Information privacy

About: Information privacy is a research topic. Over the lifetime, 25412 publications have been published within this topic receiving 579611 citations. The topic is also known as: data privacy & data protection.

Practical attacks on proximity identification systems

Abstract: The number of RFID devices used in everyday life has increased, along with concerns about their security and user privacy. This paper describes our initial findings on practical attacks that we implemented against 'proximity' (ISO 14443 A) type RFID tokens. Focusing mainly on the RF communication interface we discuss the results and implementation of eavesdropping, unauthorized scanning and relay attacks. Although most of these attack scenarios are regularly mentioned in literature little technical details have been published previously. We also present a short overview of mechanisms currently available to prevent these attacks.

A Cryptographic Key Management Solution for HIPAA Privacy/Security Regulations

Abstract: The Health Insurance Portability and Accountability Act (HIPAA) privacy and security regulations are two crucial provisions in the protection of healthcare privacy. Privacy regulations create a principle to assure that patients have more control over their health information and set limits on the use and disclosure of health information. The security regulations stipulate the provisions implemented to guard data integrity, confidentiality, and availability. Undoubtedly, the cryptographic mechanisms are well defined to provide suitable solutions. In this paper, to comply with the HIPAA regulations, a flexible cryptographic key management solution is proposed to facilitate interoperations among the applied cryptographic mechanisms. In addition, case of consent exceptions intended to facilitate emergency applications and other possible exceptions can also be handled easily.

A Critique of k-Anonymity and Some of Its Enhancements

Abstract: k-Anonymity is a privacy property requiring that all combinations of key attributes in a database be repeated at least for k records. It has been shown that k-anonymity alone does not always ensure privacy. A number of sophistications of k-anonymity have been proposed, like p-sensitive k-anonymity, l-diversity and t-closeness. This paper explores the shortcomings of those properties, none of which turns out to be completely convincing.

The Digital Individual and the Private Realm

Abstract: Geographic information systems and the technological family associated with them—global positioning systems, geodemographics, and remote surveillance systems—raise important questions with respect to the issue of privacy. Of most immediate import, the systems store and represent data in ways that render ineffective the most popular safeguards against privacy abuse. But the systems are associated with more fundamental changes in the right to privacy and even, some would say, with challenges to the possibility of privacy itself. They make reasonable and acceptable the view that technological change is inevitable and autonomous, and therefore, too, are the development of increasingly comprehensive dossiers on individuals and households and the use of increasingly powerful means for the technological enhancements of vision. And their use in the creation of data profiles supports a wide-ranging reconceptualization of community, place, and individual. Nonetheless, in the ways they create and use digital profile...

How Well Do My Results Generalize? Comparing Security and Privacy Survey Results from MTurk, Web, and Telephone Samples

Abstract: Security and privacy researchers often rely on data collected from Amazon Mechanical Turk (MTurk) to evaluate security tools, to understand users' privacy preferences and to measure online behavior. Yet, little is known about how well Turkers' survey responses and performance on security- and privacy-related tasks generalizes to a broader population. This paper takes a first step toward understanding the generalizability of security and privacy user studies by comparing users' self-reports of their security and privacy knowledge, past experiences, advice sources, and behavior across samples collected using MTurk (n=480), a census-representative web-panel (n=428), and a probabilistic telephone sample (n=3,000) statistically weighted to be accurate within 2.7% of the true prevalence in the U.S. Surprisingly, the results suggest that: (1) MTurk responses regarding security and privacy experiences, advice sources, and knowledge are more representative of the U.S. population than are responses from the census-representative panel; (2) MTurk and general population reports of security and privacy experiences, knowledge, and advice sources are quite similar for respondents who are younger than 50 or who have some college education; and (3) respondents' answers to the survey questions we ask are stable over time and robust to relevant, broadly-reported news events. Further, differences in responses cannot be ameliorated with simple demographic weighting, possibly because MTurk and panel participants have more internet experience compared to their demographic peers. Together, these findings lend tempered support for the generalizability of prior crowdsourced security and privacy user studies; provide context to more accurately interpret the results of such studies; and suggest rich directions for future work to mitigate experience- rather than demographic-related sample biases.