crawford, Dana; Denny, Joshua C; Heatherly, Raymond; Malin, Bradley A

2014-12-01

Sharing genomic data is crucial to support scientific investigation such as genome-wide association studies. However, recent investigations suggest the privacy of the individual participants in these studies can be compromised, leading to serious concerns and consequences, such as overly restricted access to data. We introduce a novel cryptographic strategy to securely perform meta-analysis for genetic association studies in large consortia. Our methodology is useful for supporting joint studies among disparate data sites, where privacy or confidentiality is of concern. We validate our method using three multisite association studies. Our research shows that genetic associations can be analyzed efficiently and accurately across substudy sites, without leaking information on individual participants and site-level association summaries. Our software for secure meta-analysis of genetic association studies, SecureMA, is publicly available at http://github.com/XieConnect/SecureMA. Our customized secure computation framework is also publicly available at http://github.com/XieConnect/CircuitService. © The Author 2014. Published by Oxford University Press. All rights reserved. For Permissions, please e-mail: journals.permissions@oup.com.

Security and Privacy Implications of Cloud Computing – Lost in the Cloud

OpenAIRE

Tchifilionova , Vassilka

2010-01-01

Part 4: Security for Clouds; International audience; Cloud computing - the new paradigm, the future for IT consumer utility, the economy of scale approach, the illusion of un infinite resources availability, yet the debate over security and privacy issues is still undergoing and a common policy framework is missing. Research confirms that users are concern when presented with scenarios in which companies may put their data to uses of which they may not be aware. Therefore, privacy and securit...

76 FR 18954 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Federal...

Science.gov (United States)

2011-04-06

... issues please contact: Mary Ellen Callahan (703-235- 0780), Chief Privacy Officer, Privacy Office...] Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Federal Emergency Management Agency DHS/FEMA-011 Training and Exercise Program Records System of Records AGENCY: Privacy Office...

A Certificate Authority (CA-based cryptographic solution for HIPAA privacy/security regulations

Directory of Open Access Journals (Sweden)

Sangram Ray

2014-07-01

Full Text Available The Health Insurance Portability and Accountability Act (HIPAA passed by the US Congress establishes a number of privacy/security regulations for e-healthcare systems. These regulations support patients’ medical privacy and secure exchange of PHI (protected health information among medical practitioners. Three existing HIPAA-based schemes have been studied but appear to be ineffective as patients’ PHI is stored in smartcards. Moreover, carrying a smartcard during a treatment session and accessing PHI from different locations results in restrictions. In addition, authentication of the smartcard presenter would not be possible if the PIN is compromised. In this context, we propose an MCS (medical center server should be located at each hospital and accessed via the Internet for secure handling of patients’ PHI. All entities of the proposed e-health system register online with the MCS, and each entity negotiates a contributory registration key, where public-key certificates issued and maintained by CAs are used for authentication. Prior to a treatment session, a doctor negotiates a secret session key with MCS and uploads/retrieves patients’ PHI securely. The proposed scheme has five phases, which have been implemented in a secure manner for supporting HIPAA privacy/security regulations. Finally, the security aspects, computation and communication costs of the scheme are analyzed and compared with existing methods that display satisfactory performance.

Security and Privacy in the Medical Internet of Things: A Review

Directory of Open Access Journals (Sweden)

Wencheng Sun

2018-01-01

Full Text Available Medical Internet of Things, also well known as MIoT, is playing a more and more important role in improving the health, safety, and care of billions of people after its showing up. Instead of going to the hospital for help, patients’ health-related parameters can be monitored remotely, continuously, and in real time, then processed, and transferred to medical data center, such as cloud storage, which greatly increases the efficiency, convenience, and cost performance of healthcare. The amount of data handled by MIoT devices grows exponentially, which means higher exposure of sensitive data. The security and privacy of the data collected from MIoT devices, either during their transmission to a cloud or while stored in a cloud, are major unsolved concerns. This paper focuses on the security and privacy requirements related to data flow in MIoT. In addition, we make in-depth study on the existing solutions to security and privacy issues, together with the open challenges and research issues for future work.

A Platform for RFID Security and Privacy Administration

NARCIS (Netherlands)

Rieback, M.R.; Gaydadjiev, G.N.; Crispo, B.; Hofman, R.F.H.; Tanenbaum, A.S.

2006-01-01

This paper presents the design, implementation, and evaluation of the RFID Guardian, the first-ever unified platform for RFID security and privacy administration. The RFID Guardian resembles an ``RFID firewall,'' that monitors and controls access to RFID tags by combining a standard-issue RFID

Audited credential delegation: a usable security solution for the virtual physiological human toolkit

Science.gov (United States)

Haidar, Ali N.; Zasada, Stefan J.; Coveney, Peter V.; Abdallah, Ali E.; Beckles, Bruce; Jones, Mike A. S.

2011-01-01

We present applications of audited credential delegation (ACD), a usable security solution for authentication, authorization and auditing in distributed virtual physiological human (VPH) project environments that removes the use of digital certificates from end-users' experience. Current security solutions are based on public key infrastructure (PKI). While PKI offers strong security for VPH projects, it suffers from serious usability shortcomings in terms of end-user acquisition and management of credentials which deter scientists from exploiting distributed VPH environments. By contrast, ACD supports the use of local credentials. Currently, a local ACD username–password combination can be used to access grid-based resources while Shibboleth support is underway. Moreover, ACD provides seamless and secure access to shared patient data, tools and infrastructure, thus supporting the provision of personalized medicine for patients, scientists and clinicians participating in e-health projects from a local to the widest international scale. PMID:22670214

Audited credential delegation: a usable security solution for the virtual physiological human toolkit.

Science.gov (United States)

Haidar, Ali N; Zasada, Stefan J; Coveney, Peter V; Abdallah, Ali E; Beckles, Bruce; Jones, Mike A S

2011-06-06

We present applications of audited credential delegation (ACD), a usable security solution for authentication, authorization and auditing in distributed virtual physiological human (VPH) project environments that removes the use of digital certificates from end-users' experience. Current security solutions are based on public key infrastructure (PKI). While PKI offers strong security for VPH projects, it suffers from serious usability shortcomings in terms of end-user acquisition and management of credentials which deter scientists from exploiting distributed VPH environments. By contrast, ACD supports the use of local credentials. Currently, a local ACD username-password combination can be used to access grid-based resources while Shibboleth support is underway. Moreover, ACD provides seamless and secure access to shared patient data, tools and infrastructure, thus supporting the provision of personalized medicine for patients, scientists and clinicians participating in e-health projects from a local to the widest international scale.

75 FR 5166 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration...

Science.gov (United States)

2010-02-01

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2009-0043] Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration/Railroad Retirement Board (SSA/RRB))-- Match... INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988 Public Law (Pub. L.) 100-503...

Parallel-Bit Stream for Securing Iris Recognition

OpenAIRE

Elsayed Mostafa; Maher Mansour; Heba Saad

2012-01-01

Biometrics-based authentication schemes have usability advantages over traditional password-based authentication schemes. However, biometrics raises several privacy concerns, it has disadvantages comparing to traditional password in which it is not secured and non revocable. In this paper, we propose a fast method for securing revocable iris template using parallel-bit stream watermarking to overcome these problems. Experimental results prove that the proposed method has low computation time ...

MUSES RT2AE V P/DP: On the Road to Privacy-Friendly Security Technologies in the Workplace

OpenAIRE

Van Der Sype, Yung Shin Marleen; Guislain, Jonathan; Seigneur, Jean-Marc; Titi, Xavier

2016-01-01

Successful protection of company data assets requires strong technological support. As many security incidents still occur from within, security technologies often include elements to monitor the behaviour of employees. As those security systems are considered as privacy-intrusive, they are hard to align with the privacy and data protection rights of the employees of the company. Even though there is currently no legal obligation for developers to embed privacy and data protection in security...

75 FR 8092 - Privacy Act of 1974; Department of Homeland Security/ALL-027 The History of the Department of...

Science.gov (United States)

2010-02-23

... Policy, U.S. Department of Homeland Security, Washington, DC 20528. For privacy issues please contact... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2009-0040] Privacy Act of... System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of Privacy Act system of records. SUMMARY...

78 FR 69858 - Privacy Act of 1974; Department of Homeland Security/Federal Emergency Management Agency-001...

Science.gov (United States)

2013-11-21

... Emergency Management Agency, 500 C Street SW., Washington, DC 20475. For privacy issues please contact... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0077] Privacy Act of..., Privacy Office. ACTION: Notice of Privacy Act System of Records. SUMMARY: In accordance with the Privacy...

Privacy Enhancements for Inexact Biometric Templates

Science.gov (United States)

Ratha, Nalini; Chikkerur, Sharat; Connell, Jonathan; Bolle, Ruud

Traditional authentication schemes utilize tokens or depend on some secret knowledge possessed by the user for verifying his or her identity. Although these techniques are widely used, they have several limitations. Both tokenand knowledge-based approaches cannot differentiate between an authorized user and an impersonator having access to the tokens or passwords. Biometrics-based authentication schemes overcome these limitations while offering usability advantages in the area of password management. However, despite its obvious advantages, the use of biometrics raises several security and privacy concerns.

Cyber Security for Smart Grid, Cryptography, and Privacy

Directory of Open Access Journals (Sweden)

Swapna Iyer

2011-01-01

Full Text Available The invention of “smart grid” promises to improve the efficiency and reliability of the power system. As smart grid is turning out to be one of the most promising technologies, its security concerns are becoming more crucial. The grid is susceptible to different types of attacks. This paper will focus on these threats and risks especially relating to cyber security. Cyber security is a vital topic, since the smart grid uses high level of computation like the IT. We will also see cryptography and key management techniques that are required to overcome these attacks. Privacy of consumers is another important security concern that this paper will deal with.

76 FR 67755 - Privacy Act of 1974; Department of Homeland Security U.S. Customs and Border Protection DHS/CBP...

Science.gov (United States)

2011-11-02

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2011-0102] Privacy Act of... Data System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of Privacy Act system of records. SUMMARY: In accordance with the Privacy Act of 1974 the Department of Homeland Security proposes to...

The cloud understanding the security, privacy and trust challenges

CERN Document Server

Robinson, Neil; Cave, Jonathan; Starkey, Tony; Graux, Hans

2011-01-01

This report discusses how policy-makers might address the challenges and risks in respect of the security, privacy and trust aspects of cloud computing that could undermine the attainment of broader economic and societal objectives across Europe.

Individual versus Organizational Computer Security and Privacy Concerns in Journalism

Directory of Open Access Journals (Sweden)

McGregor Susan E.

2016-10-01

Full Text Available A free and open press is a critical piece of the civil-society infrastructure that supports both established and emerging democracies. However, as the professional activities of reporting and publishing are increasingly conducted by digital means, computer security and privacy risks threaten free and independent journalism around the globe. Through interviews with 15 practicing journalists and 14 organizational stakeholders (supervising editors and technologists, we reveal the distinct - and sometimes conflicting-computer security concerns and priorities of different stakeholder groups within journalistic institutions, as well as unique issues in journalism compared to other types of organizations. As these concerns have not been deeply studied by those designing computer security practices or technologies that may benefit journalism, this research offers insight into some of the practical and cultural constraints that can limit the computer security and privacy practices of the journalism community as a whole. Based on these findings, we suggest paths for future research and development that can bridge these gaps through new tools and practices.

Privacy and Security in Mobile Health (mHealth) Research.

Science.gov (United States)

Arora, Shifali; Yttri, Jennifer; Nilse, Wendy

2014-01-01

Research on the use of mobile technologies for alcohol use problems is a developing field. Rapid technological advances in mobile health (or mHealth) research generate both opportunities and challenges, including how to create scalable systems capable of collecting unprecedented amounts of data and conducting interventions-some in real time-while at the same time protecting the privacy and safety of research participants. Although the research literature in this area is sparse, lessons can be borrowed from other communities, such as cybersecurity or Internet security, which offer many techniques to reduce the potential risk of data breaches or tampering in mHealth. More research into measures to minimize risk to privacy and security effectively in mHealth is needed. Even so, progress in mHealth research should not stop while the field waits for perfect solutions.

Providing strong Security and high privacy in low-cost RFID networks

DEFF Research Database (Denmark)

David, Mathieu; Prasad, Neeli R.

2009-01-01

Since the dissemination of Radio Frequency IDentification (RFID) tags is getting larger and larger, the requirement for strong security and privacy is also increasing. Low-cost and ultra-low-cost tags are being implemented on everyday products, and their limited resources constraints the security...

77 FR 43639 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA...

Science.gov (United States)

2012-07-25

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2011-0090] Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA)/Department of Veterans Affairs (VA.... SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988 (Pub. L. 100-503...

77 FR 54943 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA...

Science.gov (United States)

2012-09-06

... SOCIAL SECURITY ADMINISTRATION [Docket No. SSA 2012-0016] Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA)/Department of Veterans Affairs (VA.... SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988 (Pub. L. 100-503...

Practical Secure Transaction for Privacy-Preserving Ride-Hailing Services

Directory of Open Access Journals (Sweden)

Chenglong Cao

2018-01-01

Full Text Available Ride-hailing service solves the issue of taking a taxi difficultly in rush hours. It is changing the way people travel and has had a rapid development in recent years. Since the service is offered over the Internet, there is a great deal of uncertainty about security and privacy. Focusing on the issue, we changed payment pattern of existing systems and designed a privacy protection ride-hailing scheme. E-cash was generated by a new partially blind signature protocol that achieves e-cash unforgeability and passenger privacy. Particularly, in the face of a service platform and a payment platform, a passenger is still anonymous. Additionally, a lightweight hash chain was constructed to keep e-cash divisible and reusable, which increases practicability of transaction systems. The analysis shows that the scheme has small communication and computation costs, and it can be effectively applied in the ride-hailing service with privacy protection.

Security and Privacy in a DACS.

Science.gov (United States)

Delgado, Jaime; Llorente, Silvia; Pàmies, Martí; Vilalta, Josep

2016-01-01

The management of electronic health records (EHR), in general, and clinical documents, in particular, is becoming a key issue in the daily work of Healthcare Organizations (HO). The need for providing secure and private access to, and storage for, clinical documents together with the need for HO to interoperate, raises a number of issues difficult to solve. Many systems are in place to manage EHR and documents. Some of these Healthcare Information Systems (HIS) follow standards in their document structure and communications protocols, but many do not. In fact, they are mostly proprietary and do not interoperate. Our proposal to solve the current situation is the use of a DACS (Document Archiving and Communication System) for providing security, privacy and standardized access to clinical documents.

Survey of main challenges (security and privacy in wireless body area networks for healthcare applications

Directory of Open Access Journals (Sweden)

Samaher Al-Janabi

2017-07-01

Full Text Available Wireless Body Area Network (WBAN is a new trend in the technology that provides remote mechanism to monitor and collect patient’s health record data using wearable sensors. It is widely recognized that a high level of system security and privacy play a key role in protecting these data when being used by the healthcare professionals and during storage to ensure that patient’s records are kept safe from intruder’s danger. It is therefore of great interest to discuss security and privacy issues in WBANs. In this paper, we reviewed WBAN communication architecture, security and privacy requirements and security threats and the primary challenges in WBANs to these systems based on the latest standards and publications. This paper also covers the state-of-art security measures and research in WBAN. Finally, open areas for future research and enhancements are explored.

Consumer Attitudes and Perceptions on mHealth Privacy and Security: Findings From a Mixed-Methods Study.

Science.gov (United States)

Atienza, Audie A; Zarcadoolas, Christina; Vaughon, Wendy; Hughes, Penelope; Patel, Vaishali; Chou, Wen-Ying Sylvia; Pritts, Joy

2015-01-01

This study examined consumers' attitudes and perceptions regarding mobile health (mHealth) technology use in health care. Twenty-four focus groups with 256 participants were conducted in 5 geographically diverse locations. Participants were also diverse in age, education, race/ethnicity, gender, and rural versus urban settings. Several key themes emerged from the focus groups. Findings suggest that consumer attitudes regarding mHealth privacy/security are highly contextualized, with concerns depending on the type of information being communicated, where and when the information is being accessed, who is accessing or seeing the information, and for what reasons. Consumers frequently considered the tradeoffs between the privacy/security of using mHealth technologies and the potential benefits. Having control over mHealth privacy/security features and trust in providers were important issues for consumers. Overall, this study found significant diversity in attitudes regarding mHealth privacy/security both within and between traditional demographic groups. Thus, to address consumers' concerns regarding mHealth privacy and security, a one-size-fits-all approach may not be adequate. Health care providers and technology developers should consider tailoring mHealth technology according to how various types of information are communicated in the health care setting, as well as according to the comfort, skills, and concerns individuals may have with mHealth technology.

An Analysis of Security and Privacy Issues in Smart Grid Software Architectures on Clouds

Energy Technology Data Exchange (ETDEWEB)

Simmhan, Yogesh; Kumbhare, Alok; Cao, Baohua; Prasanna, Viktor K.

2011-07-09

Power utilities globally are increasingly upgrading to Smart Grids that use bi-directional communication with the consumer to enable an information-driven approach to distributed energy management. Clouds offer features well suited for Smart Grid software platforms and applications, such as elastic resources and shared services. However, the security and privacy concerns inherent in an information rich Smart Grid environment are further exacerbated by their deployment on Clouds. Here, we present an analysis of security and privacy issues in a Smart Grids software architecture operating on different Cloud environments, in the form of a taxonomy. We use the Los Angeles Smart Grid Project that is underway in the largest U.S. municipal utility to drive this analysis that will benefit both Cloud practitioners targeting Smart Grid applications, and Cloud researchers investigating security and privacy.

76 FR 12745 - Privacy Act of 1974; Department of Homeland Security Office of Operations Coordination and...

Science.gov (United States)

2011-03-08

... 20528. For privacy issues please contact: Mary Ellen Callahan (703-235-0780), Chief Privacy Officer... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2010-0055] Privacy Act of... Operations Center Tracker and Senior Watch Officer Logs System of Records AGENCY: Privacy Office, DHS. ACTION...

75 FR 50846 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-001...

Science.gov (United States)

2010-08-18

... INFORMATION CONTACT: For general questions and privacy issues please contact: Mary Ellen Callahan (703-235...] Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL--001 Freedom of Information Act and Privacy Act Records System of Records AGENCY: Privacy Office, DHS. ACTION: Final rule...

Security and privacy issues with health care information technology.

Science.gov (United States)

Meingast, Marci; Roosta, Tanya; Sastry, Shankar

2006-01-01

The face of health care is changing as new technologies are being incorporated into the existing infrastructure. Electronic patient records and sensor networks for in-home patient monitoring are at the current forefront of new technologies. Paper-based patient records are being put in electronic format enabling patients to access their records via the Internet. Remote patient monitoring is becoming more feasible as specialized sensors can be placed inside homes. The combination of these technologies will improve the quality of health care by making it more personalized and reducing costs and medical errors. While there are benefits to technologies, associated privacy and security issues need to be analyzed to make these systems socially acceptable. In this paper we explore the privacy and security implications of these next-generation health care technologies. We describe existing methods for handling issues as well as discussing which issues need further consideration.

Survey of Security and Privacy Issues of Internet of Things

OpenAIRE

Borgohain, Tuhin; Kumar, Uday; Sanyal, Sugata

2015-01-01

This paper is a general survey of all the security issues existing in the Internet of Things (IoT) along with an analysis of the privacy issues that an end-user may face as a consequence of the spread of IoT. The majority of the survey is focused on the security loopholes arising out of the information exchange technologies used in Internet of Things. No countermeasure to the security drawbacks has been analyzed in the paper.

76 FR 72428 - Privacy Act of 1974; Department of Homeland Security/ALL-017 General Legal Records System of Records

Science.gov (United States)

2011-11-23

... http://www.regulations.gov . FOR FURTHER INFORMATION CONTACT: For general questions and privacy issues... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2011-0094] Privacy Act of 1974; Department of Homeland Security/ALL--017 General Legal Records System of Records AGENCY: Privacy...

Privacy-preserving security solution for cloud services

OpenAIRE

L. Malina; J. Hajny; P. Dzurenda; V. Zeman

2015-01-01

We propose a novel privacy-preserving security solution for cloud services. Our solution is based on an efficient non-bilinear group signature scheme providing the anonymous access to cloud services and shared storage servers. The novel solution offers anonymous authenticationfor registered users. Thus, users' personal attributes (age, valid registration, successful payment) can be proven without revealing users' identity, and users can use cloud services without any threat of profiling their...

The Influence of Security Statement, Technical Protection, and Privacy on Satisfaction and Loyalty; A Structural Equation Modeling

Science.gov (United States)

Peikari, Hamid Reza

Customer satisfaction and loyalty have been cited as the e-commerce critical success factors and various studies have been conducted to find the antecedent determinants of these concepts in the online transactions. One of the variables suggested by some studies is perceived security. However, these studies have referred to security from a broad general perspective and no attempts have been made to study the specific security related variables. This paper intends to study the influence on security statement and technical protection on satisfaction, loyalty and privacy. The data was collected from 337 respondents and after the reliability and validity tests, path analysis was applied to examine the hypotheses. The results suggest that loyalty is influenced by satisfaction and security statement and no empirical support was found for the influence on technical protection and privacy on loyalty. Moreover, it was found that security statement and technical protection have a positive significant influence on satisfaction while no significant effect was found for privacy. Furthermore, the analysis indicated that security statement have a positive significant influence on technical protection while technical protection was found to have a significant negative impact on perceived privacy.

Privacy preservation and information security protection for patients' portable electronic health records.

Science.gov (United States)

Huang, Lu-Chou; Chu, Huei-Chung; Lien, Chung-Yueh; Hsiao, Chia-Hung; Kao, Tsair

2009-09-01

As patients face the possibility of copying and keeping their electronic health records (EHRs) through portable storage media, they will encounter new risks to the protection of their private information. In this study, we propose a method to preserve the privacy and security of patients' portable medical records in portable storage media to avoid any inappropriate or unintentional disclosure. Following HIPAA guidelines, the method is designed to protect, recover and verify patient's identifiers in portable EHRs. The results of this study show that our methods are effective in ensuring both information security and privacy preservation for patients through portable storage medium.

Privacy and security in e-commerce

OpenAIRE

Milan Mandić

2009-01-01

Consumer distrust and concerns, mainly in regards to the protection of their private information and risk of being exposed to online frauds, have been the main obstacles in online commerce. This paper analyzes some of the most significant aspects of trust in e-commerce, with a focus on online security and privacy issues. With all the potential that e-commerce provides to both companies and consumers, it is in the interest of the company to increase trust among its online users. Some of the mo...

Network Security Hacks Tips & Tools for Protecting Your Privacy

CERN Document Server

Lockhart, Andrew

2009-01-01

This second edition of Network Security Hacks offers 125 concise and practical hacks, including more information for Windows administrators, hacks for wireless networking (such as setting up a captive portal and securing against rogue hotspots), and techniques to ensure privacy and anonymity, including ways to evade network traffic analysis, encrypt email and files, and protect against phishing attacks. System administrators looking for reliable answers will also find concise examples of applied encryption, intrusion detection, logging, trending, and incident response.

75 FR 7978 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Transportation...

Science.gov (United States)

2010-02-23

... Security Administration, 601 South 12th Street, Arlington, VA 20598-6036. For privacy issues please contact... Secretary 6 CFR Part 5 [Docket No. DHS-2009-0137] Privacy Act of 1974: Implementation of Exemptions... Program System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of proposed rulemaking. SUMMARY: The...

A Privacy-Preserving NFC Mobile Pass for Transport Systems

Directory of Open Access Journals (Sweden)

Ghada Arfaoui

2014-12-01

Full Text Available The emergence of the NFC (Near Field Communication technology brings new capacities to the next generation of smartphones, but also new security and privacy challenges. Indeed through its contactless interactions with external entities, the smartphone of an individual will become an essential authentication tool for service providers such as transport operators. However, from the point of view of the user, carrying a part of the service through his smartphone could be a threat for his privacy. Indeed, an external attacker or the service provider himself could be tempted to track the actions of the user. In this paper, we propose a privacy-preserving contactless mobile service, in which a user’s identity cannot be linked to his actions when using the transport system. The security of our proposition relies on the combination of a secure element in the smartphone and on a privacy-enhancing cryptographic protocol based on a variant of group signatures. In addition, although a user should remain anonymous and his actions unlinkable in his daily journeys, we designed a technique for lifting his anonymity in extreme circumstances. In order to guarantee the usability of our solution, we implemented a prototype demonstrating that our solution meets the major functional requirements for real transport systems: namely that the mobile pass can be validated at a gate in less than 300 ms, and this even if the battery of the smartphone is exhausted.

Secure and Privacy-Preserving Body Sensor Data Collection and Query Scheme

Directory of Open Access Journals (Sweden)

Hui Zhu

2016-02-01

Full Text Available With the development of body sensor networks and the pervasiveness of smart phones, different types of personal data can be collected in real time by body sensors, and the potential value of massive personal data has attracted considerable interest recently. However, the privacy issues of sensitive personal data are still challenging today. Aiming at these challenges, in this paper, we focus on the threats from telemetry interface and present a secure and privacy-preserving body sensor data collection and query scheme, named SPCQ, for outsourced computing. In the proposed SPCQ scheme, users’ personal information is collected by body sensors in different types and converted into multi-dimension data, and each dimension is converted into the form of a number and uploaded to the cloud server, which provides a secure, efficient and accurate data query service, while the privacy of sensitive personal information and users’ query data is guaranteed. Specifically, based on an improved homomorphic encryption technology over composite order group, we propose a special weighted Euclidean distance contrast algorithm (WEDC for multi-dimension vectors over encrypted data. With the SPCQ scheme, the confidentiality of sensitive personal data, the privacy of data users’ queries and accurate query service can be achieved in the cloud server. Detailed analysis shows that SPCQ can resist various security threats from telemetry interface. In addition, we also implement SPCQ on an embedded device, smart phone and laptop with a real medical database, and extensive simulation results demonstrate that our proposed SPCQ scheme is highly efficient in terms of computation and communication costs.

Secure and Privacy-Preserving Body Sensor Data Collection and Query Scheme.

Science.gov (United States)

Zhu, Hui; Gao, Lijuan; Li, Hui

2016-02-01

With the development of body sensor networks and the pervasiveness of smart phones, different types of personal data can be collected in real time by body sensors, and the potential value of massive personal data has attracted considerable interest recently. However, the privacy issues of sensitive personal data are still challenging today. Aiming at these challenges, in this paper, we focus on the threats from telemetry interface and present a secure and privacy-preserving body sensor data collection and query scheme, named SPCQ, for outsourced computing. In the proposed SPCQ scheme, users' personal information is collected by body sensors in different types and converted into multi-dimension data, and each dimension is converted into the form of a number and uploaded to the cloud server, which provides a secure, efficient and accurate data query service, while the privacy of sensitive personal information and users' query data is guaranteed. Specifically, based on an improved homomorphic encryption technology over composite order group, we propose a special weighted Euclidean distance contrast algorithm (WEDC) for multi-dimension vectors over encrypted data. With the SPCQ scheme, the confidentiality of sensitive personal data, the privacy of data users' queries and accurate query service can be achieved in the cloud server. Detailed analysis shows that SPCQ can resist various security threats from telemetry interface. In addition, we also implement SPCQ on an embedded device, smart phone and laptop with a real medical database, and extensive simulation results demonstrate that our proposed SPCQ scheme is highly efficient in terms of computation and communication costs.

Security, privacy and ethics in electronic records management in the ...

African Journals Online (AJOL)

Security, privacy and ethics in electronic records management in the South African public sector. ... Computers have become such valuable tools for conducting business ... One great advantage of the computers is the ease with which a large

Practical security and privacy attacks against biometric hashing using sparse recovery

Science.gov (United States)

Topcu, Berkay; Karabat, Cagatay; Azadmanesh, Matin; Erdogan, Hakan

2016-12-01

Biometric hashing is a cancelable biometric verification method that has received research interest recently. This method can be considered as a two-factor authentication method which combines a personal password (or secret key) with a biometric to obtain a secure binary template which is used for authentication. We present novel practical security and privacy attacks against biometric hashing when the attacker is assumed to know the user's password in order to quantify the additional protection due to biometrics when the password is compromised. We present four methods that can reconstruct a biometric feature and/or the image from a hash and one method which can find the closest biometric data (i.e., face image) from a database. Two of the reconstruction methods are based on 1-bit compressed sensing signal reconstruction for which the data acquisition scenario is very similar to biometric hashing. Previous literature introduced simple attack methods, but we show that we can achieve higher level of security threats using compressed sensing recovery techniques. In addition, we present privacy attacks which reconstruct a biometric image which resembles the original image. We quantify the performance of the attacks using detection error tradeoff curves and equal error rates under advanced attack scenarios. We show that conventional biometric hashing methods suffer from high security and privacy leaks under practical attacks, and we believe more advanced hash generation methods are necessary to avoid these attacks.

Security and privacy preserving in social networks

CERN Document Server

Chbeir, Richard

2013-01-01

This volume aims at assessing the current approaches and technologies, as well as to outline the major challenges and future perspectives related to the security and privacy protection of social networks. It provides the reader with an overview of the state-of-the art techniques, studies, and approaches as well as outlining future directions in this field. A wide range of interdisciplinary contributions from various research groups ensures for a balanced and complete perspective.

The Privacy and Security Implications of Open Data in Healthcare.

Science.gov (United States)

Kobayashi, Shinji; Kane, Thomas B; Paton, Chris

2018-04-22

 The International Medical Informatics Association (IMIA) Open Source Working Group (OSWG) initiated a group discussion to discuss current privacy and security issues in the open data movement in the healthcare domain from the perspective of the OSWG membership.  Working group members independently reviewed the recent academic and grey literature and sampled a number of current large-scale open data projects to inform the working group discussion.  This paper presents an overview of open data repositories and a series of short case reports to highlight relevant issues present in the recent literature concerning the adoption of open approaches to sharing healthcare datasets. Important themes that emerged included data standardisation, the inter-connected nature of the open source and open data movements, and how publishing open data can impact on the ethics, security, and privacy of informatics projects.  The open data and open source movements in healthcare share many common philosophies and approaches including developing international collaborations across multiple organisations and domains of expertise. Both movements aim to reduce the costs of advancing scientific research and improving healthcare provision for people around the world by adopting open intellectual property licence agreements and codes of practice. Implications of the increased adoption of open data in healthcare include the need to balance the security and privacy challenges of opening data sources with the potential benefits of open data for improving research and healthcare delivery. Georg Thieme Verlag KG Stuttgart.

75 FR 39184 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-029 Civil...

Science.gov (United States)

2010-07-08

... questions and privacy issues please contact: Mary Ellen Callahan (703-235-0780), Chief Privacy Officer... Secretary 6 CFR Part 5 [Docket No. DHS-2010-0034] Privacy Act of 1974: Implementation of Exemptions...: Privacy Office, DHS. ACTION: Notice of proposed rulemaking. SUMMARY: The Department of Homeland Security...

Enhancing Security and Privacy in Video Surveillance through Role-Oriented Access Control Mechanism

DEFF Research Database (Denmark)

Mahmood Rajpoot, Qasim

sensitive regions, e.g. faces, from the videos. However, very few research efforts have focused on addressing the security aspects of video surveillance data and on authorizing access to this data. Interestingly, while PETs help protect the privacy of individuals, they may also hinder the usefulness....... Pervasive usage of such systems gives substantial powers to those monitoring the videos and poses a threat to the privacy of anyone observed by the system. Aside from protecting privacy from the outside attackers, it is equally important to protect the privacy of individuals from the inside personnel...... involved in monitoring surveillance data to minimize the chances of misuse of the system, e.g. voyeurism. In this context, several techniques to protect the privacy of individuals, called privacy enhancing techniques (PET) have therefore been proposed in the literature which detect and mask the privacy...

The role of health care experience and consumer information efficacy in shaping privacy and security perceptions of medical records: national consumer survey results.

Science.gov (United States)

Patel, Vaishali; Beckjord, Ellen; Moser, Richard P; Hughes, Penelope; Hesse, Bradford W

2015-04-02

Providers' adoption of electronic health records (EHRs) is increasing and consumers have expressed concerns about the potential effects of EHRs on privacy and security. Yet, we lack a comprehensive understanding regarding factors that affect individuals' perceptions regarding the privacy and security of their medical information. The aim of this study was to describe national perceptions regarding the privacy and security of medical records and identify a comprehensive set of factors associated with these perceptions. Using a nationally representative 2011-2012 survey, we reported on adults' perceptions regarding privacy and security of medical records and sharing of health information between providers, and whether adults withheld information from a health care provider due to privacy or security concerns. We used multivariable models to examine the association between these outcomes and sociodemographic characteristics, health and health care experience, information efficacy, and technology-related variables. Approximately one-quarter of American adults (weighted n=235,217,323; unweighted n=3959) indicated they were very confident (n=989) and approximately half indicated they were somewhat confident (n=1597) in the privacy of their medical records; we found similar results regarding adults' confidence in the security of medical records (very confident: n=828; somewhat confident: n=1742). In all, 12.33% (520/3904) withheld information from a health care provider and 59.06% (2100/3459) expressed concerns about the security of both faxed and electronic health information. Adjusting for other characteristics, adults who reported higher quality of care had significantly greater confidence in the privacy and security of their medical records and were less likely to withhold information from their health care provider due to privacy or security concerns. Adults with higher information efficacy had significantly greater confidence in the privacy and security of medical

76 FR 49500 - Privacy Act of 1974; Department of Homeland Security United States Coast Guard-020 Substance...

Science.gov (United States)

2011-08-10

... 7101 Washington, DC 20593. For privacy issues please contact: Mary Ellen Callahan (703-235-0780), Chief... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2011-0053] Privacy Act of... Treatment Program System of Records AGENCY: Privacy Office, DHS. ACTION: Notice of Privacy Act system of...

Social Status and the Demand for Security and Privacy

DEFF Research Database (Denmark)

Grossklags, Jens; Barradale, Nigel J.

2014-01-01

. The method of investigation used is experimental, with 146 subjects interacting in high- or low-status assignments and the subsequent change in the demand for security and privacy being related to status assignment with a significant t-statistic up to 2.9, depending on the specification. We find that a high...

Are participants concerned about privacy and security when using short message service to report product adherence in a rectal microbicide trial?

Science.gov (United States)

Giguere, Rebecca; Brown, William; Balán, Ivan C; Dolezal, Curtis; Ho, Titcha; Sheinfil, Alan; Ibitoye, Mobolaji; Lama, Javier R; McGowan, Ian; Cranston, Ross D; Carballo-Diéguez, Alex

2018-04-01

During a Phase 2 rectal microbicide trial, men who have sex with men and transgender women (n = 187) in 4 countries (Peru, South Africa, Thailand, United States) reported product use daily via short message service (SMS). To prevent disclosure of study participation, the SMS system program included privacy and security features. We evaluated participants' perceptions of privacy while using the system and acceptability of privacy/security features. To protect privacy, the SMS system: (1) confirmed participant availability before sending the study questions, (2) required a password, and (3) did not reveal product name or study participation. To ensure security, the system reminded participants to lock phone/delete messages. A computer-assisted self-interview (CASI), administered at the final visit, measured burden of privacy and security features and SMS privacy concerns. A subsample of 33 participants underwent an in-depth interview (IDI). Based on CASI, 85% had no privacy concerns; only 5% were very concerned. Most were not bothered by the need for a password (73%) or instructions to delete messages (82%). Based on IDI, reasons for low privacy concerns included sending SMS in private or feeling that texting would not draw attention. A few IDI participants found the password unnecessary and more than half did not delete messages. Most participants were not concerned that the SMS system would compromise their confidentiality. SMS privacy and security features were effective and not burdensome. Short ID-related passwords, ambiguous language, and reminders to implement privacy and security-enhancing behaviors are recommended for SMS systems.

Privacy Practices of Health Social Networking Sites: Implications for Privacy and Data Security in Online Cancer Communities.

Science.gov (United States)

Charbonneau, Deborah H

2016-08-01

While online communities for social support continue to grow, little is known about the state of privacy practices of health social networking sites. This article reports on a structured content analysis of privacy policies and disclosure practices for 25 online ovarian cancer communities. All of the health social networking sites in the study sample provided privacy statements to users, yet privacy practices varied considerably across the sites. The majority of sites informed users that personal information was collected about participants and shared with third parties (96%, n = 24). Furthermore, more than half of the sites (56%, n = 14) stated that cookies technology was used to track user behaviors. Despite these disclosures, only 36% (n = 9) offered opt-out choices for sharing data with third parties. In addition, very few of the sites (28%, n = 7) allowed individuals to delete their personal information. Discussions about specific security measures used to protect personal information were largely missing. Implications for privacy, confidentiality, consumer choice, and data safety in online environments are discussed. Overall, nurses and other health professionals can utilize these findings to encourage individuals seeking online support and participating in social networking sites to build awareness of privacy risks to better protect their personal health information in the digital age.

Privacy and Data Security under Cloud Computing Arrangements: The Legal Framework and Practical Do's and Don'ts

Science.gov (United States)

Buckman, Joel; Gold, Stephanie

2012-01-01

This article outlines privacy and data security compliance issues facing postsecondary education institutions when they utilize cloud computing and concludes with a practical list of do's and dont's. Cloud computing does not change an institution's privacy and data security obligations. It does involve reliance on a third party, which requires an…

Securing the data economy: translating privacy and enacting security in the development of DataSHIELD.

Science.gov (United States)

Murtagh, M J; Demir, I; Jenkings, K N; Wallace, S E; Murtagh, B; Boniol, M; Bota, M; Laflamme, P; Boffetta, P; Ferretti, V; Burton, P R

2012-01-01

Contemporary bioscience is seeing the emergence of a new data economy: with data as its fundamental unit of exchange. While sharing data within this new 'economy' provides many potential advantages, the sharing of individual data raises important social and ethical concerns. We examine ongoing development of one technology, DataSHIELD, which appears to elide privacy concerns about sharing data by enabling shared analysis while not actually sharing any individual-level data. We combine presentation of the development of DataSHIELD with presentation of an ethnographic study of a workshop to test the technology. DataSHIELD produced an application of the norm of privacy that was practical, flexible and operationalizable in researchers' everyday activities, and one which fulfilled the requirements of ethics committees. We demonstrated that an analysis run via DataSHIELD could precisely replicate results produced by a standard analysis where all data are physically pooled and analyzed together. In developing DataSHIELD, the ethical concept of privacy was transformed into an issue of security. Development of DataSHIELD was based on social practices as well as scientific and ethical motivations. Therefore, the 'success' of DataSHIELD would, likewise, be dependent on more than just the mathematics and the security of the technology. Copyright © 2012 S. Karger AG, Basel.

Locking it down: The privacy and security of mobile medication apps.

Science.gov (United States)

Grindrod, Kelly; Boersema, Jonathan; Waked, Khrystine; Smith, Vivian; Yang, Jilan; Gebotys, Catherine

2017-01-01

To explore the privacy and security of free medication applications (apps) available to Canadian consumers. The authors searched the Canadian iTunes store for iOS apps and the Canadian Google Play store for Android apps related to medication use and management. Using an Apple iPad Air 2 and a Google Nexus 7 tablet, 2 reviewers generated a list of apps that met the following inclusion criteria: free, available in English, intended for consumer use and related to medication management. Using a standard data collection form, 2 reviewers independently coded each app for the presence/absence of passwords, the storage of personal health information, a privacy statement, encryption, remote wipe and third-party sharing. A Cohen's Kappa statistic was used to measure interrater agreement. Of the 184 apps evaluated, 70.1% had no password protection or sign-in system. Personal information, including name, date of birth and gender, was requested by 41.8% (77/184) of apps. Contact information, such as address, phone number and email, was requested by 25% (46/184) of apps. Finally, personal health information, other than medication name, was requested by 89.1% (164/184) of apps. Only 34.2% (63/184) of apps had a privacy policy in place. Most free medication apps offer very limited authentication and privacy protocols. As a result, the onus currently falls on patients to input information in these apps selectively and to be aware of the potential privacy issues. Until more secure systems are built, health care practitioners cannot fully support patients wanting to use such apps.

How to integrate legal requirements into a requirements engineering methodology for the development of security and privacy patterns

NARCIS (Netherlands)

Compagna, L.; El Khoury, P.; Krausová, A.; Massacci, F.; Zannone, N.

2009-01-01

Laws set requirements that force organizations to assess the security and privacy of their IT systems and impose them to implement minimal precautionary security measures. Several IT solutions (e.g., Privacy Enhancing Technologies, Access Control Infrastructure, etc.) have been proposed to address

Secure open cloud in data transmission using reference pattern and identity with enhanced remote privacy checking

Science.gov (United States)

Vijay Singh, Ran; Agilandeeswari, L.

2017-11-01

To handle the large amount of client’s data in open cloud lots of security issues need to be address. Client’s privacy should not be known to other group members without data owner’s valid permission. Sometime clients are fended to have accessing with open cloud servers due to some restrictions. To overcome the security issues and these restrictions related to storing, data sharing in an inter domain network and privacy checking, we propose a model in this paper which is based on an identity based cryptography in data transmission and intermediate entity which have client’s reference with identity that will take control handling of data transmission in an open cloud environment and an extended remote privacy checking technique which will work at admin side. On behalf of data owner’s authority this proposed model will give best options to have secure cryptography in data transmission and remote privacy checking either as private or public or instructed. The hardness of Computational Diffie-Hellman assumption algorithm for key exchange makes this proposed model more secure than existing models which are being used for public cloud environment.

Quantum Privacy Amplification and the Security of Quantum Cryptography over Noisy Channels

International Nuclear Information System (INIS)

Deutsch, D.; Ekert, A.; Jozsa, R.; Macchiavello, C.; Popescu, S.; Sanpera, A.

1996-01-01

Existing quantum cryptographic schemes are not, as they stand, operable in the presence of noise on the quantum communication channel. Although they become operable if they are supplemented by classical privacy-amplification techniques, the resulting schemes are difficult to analyze and have not been proved secure. We introduce the concept of quantum privacy amplification and a cryptographic scheme incorporating it which is provably secure over a noisy channel. The scheme uses an open-quote open-quote entanglement purification close-quote close-quote procedure which, because it requires only a few quantum controlled-not and single-qubit operations, could be implemented using technology that is currently being developed. copyright 1996 The American Physical Society

Integrating Visual Mnemonics and Input Feedback With Passphrases to Improve the Usability and Security of Digital Authentication.

Science.gov (United States)

Juang, Kevin; Greenstein, Joel

2018-04-01

We developed a new authentication system based on passphrases instead of passwords. Our new system incorporates a user-generated mnemonic picture displayed during login, definition tooltips, error correction to reduce typographical errors, a decoy-based input masking technique, and random passphrase generation using either a specialized wordlist or a sentence template. Passphrases exhibit a greater level of security than traditional passwords, but their wider adoption has been hindered by human factors issues. Our assertion is that the added features of our system work particularly well with passphrases and help address these shortcomings. We conducted a study to evaluate our new system with a customized 1,450-word list and our new system with a 6-word sentence structure against the control conditions of a user-created passphrase of at least 24 characters and a system-generated passphrase using a 10,326-word list. Fifty participants completed two sessions so that we could measure the usability and security of the authentication schemes. With the new system conditions, memorability was improved, and security was equivalent to or better than the control conditions. Usability and overall ratings also favored the new system conditions over the control conditions. Our research presents a new authentication system using innovative techniques that improve on the usability and security of existing password and passphrase authentication systems. In computer security, drastic changes should never happen overnight, but we recommend that our contributions be incorporated into current authentication systems to help facilitate a transition from passwords to usable passphrases.

A Systematic Review of Research Studies Examining Telehealth Privacy and Security Practices Used By Healthcare Providers

Directory of Open Access Journals (Sweden)

Valerie J.M. Watzlaf

2017-11-01

Full Text Available The objective of this systematic review was to systematically review papers in the United States that examine current practices in privacy and security when telehealth technologies are used by healthcare providers. A literature search was conducted using the Preferred Reporting Items for Systematic Reviews and Meta-Analyses Protocols (PRISMA-P. PubMed, CINAHL and INSPEC from 2003 – 2016 were searched and returned 25,404 papers (after duplications were removed. Inclusion and exclusion criteria were strictly followed to examine title, abstract, and full text for 21 published papers which reported on privacy and security practices used by healthcare providers using telehealth.  Data on confidentiality, integrity, privacy, informed consent, access control, availability, retention, encryption, and authentication were all searched and retrieved from the papers examined. Papers were selected by two independent reviewers, first per inclusion/exclusion criteria and, where there was disagreement, a third reviewer was consulted. The percentage of agreement and Cohen’s kappa was 99.04% and 0.7331 respectively. The papers reviewed ranged from 2004 to 2016 and included several types of telehealth specialties. Sixty-seven percent were policy type studies, and 14 percent were survey/interview studies. There were no randomized controlled trials. Based upon the results, we conclude that it is necessary to have more studies with specific information about the use of privacy and security practices when using telehealth technologies as well as studies that examine patient and provider preferences on how data is kept private and secure during and after telehealth sessions. Keywords: Computer security, Health personnel, Privacy, Systematic review, Telehealth

Security, at what cost? A stated preference approach toward understanding individuals' privacy and civil liberties trade-offs regarding security measures

NARCIS (Netherlands)

Robinson, N.; Potoglou, D.

2010-01-01

In the presently heightened security environment there are a number of examples of policy that must strike a delicate balance between strengthening security without jeopardising public liberties and personal privacy. The introduction of national identity cards and biometric passports, the expansion

Security, privacy and trust : from innovation blocker to innovation enabler

NARCIS (Netherlands)

Jonker, W.; Petkovic, M.; Jonker, W.; Petkovic, M.

2014-01-01

This paper reflects on security, privacy and trust from the point of you of the innovation in information and communication technologies. It also considers social, economic and legal aspects that need to be taken into account in the development cycles of new technologies. Finally, the major research

New security and privacy laws require basic changes in professional practice

Science.gov (United States)

Sykes, David M.

2005-09-01

Everybody knows about HIPAA-but what about GLBA? FIPA? The Patriot Act? Homeland Security? NCLB? FCRA? CASB1? PIPEDA? All of these are recent laws that impact acoustical design. Throw in the American Hospital Association/ASHE and AIA's about-to-be-released ``Guidelines for the Design of Healthcare Facilities'' as well as the redrafting of DCID 6/9 and it looks like time for careful examination of some professional practices relating to security and privacy. Should INCE members join with and endorse the ASA's recently formed Joint TCAA/TCN Subcommittee which aims to fill a policy vacuum in Washington and Ottawa relating to the fundamental protection of citizens' rights to privacy? This group will formulate consistent guidelines to enable federal and state agencies in the US and Canada to enforce and monitor their laws-will their guidelines affect INCE members? Those who advise or give expert testimony to government agencies, defense/security organizations, courts, and large institutions in financial services, healthcare or education likely find themselves in a rapidly shifting landscape and recognize the need to respond with new research and professional practices.

Formal Security-Proved Mobile Anonymous Authentication Protocols with Credit-Based Chargeability and Controllable Privacy

Directory of Open Access Journals (Sweden)

Chun-I Fan

2016-06-01

Full Text Available Smart mobile phones are widely popularized and advanced mobile communication services are provided increasingly often, such that ubiquitous computing environments will soon be a reality. However, there are many security threats to mobile networks and their impact on security is more serious than that in wireline networks owing to the features of wireless transmissions and the ubiquity property. The secret information which mobile users carry may be stolen by malicious entities. To guarantee the quality of advanced services, security and privacy would be important issues when users roam within various mobile networks. In this manuscript, an anonymous authentication scheme will be proposed to protect the security of the network system and the privacy of users. Not only does the proposed scheme provide mutual authentication between each user and the system, but also each user’s identity is kept secret against anyone else, including the system. Although the system anonymously authenticates the users, it can still generate correct bills to charge these anonymous users via a credit-based solution instead of debit-based ones. Furthermore, our protocols also achieve fair privacy which allows the judge to revoke the anonymity and trace the illegal users when they have misused the anonymity property, for example, if they have committed crimes. Finally, in this paper, we also carry out complete theoretical proofs on each claimed security property.

Online Privacy, Security and Ethical Dilemma: A Recent Study.

Science.gov (United States)

Karmakar, Nitya L.

The Internet remains as a wonder for the 21st century and its growth is phenomenon. According to a recent survey, the online population is now about 500 million globally and if this trend continues, it should reach 700 million by the end of 2002. This exponential growth of the Internet has given rise to several security, privacy and ethical…

Privacy and security in e-commerce

Directory of Open Access Journals (Sweden)

Milan Mandić

2009-12-01

Full Text Available Consumer distrust and concerns, mainly in regards to the protection of their private information and risk of being exposed to online frauds, have been the main obstacles in online commerce. This paper analyzes some of the most significant aspects of trust in e-commerce, with a focus on online security and privacy issues. With all the potential that e-commerce provides to both companies and consumers, it is in the interest of the company to increase trust among its online users. Some of the most common online crimes are analyzed and practical guidelines to achieving trust in the online environment are provided.

Ensuring the security and privacy of information in mobile health-care communication systems

Directory of Open Access Journals (Sweden)

Ademola P. Abidoye

2011-09-01

Full Text Available The sensitivity of health-care information and its accessibility via the Internet and mobile technology systems is a cause for concern in these modern times. The privacy, integrity and confidentiality of a patient’s data are key factors to be considered in the transmission of medical information for use by authorised health-care personnel. Mobile communication has enabled medical consultancy, treatment, drug administration and the provision of laboratory results to take place outside the hospital. With the implementation of electronic patient records and the Internet and Intranets, medical information sharing amongst relevant health-care providers was made possible. But the vital issue in this method of information sharing is security: the patient’s privacy, as well as the confidentiality and integrity of the health-care information system, should not be compromised. We examine various ways of ensuring the security and privacy of a patient’s electronic medical information in order to ensure the integrity and confidentiality of the information.

Radio frequency identification (RFID) in health care: privacy and security concerns limiting adoption.

Science.gov (United States)

Rosenbaum, Benjamin P

2014-03-01

Radio frequency identification (RFID) technology has been implemented in a wide variety of industries. Health care is no exception. This article explores implementations and limitations of RFID in several health care domains: authentication, medication safety, patient tracking, and blood transfusion medicine. Each domain has seen increasing utilization of unique applications of RFID technology. Given the importance of protecting patient and data privacy, potential privacy and security concerns in each domain are discussed. Such concerns, some of which are inherent to existing RFID hardware and software technology, may limit ubiquitous adoption. In addition, an apparent lack of security standards within the RFID domain and specifically health care may also hinder the growth and utility of RFID within health care for the foreseeable future. Safeguarding the privacy of patient data may be the most important obstacle to overcome to allow the health care industry to take advantage of the numerous benefits RFID technology affords.

76 FR 59112 - Announcing an Open Meeting of the Information Security and Privacy Advisory Board

Science.gov (United States)

2011-09-23

... by the Computer Security Act of 1987 (Pub. L. 100-235) and amended by the Federal Information... NIST on security and privacy issues pertaining to federal computer systems. Details regarding the ISPAB... security research, --Presentation from National Protection and Programs Directorate, DHS, on the white...

Secure and privacy enhanced gait authentication on smart phone.

Science.gov (United States)

Hoang, Thang; Choi, Deokjai

2014-01-01

Smart environments established by the development of mobile technology have brought vast benefits to human being. However, authentication mechanisms on portable smart devices, particularly conventional biometric based approaches, still remain security and privacy concerns. These traditional systems are mostly based on pattern recognition and machine learning algorithms, wherein original biometric templates or extracted features are stored under unconcealed form for performing matching with a new biometric sample in the authentication phase. In this paper, we propose a novel gait based authentication using biometric cryptosystem to enhance the system security and user privacy on the smart phone. Extracted gait features are merely used to biometrically encrypt a cryptographic key which is acted as the authentication factor. Gait signals are acquired by using an inertial sensor named accelerometer in the mobile device and error correcting codes are adopted to deal with the natural variation of gait measurements. We evaluate our proposed system on a dataset consisting of gait samples of 34 volunteers. We achieved the lowest false acceptance rate (FAR) and false rejection rate (FRR) of 3.92% and 11.76%, respectively, in terms of key length of 50 bits.

Secure and Privacy Enhanced Gait Authentication on Smart Phone

Directory of Open Access Journals (Sweden)

Thang Hoang

2014-01-01

Full Text Available Smart environments established by the development of mobile technology have brought vast benefits to human being. However, authentication mechanisms on portable smart devices, particularly conventional biometric based approaches, still remain security and privacy concerns. These traditional systems are mostly based on pattern recognition and machine learning algorithms, wherein original biometric templates or extracted features are stored under unconcealed form for performing matching with a new biometric sample in the authentication phase. In this paper, we propose a novel gait based authentication using biometric cryptosystem to enhance the system security and user privacy on the smart phone. Extracted gait features are merely used to biometrically encrypt a cryptographic key which is acted as the authentication factor. Gait signals are acquired by using an inertial sensor named accelerometer in the mobile device and error correcting codes are adopted to deal with the natural variation of gait measurements. We evaluate our proposed system on a dataset consisting of gait samples of 34 volunteers. We achieved the lowest false acceptance rate (FAR and false rejection rate (FRR of 3.92% and 11.76%, respectively, in terms of key length of 50 bits.

Security controls in an integrated Biobank to protect privacy in data sharing: rationale and study design.

Science.gov (United States)

Takai-Igarashi, Takako; Kinoshita, Kengo; Nagasaki, Masao; Ogishima, Soichi; Nakamura, Naoki; Nagase, Sachiko; Nagaie, Satoshi; Saito, Tomo; Nagami, Fuji; Minegishi, Naoko; Suzuki, Yoichi; Suzuki, Kichiya; Hashizume, Hiroaki; Kuriyama, Shinichi; Hozawa, Atsushi; Yaegashi, Nobuo; Kure, Shigeo; Tamiya, Gen; Kawaguchi, Yoshio; Tanaka, Hiroshi; Yamamoto, Masayuki

2017-07-06

With the goal of realizing genome-based personalized healthcare, we have developed a biobank that integrates personal health, genome, and omics data along with biospecimens donated by volunteers of 150,000. Such a large-scale of data integration involves obvious risks of privacy violation. The research use of personal genome and health information is a topic of global discussion with regard to the protection of privacy while promoting scientific advancement. The present paper reports on our plans, current attempts, and accomplishments in addressing security problems involved in data sharing to ensure donor privacy while promoting scientific advancement. Biospecimens and data have been collected in prospective cohort studies with the comprehensive agreement. The sample size of 150,000 participants was required for multiple researches including genome-wide screening of gene by environment interactions, haplotype phasing, and parametric linkage analysis. We established the T ohoku M edical M egabank (TMM) data sharing policy: a privacy protection rule that requires physical, personnel, and technological safeguards against privacy violation regarding the use and sharing of data. The proposed policy refers to that of NCBI and that of the Sanger Institute. The proposed policy classifies shared data according to the strength of re-identification risks. Local committees organized by TMM evaluate re-identification risk and assign a security category to a dataset. Every dataset is stored in an assigned segment of a supercomputer in accordance with its security category. A security manager should be designated to handle all security problems at individual data use locations. The proposed policy requires closed networks and IP-VPN remote connections. The mission of the biobank is to distribute biological resources most productively. This mission motivated us to collect biospecimens and health data and simultaneously analyze genome/omics data in-house. The biobank also has the

Security And Privacy Issues in Health Monitoring Systems: eCare@Home Case Study

DEFF Research Database (Denmark)

Wearing, Thomas; Dragoni, Nicola

2016-01-01

Automated systems for monitoring elderly people in their home are becoming more and more common. Indeed, an increasing number of home sensor networks for healthcare can be found in the recent literature, indicating a clear research direction in smart homes for health-care. Although the huge amount...... of sensitive data these systems deal with and expose to the external world, security and privacy issues are surpris-ingly not taken into consideration. The aim of this paper is to raise some key security and privacy issues that home health monitor systems should face with. The analysis is based on a real world...... monitoring sensor network for healthcare built in the context of the eCare@Home project....

Inter-organizational future proof EHR systems. A review of the security and privacy related issues.

Science.gov (United States)

van der Linden, Helma; Kalra, Dipak; Hasman, Arie; Talmon, Jan

2009-03-01

Identification and analysis of privacy and security related issues that occur when health information is exchanged between health care organizations. Based on a generic scenario questions were formulated to reveal the occurring issues. Possible answers were verified in literature. Ensuring secure health information exchange across organizations requires a standardization of security measures that goes beyond organizational boundaries, such as global definitions of professional roles, global standards for patient consent and semantic interoperable audit logs. As to be able to fully address the privacy and security issues in interoperable EHRs and the long-life virtual EHR it is necessary to realize a paradigm shift from storing all incoming information in a local system to retrieving information from external systems whenever that information is deemed necessary for the care of the patient.

77 FR 31371 - Public Workshop: Privacy Compliance Workshop

Science.gov (United States)

2012-05-25

... presentations, including the privacy compliance fundamentals, privacy and data security, and the privacy... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary Public Workshop: Privacy Compliance... Homeland Security Privacy Office will host a public workshop, ``Privacy Compliance Workshop.'' DATES: The...

Collaborative eHealth Meets Security: Privacy-Enhancing Patient Profile Management.

Science.gov (United States)

Sanchez-Guerrero, Rosa; Mendoza, Florina Almenarez; Diaz-Sanchez, Daniel; Cabarcos, Patricia Arias; Lopez, Andres Marin

2017-11-01

Collaborative healthcare environments offer potential benefits, including enhancing the healthcare quality delivered to patients and reducing costs. As a direct consequence, sharing of electronic health records (EHRs) among healthcare providers has experienced a noteworthy growth in the last years, since it enables physicians to remotely monitor patients' health and enables individuals to manage their own health data more easily. However, these scenarios face significant challenges regarding security and privacy of the extremely sensitive information contained in EHRs. Thus, a flexible, efficient, and standards-based solution is indispensable to guarantee selective identity information disclosure and preserve patient's privacy. We propose a privacy-aware profile management approach that empowers the patient role, enabling him to bring together various healthcare providers as well as user-generated claims into an unique credential. User profiles are represented through an adaptive Merkle Tree, for which we formalize the underlying mathematical model. Furthermore, performance of the proposed solution is empirically validated through simulation experiments.

A Secure and Privacy-Preserving Navigation Scheme Using Spatial Crowdsourcing in Fog-Based VANETs

Science.gov (United States)

Wang, Lingling; Liu, Guozhu; Sun, Lijun

2017-01-01

Fog-based VANETs (Vehicular ad hoc networks) is a new paradigm of vehicular ad hoc networks with the advantages of both vehicular cloud and fog computing. Real-time navigation schemes based on fog-based VANETs can promote the scheme performance efficiently. In this paper, we propose a secure and privacy-preserving navigation scheme by using vehicular spatial crowdsourcing based on fog-based VANETs. Fog nodes are used to generate and release the crowdsourcing tasks, and cooperatively find the optimal route according to the real-time traffic information collected by vehicles in their coverage areas. Meanwhile, the vehicle performing the crowdsourcing task can get a reasonable reward. The querying vehicle can retrieve the navigation results from each fog node successively when entering its coverage area, and follow the optimal route to the next fog node until it reaches the desired destination. Our scheme fulfills the security and privacy requirements of authentication, confidentiality and conditional privacy preservation. Some cryptographic primitives, including the Elgamal encryption algorithm, AES, randomized anonymous credentials and group signatures, are adopted to achieve this goal. Finally, we analyze the security and the efficiency of the proposed scheme. PMID:28338620

A Secure and Privacy-Preserving Navigation Scheme Using Spatial Crowdsourcing in Fog-Based VANETs.

Science.gov (United States)

Wang, Lingling; Liu, Guozhu; Sun, Lijun

2017-03-24

Fog-based VANETs (Vehicular ad hoc networks) is a new paradigm of vehicular ad hoc networks with the advantages of both vehicular cloud and fog computing. Real-time navigation schemes based on fog-based VANETs can promote the scheme performance efficiently. In this paper, we propose a secure and privacy-preserving navigation scheme by using vehicular spatial crowdsourcing based on fog-based VANETs. Fog nodes are used to generate and release the crowdsourcing tasks, and cooperatively find the optimal route according to the real-time traffic information collected by vehicles in their coverage areas. Meanwhile, the vehicle performing the crowdsourcing task can get a reasonable reward. The querying vehicle can retrieve the navigation results from each fog node successively when entering its coverage area, and follow the optimal route to the next fog node until it reaches the desired destination. Our scheme fulfills the security and privacy requirements of authentication, confidentiality and conditional privacy preservation. Some cryptographic primitives, including the Elgamal encryption algorithm, AES, randomized anonymous credentials and group signatures, are adopted to achieve this goal. Finally, we analyze the security and the efficiency of the proposed scheme.

Trajectory data privacy protection based on differential privacy mechanism

Science.gov (United States)

Gu, Ke; Yang, Lihao; Liu, Yongzhi; Liao, Niandong

2018-05-01

In this paper, we propose a trajectory data privacy protection scheme based on differential privacy mechanism. In the proposed scheme, the algorithm first selects the protected points from the user’s trajectory data; secondly, the algorithm forms the polygon according to the protected points and the adjacent and high frequent accessed points that are selected from the accessing point database, then the algorithm calculates the polygon centroids; finally, the noises are added to the polygon centroids by the differential privacy method, and the polygon centroids replace the protected points, and then the algorithm constructs and issues the new trajectory data. The experiments show that the running time of the proposed algorithms is fast, the privacy protection of the scheme is effective and the data usability of the scheme is higher.

78 FR 43890 - Privacy Act of 1974; Department of Homeland Security, Federal Emergency Management Agency-006...

Science.gov (United States)

2013-07-22

... titled, ``Department of Homeland Security/Federal Emergency Management Agency--006 Citizen Corps Database... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0049] Privacy Act of 1974; Department of Homeland Security, Federal Emergency Management Agency--006 Citizen Corps Program...

Exploring the Far Side of Mobile Health: Information Security and Privacy of Mobile Health Apps on iOS and Android.

Science.gov (United States)

Dehling, Tobias; Gao, Fangjian; Schneider, Stephan; Sunyaev, Ali

2015-01-19

Mobile health (mHealth) apps aim at providing seamless access to tailored health information technology and have the potential to alleviate global health burdens. Yet, they bear risks to information security and privacy because users need to reveal private, sensitive medical information to redeem certain benefits. Due to the plethora and diversity of available mHealth apps, implications for information security and privacy are unclear and complex. The objective of this study was to establish an overview of mHealth apps offered on iOS and Android with a special focus on potential damage to users through information security and privacy infringements. We assessed apps available in English and offered in the categories "Medical" and "Health & Fitness" in the iOS and Android App Stores. Based on the information retrievable from the app stores, we established an overview of available mHealth apps, tagged apps to make offered information machine-readable, and clustered the discovered apps to identify and group similar apps. Subsequently, information security and privacy implications were assessed based on health specificity of information available to apps, potential damage through information leaks, potential damage through information manipulation, potential damage through information loss, and potential value of information to third parties. We discovered 24,405 health-related apps (iOS; 21,953; Android; 2452). Absence or scarceness of ratings for 81.36% (17,860/21,953) of iOS and 76.14% (1867/2452) of Android apps indicates that less than a quarter of mHealth apps are in more or less widespread use. Clustering resulted in 245 distinct clusters, which were consolidated into 12 app archetypes grouping clusters with similar assessments of potential damage through information security and privacy infringements. There were 6426 apps that were excluded during clustering. The majority of apps (95.63%, 17,193/17,979; of apps) pose at least some potential damage through

Secure and Efficient Protocol for Vehicular Ad Hoc Network with Privacy Preservation

Directory of Open Access Journals (Sweden)

Choi Hyoung-Kee

2011-01-01

Full Text Available Security is a fundamental issue for promising applications in a VANET. Designing a secure protocol for a VANET that accommodates efficiency, privacy, and traceability is difficult because of the contradictions between these qualities. In this paper, we present a secure yet efficient protocol for a VANET that satisfies these security requirements. Although much research has attempted to address similar issues, we contend that our proposed protocol outperforms other proposals that have been advanced. This claim is based on observations that show that the proposed protocol has such strengths as light computational load, efficient storage management, and dependability.

Multilayered security and privacy protection in Car-to-X networks solutions from application down to physical layer

CERN Document Server

Stübing, Hagen

2013-01-01

Car-to-X (C2X) communication in terms of Car-to-Car (C2C) and Car-to-Infrastructure (C2I) communication aims at increasing road safety and traffic efficiency by exchanging foresighted traffic information. Thereby, security and privacy are regarded as an absolute prerequisite for successfully establishing the C2X technology on the market. Towards the paramount objective of covering the entire ITS reference model with security and privacy measures, Hagen Stübing develops dedicated solutions for each layer, respectively. On application layer a security architecture in terms of a Public Key Infras

Robust image obfuscation for privacy protection in Web 2.0 applications

Science.gov (United States)

Poller, Andreas; Steinebach, Martin; Liu, Huajian

2012-03-01

We present two approaches to robust image obfuscation based on permutation of image regions and channel intensity modulation. The proposed concept of robust image obfuscation is a step towards end-to-end security in Web 2.0 applications. It helps to protect the privacy of the users against threats caused by internet bots and web applications that extract biometric and other features from images for data-linkage purposes. The approaches described in this paper consider that images uploaded to Web 2.0 applications pass several transformations, such as scaling and JPEG compression, until the receiver downloads them. In contrast to existing approaches, our focus is on usability, therefore the primary goal is not a maximum of security but an acceptable trade-off between security and resulting image quality.

VoIP for Telerehabilitation: A Pilot Usability Study for HIPAA Compliance

Directory of Open Access Journals (Sweden)

Valerie R. Watzlaf

2012-06-01

Full Text Available Consumer-based, free Voice and video over the Internet Protocol (VoIP software systems such as Skype and others are used by health care providers to deliver telerehabilitation and other health-related services to clients. Privacy and security applications as well as HIPAA compliance within these protocols have been questioned by practitioners, health information managers, and other healthcare entities. This pilot usability study examined whether four respondents who used the top three, free consumer-based, VoIP software systems perceived these VoIP technologies to be private, secure, and HIPAA compliant;  most did not.  While the pilot study limitations include the number of respondents and systems assessed, the protocol can be applied to future research and replicated for instructional purposes.  Recommendations are provided for VoIP companies, providers, and users. 

Exploring the Far Side of Mobile Health: Information Security and Privacy of Mobile Health Apps on iOS and Android

Science.gov (United States)

Dehling, Tobias; Gao, Fangjian; Schneider, Stephan

2015-01-01

Background Mobile health (mHealth) apps aim at providing seamless access to tailored health information technology and have the potential to alleviate global health burdens. Yet, they bear risks to information security and privacy because users need to reveal private, sensitive medical information to redeem certain benefits. Due to the plethora and diversity of available mHealth apps, implications for information security and privacy are unclear and complex. Objective The objective of this study was to establish an overview of mHealth apps offered on iOS and Android with a special focus on potential damage to users through information security and privacy infringements. Methods We assessed apps available in English and offered in the categories “Medical” and “Health & Fitness” in the iOS and Android App Stores. Based on the information retrievable from the app stores, we established an overview of available mHealth apps, tagged apps to make offered information machine-readable, and clustered the discovered apps to identify and group similar apps. Subsequently, information security and privacy implications were assessed based on health specificity of information available to apps, potential damage through information leaks, potential damage through information manipulation, potential damage through information loss, and potential value of information to third parties. Results We discovered 24,405 health-related apps (iOS; 21,953; Android; 2452). Absence or scarceness of ratings for 81.36% (17,860/21,953) of iOS and 76.14% (1867/2452) of Android apps indicates that less than a quarter of mHealth apps are in more or less widespread use. Clustering resulted in 245 distinct clusters, which were consolidated into 12 app archetypes grouping clusters with similar assessments of potential damage through information security and privacy infringements. There were 6426 apps that were excluded during clustering. The majority of apps (95.63%, 17,193/17,979; of apps) pose

Obfuscatable multi-recipient re-encryption for secure privacy-preserving personal health record services.

Science.gov (United States)

Shi, Yang; Fan, Hongfei; Xiong, Guoyue

2015-01-01

With the rapid development of cloud computing techniques, it is attractive for personal health record (PHR) service providers to deploy their PHR applications and store the personal health data in the cloud. However, there could be a serious privacy leakage if the cloud-based system is intruded by attackers, which makes it necessary for the PHR service provider to encrypt all patients' health data on cloud servers. Existing techniques are insufficiently secure under circumstances where advanced threats are considered, or being inefficient when many recipients are involved. Therefore, the objectives of our solution are (1) providing a secure implementation of re-encryption in white-box attack contexts and (2) assuring the efficiency of the implementation even in multi-recipient cases. We designed the multi-recipient re-encryption functionality by randomness-reusing and protecting the implementation by obfuscation. The proposed solution is secure even in white-box attack contexts. Furthermore, a comparison with other related work shows that the computational cost of the proposed solution is lower. The proposed technique can serve as a building block for supporting secure, efficient and privacy-preserving personal health record service systems.

Taiwan's perspective on electronic medical records' security and privacy protection: lessons learned from HIPAA.

Science.gov (United States)

Yang, Che-Ming; Lin, Herng-Ching; Chang, Polun; Jian, Wen-Shan

2006-06-01

The protection of patients' health information is a very important concern in the information age. The purpose of this study is to ascertain what constitutes an effective legal framework in protecting both the security and privacy of health information, especially electronic medical records. All sorts of bills regarding electronic medical data protection have been proposed around the world including Health Insurance Portability and Accountability Act (HIPAA) of the U.S. The trend of a centralized bill that focuses on managing computerized health information is the part that needs our further attention. Under the sponsor of Taiwan's Department of Health (DOH), our expert panel drafted the "Medical Information Security and Privacy Protection Guidelines", which identifies nine principles and entails 12 articles, in the hope that medical organizations will have an effective reference in how to manage their medical information in a confidential and secured fashion especially in electronic transactions.

Analysis of the security and privacy requirements of cloud-based electronic health records systems.

Science.gov (United States)

Rodrigues, Joel J P C; de la Torre, Isabel; Fernández, Gonzalo; López-Coronado, Miguel

2013-08-21

The Cloud Computing paradigm offers eHealth systems the opportunity to enhance the features and functionality that they offer. However, moving patients' medical information to the Cloud implies several risks in terms of the security and privacy of sensitive health records. In this paper, the risks of hosting Electronic Health Records (EHRs) on the servers of third-party Cloud service providers are reviewed. To protect the confidentiality of patient information and facilitate the process, some suggestions for health care providers are made. Moreover, security issues that Cloud service providers should address in their platforms are considered. To show that, before moving patient health records to the Cloud, security and privacy concerns must be considered by both health care providers and Cloud service providers. Security requirements of a generic Cloud service provider are analyzed. To study the latest in Cloud-based computing solutions, bibliographic material was obtained mainly from Medline sources. Furthermore, direct contact was made with several Cloud service providers. Some of the security issues that should be considered by both Cloud service providers and their health care customers are role-based access, network security mechanisms, data encryption, digital signatures, and access monitoring. Furthermore, to guarantee the safety of the information and comply with privacy policies, the Cloud service provider must be compliant with various certifications and third-party requirements, such as SAS70 Type II, PCI DSS Level 1, ISO 27001, and the US Federal Information Security Management Act (FISMA). Storing sensitive information such as EHRs in the Cloud means that precautions must be taken to ensure the safety and confidentiality of the data. A relationship built on trust with the Cloud service provider is essential to ensure a transparent process. Cloud service providers must make certain that all security mechanisms are in place to avoid unauthorized access

A Secure RFID Tag Authentication Protocol with Privacy Preserving in Telecare Medicine Information System.

Science.gov (United States)

Li, Chun-Ta; Weng, Chi-Yao; Lee, Cheng-Chi

2015-08-01

Radio Frequency Identification (RFID) based solutions are widely used for providing many healthcare applications include patient monitoring, object traceability, drug administration system and telecare medicine information system (TMIS) etc. In order to reduce malpractices and ensure patient privacy, in 2015, Srivastava et al. proposed a hash based RFID tag authentication protocol in TMIS. Their protocol uses lightweight hash operation and synchronized secret value shared between back-end server and tag, which is more secure and efficient than other related RFID authentication protocols. Unfortunately, in this paper, we demonstrate that Srivastava et al.'s tag authentication protocol has a serious security problem in that an adversary may use the stolen/lost reader to connect to the medical back-end server that store information associated with tagged objects and this privacy damage causing the adversary could reveal medical data obtained from stolen/lost readers in a malicious way. Therefore, we propose a secure and efficient RFID tag authentication protocol to overcome security flaws and improve the system efficiency. Compared with Srivastava et al.'s protocol, the proposed protocol not only inherits the advantages of Srivastava et al.'s authentication protocol for TMIS but also provides better security with high system efficiency.

Privacy, security, and the public health researcher in the era of electronic health record research.

Science.gov (United States)

Goldstein, Neal D; Sarwate, Anand D

2016-01-01

Health data derived from electronic health records are increasingly utilized in large-scale population health analyses. Going hand in hand with this increase in data is an increasing number of data breaches. Ensuring privacy and security of these data is a shared responsibility between the public health researcher, collaborators, and their institutions. In this article, we review the requirements of data privacy and security and discuss epidemiologic implications of emerging technologies from the computer science community that can be used for health data. In order to ensure that our needs as researchers are captured in these technologies, we must engage in the dialogue surrounding the development of these tools.

Public Perspectives of Mobile Phones' Effects on Healthcare Quality and Medical Data Security and Privacy: A 2-Year Nationwide Survey.

Science.gov (United States)

Richardson, Joshua E; Ancker, Jessica S

2015-01-01

Given growing interest in mobile phones for health management (mHealth), we surveyed consumer perceptions of mHealth in security, privacy, and healthcare quality using national random-digit-dial telephone surveys in 2013 and 2014. In 2013, 48% thought that using a mobile phone to communicate data with a physician's electronic health record (EHR) would improve the quality of health care. By 2014, the proportion rose to 57% (p privacy concerns yet nearly two-thirds expressed privacy concerns. In 2013 alone, respondents were more likely to express privacy concerns about medical data on mobile phones than they were to endorse similar concerns with EHRs or health information exchange (HIE). Consumers increasingly believe that mHealth improves healthcare quality, but security and privacy concerns need to be addressed for quality improvement to be fully realized.

Security and privacy in billing services in cloud computing

OpenAIRE

Μακρή, Ελένη - Λασκαρίνα

2013-01-01

The purpose of this master thesis is to define cloud computing and to introduce its basic principles. Firstly, the history of cloud computing will be briefly discussed, starting from the past and ending up to the current and future situation. Furthermore, the most important characteristics of cloud computing, such as security, privacy and cost, will be analyzed. Moreover the three service and three deployment models of cloud computing will be defined and analyzed with examples. Finally, the a...

76 FR 66940 - Privacy Act of 1974; Department of Homeland Security/United States Secret Service-004 Protection...

Science.gov (United States)

2011-10-28

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2011-0083] Privacy Act of 1974; Department of Homeland Security/United States Secret Service--004 Protection Information System... Security (DHS)/United States Secret Service (USSS)-004 System name: DHS/USSS-004 Protection Information...

75 FR 23274 - Privacy Act of 1974; Department of Homeland Security United States Immigration Customs and...

Science.gov (United States)

2010-05-03

... 1974; Department of Homeland Security United States Immigration Customs and Enforcement--011 Immigration and Enforcement Operational Records System of Records AGENCY: Privacy Office, DHS. ACTION: Notice... the Department of Homeland Security U.S. Immigration and Customs Enforcement is updating an existing...

75 FR 9238 - Privacy Act of 1974; Department of Homeland Security United States Immigration Customs and...

Science.gov (United States)

2010-03-01

... 1974; Department of Homeland Security United States Immigration Customs and Enforcement--011 Immigration and Enforcement Operational Records System of Records AGENCY: Privacy Office, DHS. ACTION: Notice... the Department of Homeland Security U.S. Immigration and Customs Enforcement is updating an existing...

A Crowd-Based Intelligence Approach for Measurable Security, Privacy, and Dependability in Internet of Automated Vehicles with Vehicular Fog

Directory of Open Access Journals (Sweden)

Ashish Rauniyar

2018-01-01

Full Text Available With the advent of Internet of things (IoT and cloud computing technologies, we are in the era of automation, device-to-device (D2D and machine-to-machine (M2M communications. Automated vehicles have recently gained a huge attention worldwide, and it has created a new wave of revolution in automobile industries. However, in order to fully establish automated vehicles and their connectivity to the surroundings, security, privacy, and dependability always remain a crucial issue. One cannot deny the fact that such automatic vehicles are highly vulnerable to different kinds of security attacks. Also, today’s such systems are built from generic components. Prior analysis of different attack trends and vulnerabilities enables us to deploy security solutions effectively. Moreover, scientific research has shown that a “group” can perform better than individuals in making decisions and predictions. Therefore, this paper deals with the measurable security, privacy, and dependability of automated vehicles through the crowd-based intelligence approach that is inspired from swarm intelligence. We have studied three use case scenarios of automated vehicles and systems with vehicular fog and have analyzed the security, privacy, and dependability metrics of such systems. Our systematic approaches to measuring efficient system configuration, security, privacy, and dependability of automated vehicles are essential for getting the overall picture of the system such as design patterns, best practices for configuration of system, metrics, and measurements.

Privacy, Security, & Compliance: Strange Bedfellows or a Marriage Made in Heaven?

Science.gov (United States)

Corn, Michael; Rosenthal, Jane

2013-01-01

Where does privacy belong in the college/university ecosystem, and what should its relationship be with security and compliance? Are the three areas best kept separate and distinct? Should there be some overlap? Or would a single office, officer, and/or reporting line enable a big picture of the whole? This article examines several of the campus…

76 FR 53921 - Privacy Act of 1974; Department of Homeland Security ALL-034 Emergency Care Medical Records...

Science.gov (United States)

2011-08-30

... AGENCY: Privacy Office, DHS. ACTION: Notice of Privacy Act system of records. SUMMARY: In accordance with... Security Office of Health Affairs to collect and maintain records on individuals who receive emergency care... consistent, quality medical care. To support MQM, OHA operates the electronic Patient Care Record (ePCR), an...

Facilitating Secure Sharing of Personal Health Data in the Cloud.

Science.gov (United States)

Thilakanathan, Danan; Calvo, Rafael A; Chen, Shiping; Nepal, Surya; Glozier, Nick

2016-05-27

Internet-based applications are providing new ways of promoting health and reducing the cost of care. Although data can be kept encrypted in servers, the user does not have the ability to decide whom the data are shared with. Technically this is linked to the problem of who owns the data encryption keys required to decrypt the data. Currently, cloud service providers, rather than users, have full rights to the key. In practical terms this makes the users lose full control over their data. Trust and uptake of these applications can be increased by allowing patients to feel in control of their data, generally stored in cloud-based services. This paper addresses this security challenge by providing the user a way of controlling encryption keys independently of the cloud service provider. We provide a secure and usable system that enables a patient to share health information with doctors and specialists. We contribute a secure protocol for patients to share their data with doctors and others on the cloud while keeping complete ownership. We developed a simple, stereotypical health application and carried out security tests, performance tests, and usability tests with both students and doctors (N=15). We developed the health application as an app for Android mobile phones. We carried out the usability tests on potential participants and medical professionals. Of 20 participants, 14 (70%) either agreed or strongly agreed that they felt safer using our system. Using mixed methods, we show that participants agreed that privacy and security of health data are important and that our system addresses these issues. We presented a security protocol that enables patients to securely share their eHealth data with doctors and nurses and developed a secure and usable system that enables patients to share mental health information with doctors.

Security, Privacy, Threats and Risks in Cloud Computing ― A Vital Review

OpenAIRE

Goyal, Sumit

2016-01-01

Cloud computing is a multi million dollar business. As more and more enterprises are adopting cloud services for their businesses, threat of security has become a big concern for these enterprises and cloud users. This review describes the latest threats and risks associated with cloud computing and suggests techniques for better privacy and security of data in cloud environment. Threats and risks associated with cloud service models (SaaS, PaaS and IaaS) along with cloud deployment models (p...

Human centric security and privacy for the IoT using formal techniques

OpenAIRE

Kammueller, Florian

2018-01-01

In this paper, we summarize a new approach to make security and privacy issues in the Internet of Things (IoT) more transparent for vulnerable users. As a pilot project, we investigate monitoring of Alzheimer’s patients for a low-cost early warning system based on bio-markers supported with smart technologies. To provide trustworthy and secure IoT infrastructures, we employ formal methods and techniques that allow specification of IoT scenarios with human actors, refinement and analysis of at...

A flexible privacy enhanced and secured ICT architecture for a smart grid project with active cosumers in the city of Zwolle-NL

NARCIS (Netherlands)

Montes Portela, C.; Rooden, H.; Kohlmann, J.; Leersum, van D.; Geldtmeijer, D.A.M.; Slootweg, J.G.; van Eekelen, Marko

2013-01-01

This paper presents the ICT architecture for a Smart Grid project with consumer interaction in the city of Zwolle, the Netherlands. It describes the privacy and security enhancing measures applied to ensure a positive sum of necessary functionality and respect for consumer’s privacy and secure

Privacy and Security within Biobanking: The Role of Information Technology.

Science.gov (United States)

Heatherly, Raymond

2016-03-01

Along with technical issues, biobanking frequently raises important privacy and security issues that must be resolved as biobanks continue to grow in scale and scope. Consent mechanisms currently in use range from fine-grained to very broad, and in some cases participants are offered very few privacy protections. However, developments in information technology are bringing improvements. New programs and systems are being developed to allow researchers to conduct analyses without distributing the data itself offsite, either by allowing the investigator to communicate with a central computer, or by having each site participate in meta-analysis that results in a shared statistic or final significance result. The implementation of security protocols into the research biobanking setting requires three key elements: authentication, authorization, and auditing. Authentication is the process of making sure individuals are who they claim to be, frequently through the use of a password, a key fob, or a physical (i.e., retinal or fingerprint) scan. Authorization involves ensuring that every individual who attempts an action has permission to do that action. Finally, auditing allows for actions to be logged so that inappropriate or unethical actions can later be traced back to their source. © 2016 American Society of Law, Medicine & Ethics.

An Efficient Electronic English Auction System with a Secure On-Shelf Mechanism and Privacy Preserving

Directory of Open Access Journals (Sweden)

Hong Zhong

2016-01-01

Full Text Available With the rapid development of the Internet, electronic commerce has become more and more popular. As an important element of e-commerce, many Internet companies such as Yahoo! and eBay have launched electronic auction systems. However, like most electronic commerce products, safety is an important issue that should be addressed. Many researchers have proposed secure electronic auction mechanisms, but we found that some of them do not exhibit the property of unlinkability, which leads to the leakage of users’ privacy. Considering the importance of privacy preservation, we have designed a new auction mechanism. Through symmetrical key establishment in the registration phase, all messages transmitted over the Internet would be protected and, meanwhile, achieve the property of unlinkability. The security analysis and performance analysis show that our protocol fulfills more security properties and is more efficient for implementation compared with recent works.

Advances and current state of the security and privacy in electronic health records: survey from a social perspective.

Science.gov (United States)

Tejero, Antonio; de la Torre, Isabel

2012-10-01

E-Health systems are experiencing an impulse in these last years, when many medical agencies began to include digital solutions into their platforms. Electronic Health Records (EHRs) are one of the most important improvements, being in its most part a patient-oriented tool. To achieve a completely operational EHR platform, security and privacy problems have to be resolved, due to the importance of the data included within these records. But given all the different methods to address security and privacy, they still remain in most cases as an open issue. This paper studies existing and proposed solutions included in different scenarios, in order to offer an overview of the current state in EHR systems. Bibliographic material has been obtained mainly from MEDLINE and SCOPUS sources, and over 30 publications have been analyzed. Many EHR platforms are being developed, but most of them present weaknesses when they are opened to the public. These architectures gain significance when they cover all the requisites related to security and privacy.

Location Privacy in RFID Applications

Science.gov (United States)

Sadeghi, Ahmad-Reza; Visconti, Ivan; Wachsmann, Christian

RFID-enabled systems allow fully automatic wireless identification of objects and are rapidly becoming a pervasive technology with various applications. However, despite their benefits, RFID-based systems also pose challenging risks, in particular concerning user privacy. Indeed, improvident use of RFID can disclose sensitive information about users and their locations allowing detailed user profiles. Hence, it is crucial to identify and to enforce appropriate security and privacy requirements of RFID applications (that are also compliant to legislation). This chapter first discusses security and privacy requirements for RFID-enabled systems, focusing in particular on location privacy issues. Then it explores the advances in RFID applications, stressing the security and privacy shortcomings of existing proposals. Finally, it presents new promising directions for privacy-preserving RFID systems, where as a case study we focus electronic tickets (e-tickets) for public transportation.

A Survey on Security, Privacy and Trust in Mobile Crowdsourcing

OpenAIRE

Feng, Wei; Yan, Zheng; Zhang, Hengrun; Zeng, Kai; Xiao, Yu; Hou, Thomas

2017-01-01

With the popularity of sensor-rich mobile devices (e.g., smart phones and wearable devices), Mobile Crowdsourcing (MCS) has emerged as an effective method for data collection and processing. Compared with traditional Wireless Sensor Networking (WSN), MCS holds many advantages such as mobility, scalability, cost-efficiency, and human intelligence. However, MCS still faces many challenges with regard to security, privacy and trust. This paper provides a survey of these challenges and discusses ...

Security and privacy issues in implantable medical devices: A comprehensive survey.

Science.gov (United States)

Camara, Carmen; Peris-Lopez, Pedro; Tapiador, Juan E

2015-06-01

Bioengineering is a field in expansion. New technologies are appearing to provide a more efficient treatment of diseases or human deficiencies. Implantable Medical Devices (IMDs) constitute one example, these being devices with more computing, decision making and communication capabilities. Several research works in the computer security field have identified serious security and privacy risks in IMDs that could compromise the implant and even the health of the patient who carries it. This article surveys the main security goals for the next generation of IMDs and analyzes the most relevant protection mechanisms proposed so far. On the one hand, the security proposals must have into consideration the inherent constraints of these small and implanted devices: energy, storage and computing power. On the other hand, proposed solutions must achieve an adequate balance between the safety of the patient and the security level offered, with the battery lifetime being another critical parameter in the design phase. Copyright © 2015 Elsevier Inc. All rights reserved.

My private cloud overview : a trust, privacy and security infrastructure for the cloud

NARCIS (Netherlands)

Chadwick, D.W.; Lievens, S.F.; Hartog, den J.I.; Pashalidis, A.; Alhadeff, J.

2011-01-01

Based on the assumption that cloud providers can be trusted (to a certain extent) we define a trust, security and privacy preserving infrastructure that relies on trusted cloud providers to operate properly. Working in tandem with legal agreements, our open source software supports: trust and

Usability of Security Management:Defining the Permissions of Guests

Science.gov (United States)

Johnson, Matthew; Stajano, Frank

Within the scenario of a Smart Home, we discuss the issues involved in allowing limited interaction with the environment for unidentified principals, or guests. The challenges include identifying and authenticating guests on one hand and delegating authorization to them on the other. While the technical mechanisms for doing so in generic distributed systems have been around for decades, existing solutions are in general not applicable to the smart home because they are too complex to manage. We focus on providing both security and usability; we therefore seek simple and easy to understand approaches that can be used by a normal computer-illiterate home owner, not just by a trained system administrator. This position paper describes ongoing research and does not claim to have all the answers.

A Taxonomy for Enhancing Usability, Flexibility, and Security of User Authentication

Directory of Open Access Journals (Sweden)

Susan Gottschlich

2017-12-01

Full Text Available Two technology trends – a move toward software defined capabilities and toward networked devices – support both unprecedented innovations and requirements for security. A fundamental aspect of security is user authentication, which allows devices and software applications to establish their user’s identity and identity is in turn used to establish which of its capabilities the user is authorized to access. While multiple authentication steps, known as multifactor authentication, are being used more widely throughout the military, government, businesses, and consumer sectors, the selection and implementation of which authentication factors to require is typically defined by security policy. Security policy is in turn typically established by a security organization that may have no formal metrics or means to guide its selection of authentication factors. This paper will present a taxonomy for describing authentication factors including important attributes that characterize authentication robustness to aid in the selection of factors that are consistent with the user’s mission. One particular authentication factor that I have developed will be discussed in the context of this taxonomy to motivate the need to broaden current definitions and security policies. The ultimate goal of this paper is to inspire the development of standards for authentication technologies to both support mission aware authentication innovation and to inform decision making about security policies concerning user authentication and authorization. Further, this paper aims to demonstrate that such an approach will fundamentally enhance both security and usability of increasingly networked, software-defined devices, equipment and software applications.

Emerging Security Mechanisms for Medical Cyber Physical Systems.

Science.gov (United States)

Kocabas, Ovunc; Soyata, Tolga; Aktas, Mehmet K

2016-01-01

The following decade will witness a surge in remote health-monitoring systems that are based on body-worn monitoring devices. These Medical Cyber Physical Systems (MCPS) will be capable of transmitting the acquired data to a private or public cloud for storage and processing. Machine learning algorithms running in the cloud and processing this data can provide decision support to healthcare professionals. There is no doubt that the security and privacy of the medical data is one of the most important concerns in designing an MCPS. In this paper, we depict the general architecture of an MCPS consisting of four layers: data acquisition, data aggregation, cloud processing, and action. Due to the differences in hardware and communication capabilities of each layer, different encryption schemes must be used to guarantee data privacy within that layer. We survey conventional and emerging encryption schemes based on their ability to provide secure storage, data sharing, and secure computation. Our detailed experimental evaluation of each scheme shows that while the emerging encryption schemes enable exciting new features such as secure sharing and secure computation, they introduce several orders-of-magnitude computational and storage overhead. We conclude our paper by outlining future research directions to improve the usability of the emerging encryption schemes in an MCPS.

Toward more usable electronic voting: testing the usability of a smartphone voting system.

Science.gov (United States)

Campbell, Bryan A; Tossell, Chad C; Byrne, Michael D; Kortum, Philip

2014-08-01

The goal of this research was to assess the usability of a voting system designed for smart-phones. Smartphones offer remote participation in elections through the use of pervasive technology. Voting on these devices could, among other benefits, increase voter participation while allowing voters to use familiar technology. However, the usability of these systems has not been assessed. A mobile voting system optimized for use on a smartphone was designed and tested against traditional voting platforms for usability. There were no reliable differences between the smartphone-based system and other voting methods in efficiency and perceived usability. More important, though, smartphone owners committed fewer errors on the mobile voting system than on the traditional voting systems. Even with the known limitations of small mobile platforms in both displays and controls, a carefully designed system can provide a usable voting method. Much of the concern about mobile voting is in the area of security; therefore, although these results are promising, security concerns and usability issues arising from mitigating them must be strongly considered. The results of this experiment may help to inform current and future election and public policy officials about the benefits of allowing voters to vote with familiar hardware.

RPD: Reusable Pseudo-Id Distribution for a Secure and Privacy Preserving VANET

Directory of Open Access Journals (Sweden)

Sulaiman Ashraph

2013-08-01

Full Text Available In any VANET, security and privacy are the two fundamental issues. Obtaining efficient security in vehicular communication is essential without compromising privacy-preserving mechanisms. Designing a suitable protocol for VANET by having these two issues in mind is challenging because efficiency, unlinkablity and traceability are the three qualities having contradictions between them. In this paper, we introduce an efficient Reusable Pseudo-id Distribution (RPD scheme. The Trusted Authority (TA designating the Road Side Units (RSUs to generate n reusable pseudo ids and distribute them to the On Board Units (OBUs on request characterizes the proposed protocol. RSUs issue the aggregated hashes of all its valid pseudo-ids along with a symmetric shared key and a particular pseudo-id to each vehicle that enters into its coverage range. Through this the certificates attached to the messages can be eliminated and thus resulting in a significantly reduced packet size. The same anonymous keys can then be re-distributed by the RSUs episodically to other vehicles. We analyze the proposed protocol extensively to demonstrate its merits and efficiency.

76 FR 39315 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL-030 Use of...

Science.gov (United States)

2011-07-06

... the Terrorist Screening Database System of Records relates to official DHS national security and law... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary 6 CFR Part 5 [Docket No. DHS-2011-0060] Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/ALL--030 Use of the...

The role of privacy protection in healthcare information systems adoption.

Science.gov (United States)

Hsu, Chien-Lung; Lee, Ming-Ren; Su, Chien-Hui

2013-10-01

Privacy protection is an important issue and challenge in healthcare information systems (HISs). Recently, some privacy-enhanced HISs are proposed. Users' privacy perception, intention, and attitude might affect the adoption of such systems. This paper aims to propose a privacy-enhanced HIS framework and investigate the role of privacy protection in HISs adoption. In the proposed framework, privacy protection, access control, and secure transmission modules are designed to enhance the privacy protection of a HIS. An experimental privacy-enhanced HIS is also implemented. Furthermore, we proposed a research model extending the unified theory of acceptance and use of technology by considering perceived security and information security literacy and then investigate user adoption of a privacy-enhanced HIS. The experimental results and analyses showed that user adoption of a privacy-enhanced HIS is directly affected by social influence, performance expectancy, facilitating conditions, and perceived security. Perceived security has a mediating effect between information security literacy and user adoption. This study proposes several implications for research and practice to improve designing, development, and promotion of a good healthcare information system with privacy protection.

Usability Issues in the User Interfaces of Privacy-Enhancing Technologies

Science.gov (United States)

LaTouche, Lerone W.

2013-01-01

Privacy on the Internet has become one of the leading concerns for Internet users. These users are not wrong in their concerns if personally identifiable information is not protected and under their control. To minimize the collection of Internet users' personal information and help solve the problem of online privacy, a number of…

76 FR 66937 - Privacy Act of 1974; Department of Homeland Security/United States Secret Service-003 Non...

Science.gov (United States)

2011-10-28

... 1974; Department of Homeland Security/United States Secret Service--003 Non-Criminal Investigation... Security/United States Secret Service--003 Non-Criminal Investigation Information System.'' As a result of... Secret Service, 245 Murray Lane SW., Building T-5, Washington, DC 20223. For privacy issues please...

75 FR 28051 - Public Workshop: Pieces of Privacy

Science.gov (United States)

2010-05-19

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary Public Workshop: Pieces of Privacy AGENCY: Privacy Office, DHS. ACTION: Notice announcing public workshop. SUMMARY: The Department of Homeland Security Privacy Office will host a public workshop, ``Pieces of Privacy.'' DATES: The workshop will be...

Evaluating Common Privacy Vulnerabilities in Internet Service Providers

Science.gov (United States)

Kotzanikolaou, Panayiotis; Maniatis, Sotirios; Nikolouzou, Eugenia; Stathopoulos, Vassilios

Privacy in electronic communications receives increased attention in both research and industry forums, stemming from both the users' needs and from legal and regulatory requirements in national or international context. Privacy in internet-based communications heavily relies on the level of security of the Internet Service Providers (ISPs), as well as on the security awareness of the end users. This paper discusses the role of the ISP in the privacy of the communications. Based on real security audits performed in national-wide ISPs, we illustrate privacy-specific threats and vulnerabilities that many providers fail to address when implementing their security policies. We subsequently provide and discuss specific security measures that the ISPs can implement, in order to fine-tune their security policies in the context of privacy protection.

CP-ABE Based Privacy-Preserving User Profile Matching in Mobile Social Networks.

Directory of Open Access Journals (Sweden)

Weirong Cui

Full Text Available Privacy-preserving profile matching, a challenging task in mobile social networks, is getting more attention in recent years. In this paper, we propose a novel scheme that is based on ciphertext-policy attribute-based encryption to tackle this problem. In our scheme, a user can submit a preference-profile and search for users with matching-profile in decentralized mobile social networks. In this process, no participant's profile and the submitted preference-profile is exposed. Meanwhile, a secure communication channel can be established between the pair of successfully matched users. In contrast to existing related schemes which are mainly based on the secure multi-party computation, our scheme can provide verifiability (both the initiator and any unmatched user cannot cheat each other to pretend to be matched, and requires few interactions among users. We provide thorough security analysis and performance evaluation on our scheme, and show its advantages in terms of security, efficiency and usability over state-of-the-art schemes.

CP-ABE Based Privacy-Preserving User Profile Matching in Mobile Social Networks.

Science.gov (United States)

Cui, Weirong; Du, Chenglie; Chen, Jinchao

2016-01-01

Privacy-preserving profile matching, a challenging task in mobile social networks, is getting more attention in recent years. In this paper, we propose a novel scheme that is based on ciphertext-policy attribute-based encryption to tackle this problem. In our scheme, a user can submit a preference-profile and search for users with matching-profile in decentralized mobile social networks. In this process, no participant's profile and the submitted preference-profile is exposed. Meanwhile, a secure communication channel can be established between the pair of successfully matched users. In contrast to existing related schemes which are mainly based on the secure multi-party computation, our scheme can provide verifiability (both the initiator and any unmatched user cannot cheat each other to pretend to be matched), and requires few interactions among users. We provide thorough security analysis and performance evaluation on our scheme, and show its advantages in terms of security, efficiency and usability over state-of-the-art schemes.

A Survey on Security and Privacy in Emerging Sensor Networks: From Viewpoint of Close-Loop

Science.gov (United States)

Zhang, Lifu; Zhang, Heng

2016-01-01

Nowadays, as the next generation sensor networks, Cyber-Physical Systems (CPSs) refer to the complex networked systems that have both physical subsystems and cyber components, and the information flow between different subsystems and components is across a communication network, which forms a closed-loop. New generation sensor networks are found in a growing number of applications and have received increasing attention from many inter-disciplines. Opportunities and challenges in the design, analysis, verification and validation of sensor networks co-exists, among which security and privacy are two important ingredients. This paper presents a survey on some recent results in the security and privacy aspects of emerging sensor networks from the viewpoint of the closed-loop. This paper also discusses several future research directions under these two umbrellas. PMID:27023559

Vehicular Internet: Security & Privacy Challenges and Opportunities

Directory of Open Access Journals (Sweden)

Kamran Zaidi

2015-07-01

Full Text Available The vehicular internet will drive the future of vehicular technology and intelligent transportation systems (ITS. Whether it is road safety, infotainment, or driver-less cars, the vehicular internet will lay the foundation for the future of road travel. Governments and companies are pursuing driver-less vehicles as they are considered to be more reliable than humans and, therefore, safer. The vehicles today are not just a means of transportation but are also equipped with a wide range of sensors that provide valuable data. If vehicles are enabled to share data that they collect with other vehicles or authorities for decision-making and safer driving, they thereby form a vehicular network. However, there is a lot at stake in vehicular networks if they are compromised. With the stakes so high, it is imperative that the vehicular networks are secured and made resilient to any attack or attempt that may have serious consequences. The vehicular internet can also be the target of a cyber attack, which can be devastating. In this paper, the opportunities that the vehicular internet offers are presented and then various security and privacy aspects are discussed and some solutions are presented.

77 FR 32709 - Privacy Act of 1974, as Amended; Computer Matching Program (SSA/Department of Homeland Security...

Science.gov (United States)

2012-06-01

...; Computer Matching Program (SSA/ Department of Homeland Security (DHS))--Match Number 1010 AGENCY: Social Security Administration (SSA). ACTION: Notice of a renewal of an existing computer matching program that... amended by the Computer Matching and Privacy Protection Act of 1988, as amended, and the regulations and...

Securing SIFT: Privacy-preserving Outsourcing Computation of Feature Extractions Over Encrypted Image Data.

Science.gov (United States)

Hu, Shengshan; Wang, Qian; Wang, Jingjun; Qin, Zhan; Ren, Kui

2016-05-13

Advances in cloud computing have greatly motivated data owners to outsource their huge amount of personal multimedia data and/or computationally expensive tasks onto the cloud by leveraging its abundant resources for cost saving and flexibility. Despite the tremendous benefits, the outsourced multimedia data and its originated applications may reveal the data owner's private information, such as the personal identity, locations or even financial profiles. This observation has recently aroused new research interest on privacy-preserving computations over outsourced multimedia data. In this paper, we propose an effective and practical privacy-preserving computation outsourcing protocol for the prevailing scale-invariant feature transform (SIFT) over massive encrypted image data. We first show that previous solutions to this problem have either efficiency/security or practicality issues, and none can well preserve the important characteristics of the original SIFT in terms of distinctiveness and robustness. We then present a new scheme design that achieves efficiency and security requirements simultaneously with the preservation of its key characteristics, by randomly splitting the original image data, designing two novel efficient protocols for secure multiplication and comparison, and carefully distributing the feature extraction computations onto two independent cloud servers. We both carefully analyze and extensively evaluate the security and effectiveness of our design. The results show that our solution is practically secure, outperforms the state-of-theart, and performs comparably to the original SIFT in terms of various characteristics, including rotation invariance, image scale invariance, robust matching across affine distortion, addition of noise and change in 3D viewpoint and illumination.

Secure and Privacy-Preserving Data Sharing and Collaboration in Mobile Healthcare Social Networks of Smart Cities

Directory of Open Access Journals (Sweden)

Qinlong Huang

2017-01-01

Full Text Available Mobile healthcare social networks (MHSN integrated with connected medical sensors and cloud-based health data storage provide preventive and curative health services in smart cities. The fusion of social data together with real-time health data facilitates a novel paradigm of healthcare big data analysis. However, the collaboration of healthcare and social network service providers may pose a series of security and privacy issues. In this paper, we propose a secure health and social data sharing and collaboration scheme in MHSN. To preserve the data privacy, we realize secure and fine-grained health data and social data sharing with attribute-based encryption and identity-based broadcast encryption techniques, respectively, which allows patients to share their private personal data securely. In order to achieve enhanced data collaboration, we allow the healthcare analyzers to access both the reencrypted health data and the social data with authorization from the data owner based on proxy reencryption. Specifically, most of the health data encryption and decryption computations are outsourced from resource-constrained mobile devices to a health cloud, and the decryption of the healthcare analyzer incurs a low cost. The security and performance analysis results show the security and efficiency of our scheme.

Electronic Health Records: An Enhanced Security Paradigm to Preserve Patient's Privacy

Science.gov (United States)

Slamanig, Daniel; Stingl, Christian

In recent years, demographic change and increasing treatment costs demand the adoption of more cost efficient, highly qualitative and integrated health care processes. The rapid growth and availability of the Internet facilitate the development of eHealth services and especially of electronic health records (EHRs) which are promising solutions to meet the aforementioned requirements. Considering actual web-based EHR systems, patient-centric and patient moderated approaches are widely deployed. Besides, there is an emerging market of so called personal health record platforms, e.g. Google Health. Both concepts provide a central and web-based access to highly sensitive medical data. Additionally, the fact that these systems may be hosted by not fully trustworthy providers necessitates to thoroughly consider privacy issues. In this paper we define security and privacy objectives that play an important role in context of web-based EHRs. Furthermore, we discuss deployed solutions as well as concepts proposed in the literature with respect to this objectives and point out several weaknesses. Finally, we introduce a system which overcomes the drawbacks of existing solutions by considering an holistic approach to preserve patient's privacy and discuss the applied methods.

SECURITY AND PRIVACY ISSUES IN CLOUD COMPUTING

Directory of Open Access Journals (Sweden)

Amina AIT OUAHMAN

2014-10-01

Full Text Available Today, cloud computing is defined and talked about across the ICT industry under different contexts and with different definitions attached to it. It is a new paradigm in the evolution of Information Technology, as it is one of the biggest revolutions in this field to have taken place in recent times. According to the National Institute for Standards and Technology (NIST, “cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services that can be rapidly provisioned and released with minimal management effort or service provider interaction” [1]. The importance of Cloud Computing is increasing and it is receiving a growing attention in the scientific and industrial communities. A study by Gartner [2] considered Cloud Computing as the first among the top 10 most important technologies and with a better prospect in successive years by companies and organizations. Clouds bring out tremendous benefits for both individuals and enterprises. Clouds support economic savings, outsourcing mechanisms, resource sharing, any-where any-time accessibility, on-demand scalability, and service flexibility. Clouds minimize the need for user involvement by masking technical details such as software upgrades, licenses, and maintenance from its customers. Clouds could also offer better security advantages over individual server deployments. Since a cloud aggregates resources, cloud providers charter expert security personnel while typical companies could be limited with a network administrator who might not be well versed in cyber security issues. The new concepts introduced by the clouds, such as computation outsourcing, resource sharing, and external data warehousing, increase the security and privacy concerns and create new security challenges. Moreover, the large scale of the clouds, the proliferation of mobile access devices (e

Because we care: Privacy Dashboard on Firefox OS

OpenAIRE

Piekarska, Marta; Zhou, Yun; Strohmeier, Dominik; Raake, Alexander

2015-01-01

In this paper we present the Privacy Dashboard -- a tool designed to inform and empower the people using mobile devices, by introducing features such as Remote Privacy Protection, Backup, Adjustable Location Accuracy, Permission Control and Secondary-User Mode. We have implemented our solution on FirefoxOS and conducted user studies to verify the usefulness and usability of our tool. The paper starts with a discussion of different aspects of mobile privacy, how users perceive it and how much ...

Market Reactions to Publicly Announced Privacy and Security Breaches Suffered by Companies Listed on the United States Stock Exchanges: A Comparative Empirical Investigation

Science.gov (United States)

Coronado, Adolfo S.

2012-01-01

Using a sample of security and privacy breaches the present research examines the comparative announcement impact between the two types of events. The first part of the dissertation analyzes the impact of publicly announced security and privacy breaches on abnormal stock returns, the change in firm risk, and abnormal trading volume are measured.…

A privacy preserving secure and efficient authentication scheme for telecare medical information systems.

Science.gov (United States)

Mishra, Raghavendra; Barnwal, Amit Kumar

2015-05-01

The Telecare medical information system (TMIS) presents effective healthcare delivery services by employing information and communication technologies. The emerging privacy and security are always a matter of great concern in TMIS. Recently, Chen at al. presented a password based authentication schemes to address the privacy and security. Later on, it is proved insecure against various active and passive attacks. To erase the drawbacks of Chen et al.'s anonymous authentication scheme, several password based authentication schemes have been proposed using public key cryptosystem. However, most of them do not present pre-smart card authentication which leads to inefficient login and password change phases. To present an authentication scheme with pre-smart card authentication, we present an improved anonymous smart card based authentication scheme for TMIS. The proposed scheme protects user anonymity and satisfies all the desirable security attributes. Moreover, the proposed scheme presents efficient login and password change phases where incorrect input can be quickly detected and a user can freely change his password without server assistance. Moreover, we demonstrate the validity of the proposed scheme by utilizing the widely-accepted BAN (Burrows, Abadi, and Needham) logic. The proposed scheme is also comparable in terms of computational overheads with relevant schemes.

A security and privacy preserving e-prescription system based on smart cards.

Science.gov (United States)

Hsu, Chien-Lung; Lu, Chung-Fu

2012-12-01

In 2002, Ateniese and Medeiros proposed an e-prescription system, in which the patient can store e-prescription and related information using smart card. Latter, Yang et al. proposed a novel smart-card based e-prescription system based on Ateniese and Medeiros's system in 2004. Yang et al. considered the privacy issues of prescription data and adopted the concept of a group signature to provide patient's privacy protection. To make the e-prescription system more realistic, they further applied a proxy signature to allow a patient to delegate his signing capability to other people. This paper proposed a novel security and privacy preserving e-prescription system model based on smart cards. A new role, chemist, is included in the system model for settling the medicine dispute. We further presented a concrete identity-based (ID-based) group signature scheme and an ID-based proxy signature scheme to realize the proposed model. Main property of an ID-based system is that public key is simple user's identity and can be verified without extra public key certificates. Our ID-based group signature scheme can allow doctors to sign e-prescription anonymously. In a case of a medical dispute, identities of the doctors can be identified. The proposed ID-based proxy signature scheme can improve signing delegation and allows a delegation chain. The proposed e-prescription system based on our proposed two cryptographic schemes is more practical and efficient than Yang et al.'s system in terms of security, communication overheads, computational costs, practical considerations.

Biometric security and privacy opportunities & challenges in the big data era

CERN Document Server

Al-maadeed, Somaya; Bouridane, Ahmed; Crookes, Prof; Beghdadi, Azeddine

2017-01-01

This book highlights recent research advances on biometrics using new methods such as deep learning, nonlinear graph embedding, fuzzy approaches, and ensemble learning. Included are special biometric technologies related to privacy and security issues, such as quality issue, biometric template protection, and anti-spoofing. The book also focuses on several emerging topics such as big data issues, mobile biometrics and multispectral biometrics, and includes a number of new biometrics such as vein pattern, acoustic biometrics, eye-blinking EOG, ECG, gait and handwriting. Authors also show how to use biometrics in cyber security applications and its relevant legal matters under EU legislation. The contributors cover the topics, their methods, and their applications in depth.

Secure Mix-Zones for Privacy Protection of Road Network Location Based Services Users

Directory of Open Access Journals (Sweden)

Rubina S. Zuberi

2016-01-01

Full Text Available Privacy has been found to be the major impediment and hence the area to be worked out for the provision of Location Based Services in the wide sense. With the emergence of smart, easily portable, communicating devices, information acquisition is achieving new domains. The work presented here is an extension of the ongoing work towards achieving privacy for the present day emerging communication techniques. This work emphasizes one of the most effective real-time privacy enhancement techniques called Mix-Zones. In this paper, we have presented a model of a secure road network with Mix-Zones getting activated on the basis of spatial as well as temporal factors. The temporal factors are ascertained by the amount of traffic and its flow. The paper also discusses the importance of the number of Mix-Zones a user traverses and their mixing effectiveness. We have also shown here using our simulations which are required for the real-time treatment of the problem that the proposed transient Mix-Zones are part of a viable and robust solution towards the road network privacy protection of the communicating moving objects of the present scenario.

Privacy Breach Analysis in Social Networks

Science.gov (United States)

Nagle, Frank

This chapter addresses various aspects of analyzing privacy breaches in social networks. We first review literature that defines three types of privacy breaches in social networks: interactive, active, and passive. We then survey the various network anonymization schemes that have been constructed to address these privacy breaches. After exploring these breaches and anonymization schemes, we evaluate a measure for determining the level of anonymity inherent in a network graph based on its topological structure. Finally, we close by emphasizing the difficulty of anonymizing social network data while maintaining usability for research purposes and offering areas for future work.

How to capture, model, and verify the knowledge of legal, security, and privacy experts: A pattern-based approach

NARCIS (Netherlands)

Compagna, L.; El Khoury, P.; Massacci, F.; Thomas, R.; Zannone, N.

2007-01-01

Laws set requirements that force organizations to assess the security and privacy of their IT systems and impose the adoption of the implementation of minimal precautionary security measures. Several frameworks have been proposed to deal with thii issue. For instance, purpose-based access control is

Improving System Security and User Privacy in Secure Electronic Transaction (SET) with X.509 v3 Certificate

OpenAIRE

Saidu Muhammad

2015-01-01

With the advancement of internets, user’s transaction is at ease, timely manner and effective wise through online payment method, so also cybercriminals become increasingly more prompt in areas like e-commerce sites, financial institutions, payment processes and other online transactions. Therefore the need for the system security and privacy became the central issues for the acceptance of online payment methods in particular and growth of the Internet market in general. Using SET...

Inter-organizational future proof EHR systems A review of the security and privacy related issues

NARCIS (Netherlands)

van der Linden, Helma; Kalra, Dipak; Hasman, Arie; Talmon, Jan

2009-01-01

OBJECTIVES: Identification and analysis of privacy and security related issues that occur when health information is exchanged between health care organizations. METHODS: Based on a generic scenario questions were formulated to reveal the occurring issues. Possible answers were verified in

Business-Intelligence-Systeme im Spannungsfeld zwischen Usability und Sicherheit

OpenAIRE

Hinck, Thorsten

2010-01-01

Business-Intelligence-Systeme stehen im Spannungsfeld zwischen Usability und Sicherheit. Die Gefahren und Sicherheitsmaßnahmen für Informationssysteme werden ermittelt und ökonomisch in Bezug zur Gebrauchstauglichkeit gesetzt. Es entsteht ein Sicherheitsprofil für Business-Intelligence-Systeme. Business-Intelligence-Systems are in tension between Usability and IT-Security. Risks and safety measures of informationsystems are defined and set in (economic) regard to Usability. A security prof...

Cybersecurity and Privacy

DEFF Research Database (Denmark)

he huge potential in future connected services has as a precondition that privacy and security needs are dealt with in order for new services to be accepted. This issue is increasingly on the agenda both at the company and at individual level. Cybersecurity and Privacy – bridging the gap addresses...... two very complex fields of the digital world, i.e., Cybersecurity and Privacy. These multifaceted, multidisciplinary and complex issues are usually understood and valued differently by different individuals, data holders and legal bodies. But a change in one field immediately affects the others....... Policies, frameworks, strategies, laws, tools, techniques, and technologies – all of these are tightly interwoven when it comes to security and privacy. This book is another attempt to bridge the gap between the industry and academia. The book addresses the views from academia and industry on the subject...

The War Against Terror and Transatlantic Information Sharing: Spillovers of Privacy or Spillovers of Security?

Directory of Open Access Journals (Sweden)

Maria Tzanou

2015-02-01

Full Text Available The EU-US Passenger Name Record (PNR agreement has been among the most controversial instruments in the fight against terrorism that the EU negotiated with the US after the 9/11 terrorist attacks. The agreement has been heavily criticised for its implications regarding fundamental rights, in particular the rights to privacy and data protection. Nevertheless, the EU has put forward plans to develop its own PNR programme. The present article aims to examine the new dynamics concerning privacy that arise from the transatlantic fight against terrorism. It argues that, while attempts for the development of a transatlantic privacy protection framework have been made, ‘spillovers’ of security, taking the form of internalisation of external counter-terrorism measures, are prevalent in the era of the war against terror.

Modeling the Non-functional Requirements in the Context of Usability, Performance, Safety and Security

OpenAIRE

Sadiq, Mazhar

2007-01-01

Requirement engineering is the most significant part of the software development life cycle. Until now great emphasis has been put on the maturity of the functional requirements. But with the passage of time it reveals that the success of software development does not only pertain to the functional requirements rather non-functional requirements should also be taken into consideration. Among the non-functional requirements usability, performance, safety and security are considered important. ...

Students and Taxes: a Privacy-Preserving Study Using Secure Computation

Directory of Open Access Journals (Sweden)

Bogdanov Dan

2016-07-01

Full Text Available We describe the use of secure multi-party computation for performing a large-scale privacy-preserving statistical study on real government data. In 2015, statisticians from the Estonian Center of Applied Research (CentAR conducted a big data study to look for correlations between working during university studies and failing to graduate in time. The study was conducted by linking the database of individual tax payments from the Estonian Tax and Customs Board and the database of higher education events from the Ministry of Education and Research. Data collection, preparation and analysis were conducted using the Share-mind secure multi-party computation system that provided end-to-end cryptographic protection to the analysis. Using ten million tax records and half a million education records in the analysis, this is the largest cryptographically private statistical study ever conducted on real data.

A home healthcare system in the cloud - Addressing security and privacy challenges

OpenAIRE

Deng M.; Petkovic M.; Nalin M.; Baroni I.

2011-01-01

Cloud computing is an emerging technology that is expected to support Internet scale critical applications which could be essential to the healthcare sector. Its scalability, resilience, adaptability, connectivity, cost reduction, and high performance features have high potential to lift the efficiency and quality of healthcare. However,it is also important to understand specific risks related to security and privacy that this technology brings. This paper focuses on a home healthcare system ...

Privacy preservation and authentication on secure geographical routing in VANET

Science.gov (United States)

Punitha, A.; Manickam, J. Martin Leo

2017-05-01

Vehicular Ad hoc Networks (VANETs) play an important role in vehicle-to-vehicle communication as it offers a high level of safety and convenience to drivers. In order to increase the level of security and safety in VANETs, in this paper, we propose a Privacy Preservation and Authentication on Secure Geographical Routing Protocol (PPASGR) for VANET. It provides security by detecting and preventing malicious nodes through two directional antennas such as forward (f-antenna) and backward (b-antenna). The malicious nodes are detected by direction detection, consistency detection and conflict detection. The location of the trusted neighbour is identified using TNT-based location verification scheme after the implementation of the Vehicle Tamper Proof Device (VTPD), Trusted Authority (TA) is generated that produces the anonymous credentials. Finally, VTPD generates pseudo-identity using TA which retrieves the real identity of the sender. Through this approach, the authentication, integrity and confidentiality for routing packets can be achieved. The simulation results show that the proposed approach reduces the packet drop due to attack and improves the packet delivery ratio.

Advanced research in data privacy

CERN Document Server

Torra, Vicenç

2015-01-01

This book provides an overview of the research work on data privacy and privacy enhancing technologies carried by the participants of the ARES project. ARES (Advanced Research in Privacy an Security, CSD2007-00004) has been one of the most important research projects funded by the Spanish Government in the fields of computer security and privacy. It is part of the now extinct CONSOLIDER INGENIO 2010 program, a highly competitive program which aimed to advance knowledge and open new research lines among top Spanish research groups. The project started in 2007 and will finish this 2014. Composed by 6 research groups from 6 different institutions, it has gathered an important number of researchers during its lifetime. Among the work produced by the ARES project, one specific work package has been related to privacy. This books gathers works produced by members of the project related to data privacy and privacy enhancing technologies. The presented works not only summarize important research carried in the proje...

Foreword for the special issue of selected papers from the 1st ECML/PKDD Workshop on Privacy and Security issues in Data Mining and Machine Learning

OpenAIRE

Aris Gkoulalas-Divanis; Yucel Saygin; Vassilios S. Verykios

2011-01-01

The first Workshop on Privacy and Security issues in Data Mining and Machine Learning (PSDML 2010) was organized on September 24, 2010 at Barcelona, Spain, in conjunction with the European Conference on Machine Learning and Principles and Practice of Knowledge Discovery in Databases (ECML PKDD). Privacy and security-related aspects of data mining and machine learning have been the topic of active research during the last decade due to the existence of numerous applications with privacy and/or...

Secure and scalable deduplication of horizontally partitioned health data for privacy-preserving distributed statistical computation.

Science.gov (United States)

Yigzaw, Kassaye Yitbarek; Michalas, Antonis; Bellika, Johan Gustav

2017-01-03

Techniques have been developed to compute statistics on distributed datasets without revealing private information except the statistical results. However, duplicate records in a distributed dataset may lead to incorrect statistical results. Therefore, to increase the accuracy of the statistical analysis of a distributed dataset, secure deduplication is an important preprocessing step. We designed a secure protocol for the deduplication of horizontally partitioned datasets with deterministic record linkage algorithms. We provided a formal security analysis of the protocol in the presence of semi-honest adversaries. The protocol was implemented and deployed across three microbiology laboratories located in Norway, and we ran experiments on the datasets in which the number of records for each laboratory varied. Experiments were also performed on simulated microbiology datasets and data custodians connected through a local area network. The security analysis demonstrated that the protocol protects the privacy of individuals and data custodians under a semi-honest adversarial model. More precisely, the protocol remains secure with the collusion of up to N - 2 corrupt data custodians. The total runtime for the protocol scales linearly with the addition of data custodians and records. One million simulated records distributed across 20 data custodians were deduplicated within 45 s. The experimental results showed that the protocol is more efficient and scalable than previous protocols for the same problem. The proposed deduplication protocol is efficient and scalable for practical uses while protecting the privacy of patients and data custodians.

Secure Group Formation Protocol for a Medical Sensor Network Prototype

DEFF Research Database (Denmark)

Andersen, Jacob

2009-01-01

, and experience from user workshops and observations of clinicians at work on a hospital ward show that if the security mechanisms are not well designed, the technology is either rejected altogether, or they are circumvented leaving the system wide open to attacks. Our work targets the problem of designing......Designing security mechanisms such as privacy and access control for medical sensor networks is a challenging task; as such systems may be operated very frequently, at a quick pace, and at times in emergency situations. Understandably, clinicians hold extra unproductive tasks in low regard...... wireless sensors to be both secure and usable by exploring different solutions on a fully functional prototype platform. In this paper, we present an Elliptic Curve Cryptography (ECC) based protocol, which offers fully secure sensor set-up in a few seconds on standard (Telos) hardware. We evaluate...

Archiving Data from New Survey Technologies: Lessons Learned on Enabling Research with High-Precision Data While Preserving Participant Privacy: Preprint

Energy Technology Data Exchange (ETDEWEB)

Gonder, J.; Burton, E.; Murakami, E.

2014-11-01

During the past 15 years, increasing numbers of organizations and planning agencies have begun collecting high-resolution Global Positioning System (GPS) travel data. Despite the significant effort and expense to collect it, privacy concerns often lead to underutilization of the data. To address this dilemma of providing data access while preserving privacy, the National Renewable Energy Laboratory, with support from the U.S. Department of Transportation and U.S. Department of Energy, established the Transportation Secure Data Center (TSDC). Lessons drawn from best-practice examples from other data centers have helped shape the structure and operating procedures for the TSDC, which functions under the philosophy of first and foremost preserving privacy, but doing so in a way that balances security with accessibility and usability of the data for legitimate research. This paper provides details about the TSDC approach toward achieving these goals, which has included creating a secure enclave with no external access for backing up and processing raw data, a publicly accessible website for downloading cleansed data, and a secure portal environment through which approved users can work with detailed spatial data using a variety of tools and reference information. This paper also describes lessons learned from operating the TSDC with respect to improvements in GPS data handling, processing, and user support, along with plans for continual enhancements to better support the needs of both data providers and users and to thus advance the research value derived from such valuable data.

A Research on Issues Related to RFID Security and Privacy

Science.gov (United States)

Kim, Jongki; Yang, Chao; Jeon, Jinhwan

Radio Frequency Identification (RFID) is a technology for automated identification of objects and people. RFID systems have been gaining more popularity in areas especially in supply chain management and automated identification systems. However, there are many existing and potential problems in the RFID systems which could threat the technology's future. To successfully adopt RFID technology in various applications, we need to develop the solutions to protect the RFID system's data information. This study investigates important issues related to privacy and security of RFID based on the recent literature and suggests solutions to cope with the problem.

Towards a privacy preserving cohort discovery framework for clinical research networks.

Science.gov (United States)

Yuan, Jiawei; Malin, Bradley; Modave, François; Guo, Yi; Hogan, William R; Shenkman, Elizabeth; Bian, Jiang

2017-02-01

The last few years have witnessed an increasing number of clinical research networks (CRNs) focused on building large collections of data from electronic health records (EHRs), claims, and patient-reported outcomes (PROs). Many of these CRNs provide a service for the discovery of research cohorts with various health conditions, which is especially useful for rare diseases. Supporting patient privacy can enhance the scalability and efficiency of such processes; however, current practice mainly relies on policy, such as guidelines defined in the Health Insurance Portability and Accountability Act (HIPAA), which are insufficient for CRNs (e.g., HIPAA does not require encryption of data - which can mitigate insider threats). By combining policy with privacy enhancing technologies we can enhance the trustworthiness of CRNs. The goal of this research is to determine if searchable encryption can instill privacy in CRNs without sacrificing their usability. We developed a technique, implemented in working software to enable privacy-preserving cohort discovery (PPCD) services in large distributed CRNs based on elliptic curve cryptography (ECC). This technique also incorporates a block indexing strategy to improve the performance (in terms of computational running time) of PPCD. We evaluated the PPCD service with three real cohort definitions: (1) elderly cervical cancer patients who underwent radical hysterectomy, (2) oropharyngeal and tongue cancer patients who underwent robotic transoral surgery, and (3) female breast cancer patients who underwent mastectomy) with varied query complexity. These definitions were tested in an encrypted database of 7.1 million records derived from the publically available Healthcare Cost and Utilization Project (HCUP) Nationwide Inpatient Sample (NIS). We assessed the performance of the PPCD service in terms of (1) accuracy in cohort discovery, (2) computational running time, and (3) privacy afforded to the underlying records during PPCD. The

Security and Privacy Qualities of Medical Devices: An Analysis of FDA Postmarket Surveillance

OpenAIRE

Ransford, Benjamin; Molina-Markham, Andres; Stewart, Quinn; Fu, Kevin; Kramer, Daniel Bruce; Baker, Matthew Charles; Reynolds, Matthew R.

2012-01-01

Background: Medical devices increasingly depend on computing functions such as wireless communication and Internet connectivity for software-based control of therapies and network-based transmission of patients’ stored medical information. These computing capabilities introduce security and privacy risks, yet little is known about the prevalence of such risks within the clinical setting. Methods: We used three comprehensive, publicly available databases maintained by the Food and Drug Admini...

A Secure and Privacy-Preserving Targeted Ad-System

Science.gov (United States)

Androulaki, Elli; Bellovin, Steven M.

Thanks to its low product-promotion cost and its efficiency, targeted online advertising has become very popular. Unfortunately, being profile-based, online advertising methods violate consumers' privacy, which has engendered resistance to the ads. However, protecting privacy through anonymity seems to encourage click-fraud. In this paper, we define consumer's privacy and present a privacy-preserving, targeted ad system (PPOAd) which is resistant towards click fraud. Our scheme is structured to provide financial incentives to all entities involved.

Electronic Communication of Protected Health Information: Privacy, Security, and HIPAA Compliance.

Science.gov (United States)

Drolet, Brian C; Marwaha, Jayson S; Hyatt, Brad; Blazar, Phillip E; Lifchez, Scott D

2017-06-01

Technology has enhanced modern health care delivery, particularly through accessibility to health information and ease of communication with tools like mobile device messaging (texting). However, text messaging has created new risks for breach of protected health information (PHI). In the current study, we sought to evaluate hand surgeons' knowledge and compliance with privacy and security standards for electronic communication by text message. A cross-sectional survey of the American Society for Surgery of the Hand membership was conducted in March and April 2016. Descriptive and inferential statistical analyses were performed of composite results as well as relevant subgroup analyses. A total of 409 responses were obtained (11% response rate). Although 63% of surgeons reported that they believe that text messaging does not meet Health Insurance Portability and Accountability Act of 1996 security standards, only 37% reported they do not use text messages to communicate PHI. Younger surgeons and respondents who believed that their texting was compliant were statistically significantly more like to report messaging of PHI (odds ratio, 1.59 and 1.22, respectively). A majority of hand surgeons in this study reported the use of text messaging to communicate PHI. Of note, neither the Health Insurance Portability and Accountability Act of 1996 statute nor US Department of Health and Human Services specifically prohibits this form of electronic communication. To be compliant, surgeons, practices, and institutions need to take reasonable security precautions to prevent breach of privacy with electronic communication. Communication of clinical information by text message is not prohibited under Health Insurance Portability and Accountability Act of 1996, but surgeons should use appropriate safeguards to prevent breach when using this form of communication. Copyright © 2017 American Society for Surgery of the Hand. Published by Elsevier Inc. All rights reserved.

Privacy and information security risks in a technology platform for home-based chronic disease rehabilitation and education.

Science.gov (United States)

Henriksen, Eva; Burkow, Tatjana M; Johnsen, Elin; Vognild, Lars K

2013-08-09

Privacy and information security are important for all healthcare services, including home-based services. We have designed and implemented a prototype technology platform for providing home-based healthcare services. It supports a personal electronic health diary and enables secure and reliable communication and interaction with peers and healthcare personnel. The platform runs on a small computer with a dedicated remote control. It is connected to the patient's TV and to a broadband Internet. The platform has been tested with home-based rehabilitation and education programs for chronic obstructive pulmonary disease and diabetes. As part of our work, a risk assessment of privacy and security aspects has been performed, to reveal actual risks and to ensure adequate information security in this technical platform. Risk assessment was performed in an iterative manner during the development process. Thus, security solutions have been incorporated into the design from an early stage instead of being included as an add-on to a nearly completed system. We have adapted existing risk management methods to our own environment, thus creating our own method. Our method conforms to ISO's standard for information security risk management. A total of approximately 50 threats and possible unwanted incidents were identified and analysed. Among the threats to the four information security aspects: confidentiality, integrity, availability, and quality; confidentiality threats were identified as most serious, with one threat given an unacceptable level of High risk. This is because health-related personal information is regarded as sensitive. Availability threats were analysed as low risk, as the aim of the home programmes is to provide education and rehabilitation services; not for use in acute situations or for continuous health monitoring. Most of the identified threats are applicable for healthcare services intended for patients or citizens in their own homes. Confidentiality

77 FR 74913 - Privacy Act of 1974, as Amended; Computer Matching Program (Social Security Administration (SSA...

Science.gov (United States)

2012-12-18

...; Computer Matching Program (Social Security Administration (SSA)/Office of Personnel Management (OPM.... SUPPLEMENTARY INFORMATION: A. General The Computer Matching and Privacy Protection Act of 1988 (Public Law (Pub... computer matching involving the Federal government could be performed and adding certain protections for...

Kaleidoscope on the Internet of Toys: Safety, security, privacy and societal insights

OpenAIRE

CHAUDRON STEPHANE; DI GIOIA Rosanna; GEMO Monica; HOLLOWAY Donell; MARSH Jackie; MASCHERONI Giovanna; PETER Jochen; YAMADA-RICE Dylan

2016-01-01

This paper gives an insight on safety, security, privacy and scocietal questions emerging from the rise of the Internet of Toys, meaning Internet Connected Toys that participate along with the wave of other domestic connected objects, the Internet of Things in increasing the ubiquity of the ICT within our everyday, closer to ourselves and our children more than ever. What changes and challenges 24/7 Internet connected devices, and Connected Toys particularly, will bring in our Society? What p...

The secret to health information technology's success within the diabetes patient population: a comprehensive privacy and security framework.

Science.gov (United States)

Pandya, Sheel M

2010-05-01

Congress made an unprecedented investment in health information technology (IT) when it passed the American Recovery and Reinvestment Act in February 2009. Health IT provides enormous opportunities to improve health care quality, reduce costs, and engage patients in their own care. But the potential payoff for use of health IT for diabetes care is magnified given the prevalence, cost, and complexity of the disease. However, without proper privacy and security protections in place, diabetes patient data are at risk of misuse, and patient trust in the system is undermined. We need a comprehensive privacy and security framework that articulates clear parameters for access, use, and disclosure of diabetes patient data for all entities storing and exchanging electronic data. (c) 2010 Diabetes Technology Society.

The Effectiveness of Health Care Information Technologies: Evaluation of Trust, Security Beliefs, and Privacy as Determinants of Health Care Outcomes

Science.gov (United States)

2018-01-01

Background The diffusion of health information technologies (HITs) within the health care sector continues to grow. However, there is no theory explaining how success of HITs influences patient care outcomes. With the increase in data breaches, HITs’ success now hinges on the effectiveness of data protection solutions. Still, empirical research has only addressed privacy concerns, with little regard for other factors of information assurance. Objective The objective of this study was to study the effectiveness of HITs using the DeLone and McLean Information Systems Success Model (DMISSM). We examined the role of information assurance constructs (ie, the role of information security beliefs, privacy concerns, and trust in health information) as measures of HIT effectiveness. We also investigated the relationships between information assurance and three aspects of system success: attitude toward health information exchange (HIE), patient access to health records, and perceived patient care quality. Methods Using structural equation modeling, we analyzed the data from a sample of 3677 cancer patients from a public dataset. We used R software (R Project for Statistical Computing) and the Lavaan package to test the hypothesized relationships. Results Our extension of the DMISSM to health care was supported. We found that increased privacy concerns reduce the frequency of patient access to health records use, positive attitudes toward HIE, and perceptions of patient care quality. Also, belief in the effectiveness of information security increases the frequency of patient access to health records and positive attitude toward HIE. Trust in health information had a positive association with attitudes toward HIE and perceived patient care quality. Trust in health information had no direct effect on patient access to health records; however, it had an indirect relationship through privacy concerns. Conclusions Trust in health information and belief in the effectiveness of

The Effectiveness of Health Care Information Technologies: Evaluation of Trust, Security Beliefs, and Privacy as Determinants of Health Care Outcomes.

Science.gov (United States)

Kisekka, Victoria; Giboney, Justin Scott

2018-04-11

The diffusion of health information technologies (HITs) within the health care sector continues to grow. However, there is no theory explaining how success of HITs influences patient care outcomes. With the increase in data breaches, HITs' success now hinges on the effectiveness of data protection solutions. Still, empirical research has only addressed privacy concerns, with little regard for other factors of information assurance. The objective of this study was to study the effectiveness of HITs using the DeLone and McLean Information Systems Success Model (DMISSM). We examined the role of information assurance constructs (ie, the role of information security beliefs, privacy concerns, and trust in health information) as measures of HIT effectiveness. We also investigated the relationships between information assurance and three aspects of system success: attitude toward health information exchange (HIE), patient access to health records, and perceived patient care quality. Using structural equation modeling, we analyzed the data from a sample of 3677 cancer patients from a public dataset. We used R software (R Project for Statistical Computing) and the Lavaan package to test the hypothesized relationships. Our extension of the DMISSM to health care was supported. We found that increased privacy concerns reduce the frequency of patient access to health records use, positive attitudes toward HIE, and perceptions of patient care quality. Also, belief in the effectiveness of information security increases the frequency of patient access to health records and positive attitude toward HIE. Trust in health information had a positive association with attitudes toward HIE and perceived patient care quality. Trust in health information had no direct effect on patient access to health records; however, it had an indirect relationship through privacy concerns. Trust in health information and belief in the effectiveness of information security safeguards increases

Secure and Usable User-in-a-Context Continuous Authentication in Smartphones Leveraging Non-Assisted Sensors

Directory of Open Access Journals (Sweden)

Jose Maria de Fuentes

2018-04-01

Full Text Available Smartphones are equipped with a set of sensors that describe the environment (e.g., GPS, noise, etc. and their current status and usage (e.g., battery consumption, accelerometer readings, etc.. Several works have already addressed how to leverage such data for user-in-a-context continuous authentication, i.e., determining if the porting user is the authorized one and resides in his regular physical environment. This can be useful for an early reaction against robbery or impersonation. However, most previous works depend on assisted sensors, i.e., they rely upon immutable elements (e.g., cell towers, satellites, magnetism, thus being ineffective in their absence. Moreover, they focus on accuracy aspects, neglecting usability ones. For this purpose, in this paper, we explore the use of four non-assisted sensors, namely battery, transmitted data, ambient light and noise. Our approach leverages data stream mining techniques and offers a tunable security-usability trade-off. We assess the accuracy, immediacy, usability and readiness of the proposal. Results on 50 users over 24 months show that battery readings alone achieve 97.05% of accuracy and 81.35% for audio, light and battery all together. Moreover, when usability is at stake, robbery is detected in 100 s for the case of battery and in 250 s when audio, light and battery are applied. Remarkably, these figures are obtained with moderate training and storage needs, thus making the approach suitable for current devices.

Secure and Usable User-in-a-Context Continuous Authentication in Smartphones Leveraging Non-Assisted Sensors.

Science.gov (United States)

de Fuentes, Jose Maria; Gonzalez-Manzano, Lorena; Ribagorda, Arturo

2018-04-16

Smartphones are equipped with a set of sensors that describe the environment (e.g., GPS, noise, etc.) and their current status and usage (e.g., battery consumption, accelerometer readings, etc.). Several works have already addressed how to leverage such data for user-in-a-context continuous authentication, i.e., determining if the porting user is the authorized one and resides in his regular physical environment. This can be useful for an early reaction against robbery or impersonation. However, most previous works depend on assisted sensors, i.e., they rely upon immutable elements (e.g., cell towers, satellites, magnetism), thus being ineffective in their absence. Moreover, they focus on accuracy aspects, neglecting usability ones. For this purpose, in this paper, we explore the use of four non-assisted sensors, namely battery, transmitted data, ambient light and noise. Our approach leverages data stream mining techniques and offers a tunable security-usability trade-off. We assess the accuracy, immediacy, usability and readiness of the proposal. Results on 50 users over 24 months show that battery readings alone achieve 97.05% of accuracy and 81.35% for audio, light and battery all together. Moreover, when usability is at stake, robbery is detected in 100 s for the case of battery and in 250 s when audio, light and battery are applied. Remarkably, these figures are obtained with moderate training and storage needs, thus making the approach suitable for current devices.

Privacy-invading technologies : safeguarding privacy, liberty & security in the 21st century

NARCIS (Netherlands)

Klitou, Demetrius

2012-01-01

With a focus on the growing development and deployment of the latest technologies that threaten privacy, the PhD dissertation argues that the US and UK legal frameworks, in their present form, are inadequate to defend privacy and other civil liberties against the intrusive capabilities of body

Smart grid security

Energy Technology Data Exchange (ETDEWEB)

Cuellar, Jorge (ed.) [Siemens AG, Muenchen (Germany). Corporate Technology

2013-11-01

The engineering, deployment and security of the future smart grid will be an enormous project requiring the consensus of many stakeholders with different views on the security and privacy requirements, not to mention methods and solutions. The fragmentation of research agendas and proposed approaches or solutions for securing the future smart grid becomes apparent observing the results from different projects, standards, committees, etc, in different countries. The different approaches and views of the papers in this collection also witness this fragmentation. This book contains the following papers: 1. IT Security Architecture Approaches for Smart Metering and Smart Grid. 2. Smart Grid Information Exchange - Securing the Smart Grid from the Ground. 3. A Tool Set for the Evaluation of Security and Reliability in Smart Grids. 4. A Holistic View of Security and Privacy Issues in Smart Grids. 5. Hardware Security for Device Authentication in the Smart Grid. 6. Maintaining Privacy in Data Rich Demand Response Applications. 7. Data Protection in a Cloud-Enabled Smart Grid. 8. Formal Analysis of a Privacy-Preserving Billing Protocol. 9. Privacy in Smart Metering Ecosystems. 10. Energy rate at home Leveraging ZigBee to Enable Smart Grid in Residential Environment.

Security for 4G and 5G Cellular Networks: A Survey of Existing Authentication and Privacy-preserving Schemes

OpenAIRE

Ferrag, Mohamed Amine; Maglaras, Leandros; Argyriou, Antonios; Kosmanos, Dimitrios; Janicke, Helge

2017-01-01

This paper presents a comprehensive survey of existing authentication and privacy-preserving schemes for 4G and 5G cellular networks. We start by providing an overview of existing surveys that deal with 4G and 5G communications, applications, standardization, and security. Then, we give a classification of threat models in 4G and 5G cellular networks in four categories, including, attacks against privacy, attacks against integrity, attacks against availability, and attacks against authenticat...

Uniting Legislation with RFID Privacy-Enhancing Technologies

NARCIS (Netherlands)

Rieback, M.R.; Crispo, B.; Tanenbaum, A.S.

2005-01-01

RFID is a popular identification and automation technology with serious security and privacy threats. Legislation expounds upon the actual security and privacy needs of people in RFID-enabled environments, while technology helps to ensure legal compliance. This paper examines the main aims of RFID

Control and Assurance in E-Commerce: Privacy, Integrity and Security at eBay

OpenAIRE

Rong-Ruey Duh; Karim Jamal; Shyam NMI Sunder

2001-01-01

Growth of online auctions and other forms of e-commerce has been hampered by concerns about the privacy, integrity, and security of online transactions. To earn the trust of their participants, new e-commerce organizations, like traditional organizations, have to reach the state of expectations equilibrium or control - a state where the actual behavior of participants corresponds to what others expect them to do. Since e-commerce companies provide electronic platforms where buyers and sellers...

5G Visions of User Privacy

DEFF Research Database (Denmark)

Sørensen, Lene Tolstrup; Khajuria, Samant; Skouby, Knud Erik

2015-01-01

Currently, the discussions are going on the elements and definition of 5G networks. One of the elements in this discussion is how to provide for user controlled privacy for securing users' digital interaction. The purpose of this paper is to present elements of user controlled privacy needed...... for the future 5G networks. The paper concludes that an ecosystem consisting of Trusted Third Party between the end user and the service providers as a distributed system could be integrated to secure the perspective of user controlled privacy for future systems...

Customer privacy on UK healthcare websites.

Science.gov (United States)

Mundy, Darren P

2006-09-01

Privacy has been and continues to be one of the key challenges of an age devoted to the accumulation, processing, and mining of electronic information. In particular, privacy of healthcare-related information is seen as a key issue as health organizations move towards the electronic provision of services. The aim of the research detailed in this paper has been to analyse privacy policies on popular UK healthcare-related websites to determine the extent to which consumer privacy is protected. The author has combined approaches (such as approaches focused on usability, policy content, and policy quality) used in studies by other researchers on e-commerce and US healthcare websites to provide a comprehensive analysis of UK healthcare privacy policies. The author identifies a wide range of issues related to the protection of consumer privacy through his research analysis using quantitative results. The main outcomes from the author's research are that only 61% of healthcare-related websites in their sample group posted privacy policies. In addition, most of the posted privacy policies had poor readability standards and included a variety of privacy vulnerability statements. Overall, the author's findings represent significant current issues in relation to healthcare information protection on the Internet. The hope is that raising awareness of these results will drive forward changes in the industry, similar to those experienced with information quality.

FCJ-195 Privacy, Responsibility, and Human Rights Activism

Directory of Open Access Journals (Sweden)

Becky Kazansky

2015-06-01

Full Text Available In this article, we argue that many difficulties associated with the protection of digital privacy are rooted in the framing of privacy as a predominantly individual responsibility. We examine how models of privacy protection, such as Notice and Choice, contribute to the ‘responsibilisation’ of human rights activists who rely on the use of technologies for their work. We also consider how a group of human rights activists countered technology-mediated threats that this ‘responsibilisation’ causes by developing a collective approach to address their digital privacy and security needs. We conclude this article by discussing how technological tools used to maintain or counter the loss of privacy can be improved in order to support the privacy and digital security of human rights activists.

Network security vulnerabilities and personal privacy issues in Healthcare Information Systems: a case study in a private hospital in Turkey.

Science.gov (United States)

Namoğlu, Nihan; Ulgen, Yekta

2013-01-01

Healthcare industry has become widely dependent on information technology and internet as it moves from paper to electronic records. Healthcare Information System has to provide a high quality service to patients and a productive knowledge share between healthcare staff by means of patient data. With the internet being commonly used across hospitals, healthcare industry got its own share from cyber threats like other industries in the world. The challenge is allowing knowledge transfer to hospital staff while still ensuring compliance with security mandates. Working in collaboration with a private hospital in Turkey; this study aims to reveal the essential elements of a 21st century business continuity plan for hospitals while presenting the security vulnerabilities in the current hospital information systems and personal privacy auditing standards proposed by regulations and laws. We will survey the accreditation criteria in Turkey and counterparts in US and EU. We will also interview with medical staff in the hospital to understand the needs for personal privacy and the technical staff to perceive the technical requirements in terms of network security configuration and deployment. As hospitals are adopting electronic transactions, it should be considered a must to protect these electronic health records in terms of personal privacy aspects.

Privacy-Preserving Biometric Authentication: Challenges and Directions

Directory of Open Access Journals (Sweden)

Elena Pagnin

2017-01-01

Full Text Available An emerging direction for authenticating people is the adoption of biometric authentication systems. Biometric credentials are becoming increasingly popular as a means of authenticating people due to the wide range of advantages that they provide with respect to classical authentication methods (e.g., password-based authentication. The most characteristic feature of this authentication method is the naturally strong bond between a user and her biometric credentials. This very same advantageous property, however, raises serious security and privacy concerns in case the biometric trait gets compromised. In this article, we present the most challenging issues that need to be taken into consideration when designing secure and privacy-preserving biometric authentication protocols. More precisely, we describe the main threats against privacy-preserving biometric authentication systems and give directions on possible countermeasures in order to design secure and privacy-preserving biometric authentication protocols.

75 FR 25870 - DHS Data Privacy and Integrity Advisory Committee

Science.gov (United States)

2010-05-10

... submissions must include the words ``Department of Homeland Security Data Privacy and Integrity Advisory..., DHS Data Privacy and Integrity Advisory Committee, Department of Homeland Security, Washington, DC... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2010-0035] DHS Data...

Security and Privacy of Sensitive Data in Cloud Computing: A Survey of Recent Developments

OpenAIRE

Gholami, Ali; Laure, Erwin

2016-01-01

Cloud computing is revolutionizing many ecosystems by providing organizations with computing resources featuring easy deployment, connectivity, configuration, automation and scalability. This paradigm shift raises a broad range of security and privacy issues that must be taken into consideration. Multi-tenancy, loss of control, and trust are key challenges in cloud computing environments. This paper reviews the existing technologies and a wide array of both earlier and state-of...

A secure data privacy preservation for on-demand

Directory of Open Access Journals (Sweden)

Dhasarathan Chandramohan

2017-04-01

Full Text Available This paper spotlights privacy and its obfuscation issues of intellectual, confidential information owned by insurance and finance sectors. Privacy risk in business era if authoritarians misuse secret information. Software interruptions in steeling digital data in the name of third party services. Liability in digital secrecy for the business continuity isolation, mishandling causing privacy breaching the vicinity and its preventive phenomenon is scrupulous in the cloud, where a huge amount of data is stored and maintained enormously. In this developing IT-world toward cloud, users privacy protection is becoming a big question , albeit cloud computing made changes in the computing field by increasing its effectiveness, efficiency and optimization of the service environment etc, cloud users data and their identity, reliability, maintainability and privacy may vary for different CPs (cloud providers. CP ensures that the user’s proprietary information is maintained more secretly with current technologies. More remarkable occurrence is even the cloud provider does not have suggestions regarding the information and the digital data stored and maintained globally anywhere in the cloud. The proposed system is one of the obligatory research issues in cloud computing. We came forward by proposing the Privacy Preserving Model to Prevent Digital Data Loss in the Cloud (PPM–DDLC. This proposal helps the CR (cloud requester/users to trust their proprietary information and data stored in the cloud.

Privacy Act

Science.gov (United States)

Learn about the Privacy Act of 1974, the Electronic Government Act of 2002, the Federal Information Security Management Act, and other information about the Environmental Protection Agency maintains its records.

Information security: where computer science, economics and psychology meet.

Science.gov (United States)

Anderson, Ross; Moore, Tyler

2009-07-13

Until ca. 2000, information security was seen as a technological discipline, based on computer science but with mathematics helping in the design of ciphers and protocols. That perspective started to change as researchers and practitioners realized the importance of economics. As distributed systems are increasingly composed of machines that belong to principals with divergent interests, incentives are becoming as important to dependability as technical design. A thriving new field of information security economics provides valuable insights not just into 'security' topics such as privacy, bugs, spam and phishing, but into more general areas of system dependability and policy. This research programme has recently started to interact with psychology. One thread is in response to phishing, the most rapidly growing form of online crime, in which fraudsters trick people into giving their credentials to bogus websites; a second is through the increasing importance of security usability; and a third comes through the psychology-and-economics tradition. The promise of this multidisciplinary research programme is a novel framework for analysing information security problems-one that is both principled and effective.

Privacy-Preserving Self-Helped Medical Diagnosis Scheme Based on Secure Two-Party Computation in Wireless Sensor Networks

Directory of Open Access Journals (Sweden)

Yi Sun

2014-01-01

Full Text Available With the continuing growth of wireless sensor networks in pervasive medical care, people pay more and more attention to privacy in medical monitoring, diagnosis, treatment, and patient care. On one hand, we expect the public health institutions to provide us with better service. On the other hand, we would not like to leak our personal health information to them. In order to balance this contradiction, in this paper we design a privacy-preserving self-helped medical diagnosis scheme based on secure two-party computation in wireless sensor networks so that patients can privately diagnose themselves by inputting a health card into a self-helped medical diagnosis ATM to obtain a diagnostic report just like drawing money from a bank ATM without revealing patients’ health information and doctors’ diagnostic skill. It makes secure self-helped disease diagnosis feasible and greatly benefits patients as well as relieving the heavy pressure of public health institutions.

77 FR 32655 - DHS Data Privacy and Integrity Advisory Committee

Science.gov (United States)

2012-06-01

... Officer, Data Privacy and Integrity Advisory Committee, Department of Homeland Security, 245 Murray Lane..., DHS Data Privacy and Integrity Advisory Committee, Department of Homeland Security, 245 Murray Lane SW... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2012-0029] DHS Data...

78 FR 51197 - DHS Data Privacy and Integrity Advisory Committee

Science.gov (United States)

2013-08-20

... Officer, Data Privacy and Integrity Advisory Committee, Department of Homeland Security, 245 Murray Lane... ``Department of Homeland Security Data Privacy and Integrity Advisory Committee'' and the Docket Number (DHS... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0055] DHS Data...

Demystifying Authentication Concepts in Smartphones: Ways and Types to Secure Access

Directory of Open Access Journals (Sweden)

Sandeep Gupta

2018-01-01

Full Text Available Smartphones are the most popular and widespread personal devices. Apart from their conventional use, that is, calling and texting, they have also been used to perform multiple security sensitive activities, such as online banking and shopping, social networking, taking pictures, and e-mailing. On a positive side, smartphones have improved the quality of life by providing multiple services that users desire, for example, anytime-anywhere computing. However, on the other side, they also pose security and privacy threats to the users’ stored data. User authentication is the first line of defense to prevent unauthorized access to the smartphone. Several authentication schemes have been proposed over the years; however, their presentation might be perplexing to the new researchers to this domain, under the shade of several buzzwords, for example, active, continuous, implicit, static, and transparent, being introduced in academic papers without comprehensive description. Moreover, most of the reported authentication solutions were evaluated mainly in terms of accuracy, overlooking a very important aspect—the usability. This paper surveys various types and ways of authentication, designed and developed primarily to secure the access to smartphones and attempts to clarify correlated buzzwords, with the motivation to assist new researchers in understanding the gist behind those concepts. We also present the assessment of existing user authentication schemes exhibiting their security and usability issues.

Security and privacy issues in wireless sensor networks for healthcare applications.

Science.gov (United States)

Al Ameen, Moshaddique; Liu, Jingwei; Kwak, Kyungsup

2012-02-01

The use of wireless sensor networks (WSN) in healthcare applications is growing in a fast pace. Numerous applications such as heart rate monitor, blood pressure monitor and endoscopic capsule are already in use. To address the growing use of sensor technology in this area, a new field known as wireless body area networks (WBAN or simply BAN) has emerged. As most devices and their applications are wireless in nature, security and privacy concerns are among major areas of concern. Due to direct involvement of humans also increases the sensitivity. Whether the data gathered from patients or individuals are obtained with the consent of the person or without it due to the need by the system, misuse or privacy concerns may restrict people from taking advantage of the full benefits from the system. People may not see these devices safe for daily use. There may also possibility of serious social unrest due to the fear that such devices may be used for monitoring and tracking individuals by government agencies or other private organizations. In this paper we discuss these issues and analyze in detail the problems and their possible measures.

75 FR 10554 - Privacy Act of 1974; System of Records Notice

Science.gov (United States)

2010-03-08

..., privacy and security objectives: Provide driver-related MCMIS crash and inspection data electronically... to submit a Freedom of Information Act (FOIA) request or Privacy Act request to FMCSA for the data..., privacy and security objectives are being met. The PSP system will only allow operator-applicants to...

The study on privacy preserving data mining for information security

Science.gov (United States)

Li, Xiaohui

2012-04-01

Privacy preserving data mining have a rapid development in a short year. But it still faces many challenges in the future. Firstly, the level of privacy has different definitions in different filed. Therefore, the measure of privacy preserving data mining technology protecting private information is not the same. So, it's an urgent issue to present a unified privacy definition and measure. Secondly, the most of research in privacy preserving data mining is presently confined to the theory study.

Privacy Protection in Cloud Using Rsa Algorithm

OpenAIRE

Amandeep Kaur; Manpreet Kaur

2014-01-01

The cloud computing architecture has been on high demand nowadays. The cloud has been successful over grid and distributed environment due to its cost and high reliability along with high security. However in the area of research it is observed that cloud computing still has some issues in security regarding privacy. The cloud broker provide services of cloud to general public and ensures that data is protected however they sometimes lag security and privacy. Thus in this work...

Attribute-Based Signcryption: Signer Privacy, Strong Unforgeability and IND-CCA Security in Adaptive-Predicates Model (Extended Version

Directory of Open Access Journals (Sweden)

Tapas Pandit

2016-08-01

Full Text Available Attribute-Based Signcryption (ABSC is a natural extension of Attribute-Based Encryption (ABE and Attribute-Based Signature (ABS, where one can have the message confidentiality and authenticity together. Since the signer privacy is captured in security of ABS, it is quite natural to expect that the signer privacy will also be preserved in ABSC. In this paper, first we propose an ABSC scheme which is weak existential unforgeable and IND-CCA secure in adaptive-predicates models and, achieves signer privacy. Then, by applying strongly unforgeable one-time signature (OTS, the above scheme is lifted to an ABSC scheme to attain strong existential unforgeability in adaptive-predicates model. Both the ABSC schemes are constructed on common setup, i.e the public parameters and key are same for both the encryption and signature modules. Our first construction is in the flavor of CtE&S paradigm, except one extra component that will be computed using both signature components and ciphertext components. The second proposed construction follows a new paradigm (extension of CtE&S , we call it “Commit then Encrypt and Sign then Sign” (CtE&S . The last signature is generated using a strong OTS scheme. Since, the non-repudiation is achieved by CtE&S paradigm, our systems also achieve the same.

Fourier domain asymmetric cryptosystem for privacy protected multimodal biometric security

Science.gov (United States)

Choudhury, Debesh

2016-04-01

We propose a Fourier domain asymmetric cryptosystem for multimodal biometric security. One modality of biometrics (such as face) is used as the plaintext, which is encrypted by another modality of biometrics (such as fingerprint). A private key is synthesized from the encrypted biometric signature by complex spatial Fourier processing. The encrypted biometric signature is further encrypted by other biometric modalities, and the corresponding private keys are synthesized. The resulting biometric signature is privacy protected since the encryption keys are provided by the human, and hence those are private keys. Moreover, the decryption keys are synthesized using those private encryption keys. The encrypted signatures are decrypted using the synthesized private keys and inverse complex spatial Fourier processing. Computer simulations demonstrate the feasibility of the technique proposed.

Will you accept the government's friend request? Social networks and privacy concerns.

Science.gov (United States)

Siegel, David A

2013-01-01

Participating in social network websites entails voluntarily sharing private information, and the explosive growth of social network websites over the last decade suggests shifting views on privacy. Concurrently, new anti-terrorism laws, such as the USA Patriot Act, ask citizens to surrender substantial claim to privacy in the name of greater security. I address two important questions regarding individuals' views on privacy raised by these trends. First, how does prompting individuals to consider security concerns affect their views on government actions that jeopardize privacy? Second, does the use of social network websites alter the effect of prompted security concerns? I posit that prompting individuals to consider security concerns does lead to an increased willingness to accept government actions that jeopardize privacy, but that frequent users of websites like Facebook are less likely to be swayed by prompted security concerns. An embedded survey experiment provides support for both parts of my claim.

Location privacy and national security : Contradiction in terminus?

NARCIS (Netherlands)

Van Loenen, B.

2010-01-01

Location based services (LBS) potentially put the privacy of individuals at risk. The increased possibility to know people’s whereabouts is posing the question of possibility versus desirability with regard to location privacy. The central question that this article aims to answer is how location

Data Security and Privacy in Apps for Dementia: An Analysis of Existing Privacy Policies.

Science.gov (United States)

Rosenfeld, Lisa; Torous, John; Vahia, Ipsit V

2017-08-01

Despite tremendous growth in the number of health applications (apps), little is known about how well these apps protect their users' health-related data. This gap in knowledge is of particular concern for apps targeting people with dementia, whose cognitive impairment puts them at increased risk of privacy breaches. In this article, we determine how many dementia apps have privacy policies and how well they protect user data. Our analysis included all iPhone apps that matched the search terms "medical + dementia" or "health & fitness + dementia" and collected user-generated content. We evaluated all available privacy policies for these apps based on criteria that systematically measure how individual user data is handled. Seventy-two apps met the above search teams and collected user data. Of these, only 33 (46%) had an available privacy policy. Nineteen of the 33 with policies (58%) were specific to the app in question, and 25 (76%) specified how individual-user as opposed to aggregate data would be handled. Among these, there was a preponderance of missing information, the majority acknowledged collecting individual data for internal purposes, and most admitted to instances in which they would share user data with outside parties. At present, the majority of health apps focused on dementia lack a privacy policy, and those that do exist lack clarity. Bolstering safeguards and improving communication about privacy protections will help facilitate consumer trust in apps, thereby enabling more widespread and meaningful use by people with dementia and those involved in their care. Copyright © 2017. Published by Elsevier Inc.

Image feature extraction in encrypted domain with privacy-preserving SIFT.

Science.gov (United States)

Hsu, Chao-Yung; Lu, Chun-Shien; Pei, Soo-Chang

2012-11-01

Privacy has received considerable attention but is still largely ignored in the multimedia community. Consider a cloud computing scenario where the server is resource-abundant, and is capable of finishing the designated tasks. It is envisioned that secure media applications with privacy preservation will be treated seriously. In view of the fact that scale-invariant feature transform (SIFT) has been widely adopted in various fields, this paper is the first to target the importance of privacy-preserving SIFT (PPSIFT) and to address the problem of secure SIFT feature extraction and representation in the encrypted domain. As all of the operations in SIFT must be moved to the encrypted domain, we propose a privacy-preserving realization of the SIFT method based on homomorphic encryption. We show through the security analysis based on the discrete logarithm problem and RSA that PPSIFT is secure against ciphertext only attack and known plaintext attack. Experimental results obtained from different case studies demonstrate that the proposed homomorphic encryption-based privacy-preserving SIFT performs comparably to the original SIFT and that our method is useful in SIFT-based privacy-preserving applications.

Protocols development for security and privacy of radio frequency identification systems

Science.gov (United States)

Sabbagha, Fatin

There are benefits to adopting radio frequency identification (RFID) technology, although there are methods of attack that can compromise the system. This research determined how that may happen and what possible solutions can keep that from happening. Protocols were developed to implement better security. In addition, new topologies were developed to handle the problems of the key management. Previously proposed protocols focused on providing mutual authentication and privacy between readers and tags. However, those protocols are still vulnerable to be attacked. These protocols were analyzed and the disadvantages shown for each one. Previous works assumed that the channels between readers and the servers were secure. In the proposed protocols, a compromised reader is considered along with how to prevent tags from being read by that reader. The new protocols provide mutual authentication between readers and tags and, at the same time, remove the compromised reader from the system. Three protocols are proposed. In the first protocol, a mutual authentication is achieved and a compromised reader is not allowed in the network. In the second protocol, the number of times a reader contacts the server is reduced. The third protocol provides authentication and privacy between tags and readers using a trusted third party. The developed topology is implemented using python language and simulates work to check the efficiency regarding the processing time. The three protocols are implemented by writing codes in C language and then compiling them in MSP430. IAR Embedded workbench is used, which is an integrated development environment with the C/C++ compiler to generate a faster code and to debug the microcontroller. In summary, the goal of this research is to find solutions for the problems on previously proposed protocols, handle a compromised reader, and solve key management problems.

Will you accept the government's friend request? Social networks and privacy concerns.

Directory of Open Access Journals (Sweden)

David A Siegel

Full Text Available Participating in social network websites entails voluntarily sharing private information, and the explosive growth of social network websites over the last decade suggests shifting views on privacy. Concurrently, new anti-terrorism laws, such as the USA Patriot Act, ask citizens to surrender substantial claim to privacy in the name of greater security. I address two important questions regarding individuals' views on privacy raised by these trends. First, how does prompting individuals to consider security concerns affect their views on government actions that jeopardize privacy? Second, does the use of social network websites alter the effect of prompted security concerns? I posit that prompting individuals to consider security concerns does lead to an increased willingness to accept government actions that jeopardize privacy, but that frequent users of websites like Facebook are less likely to be swayed by prompted security concerns. An embedded survey experiment provides support for both parts of my claim.

Security and privacy of EHR systems--ethical, social and legal requirements.

Science.gov (United States)

Kluge, Eike-Henner W

2003-01-01

This paper addresses social, ethical and legal concerns about security and privacy that arise in the development of international interoperable health information systems. The paper deals with these concerns under four rubrics: the ethical status of electronic health records, the social and legal embedding of interoperable health information systems, the overall information-requirements healthcare as such, and the role of health information professionals as facilitators. It argues that the concerns that arise can be met if the development of interoperability protocols is guided by the seven basic principles of information ethics that have been enunciated in the IMIA Code of Ethics for Health Information Professionals and that are central to the ethical treatment of electronic health records.

76 FR 25361 - DHS Data Privacy and Integrity Advisory Committee

Science.gov (United States)

2011-05-04

..., Executive Director, Data Privacy and Integrity Advisory Committee, Department of Homeland Security... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2011-0022] DHS Data... of Federal Advisory Committee Meeting SUMMARY: The DHS Data Privacy and Integrity Advisory Committee...

Privacy in Social Networks

CERN Document Server

Zheleva, Elena

2012-01-01

This synthesis lecture provides a survey of work on privacy in online social networks (OSNs). This work encompasses concerns of users as well as service providers and third parties. Our goal is to approach such concerns from a computer-science perspective, and building upon existing work on privacy, security, statistical modeling and databases to provide an overview of the technical and algorithmic issues related to privacy in OSNs. We start our survey by introducing a simple OSN data model and describe common statistical-inference techniques that can be used to infer potentially sensitive inf

CLOUD SECURITY AND COMPLIANCE - A SEMANTIC APPROACH IN END TO END SECURITY

OpenAIRE

Kalaiprasath, R.; Elankavi, R.; Udayakumar, R.

2017-01-01

The Cloud services are becoming an essential part of many organizations. Cloud providers have to adhere to security and privacy policies to ensure their users' data remains confidential and secure. Though there are some ongoing efforts on developing cloud security standards, most cloud providers are implementing a mish-mash of security and privacy controls. This has led to confusion among cloud consumers as to what security measures they should expect from the cloud services, and whether thes...

17 CFR 160.2 - Model privacy form and examples.

Science.gov (United States)

2010-04-01

... examples. 160.2 Section 160.2 Commodity and Securities Exchanges COMMODITY FUTURES TRADING COMMISSION PRIVACY OF CONSUMER FINANCIAL INFORMATION § 160.2 Model privacy form and examples. (a) Model privacy form..., although use of the model privacy form is not required. (b) Examples. The examples in this part are not...

78 FR 55088 - DHS Data Privacy and Integrity Advisory Committee

Science.gov (United States)

2013-09-09

... Federal Officer, DHS Data Privacy and Integrity Advisory Committee, Department of Homeland Security... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0056] DHS Data...; Request for Applicants for Appointment to the DHS Data Privacy and Integrity Advisory Committee. SUMMARY...

76 FR 30952 - Published Privacy Impact Assessments on the Web

Science.gov (United States)

2011-05-27

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary Published Privacy Impact Assessments on... the Department. These assessments were approved and published on the Privacy Office's web site between..., 2011 and March 31, 2011, the Chief Privacy Officer of the DHS approved and published sixteen Privacy...

76 FR 58814 - Published Privacy Impact Assessments on the Web

Science.gov (United States)

2011-09-22

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary Published Privacy Impact Assessments on... DHS. These assessments were approved and published on the Privacy Office's Web site between June 1... 31, 2011, the Chief Privacy Officer of the DHS approved and published twenty-six Privacy Impact...

76 FR 78934 - Published Privacy Impact Assessments on the Web

Science.gov (United States)

2011-12-20

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary Published Privacy Impact Assessments on.... These assessments were approved and published on the Privacy Office's web site between September 1, 2011... November 30, 2011, the Chief Privacy Officer of the DHS approved and published seven Privacy Impact...

76 FR 37823 - Published Privacy Impact Assessments on the Web

Science.gov (United States)

2011-06-28

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary Published Privacy Impact Assessments on... Department. These assessments were approved and published on the Privacy Office's Web site between March 31... 31, 2011, the Chief Privacy Officer of the DHS approved and published ten Privacy Impact Assessments...

78 FR 64230 - DHS Data Privacy and Integrity Advisory Committee

Science.gov (United States)

2013-10-28

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0056] DHS Data...; Request for Applicants for Appointment to the DHS Data Privacy and Integrity Advisory Committee--EXTENSION. SUMMARY: The Department of Homeland Security Privacy Office is seeking applicants for appointment to the...

76 FR 39406 - DHS Data Privacy and Integrity Advisory Committee

Science.gov (United States)

2011-07-06

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2011-0052] DHS Data...; Request for Applicants for Appointment to the DHS Data Privacy and Integrity Advisory Committee. SUMMARY: The Department of Homeland Security Privacy Office is seeking applicants for appointment to the DHS...

75 FR 8087 - DHS Data Privacy and Integrity Advisory Committee

Science.gov (United States)

2010-02-23

... the words ``Department of Homeland Security Data Privacy and Integrity Advisory Committee'' and the... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2010-0009] DHS Data... Committee Meeting. SUMMARY: The DHS Data Privacy and Integrity Advisory Committee will meet on March 18...

76 FR 58524 - DHS Data Privacy and Integrity Advisory Committee

Science.gov (United States)

2011-09-21

... ``Department of Homeland Security Data Privacy and Integrity Advisory Committee'' and the Docket Number (DHS... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2011-0076] DHS Data... of Federal Advisory Committee Meeting. SUMMARY: The DHS Data Privacy and Integrity Advisory Committee...

77 FR 37685 - DHS Data Privacy and Integrity Advisory Committee

Science.gov (United States)

2012-06-22

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2012-0032] DHS Data...; Request for Applicants for Appointment to the DHS Data Privacy and Integrity Advisory Committee. SUMMARY: The Department of Homeland Security Privacy Office is seeking applicants for appointment to the DHS...

76 FR 35459 - DHS Data Privacy and Integrity Advisory Committee

Science.gov (United States)

2011-06-17

... of Homeland Security Data Privacy and Integrity Advisory Committee'' and the Docket Number (DHS-2011... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2011-0046] DHS Data... of Federal Advisory Committee Meeting. SUMMARY: The DHS Data Privacy and Integrity Advisory Committee...

76 FR 70464 - DHS Data Privacy and Integrity Advisory Committee

Science.gov (United States)

2011-11-14

... of Homeland Security Data Privacy and Integrity Advisory Committee'' and the Docket Number (DHS-2011... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2011-0105] DHS Data... of Federal Advisory Committee Meeting. SUMMARY: The DHS Data Privacy and Integrity Advisory Committee...

78 FR 38724 - Privacy Act of 1974; Computer Matching Program

Science.gov (United States)

2013-06-27

... 1974; Computer Matching Program AGENCY: Department of Homeland Security/U.S. Citizenship and... Agreement that establishes a computer matching program between the Department of Homeland Security/U.S... and Privacy Protection Act of 1988 (Pub. L. 100-503) and the Computer Matching and Privacy Protection...

77 FR 61275 - Privacy Act of 1974: Implementation

Science.gov (United States)

2012-10-09

... (FBI) Privacy Act system of records titled FBI Data Warehouse System, JUSTICE/FBI- 022. This system is...)(G), (H), and (I), (5), and (8); (f); and (g) of the Privacy Act: (1) FBI Data Warehouse System... security; disclose information that would constitute an unwarranted invasion of another's personal privacy...

Patient Privacy in the Era of Big Data

Directory of Open Access Journals (Sweden)

Mehmet Kayaalp

2018-02-01

Full Text Available Protecting patient privacy requires various technical tools. It involves regulations for sharing, de-identifying, securely storing, transmitting and handling protected health information (PHI. It involves privacy laws and legal agreements. It requires establishing rules for monitoring privacy leaks, determining actions when they occur, and handling de-identified clinical narrative reports. Deidentification is one such indispensable instrument in this set of privacy tools

Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification rules under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; other modifications to the HIPAA rules.

Science.gov (United States)

2013-01-25

The Department of Health and Human Services (HHS or ``the Department'') is issuing this final rule to: Modify the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Enforcement Rules to implement statutory amendments under the Health Information Technology for Economic and Clinical Health Act (``the HITECH Act'' or ``the Act'') to strengthen the privacy and security protection for individuals' health information; modify the rule for Breach Notification for Unsecured Protected Health Information (Breach Notification Rule) under the HITECH Act to address public comment received on the interim final rule; modify the HIPAA Privacy Rule to strengthen the privacy protections for genetic information by implementing section 105 of Title I of the Genetic Information Nondiscrimination Act of 2008 (GINA); and make certain other modifications to the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules (the HIPAA Rules) to improve their workability and effectiveness and to increase flexibility for and decrease burden on the regulated entities.

75 FR 52769 - DHS Data Privacy and Integrity Advisory Committee

Science.gov (United States)

2010-08-27

... ``Department of Homeland Security Data Privacy and Integrity Advisory Committee'' and the Docket Number (DHS... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2010-0060] DHS Data... Committee meeting. SUMMARY: The DHS Data Privacy and Integrity Advisory Committee will meet on September 28...

17 CFR 248.5 - Annual privacy notice to customers required.

Science.gov (United States)

2010-04-01

... customers required. 248.5 Section 248.5 Commodity and Securities Exchanges SECURITIES AND EXCHANGE... Safeguarding Personal Information Privacy and Opt Out Notices § 248.5 Annual privacy notice to customers required. (a)(1) General rule. You must provide a clear and conspicuous notice to customers that accurately...

Digital Privacy in Asia | CRDI - Centre de recherches pour le ...

International Development Research Centre (IDRC) Digital Library (Canada)

Recent thinking on these issues has suggested that privacy could be a means of ensuring greater security for government, and even lead to increased business opportunities. Certainly, the interplay between privacy rights, security concerns and business needs to be better understood. This project will therefore investigate ...

78 FR 15731 - Privacy Act of 1974; Computer Matching Program

Science.gov (United States)

2013-03-12

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [Docket No. DHS-2013-0011] Privacy Act of 1974; Computer Matching Program AGENCY: Department of Homeland Security/U.S. Citizenship and... amended by the Computer Matching and Privacy Protection Act of 1988 (Pub. L. 100-503) and the Computer...

Design of a Secure Authentication and Key Agreement Scheme Preserving User Privacy Usable in Telecare Medicine Information Systems.

Science.gov (United States)

Arshad, Hamed; Rasoolzadegan, Abbas

2016-11-01

Authentication and key agreement schemes play a very important role in enhancing the level of security of telecare medicine information systems (TMISs). Recently, Amin and Biswas demonstrated that the authentication scheme proposed by Giri et al. is vulnerable to off-line password guessing attacks and privileged insider attacks and also does not provide user anonymity. They also proposed an improved authentication scheme, claiming that it resists various security attacks. However, this paper demonstrates that Amin and Biswas's scheme is defenseless against off-line password guessing attacks and replay attacks and also does not provide perfect forward secrecy. This paper also shows that Giri et al.'s scheme not only suffers from the weaknesses pointed out by Amin and Biswas, but it also is vulnerable to replay attacks and does not provide perfect forward secrecy. Moreover, this paper proposes a novel authentication and key agreement scheme to overcome the mentioned weaknesses. Security and performance analyses show that the proposed scheme not only overcomes the mentioned security weaknesses, but also is more efficient than the previous schemes.

Bridging the transatlantic divide in privacy

Directory of Open Access Journals (Sweden)

Paula Kift

2013-08-01

Full Text Available In the context of the US National Security Agency surveillance scandal, the transatlantic privacy divide has come back to the fore. In the United States, the right to privacy is primarily understood as a right to physical privacy, thus the protection from unwarranted government searches and seizures. In Germany on the other hand, it is also understood as a right to spiritual privacy, thus the right of citizens to develop into autonomous moral agents. The following article will discuss the different constitutional assumptions that underlie American and German attitudes towards privacy, namely privacy as an aspect of liberty or as an aspect of dignity. As data flows defy jurisdictional boundaries, however, policymakers across the Atlantic are faced with a conundrum: how can German and American privacy cultures be reconciled?

Secure access to patient's health records using SpeechXRays a mutli-channel biometrics platform for user authentication.

Science.gov (United States)

Spanakis, Emmanouil G; Spanakis, Marios; Karantanas, Apostolos; Marias, Kostas

2016-08-01

The most commonly used method for user authentication in ICT services or systems is the application of identification tools such as passwords or personal identification numbers (PINs). The rapid development in ICT technology regarding smart devices (laptops, tablets and smartphones) has allowed also the advance of hardware components that capture several biometric traits such as fingerprints and voice. These components are aiming among others to overcome weaknesses and flaws of password usage under the prism of improved user authentication with higher level of security, privacy and usability. To this respect, the potential application of biometrics for secure user authentication regarding access in systems with sensitive data (i.e. patient's data from electronic health records) shows great potentials. SpeechXRays aims to provide a user recognition platform based on biometrics of voice acoustics analysis and audio-visual identity verification. Among others, the platform aims to be applied as an authentication tool for medical personnel in order to gain specific access to patient's electronic health records. In this work a short description of SpeechXrays implementation tool regarding eHealth is provided and analyzed. This study explores security and privacy issues, and offers a comprehensive overview of biometrics technology applications in addressing the e-Health security challenges. We present and describe the necessary requirement for an eHealth platform concerning biometric security.

77 FR 46100 - Published Privacy Impact Assessments on the Web

Science.gov (United States)

2012-08-02

... DEPARTMENT OF HOMELAND SECURITY Office of the Secretary Published Privacy Impact Assessments on... published on the Privacy Office's Web site between March 1, 2012 and May 31, 2012. DATES: The PIAs will be... approved and published fifteen Privacy Impact Assessments (PIAs) on the DHS Privacy Office Web site, www...

Assessing the privacy policies in mobile personal health records.

Science.gov (United States)

Zapata, Belén Cruz; Hernández Niñirola, Antonio; Fernández-Alemán, José Luis; Toval, Ambrosio

2014-01-01

The huge increase in the number and use of smartphones and tablets has led health service providers to take an interest in mHealth. Popular mobile app markets like Apple App Store or Google Play contain thousands of health applications. Although mobile personal health records (mPHRs) have a number of benefits, important challenges appear in the form of adoption barriers. Security and privacy have been identified as part of these barriers and should be addressed. This paper analyzes and assesses a total of 24 free mPHRs for Android and iOS. Characteristics regarding privacy and security were extracted from the HIPAA. The results show important differences in both the mPHRs and the characteristics analyzed. A questionnaire containing six questions concerning privacy policies was defined. Our questionnaire may assist developers and stakeholders to evaluate the security and privacy of their mPHRs.

75 FR 54662 - Privacy Act of 1974: Systems of Records

Science.gov (United States)

2010-09-08

..., Chief Privacy Officer, Office of Information Technology, 202-551-7209. In the Federal Register of August... SECURITIES AND EXCHANGE COMMISSION [Release No. PA-44A; File No. S7-17-10] Privacy Act of 1974: Systems of Records AGENCY: Securities and Exchange Commission. ACTION: Notice to establish systems of...

78 FR 1275 - Privacy Act of 1974; Computer Matching Program

Science.gov (United States)

2013-01-08

... Social Security Administration (Computer Matching Agreement 1071). SUMMARY: In accordance with the Privacy Act of 1974 (5 U.S.C. 552a), as amended by the Computer Matching and Privacy Protection Act of... of its new computer matching program with the Social Security Administration (SSA). DATES: OPM will...

A case study of the Secure Anonymous Information Linkage (SAIL) Gateway: A privacy-protecting remote access system for health-related research and evaluation☆

Science.gov (United States)

Jones, Kerina H.; Ford, David V.; Jones, Chris; Dsilva, Rohan; Thompson, Simon; Brooks, Caroline J.; Heaven, Martin L.; Thayer, Daniel S.; McNerney, Cynthia L.; Lyons, Ronan A.

2014-01-01

With the current expansion of data linkage research, the challenge is to find the balance between preserving the privacy of person-level data whilst making these data accessible for use to their full potential. We describe a privacy-protecting safe haven and secure remote access system, referred to as the Secure Anonymised Information Linkage (SAIL) Gateway. The Gateway provides data users with a familiar Windows interface and their usual toolsets to access approved anonymously-linked datasets for research and evaluation. We outline the principles and operating model of the Gateway, the features provided to users within the secure environment, and how we are approaching the challenges of making data safely accessible to increasing numbers of research users. The Gateway represents a powerful analytical environment and has been designed to be scalable and adaptable to meet the needs of the rapidly growing data linkage community. PMID:24440148

20 CFR 401.30 - Privacy Act and other responsibilities.

Science.gov (United States)

2010-04-01

... information privacy issues, including those relating to the collection, use, sharing, and disclosure of... 20 Employees' Benefits 2 2010-04-01 2010-04-01 false Privacy Act and other responsibilities. 401.30 Section 401.30 Employees' Benefits SOCIAL SECURITY ADMINISTRATION PRIVACY AND DISCLOSURE OF...

Anonymous Search Histories Featuring Personalized Advertisement - Balancing Privacy with Economic Interests

OpenAIRE

Thorben Burghardt; Klemens Bohm; Achim Guttmann; Chris Clifton

2011-01-01

Search engines are key to finding information on the web. Search presently is free for users financed by targeted advertisement. Today, the current search terms determine the ad placement. In the near future, search-engine providers will make use of detailed user profiles for better ad placement. This puts user privacy at risk. Anonymizing search histories, which is a solution in principle, gives way to a trade-off between privacy and the usability of the data for ad placement. This paper stu...

76 FR 3098 - Privacy Act of 1974; Systems of Records

Science.gov (United States)

2011-01-19

... requests and/or records have been referred to the National Security Agency/Central Security Service (NSA..., Department of Defense Privacy Program; NSA/CSS Policy 1-5; NSA/CSS Freedom of Information Act Program; NSA/CSS Policy 1-34; Implementation of the Privacy Act of 1974; NSA/CSS Policy 1-15, Mandatory...

Electronic healthcare information security

CERN Document Server

Dube, Kudakwashe; Shoniregun, Charles A

2010-01-01

The ever-increasing healthcare expenditure and pressing demand for improved quality and efficiency of patient care services are driving innovation in healthcare information management. The domain of healthcare has become a challenging testing ground for information security due to the complex nature of healthcare information and individual privacy. ""Electronic Healthcare Information Security"" explores the challenges of e-healthcare information and security policy technologies. It evaluates the effectiveness of security and privacy implementation systems for anonymization methods and techniqu

Information Security in Distributed Healthcare : Exploring the Needs for Achieving Patient Safety and Patient Privacy

OpenAIRE

Åhlfeldt, Rose-Mharie

2008-01-01

In healthcare, patient information is a critical factor. The right information at the right time is a necessity in order to provide the best possible care for a patient. Patient information must also be protected from unauthorized access in order to protect patient privacy. It is furthermore common for patients to visit more than one healthcare provider, which implies a need for cross border healthcare and continuity in the patient process. This thesis is focused on information security in he...

PMDP: A Framework for Preserving Multiparty Data Privacy in Cloud Computing

Directory of Open Access Journals (Sweden)

Ji Li

2017-01-01

Full Text Available The amount of Internet data is significantly increasing due to the development of network technology, inducing the appearance of big data. Experiments have shown that deep mining and analysis on large datasets would introduce great benefits. Although cloud computing supports data analysis in an outsourced and cost-effective way, it brings serious privacy issues when sending the original data to cloud servers. Meanwhile, the returned analysis result suffers from malicious inference attacks and also discloses user privacy. In this paper, to conquer the above privacy issues, we propose a general framework for Preserving Multiparty Data Privacy (PMDP for short in cloud computing. The PMDP framework can protect numeric data computing and publishing with the assistance of untrusted cloud servers and achieve delegation of storage simultaneously. Our framework is built upon several cryptography primitives (e.g., secure multiparty computation and differential privacy mechanism, which guarantees its security against semihonest participants without collusion. We further instantiate PMDP with specific algorithms and demonstrate its security, efficiency, and advantages by presenting security analysis and performance discussion. Moreover, we propose a security enhanced framework sPMDP to resist malicious inside participants and outside adversaries. We illustrate that both PMDP and sPMDP are reliable and scale well and thus are desirable for practical applications.

Privacy information management for video surveillance

Science.gov (United States)

Luo, Ying; Cheung, Sen-ching S.

2013-05-01

The widespread deployment of surveillance cameras has raised serious privacy concerns. Many privacy-enhancing schemes have been proposed to automatically redact images of trusted individuals in the surveillance video. To identify these individuals for protection, the most reliable approach is to use biometric signals such as iris patterns as they are immutable and highly discriminative. In this paper, we propose a privacy data management system to be used in a privacy-aware video surveillance system. The privacy status of a subject is anonymously determined based on her iris pattern. For a trusted subject, the surveillance video is redacted and the original imagery is considered to be the privacy information. Our proposed system allows a subject to access her privacy information via the same biometric signal for privacy status determination. Two secure protocols, one for privacy information encryption and the other for privacy information retrieval are proposed. Error control coding is used to cope with the variability in iris patterns and efficient implementation is achieved using surrogate data records. Experimental results on a public iris biometric database demonstrate the validity of our framework.

A case study of the Secure Anonymous Information Linkage (SAIL) Gateway: a privacy-protecting remote access system for health-related research and evaluation.

Science.gov (United States)

Jones, Kerina H; Ford, David V; Jones, Chris; Dsilva, Rohan; Thompson, Simon; Brooks, Caroline J; Heaven, Martin L; Thayer, Daniel S; McNerney, Cynthia L; Lyons, Ronan A

2014-08-01

With the current expansion of data linkage research, the challenge is to find the balance between preserving the privacy of person-level data whilst making these data accessible for use to their full potential. We describe a privacy-protecting safe haven and secure remote access system, referred to as the Secure Anonymised Information Linkage (SAIL) Gateway. The Gateway provides data users with a familiar Windows interface and their usual toolsets to access approved anonymously-linked datasets for research and evaluation. We outline the principles and operating model of the Gateway, the features provided to users within the secure environment, and how we are approaching the challenges of making data safely accessible to increasing numbers of research users. The Gateway represents a powerful analytical environment and has been designed to be scalable and adaptable to meet the needs of the rapidly growing data linkage community. Copyright © 2014 The Aurthors. Published by Elsevier Inc. All rights reserved.

Patient and public views about the security and privacy of Electronic Health Records (EHRs) in the UK: results from a mixed methods study.

Science.gov (United States)

Papoutsi, Chrysanthi; Reed, Julie E; Marston, Cicely; Lewis, Ruth; Majeed, Azeem; Bell, Derek

2015-10-14

Although policy discourses frame integrated Electronic Health Records (EHRs) as essential for contemporary healthcare systems, increased information sharing often raises concerns among patients and the public. This paper examines patient and public views about the security and privacy of EHRs used for health provision, research and policy in the UK. Sequential mixed methods study with a cross-sectional survey (in 2011) followed by focus group discussions (in 2012-2013). Survey participants (N = 5331) were recruited from primary and secondary care settings in West London (UK). Complete data for 2761 (51.8 %) participants were included in the final analysis for this paper. The survey results were discussed in 13 focus groups with people living with a range of different health conditions, and in 4 mixed focus groups with patients, health professionals and researchers (total N = 120). Qualitative data were analysed thematically. In the survey, 79 % of participants reported that they would worry about the security of their record if this was part of a national EHR system and 71 % thought the National Health Service (NHS) was unable to guarantee EHR safety at the time this work was carried out. Almost half (47 %) responded that EHRs would be less secure compared with the way their health record was held at the time of the survey. Of those who reported being worried about EHR security, many would nevertheless support their development (55 %), while 12 % would not support national EHRs and a sizeable proportion (33 %) were undecided. There were also variations by age, ethnicity and education. In focus group discussions participants weighed up perceived benefits against potential security and privacy threats from wider sharing of information, as well as discussing other perceived risks: commercial exploitation, lack of accountability, data inaccuracies, prejudice and inequalities in health provision. Patient and public worries about the security risks associated

Usable Security and E-Banking

DEFF Research Database (Denmark)

Hertzum, Morten; Juul, Niels Christian; Jørgensen, Niels Henrik

2004-01-01

Electronic banking must be secure and easy to use. An evaluation of six Danish web-based electronic banking systems indicates that the systems have serious weaknesses with respect to ease of use. Analysis of the weaknesses suggests that security requirements are among their causes...... that transcend preconceived instructions. We discuss the pros and cons of automation and understanding as alternative approaches to the design of web-based e-banking systems....

Usable security and e-banking

DEFF Research Database (Denmark)

Hertzum, Morten; Jørgensen, Niels; Nørgaard, Mie

2004-01-01

Electronic banking must be secure and easy to use. An evaluation of six Danish web-based electronic banking systems indicates that the systems have serious weaknesses with respect to ease of use. Our analysis of the weaknesses suggests that security requirements are among their causes...... that transcend preconceived instructions. We discuss the pros and cons of automation and understanding as alternative approaches to the design of web-based e-banking systems....

Improving Usability of Passphrase Authentication

DEFF Research Database (Denmark)

Nielsen, Glen; Vedel, Michael; Jensen, Christian D.

2014-01-01

. This is done to ensure an appropriate degree of security, but instead, it makes it difficult for users to remember their password, which results in passwords that are either insecure, but easy to remember, or written down on paper. In this paper we address the problem of usability in user authentication...

PRIVACY AS A CULTURAL PHENOMENON

Directory of Open Access Journals (Sweden)

Garfield Benjamin

2017-07-01

Full Text Available Privacy remains both contentious and ever more pertinent in contemporary society. Yet it persists as an ill-defined term, not only within specific fields but in its various uses and implications between and across technical, legal and political contexts. This article offers a new critical review of the history of privacy in terms of two dominant strands of thinking: freedom and property. These two conceptions of privacy can be seen as successive historical epochs brought together under digital technologies, yielding increasingly complex socio-technical dilemmas. By simplifying the taxonomy to its socio-cultural function, the article provides a generalisable, interdisciplinary approach to privacy. Drawing on new technologies, historical trends, sociological studies and political philosophy, the article presents a discussion of the value of privacy as a term, before proposing a defense of the term cyber security as a mode of scalable cognitive privacy that integrates the relative needs of individuals, governments and corporations.

Attitudes towards mobile payment : An empirical study of the consumers’ perception of security, privacy and convenience

OpenAIRE

Lindbäck, Karin; Blommé, Carl

2011-01-01

Mobile payment is a new payment method that is being introduced on the Swedish market, but has not yet come to its breakthrough. This thesis investigates the attitude the Swedish consumer has towards mobile payment. Based on previous surveys and theory, three main attributes, security, privacy and convenience, were chosen to represent the attitude of the consumer towards mobile payment. In order to analyze the data obtained from the surveys conducted, the multi-attribute attitude model was us...

Secure PVM

Energy Technology Data Exchange (ETDEWEB)

Dunigan, T.H.; Venugopal, N.

1996-09-01

This research investigates techniques for providing privacy, authentication, and data integrity to PVM (Parallel Virtual Machine). PVM is extended to provide secure message passing with no changes to the user`s PVM application, or, optionally, security can be provided on a message-by message basis. Diffe-Hellman is used for key distribution of a single session key for n-party communication. Keyed MD5 is used for message authentication, and the user may select from various secret-key encryption algorithms for message privacy. The modifications to PVM are described, and the performance of secure PVM is evaluated.

45 CFR 164.520 - Notice of privacy practices for protected health information.

Science.gov (United States)

2010-10-01

... DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.520 Notice of privacy practices for protected health information. (a) Standard... 45 Public Welfare 1 2010-10-01 2010-10-01 false Notice of privacy practices for protected health...

46 CFR 14.105 - Disclosure and privacy.

Science.gov (United States)

2010-10-01

... 46 Shipping 1 2010-10-01 2010-10-01 false Disclosure and privacy. 14.105 Section 14.105 Shipping COAST GUARD, DEPARTMENT OF HOMELAND SECURITY MERCHANT MARINE OFFICERS AND SEAMEN SHIPMENT AND DISCHARGE OF MERCHANT MARINERS General § 14.105 Disclosure and privacy. The Coast Guard makes information...

32 CFR 505.3 - Privacy Act systems of records.

Science.gov (United States)

2010-07-01

... anticipated threats or hazards to the security or integrity of data, which could result in substantial harm... 32 National Defense 3 2010-07-01 2010-07-01 true Privacy Act systems of records. 505.3 Section 505... AND PUBLIC RELATIONS ARMY PRIVACY ACT PROGRAM § 505.3 Privacy Act systems of records. (a) Systems of...

A framework to balance privacy and data usability using data degradation

NARCIS (Netherlands)

van Heerde, H.J.W.; Fokkinga, M.M.; Anciaux, N.L.G.

Personal data is a valuable asset for service providers. To collect such data, free services are offered to users, for whom the risk of loosing privacy by subscribing to a service is often not clear. Although the services are free in terms of money, the user does not know how much he or she actually

76 FR 11435 - Privacy Act of 1974; Computer Matching Program

Science.gov (United States)

2011-03-02

... Security Administration. SUMMARY: Pursuant to the Computer Matching and Privacy Protection Act of 1988, Public Law 100-503, the Computer Matching and Privacy Protections Amendments of 1990, Pub. L. 101-508... Interpreting the Provisions of Public Law 100-503, the Computer Matching and Privacy Protection Act of 1988...

Using innovation from block chain technology to address privacy and security problems of Internet of Things

OpenAIRE

Manocha, Jitendra

2017-01-01

Internet of things (IoT) is growing at a phenomenal speed and outpacing all the technological revolutions that occurred in the past. Together with window of opportunity it also poses quite a few challenges. One of the most important and unresolved challenge is vulnerability in security and privacy in IoT. This is mainly due to lack of a global decentralized standard even though characteristically IoT is based on distributed systems. Due to lack of standard IoT has interoperability issue betwe...

45 CFR 164.534 - Compliance dates for initial implementation of the privacy standards.

Science.gov (United States)

2010-10-01

... privacy standards. 164.534 Section 164.534 Public Welfare DEPARTMENT OF HEALTH AND HUMAN SERVICES ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.534 Compliance dates for initial implementation of the privacy standards. (a...

A Formal Study of the Privacy Concerns in Biometric-Based Remote Authentication Schemes

NARCIS (Netherlands)

Tang, Qiang; Bringer, Julien; Chabanne, Hervé; Pointcheval, David; Chen, L.; Mu, Y.; Susilo, W.

With their increasing popularity in cryptosystems, biometrics have attracted more and more attention from the information security community. However, how to handle the relevant privacy concerns remains to be troublesome. In this paper, we propose a novel security model to formalize the privacy

A Privacy Model for RFID Tag Ownership Transfer

Directory of Open Access Journals (Sweden)

Xingchun Yang

2017-01-01

Full Text Available The ownership of RFID tag is often transferred from one owner to another in its life cycle. To address the privacy problem caused by tag ownership transfer, we propose a tag privacy model which captures the adversary’s abilities to get secret information inside readers, to corrupt tags, to authenticate tags, and to observe tag ownership transfer processes. This model gives formal definitions for tag forward privacy and backward privacy and can be used to measure the privacy property of tag ownership transfer scheme. We also present a tag ownership transfer scheme, which is privacy-preserving under the proposed model and satisfies the other common security requirements, in addition to achieving better performance.

Revocable privacy: Principles, use cases, and technologies

NARCIS (Netherlands)

Lueks, W.; Everts, M.H.; Hoepman, J.H.

2016-01-01

Security and privacy often seem to be at odds with one another. In this paper, we revisit the design principle of revocable privacy which guides the creation of systems that offer anonymity for people who do not violate a predefined rule, but can still have consequences for people who do violate the

A framework for privacy and security analysis of probe-based traffic information systems

KAUST Repository

Canepa, Edward S.; Claudel, Christian G.

2013-01-01

Most large scale traffic information systems rely on fixed sensors (e.g. loop detectors, cameras) and user generated data, this latter in the form of GPS traces sent by smartphones or GPS devices onboard vehicles. While this type of data is relatively inexpensive to gather, it can pose multiple security and privacy risks, even if the location tracks are anonymous. In particular, creating bogus location tracks and sending them to the system is relatively easy. This bogus data could perturb traffic flow estimates, and disrupt the transportation system whenever these estimates are used for actuation. In this article, we propose a new framework for solving a variety of privacy and cybersecurity problems arising in transportation systems. The state of traffic is modeled by the Lighthill-Whitham-Richards traffic flow model, which is a first order scalar conservation law with concave flux function. Given a set of traffic flow data, we show that the constraints resulting from this partial differential equation are mixed integer linear inequalities for some decision variable. The resulting framework is very flexible, and can in particular be used to detect spoofing attacks in real time, or carry out attacks on location tracks. Numerical implementations are performed on experimental data from the Mobile Century experiment to validate this framework. © 2013 ACM.

An innovative privacy preserving technique for incremental datasets on cloud computing.

Science.gov (United States)

Aldeen, Yousra Abdul Alsahib S; Salleh, Mazleena; Aljeroudi, Yazan

2016-08-01

Cloud computing (CC) is a magnificent service-based delivery with gigantic computer processing power and data storage across connected communications channels. It imparted overwhelming technological impetus in the internet (web) mediated IT industry, where users can easily share private data for further analysis and mining. Furthermore, user affable CC services enable to deploy sundry applications economically. Meanwhile, simple data sharing impelled various phishing attacks and malware assisted security threats. Some privacy sensitive applications like health services on cloud that are built with several economic and operational benefits necessitate enhanced security. Thus, absolute cyberspace security and mitigation against phishing blitz became mandatory to protect overall data privacy. Typically, diverse applications datasets are anonymized with better privacy to owners without providing all secrecy requirements to the newly added records. Some proposed techniques emphasized this issue by re-anonymizing the datasets from the scratch. The utmost privacy protection over incremental datasets on CC is far from being achieved. Certainly, the distribution of huge datasets volume across multiple storage nodes limits the privacy preservation. In this view, we propose a new anonymization technique to attain better privacy protection with high data utility over distributed and incremental datasets on CC. The proficiency of data privacy preservation and improved confidentiality requirements is demonstrated through performance evaluation. Copyright © 2016 Elsevier Inc. All rights reserved.

Hybrid-secure MPC 

DEFF Research Database (Denmark)

Lucas, Christoph; Raub, Dominik; Maurer, Ueli

2010-01-01

of the adversary, without being aware of the actual adversarial setting. Thus, hybrid-secure MPC protocols allow for graceful degradation of security. We present a hybrid-secure MPC protocol that provides an optimal trade-off between IT robustness and computational privacy: For any robustness parameter ρ ... obtain one MPC protocol that is simultaneously IT secure with robustness for up to t ≤ ρ actively corrupted parties, IT secure with fairness (no robustness) for up to t ... in the universal composability (UC) framework (based on a network of secure channels, a broadcast channel, and a common reference string). It achieves the bound on the trade-off between robustness and privacy shown by Ishai et al. [CRYPTO'06] and Katz [STOC'07], the bound on fairness shown by Cleve [STOC'86...

75 FR 53262 - Privacy Act of 1974; System of Records

Science.gov (United States)

2010-08-31

... a new Privacy Act system of records, JUSTICE/FBI- 021, the Data Integration and Visualization System... provisions of the Privacy Act in order to avoid interference with the national security and criminal law...)(G), (H) and (I); (e)(5) and (8); (f) and (g) of the Privacy Act: (1) Data Integration and...

78 FR 15732 - Privacy Act of 1974; Computer Matching Program

Science.gov (United States)

2013-03-12

... 1974; Computer Matching Program AGENCY: Department of Homeland Security/U.S. Citizenship and... Privacy Act of 1974 (5 U.S.C. 552a), as amended by the Computer Matching and Privacy Protection Act of 1988 (Pub. L. 100-503) and the Computer Matching and Privacy Protection Amendments of 1990 (Pub. L. 101...

Big data privacy: The datafication of personal information

DEFF Research Database (Denmark)

Mai, Jens-Erik

2016-01-01

. This broadened approach will take our thinking beyond current preoccupation with whether or not individuals’ consent was secured for data collection to privacy issues arising from the development of new information on individuals' likely behavior through analysis of already collected data—this new information......In the age of big data we need to think differently about privacy. We need to shift our thinking from definitions of privacy (characteristics of privacy) to models of privacy (how privacy works). Moreover, in addition to the existing models of privacy—the surveillance model and capture model......—we need to also consider a new model: the datafication model presented in this article, wherein new personal information is deduced by employing predictive analytics on already-gathered data. These three models of privacy supplement each other; they are not competing understandings of privacy...

AnonySense: Opportunistic and Privacy-Preserving Context Collection

DEFF Research Database (Denmark)

Triandopoulos, Nikolaos; Kapadia, Apu; Cornelius, Cory

2008-01-01

on tessellation and clustering to protect users' privacy against the system while reporting context, and k-anonymous report aggregation to improve the users' privacy against applications receiving the context. We outline the architecture and security properties of AnonySense, and focus on evaluating our....... We propose AnonySense, a general-purpose architecture for leveraging users' mobile devices for measuring context, while maintaining the privacy of the users.AnonySense features multiple layers of privacy protection-a framework for nodes to receive tasks anonymously, a novel blurring mechanism based...

78 FR 76986 - Children's Online Privacy Protection Rule

Science.gov (United States)

2013-12-20

... FEDERAL TRADE COMMISSION 16 CFR Part 312 RIN 3084-AB20 Children's Online Privacy Protection Rule... published final rule amendments to the Children's Online Privacy Protection Rule on January 17, 2013 to update the requirements set forth in the notice, parental consent, confidentiality and security, and safe...

76 FR 35050 - Privacy Act of 1974: New System of Records

Science.gov (United States)

2011-06-15

.../Central-15, Health Claims Data Warehouse, to its inventory of records systems subject to the Privacy Act.... The data warehouse will be fully compliant with all applicable provisions of the Privacy Act, Health... fully compliant with all applicable provisions of the Privacy Act, Federal Information Security...

Virtue, Privacy and Self-Determination

DEFF Research Database (Denmark)

Stamatellos, Giannis

2011-01-01

The ethical problem of privacy lies at the core of computer ethics and cyber ethics discussions. The extensive use of personal data in digital networks poses a serious threat to the user’s right of privacy not only at the level of a user’s data integrity and security but also at the level of a user......’s identity and freedom. In normative ethical theory the need for an informational self-deterministic approach of privacy is stressed with greater emphasis on the control over personal data. However, scant attention has been paid on a virtue ethics approach of information privacy. Plotinus’ discussion of self......-determination is related to ethical virtue, human freedom and intellectual autonomy. The Plotinian virtue ethics approach of self-determination is not primarily related to the sphere of moral action, but to the quality of the self prior to moral practice. In this paper, it is argued that the problem of information privacy...

Protecting location privacy for outsourced spatial data in cloud storage.

Science.gov (United States)

Tian, Feng; Gui, Xiaolin; An, Jian; Yang, Pan; Zhao, Jianqiang; Zhang, Xuejun

2014-01-01

As cloud computing services and location-aware devices are fully developed, a large amount of spatial data needs to be outsourced to the cloud storage provider, so the research on privacy protection for outsourced spatial data gets increasing attention from academia and industry. As a kind of spatial transformation method, Hilbert curve is widely used to protect the location privacy for spatial data. But sufficient security analysis for standard Hilbert curve (SHC) is seldom proceeded. In this paper, we propose an index modification method for SHC (SHC(∗)) and a density-based space filling curve (DSC) to improve the security of SHC; they can partially violate the distance-preserving property of SHC, so as to achieve better security. We formally define the indistinguishability and attack model for measuring the privacy disclosure risk of spatial transformation methods. The evaluation results indicate that SHC(∗) and DSC are more secure than SHC, and DSC achieves the best index generation performance.

45 CFR 164.522 - Rights to request privacy protection for protected health information.

Science.gov (United States)

2010-10-01

... ADMINISTRATIVE DATA STANDARDS AND RELATED REQUIREMENTS SECURITY AND PRIVACY Privacy of Individually Identifiable Health Information § 164.522 Rights to request privacy protection for protected health information. (a)(1... 45 Public Welfare 1 2010-10-01 2010-10-01 false Rights to request privacy protection for protected...

Reputation-Based Internet Protocol Security: A Multilayer Security Framework for Mobile Ad Hoc Networks

Science.gov (United States)

2010-09-01

motivated research in behavior grading systems [56]. Peer-to-peer eCommerce appli- cations such as eBay, Amazon, uBid, and Yahoo have performed research that...Security in Mobile Ad Hoc Networks”. IEEE Security & Privacy , 72–75, 2008. 15. Chakeres, ID and EM Belding-Royer. “AODV Routing Protocol Implementa...Detection System”. Proceedings of IEEE Computer Society Symposium on Research in Security and Privacy , 240–250. 1992. 21. Devore, J.L. and N.R. Farnum

77 FR 48984 - Privacy Act of 1974; System of Records Notice

Science.gov (United States)

2012-08-15

... Privacy Act systems, to facilitate their ability to respond to data security breach incidents (see OMB... DEPARTMENT OF HEALTH AND HUMAN SERVICES Privacy Act of 1974; System of Records Notice AGENCY...: In accordance with the requirements of the Privacy Act of 1974, HHS gives notice of a proposed...

Data privacy foundations, new developments and the big data challenge

CERN Document Server

Torra, Vicenç

2017-01-01

This book offers a broad, cohesive overview of the field of data privacy. It discusses, from a technological perspective, the problems and solutions of the three main communities working on data privacy: statistical disclosure control (those with a statistical background), privacy-preserving data mining (those working with data bases and data mining), and privacy-enhancing technologies (those involved in communications and security) communities. Presenting different approaches, the book describes alternative privacy models and disclosure risk measures as well as data protection procedures for respondent, holder and user privacy. It also discusses specific data privacy problems and solutions for readers who need to deal with big data.

How do Usability Professionals Construe Usability?

DEFF Research Database (Denmark)

Hertzum, Morten; Clemmensen, Torkil

2012-01-01

distinguishing it from user experience. On the basis of repertory-grid interviews with 24 Chinese, Danish, and Indian usability professionals we find that they make use of more utilitarian than experiential, i.e. user-experience related, constructs. This indicates that goal-related performance is central......’ constructs, particularly their experiential constructs, go considerably beyond ISO 9241 usability, indicating a discrepancy between this definition of usability and the thinking of the professionals concerned with delivering usability. Finally, usability is construed rather similarly across the three...

Analysis of Vehicle-Based Security Operations

Energy Technology Data Exchange (ETDEWEB)

Carter, Jason M [ORNL; Paul, Nate R [ORNL

2015-01-01

Vehicle-to-vehicle (V2V) communications promises to increase roadway safety by providing each vehicle with 360 degree situational awareness of other vehicles in proximity, and by complementing onboard sensors such as radar or camera in detecting imminent crash scenarios. In the United States, approximately three hundred million automobiles could participate in a fully deployed V2V system if Dedicated Short-Range Communication (DSRC) device use becomes mandatory. The system s reliance on continuous communication, however, provides a potential means for unscrupulous persons to transmit false data in an attempt to cause crashes, create traffic congestion, or simply render the system useless. V2V communications must be highly scalable while retaining robust security and privacy preserving features to meet the intra-vehicle and vehicle-to-infrastructure communication requirements for a growing vehicle population. Oakridge National Research Laboratory is investigating a Vehicle-Based Security System (VBSS) to provide security and privacy for a fully deployed V2V and V2I system. In the VBSS an On-board Unit (OBU) generates short-term certificates and signs Basic Safety Messages (BSM) to preserve privacy and enhance security. This work outlines a potential VBSS structure and its operational concepts; it examines how a vehicle-based system might feasibly provide security and privacy, highlights remaining challenges, and explores potential mitigations to address those challenges. Certificate management alternatives that attempt to meet V2V security and privacy requirements have been examined previously by the research community including privacy-preserving group certificates, shared certificates, and functional encryption. Due to real-world operational constraints, adopting one of these approaches for VBSS V2V communication is difficult. Timely misbehavior detection and revocation are still open problems for any V2V system. We explore the alternative approaches that may be

Safeguarding nuclear weapon: Usable materials in Russia

International Nuclear Information System (INIS)

Cochran, T.

1998-01-01

Both the United States and Russia are retaining as strategic reserves more plutonium and HEU for potential reuse as weapons, than is legitimately needed. Both have engaged in discussions and have programs in various stages of development to dispose of excess plutonium and HEU. These fissile material disposition programs will take decades to complete. In the interim there will be, as there is now, hundreds of tons of separated weapon-usable fissile material stored in tens of thousands of transportable canisters, each containing from a few to several tons of kgs of weapon-usable fissile material. This material must be secured against theft and unauthorized use. To have high confidence that the material is secure, one must establish criteria against which the adequacy of the protective systems can be judged. For example, one finds such criteria in US Nuclear Regulatory Commission (USNRC) regulations for the protection of special nuclear materials

From sniffer dogs to emerging sniffer devices for airport security: an opportunity to rethink privacy implications?

Science.gov (United States)

Bonfanti, Matteo E

2014-09-01

Dogs are known for their incredible ability to detect odours, extracting them from a "complex" environment and recognising them. This makes sniffer dogs precious assets in a broad variety of security applications. However, their use is subject to some intrinsic restrictions. Dogs can only be trained to a limited set of applications, get tired after a relatively short period, and thus require a high turnover. This has sparked a drive over the past decade to develop artificial sniffer devices-generally known as "chemical sniffers" or "electronic noses"-able to complement and possibly replace dogs for some security applications. Such devices have been already deployed, or are intended to be deployed, at borders, airports and other critical installation security checkpoints. Similarly to dogs, they are adopted for detecting residual traces that indicate either the presence of, or recent contact with, substances like drugs and explosives. It goes without saying that, as with sniffer dogs, the use of artificial sniffer devices raises many sensitive issues. Adopting an ethical and legal perspective, the present paper discusses the privacy and data protection implications of the possible deployment of a hand-held body scanning sniffer for screening passengers at EU airport security checkpoints.

An Exploration of the Legal and Regulatory Environment of Privacy and Security through Active Research, Guided Study, Blog Creation, and Discussion

Science.gov (United States)

Peslak, Alan R.

2010-01-01

One of the most important topics for today's information technology professional is the study of legal and regulatory issues as they relate to privacy and security of personal and business data and identification. This manuscript describes the topics and approach taken by the instructors that focuses on independent research of source documents and…

Data security in genomics: A review of Australian privacy requirements and their relation to cryptography in data storage.

Science.gov (United States)

Schlosberg, Arran

2016-01-01

The advent of next-generation sequencing (NGS) brings with it a need to manage large volumes of patient data in a manner that is compliant with both privacy laws and long-term archival needs. Outside of the realm of genomics there is a need in the broader medical community to store data, and although radiology aside the volume may be less than that of NGS, the concepts discussed herein are similarly relevant. The relation of so-called "privacy principles" to data protection and cryptographic techniques is explored with regards to the archival and backup storage of health data in Australia, and an example implementation of secure management of genomic archives is proposed with regards to this relation. Readers are presented with sufficient detail to have informed discussions - when implementing laboratory data protocols - with experts in the fields.

Leveraging Social Links for Trust and Privacy in Networks

Science.gov (United States)

Cutillo, Leucio Antonio; Molva, Refik; Strufe, Thorsten

Existing on-line social networks (OSN) such as Facebook suffer from several weaknesses regarding privacy and security due to their inherent handling of personal data. As pointed out in [4], a preliminary analysis of existing OSNs shows that they are subject to a number of vulnerabilities, ranging from cloning legitimate users to sybil attacks through privacy violations. Starting from these OSN vulnerabilities as the first step of a broader research activity, we came up with a new approach that is very promising in re-visiting security and privacy problems in distributed systems and networks. We suggest a solution that both aims at avoiding any centralized control and leverages on the real life trust between users, that is part of the social network application itself. An anonymization technique based on multi-hop routing among trusted nodes guarantees privacy in data access and, generally speaking, in all the OSN operations.

Privacy amplification for quantum key distribution

International Nuclear Information System (INIS)

Watanabe, Yodai

2007-01-01

This paper examines classical privacy amplification using a universal family of hash functions. In quantum key distribution, the adversary's measurement can wait until the choice of hash functions is announced, and so the adversary's information may depend on the choice. Therefore the existing result on classical privacy amplification, which assumes the independence of the choice from the other random variables, is not applicable to this case. This paper provides a security proof of privacy amplification which is valid even when the adversary's information may depend on the choice of hash functions. The compression rate of the proposed privacy amplification can be taken to be the same as that of the existing one with an exponentially small loss in secrecy of a final key. (fast track communication)

Privacy and the Connected Society

DEFF Research Database (Denmark)

Sørensen, Lene Tolstrup; Khajuria, Samant; Skouby, Knud Erik

The Vision of the 5G enabled connected society is highly based on the evolution and implementation of Internet of Things. This involves, amongst others, a significant raise in devices, sensors and communication in pervasive interconnections as well as cooperation amongst devices and entities across...... the society. Enabling the vision of the connected society, researchers point in the direction of security and privacy as areas to challenge the vision. By use of the Internet of Things reference model as well as the vision of the connected society, this paper identifies privacy of the individual with respect...... to three selected areas: Shopping, connected cars and online gaming. The paper concludes that privacy is a complexity within the connected society vision and that thee is a need for more privacy use cases to shed light on the challenge....

Pre-Capture Privacy for Small Vision Sensors.

Science.gov (United States)

Pittaluga, Francesco; Koppal, Sanjeev Jagannatha

2017-11-01

The next wave of micro and nano devices will create a world with trillions of small networked cameras. This will lead to increased concerns about privacy and security. Most privacy preserving algorithms for computer vision are applied after image/video data has been captured. We propose to use privacy preserving optics that filter or block sensitive information directly from the incident light-field before sensor measurements are made, adding a new layer of privacy. In addition to balancing the privacy and utility of the captured data, we address trade-offs unique to miniature vision sensors, such as achieving high-quality field-of-view and resolution within the constraints of mass and volume. Our privacy preserving optics enable applications such as depth sensing, full-body motion tracking, people counting, blob detection and privacy preserving face recognition. While we demonstrate applications on macro-scale devices (smartphones, webcams, etc.) our theory has impact for smaller devices.

Computer-Aided Identification and Validation of Privacy Requirements

Directory of Open Access Journals (Sweden)

Rene Meis

2016-05-01

Full Text Available Privacy is a software quality that is closely related to security. The main difference is that security properties aim at the protection of assets that are crucial for the considered system, and privacy aims at the protection of personal data that are processed by the system. The identification of privacy protection needs in complex systems is a hard and error prone task. Stakeholders whose personal data are processed might be overlooked, or the sensitivity and the need of protection of the personal data might be underestimated. The later personal data and the needs to protect them are identified during the development process, the more expensive it is to fix these issues, because the needed changes of the system-to-be often affect many functionalities. In this paper, we present a systematic method to identify the privacy needs of a software system based on a set of functional requirements by extending the problem-based privacy analysis (ProPAn method. Our method is tool-supported and automated where possible to reduce the effort that has to be spent for the privacy analysis, which is especially important when considering complex systems. The contribution of this paper is a semi-automatic method to identify the relevant privacy requirements for a software-to-be based on its functional requirements. The considered privacy requirements address all dimensions of privacy that are relevant for software development. As our method is solely based on the functional requirements of the system to be, we enable users of our method to identify the privacy protection needs that have to be addressed by the software-to-be at an early stage of the development. As initial evaluation of our method, we show its applicability on a small electronic health system scenario.

Perceived Information Security, Information Privacy, Risk and Institutional Trust on Consumer€™s Trust in E-commerce

OpenAIRE

Parengkuan, Frane Maorets

2014-01-01

E-commerce is widely being used in nowadays generation where the business entrepreneur from small to large institution, has widely taken advantage on the internet to promote business and deliver information about their product. Consumer trust is an important aspect of e-commerce, and understanding its antecedents and consequences is a prime concern. This research designed to find out the influence of Perceived Information Security, Privacy, Risk and Institutional Trust on Consumers Trust in E...

A Secure Three-Factor User Authentication and Key Agreement Protocol for TMIS With User Anonymity.

Science.gov (United States)

Amin, Ruhul; Biswas, G P

2015-08-01

Telecare medical information system (TMIS) makes an efficient and convenient connection between patient(s)/user(s) and doctor(s) over the insecure internet. Therefore, data security, privacy and user authentication are enormously important for accessing important medical data over insecure communication. Recently, many user authentication protocols for TMIS have been proposed in the literature and it has been observed that most of the protocols cannot achieve complete security requirements. In this paper, we have scrutinized two (Mishra et al., Xu et al.) remote user authentication protocols using smart card and explained that both the protocols are suffering against several security weaknesses. We have then presented three-factor user authentication and key agreement protocol usable for TMIS, which fix the security pitfalls of the above mentioned schemes. The informal cryptanalysis makes certain that the proposed protocol provides well security protection on the relevant security attacks. Furthermore, the simulator AVISPA tool confirms that the protocol is secure against active and passive attacks including replay and man-in-the-middle attacks. The security functionalities and performance comparison analysis confirm that our protocol not only provide strong protection on security attacks, but it also achieves better complexities along with efficient login and password change phase as well as session key verification property.

Extending SQL to Support Privacy Policies

Science.gov (United States)

Ghazinour, Kambiz; Pun, Sampson; Majedi, Maryam; Chinaci, Amir H.; Barker, Ken

Increasing concerns over Internet applications that violate user privacy by exploiting (back-end) database vulnerabilities must be addressed to protect both customer privacy and to ensure corporate strategic assets remain trustworthy. This chapter describes an extension onto database catalogues and Structured Query Language (SQL) for supporting privacy in Internet applications, such as in social networks, e-health, e-governmcnt, etc. The idea is to introduce new predicates to SQL commands to capture common privacy requirements, such as purpose, visibility, generalization, and retention for both mandatory and discretionary access control policies. The contribution is that corporations, when creating the underlying databases, will be able to define what their mandatory privacy policies arc with which all application users have to comply. Furthermore, each application user, when providing their own data, will be able to define their own privacy policies with which other users have to comply. The extension is supported with underlying catalogues and algorithms. The experiments demonstrate a very reasonable overhead for the extension. The result is a low-cost mechanism to create new systems that arc privacy aware and also to transform legacy databases to their privacy-preserving equivalents. Although the examples arc from social networks, one can apply the results to data security and user privacy of other enterprises as well.

PBF: A New Privacy-Aware Billing Framework for Online Electric Vehicles with Bidirectional Auditability

Directory of Open Access Journals (Sweden)

Rasheed Hussain

2017-01-01

Full Text Available Recently an online electric vehicle (OLEV concept has been introduced, where vehicles are propelled by the wirelessly transmitted electrical power from the infrastructure installed under the road while moving. The absence of secure-and-fair billing is one of the main hurdles to widely adopt this promising technology. This paper introduces a new secure and privacy-aware fair billing framework for OLEV on the move through the charging plates installed under the road. We first propose two extreme lightweight mutual authentication mechanisms, a direct authentication and a hash chain-based authentication between vehicles and the charging plates that can be used for different vehicular speeds on the road. Second, we propose a secure and privacy-aware wireless power transfer on move for the vehicles with bidirectional auditability guarantee by leveraging game theoretic approach. Each charging plate transfers a fixed amount of energy to the vehicle and bills the vehicle in a privacy-aware way accordingly. Our protocol guarantees secure, privacy-aware, and fair billing mechanism for the OLEVs while receiving electric power from the infrastructure installed under the road. Moreover, our proposed framework can play a vital role in eliminating the security and privacy challenges in the deployment of power transfer technology to the OLEVs.

Anonymity versus privacy: Selective information sharing in online cancer communities

NARCIS (Netherlands)

Frost, J.H.; Vermeulen, I.E.; Beekers, N.

2014-01-01

Background: Active sharing in online cancer communities benefits patients. However, many patients refrain from sharing health information online due to privacy concerns. Existing research on privacy emphasizes data security and confidentiality, largely focusing on electronic medical records. Patient

Trust and Privacy Solutions Based on Holistic Service Requirements

Science.gov (United States)

Sánchez Alcón, José Antonio; López, Lourdes; Martínez, José-Fernán; Rubio Cifuentes, Gregorio

2015-01-01

The products and services designed for Smart Cities provide the necessary tools to improve the management of modern cities in a more efficient way. These tools need to gather citizens’ information about their activity, preferences, habits, etc. opening up the possibility of tracking them. Thus, privacy and security policies must be developed in order to satisfy and manage the legislative heterogeneity surrounding the services provided and comply with the laws of the country where they are provided. This paper presents one of the possible solutions to manage this heterogeneity, bearing in mind these types of networks, such as Wireless Sensor Networks, have important resource limitations. A knowledge and ontology management system is proposed to facilitate the collaboration between the business, legal and technological areas. This will ease the implementation of adequate specific security and privacy policies for a given service. All these security and privacy policies are based on the information provided by the deployed platforms and by expert system processing. PMID:26712752

Trust and Privacy Solutions Based on Holistic Service Requirements

Directory of Open Access Journals (Sweden)

José Antonio Sánchez Alcón

2015-12-01

Full Text Available The products and services designed for Smart Cities provide the necessary tools to improve the management of modern cities in a more efficient way. These tools need to gather citizens’ information about their activity, preferences, habits, etc. opening up the possibility of tracking them. Thus, privacy and security policies must be developed in order to satisfy and manage the legislative heterogeneity surrounding the services provided and comply with the laws of the country where they are provided. This paper presents one of the possible solutions to manage this heterogeneity, bearing in mind these types of networks, such as Wireless Sensor Networks, have important resource limitations. A knowledge and ontology management system is proposed to facilitate the collaboration between the business, legal and technological areas. This will ease the implementation of adequate specific security and privacy policies for a given service. All these security and privacy policies are based on the information provided by the deployed platforms and by expert system processing.

Trust and Privacy Solutions Based on Holistic Service Requirements.

Science.gov (United States)

Sánchez Alcón, José Antonio; López, Lourdes; Martínez, José-Fernán; Rubio Cifuentes, Gregorio

2015-12-24

The products and services designed for Smart Cities provide the necessary tools to improve the management of modern cities in a more efficient way. These tools need to gather citizens' information about their activity, preferences, habits, etc. opening up the possibility of tracking them. Thus, privacy and security policies must be developed in order to satisfy and manage the legislative heterogeneity surrounding the services provided and comply with the laws of the country where they are provided. This paper presents one of the possible solutions to manage this heterogeneity, bearing in mind these types of networks, such as Wireless Sensor Networks, have important resource limitations. A knowledge and ontology management system is proposed to facilitate the collaboration between the business, legal and technological areas. This will ease the implementation of adequate specific security and privacy policies for a given service. All these security and privacy policies are based on the information provided by the deployed platforms and by expert system processing.

Privacy enhanced group communication in clinical environment

Science.gov (United States)

Li, Mingyan; Narayanan, Sreeram; Poovendran, Radha

2005-04-01

Privacy protection of medical records has always been an important issue and is mandated by the recent Health Insurance Portability and Accountability Act (HIPAA) standards. In this paper, we propose security architectures for a tele-referring system that allows electronic group communication among professionals for better quality treatments, while protecting patient privacy against unauthorized access. Although DICOM defines the much-needed guidelines for confidentiality of medical data during transmission, there is no provision in the existing medical security systems to guarantee patient privacy once the data has been received. In our design, we address this issue by enabling tracing back to the recipient whose received data is disclosed to outsiders, using watermarking technique. We present security architecture design of a tele-referring system using a distributed approach and a centralized web-based approach. The resulting tele-referring system (i) provides confidentiality during the transmission and ensures integrity and authenticity of the received data, (ii) allows tracing of the recipient who has either distributed the data to outsiders or whose system has been compromised, (iii) provides proof of receipt or origin, and (iv) can be easy to use and low-cost to employ in clinical environment.

Distributed privacy preserving data collection

KAUST Repository

Xue, Mingqiang; Papadimitriou, Panagiotis D.; Raï ssi, Chedy; Kalnis, Panos; Pung, Hungkeng

2011-01-01

an anonymized table by generalization of quasi-identifier attributes. The protocol employs cryptographic techniques such as homomorphic encryption, private information retrieval and secure multiparty computation to ensure the privacy goal in the process of data

UnLynx: A Decentralized System for Privacy-Conscious Data Sharing

Directory of Open Access Journals (Sweden)

Froelicher David

2017-10-01

Full Text Available Current solutions for privacy-preserving data sharing among multiple parties either depend on a centralized authority that must be trusted and provides only weakest-link security (e.g., the entity that manages private/secret cryptographic keys, or leverage on decentralized but impractical approaches (e.g., secure multi-party computation. When the data to be shared are of a sensitive nature and the number of data providers is high, these solutions are not appropriate. Therefore, we present UnLynx, a new decentralized system for efficient privacy-preserving data sharing. We consider m servers that constitute a collective authority whose goal is to verifiably compute on data sent from n data providers. UnLynx guarantees the confidentiality, unlinkability between data providers and their data, privacy of the end result and the correctness of computations by the servers. Furthermore, to support differentially private queries, UnLynx can collectively add noise under encryption. All of this is achieved through a combination of a set of new distributed and secure protocols that are based on homomorphic cryptography, verifiable shuffling and zero-knowledge proofs. UnLynx is highly parallelizable and modular by design as it enables multiple security/privacy vs. runtime tradeoffs. Our evaluation shows that UnLynx can execute a secure survey on 400,000 personal data records containing 5 encrypted attributes, distributed over 20 independent databases, for a total of 2,000,000 ciphertexts, in 24 minutes.

Distributed Performance Measurement and Usability Assessment of the Tor Anonymization Network

Directory of Open Access Journals (Sweden)

Steffen Kunz

2012-05-01

Full Text Available While the Internet increasingly permeates everyday life of individuals around the world, it becomes crucial to prevent unauthorized collection and abuse of personalized information. Internet anonymization software such as Tor is an important instrument to protect online privacy. However, due to the performance overhead caused by Tor, many Internet users refrain from using it. This causes a negative impact on the overall privacy provided by Tor, since it depends on the size of the user community and availability of shared resources. Detailed measurements about the performance of Tor are crucial for solving this issue. This paper presents comparative experiments on Tor latency and throughput for surfing to 500 popular websites from several locations around the world during the period of 28 days. Furthermore, we compare these measurements to critical latency thresholds gathered from web usability research, including our own user studies. Our results indicate that without massive future optimizations of Tor performance, it is unlikely that a larger part of Internet users would adopt it for everyday usage. This leads to fewer resources available to the Tor community than theoretically possible, and increases the exposure of privacy-concerned individuals. Furthermore, this could lead to an adoption barrier of similar privacy-enhancing technologies for a Future Internet.

A blockchain-based data usage auditing architecture with enhanced privacy and availability

OpenAIRE

Kaaniche , Nesrine; Laurent , Maryline

2017-01-01

International audience; Recent years have witnessed the trend of increasingly relying on distributed infrastructures. This increased the number of reported incidents of security breaches compromising users' privacy, where third parties massively collect, process and manage users' personal data. Towards these security and privacy challenges, we combine hierarchical identity based cryptographic mechanisms with emerging blockchain infrastructures and propose a blockchain-based data usage auditin...

An Examination of Individual’s Perceived Security and Privacy of the Internet in Malaysia and the Influence of This on Their Intention to Use E-Commerce: Using An Extension of the Technology Acceptance Model

OpenAIRE

Muniruddeen Lallmahamood

2007-01-01

This study explores the impact of perceived security and privacy on the intention to use Internet banking. An extended version of the technology acceptance model (TAM) is used to examine the above perception. A survey was distributed, the 187 responses mainly from the urban cities in Malaysia, hav e generally agreed that security and privacy are still the main concerns while using Internet banking. The research model explains over half of the variance of the intenti...

Trust Me, I’m a Doctor: Examining Changes in How Privacy Concerns Affect Patient Withholding Behavior

Science.gov (United States)

Johnson, Tyler; Ford, Eric W; Huerta, Timothy R

2017-01-01

Background As electronic health records (EHRs) become ubiquitous in the health care industry, privacy breaches are increasing and being made public. These breaches may make consumers wary of the technology, undermining its potential to improve care coordination and research. Objective Given the developing concerns around privacy of personal health information stored in digital format, it is important for providers to understand how views on privacy and security may be associated with patient disclosure of health information. This study aimed to understand how privacy concerns may be shifting patient behavior. Methods Using a pooled cross-section of data from the 2011 and 2014 cycles of the Health Information and National Trends Survey (HINTS), we tested whether privacy and security concerns, as well as quality perceptions, are associated with the likelihood of withholding personal health information from a provider. A fully interacted multivariate model was used to compare associations between the 2 years, and interaction terms were used to evaluate trends in the factors that are associated with withholding behavior. Results No difference was found regarding the effect of privacy and security concerns on withholding behavior between 2011 and 2014. Similarly, whereas perceived high quality of care was found to reduce the likelihood of withholding information from a provider in both 2011 (odds ratio [OR] 0.73, 95% confidence interval [CI] 0.56-0.94) and 2014 (OR 0.61, 95% CI 0.48-0.76), no difference was observed between years. Conclusions These findings suggest that consumers’ beliefs about EHR privacy and security, the relationship between technology use and quality, and intentions to share information with their health care provider have not changed. These findings are counter to the ongoing discussions about the implications of security failures in other domains. Our results suggest that providers could ameliorate privacy and security by focusing on the care

An Efficient and Privacy-Preserving Multiuser Cloud-Based LBS Query Scheme

Directory of Open Access Journals (Sweden)

Lu Ou

2018-01-01

Full Text Available Location-based services (LBSs are increasingly popular in today’s society. People reveal their location information to LBS providers to obtain personalized services such as map directions, restaurant recommendations, and taxi reservations. Usually, LBS providers offer user privacy protection statement to assure users that their private location information would not be given away. However, many LBSs run on third-party cloud infrastructures. It is challenging to guarantee user location privacy against curious cloud operators while still permitting users to query their own location information data. In this paper, we propose an efficient privacy-preserving cloud-based LBS query scheme for the multiuser setting. We encrypt LBS data and LBS queries with a hybrid encryption mechanism, which can efficiently implement privacy-preserving search over encrypted LBS data and is very suitable for the multiuser setting with secure and effective user enrollment and user revocation. This paper contains security analysis and performance experiments to demonstrate the privacy-preserving properties and efficiency of our proposed scheme.

Location Privacy with Randomness Consistency

Directory of Open Access Journals (Sweden)

Wu Hao

2016-10-01

Full Text Available Location-Based Social Network (LBSN applications that support geo-location-based posting and queries to provide location-relevant information to mobile users are increasingly popular, but pose a location-privacy risk to posts. We investigated existing LBSNs and location privacy mechanisms, and found a powerful potential attack that can accurately locate users with relatively few queries, even when location data is well secured and location noise is applied. Our technique defeats previously proposed solutions including fake-location detection and query rate limits.

76 FR 65196 - Privacy Act of 1974; Report of a New Routine Use for Selected CMS System of Records

Science.gov (United States)

2011-10-20

... and privacy requirements included. A Data Use Agreement (DUA) (CMS Form 0235) must be completed by the...: CMS Privacy Officer, Division of Information Security & Privacy Management, Enterprise Architecture... requirements that she may specify for QEs to meet, such as ensuring the security of data. The Medicare claims...