Information Security Commons^™

Privacy-Preserving Sanitization In Data Sharing, Wentian Lu

Doctoral Dissertations

In the era of big data, the prospect of analyzing, monitoring and investigating all sources of data starts to stand out in every aspect of our life. The benefit of such practices becomes concrete only when analysts or investigators have the information shared from data owners. However, privacy is one of the main barriers that disrupt the sharing behavior, due to the fear of disclosing sensitive information. This dissertation describes data sanitization methods that disguise the sensitive information before sharing a dataset and our criteria are always protecting privacy while preserving utility as much as possible. In particular, we provide …

Measuring Privacy Disclosures In Url Query Strings, Andrew G. West, Adam J. Aviv

Andrew G. West

Publicly posted URLs may contain a wealth of information about the identities and activities of the users who share them. URLs often utilize query strings (i.e., key-value pairs appended to the URL path) as a means to pass session parameters and form data. While often benign and necessary to render the web page, query strings sometimes contain tracking mechanisms, user names, email addresses, and other information that users may not wish to publicly reveal. In isolation this is not particularly problematic, but the growth of Web 2.0 platforms such as social networks and micro-blogging means URLs (often copy-pasted from web …

Uncovering Embarrassing Moments In In-Situ Exposure Of Incoming Mobile Messages, Chulhong Min, Saumay Pushp, Seungchul Lee, Inseok Hwang, Youngki Lee, Seungwoo Kang, Junehwa Song

Research Collection School Of Computing and Information Systems

Mobile instant messengers serve as major interaction media for everyday chats. Contrary to the belief that a message is seen only by a designated receiver, it can be accidentally exposed to someone nearby and could result in embarrassing moments, for example, when the receiver is viewing pictures together with his friend upon the message arrival. To understand the significance of the problem and core factors that cause such embarrassments, we collected 961 in-situ responses from 14 participants upon the actual message arrival and analyzed them from the perspective of the receiver's situation. The results showed that 29% of message arrivals …

On The Privacy Concerns Of Url Query Strings, Andrew G. West, Adam J. Aviv

Andrew G. West

URLs often utilize query strings (i.e., key-value pairs appended to the URL path) as a means to pass session parameters and form data. Often times these arguments are not privacy sensitive but are necessary to render the web page. However, query strings may also contain tracking mechanisms, user names, email addresses, and other information that users may not wish to reveal. In isolation such URLs are not particularly problematic, but the growth of Web 2.0 platforms such as social networks and micro-blogging means URLs (often copy-pasted from web browsers) are increasingly being publicly broadcast.

This position paper argues that the …

Towards Semantically Secure Outsourcing Of Association Rule Mining On Categorical Data, Junzuo Lai, Yingjiu Li, Robert H. Deng, Jian Weng, Chaowen Guan, Qiang Yan

Research Collection School Of Computing and Information Systems

When outsourcing association rule mining to cloud, it is critical for data owners to protect both sensitive raw data and valuable mining results from being snooped at cloud servers. Previous solutions addressing this concern add random noise to the raw data and/or encrypt the raw data with a substitution mapping. However, these solutions do not provide semantic security; partial information about raw data or mining results can be potentially discovered by an adversary at cloud servers under a reasonable assumption that the adversary knows some plaintext–ciphertext pairs. In this paper, we propose the first semantically secure solution for outsourcing association …

Mobile Banking Security Using Gps And Ldpc Codes, Matthew Francis Moccaro

Graduate Theses and Dissertations

Mobile Banking is becoming a major part of our world's financial system. Being able to manage one's finances on a mobile device can provide services that can make users more productive. It can also serve as a means of financial freedom to those who are unable to access physical banking facilities due to distance, or other problems. However, with such freedom also comes the need for security. A person's financial information is one of the most targeted groups of information by attackers. To secure these mobile freedoms, this paper presents a system to secure mobile banking procedures using global positioning …

Predicting Human Behavior, Tamara Kneese

Media Studies

Countless highly accurate predictions can be made from trace data, with varying degrees of personal or societal consequence (e.g., search engines predict hospital admission, gaming companies can predict compulsive gambling problems, government agencies predict criminal activity). Predicting human behavior can be both hugely beneficial and deeply problematic depending on the context. What kinds of predictive privacy harms are emerging? And what are the implications for systems of oversight and due process protections? For example, what are the implications for employment, health care and policing when predictive models are involved? How should varied organizations address what they can predict?

Evidentiary Power And Propriety Of Digital Identifiers And The Impact On Privacy Rights In The United States, Michael Losavio, Deborah Keeling

Journal of Digital Forensics, Security and Law

Media and network systems capture and store data about electronic activity in new, sometimes unprecedented ways; computational systems make for new means of analysis and knowledge development. These new forms offer new, powerful tactical tools for investigations of electronic malfeasance under traditional legal regulation of state power, particular that of Fourth Amendment limitations on police searches and seizures under the U.S. Constitution. But autonomy, identity and authenticity concerns with electronic data raise issues of public policy, privacy and proper police oversight of civil society. We examine those issues and their implications for digital and computational forensics

Effects Of The Factory Reset On Mobile Devices, Riqui Schwamm, Neil C. Rowe

Journal of Digital Forensics, Security and Law

Mobile devices usually provide a “factory-reset” tool to erase user-specific data from the main secondary storage. 9 Apple iPhones, 10 Android devices, and 2 BlackBerry devices were tested in the first systematic evaluation of the effectiveness of factory resets. Tests used the Cellebrite UME-36 Pro with the UFED Physical Analyzer, the Bulk Extractor open-source tool, and our own programs for extracting metadata, classifying file paths, and comparing them between images. Two phones were subjected to more detailed analysis. Results showed that many kinds of data were removed by the resets, but much user-specific configuration data was left. Android devices did …

I Remember Richelieu: Is Anything Secure Anymore?, Michael G. Crowley, Michael N. Johnstone

Australian Security and Intelligence Conference

Petraeus-gate, hacked nude celebrity photos in the cloud and the recent use of a search and seizure warrant in the United States of America to seek production of customer email contents on an extraterritorial server raises important issues for the supposably safe storage of data on the World Wide Web. Not only may there be nowhere to hide in cyberspace but nothing in cyberspace may be private. This paper explores the legal and technical issues raised by the these matters with emphasis on the courts decision “In the Matter of a Warrant to Search a Certain E-Mail Account Controlled and …

Surveillance At The Source, David Thaw

Articles

Contemporary discussion concerning surveillance focuses predominantly on government activity. These discussions are important for a variety of reasons, but generally ignore a critical aspect of the surveillance-harm calculus – the source from which government entities derive the information they use. The source of surveillance data is the information "gathering" activity itself, which is where harms like "chilling" of speech and behavior begin.

Unlike the days where satellite imaging, communications intercepts, and other forms of information gathering were limited to advanced law enforcement, military, and intelligence activities, private corporations now play a dominant role in the collection of information about individuals' …