Browsing by Subject "privacy"
Now showing 1 - 18 of 18
Results Per Page
Sort Options
Item A Blockchain-Based Hybrid Model for IoMT-Enabled Intelligent Healthcare System(IEEE, 2024-03-18) Rehman, Ateeq Ur; Tariq, Nargis; Jan, Mian Ahmad; Khan, Fazlullah; Song, Houbing; Ibrahim, MuhammadIn recent years, the healthcare industry has undergone a digital transformation, making patient data publicly available and accessible. Healthcare units make a portion of the data public while keeping the rest private, necessitating various mechanisms for security and privacy. Blockchain technology has been widely adopted in the healthcare sector to secure data transactions. However, public blockchains face challenges in scalability and privacy, whereas private blockchains struggle with centralization, interoperability, and complexity. To address these challenges, we propose an Internet of Medical Things (IoMT)-based hybrid blockchain architecture. The proposed architecture combines the decentralized Ethereum and the centralized Hyperledger Fabric blockchain (Eth-Fab) using SQLite to leverage Ethereum smart contracts with the Hyperledger permission model. Moreover, we introduce access control strategies to enhance patient data authentication and authorization. We have employed machine learning algorithms to assist healthcare practitioners in accurately detecting diseases and making time-efficient decisions. Additionally, we modeled the proposed architecture using the M/M/1 queuing model and derived closed-form expressions for latency, throughput, and server utilization. The validity of these expressions was verified through Monte Carlo simulations. The results demonstrate that higher service times (block generation) yield better outcomes in terms of latency, throughput, and utilization, regardless of the arrival time, i.e., transactions in the mining pool.Item Authorization and Privacy for Semantic Web Services(IEEE, 2004-07-01) Kagal, Lalana; Paoucci, Massimo; Srinivasan, Naveen; Denker, Grit; Finin, Tim; Sycara, KatiaWhen choosing, composing, invoking or monitoring a service it may be important or even critical to understand it's security attributes and policies. By security, we refer to a range of related aspects including authentication, authorization, confidentiality and privacy. We discuss how to incorporate security information into the OWL-S Semantic Web service model by integrating descriptions of semantically rich policies for authorization, privacy and confidentiality. These policies can include conditions on attributes of the service requester, provider, and the general context. We describe the ontologies used to annotate OWL-S input and output parameters with respect to their security characteristics, including various types of encryption and digital signatures. We present an algorithm for testing policy compliance that can be integrated into the service selection process of the OWL-S MatchMaker. This integration allows the requester to invoke only those services that match the formers policies and whose policies are met by the requester.Item Enhancing Web Privacy Protection through Declarative Policies(IEEE, 2005-06-07) Kolari, Pranam; Ding, Li; Ganjugunte, Shashidhara; Kagal, Lalana; Joshi, Anupam; Finin, TimThe Platform for Privacy Preferences (P3P) is a W3C framework for web privacy management. It provides a standard vocabulary that websites can use to describe their privacy practices. The presence of website published P3P policies enable users to configure web browsers to allow, block or warn users during access and data exchange with websites. It's a good idea that unfortunately is rarely used. We identify three primary reasons: (i) the languages available to describe user privacy preferences are not sufficiently expressive, (ii) P3P policies published by websites are not trusted by users and (iii) P3P framework does not provide a coherent view of available privacy protection mechanisms to the user. Towards addressing these issues; we present enhancements to the P3P framework. We use a more expressive policy language based on deontic concepts to describe users privacy-related policies, constraints and preferences. We introduce a new trust model for websites and describe its use in user privacy preferences. Finally, we present sample policies to demonstrate the relevance of our work and offer it as an effective starting point towards enhancing Web Privacy Protection.Item Exploring Older Adults' Attitudes Towards Privacy of Adaptive Assistive Technologies(2018-01-01) Gable Poneres, Kellie Nicole; Massey, Aaron K; Information Systems; Human Centered ComputingAdaptive assistive technologies can support the accessibility needs of individuals whose abilities vary due to a diagnosis, medication, or other external factors by monitoring and adapting to their fluctuating performance. As these systems offer many compelling benefits to users, the privacy threats posed by these systems have been largely overlooked in Human-Computer Interaction (HCI) literature. This work identifies potential privacy threats posed by adaptive assistive technologies, and investigates the privacy-related perspectives and concerns of older adults who experience varied pointing abilities, in the context of these systems. In our first study, we conducted eight interviews with older adults diagnosed with Essential Tremors. Six months later, six of our participants partook in novel participatory privacy elicitation activities in the second study. We found that participants had positive attitudes towards assistive technologies that gather their personal data, but also had strong preferences for how their data should be used and who should have access to it. We identify a need to factor in privacy threats when designing assistive technologies to avoid exposing users to these hazards. We conclude with design recommendations to offer users more agency over their collected data from these systems.Item Information Integration and Analysis: A Semantic Approach to Privacy(IEEE, 2011-10-09) Oberoi, Madan; Jagtap, Pramod; Joshi, Anupam; Finin, Tim; Kagal, LalanaThe balance between privacy and security concerns is a hotly debated topic, especially as government (and private) entities are able to gather and analyze data from several disparate sources with ease. This ability to do large scale analytics of publicly accessible data leads to significant privacy concerns. In particular, for the government, there is the fear of a fishing expedition against individuals. The model in this paper describes a way to address these concerns in a multi-user and multi-database owner environment. The model provides an assurance system where database owners are able to test and audit the assurances given by users thereby increasing the trust in the system. The concept of segregating data used for processing from data needed for final end use and providing different levels of access to them through a mediator machine has been used. The audit component consisting of a justification mechanism increases the trust in the system.Item PatientService : Electronic Patient Record Redaction and Delivery in Pervasive Environments(IEEE, 2003-06-01) Choudhri, Amit; Kagal, Lalana; Joshi, Anupam; Finin, Tim; Yesha, YelenaHealthcare today is moving away from the tethered domain and becoming diffused into an environment rich with portable digital devices. In this evolving environment, the need to deliver information such as Electronic Patient Records at the point – of – care is a prime factor in managing the healthcare system efficiently. This however presents serious security challenges in pervasive environments such as wirelessly – connected hospitals; where protecting the confidentiality of the information, while at the same time allowing authorized user to access it conveniently is the core issue in the paradigm. We describe the security challenges in pervasive computing environments, and explain why traditional security mechanisms fail to meet the demands of these environments. We use an architecture that incorporates policy based security and distributed trust management to provide a highly flexible approach for accessing Electronic Patient Records that are electronically redacted depending on the users digital credentials. We then present a prototype of the system using a variety of portable devices with wireless technology and include the policy used to test the system.Item A Pervasive Computing Ontology for User Privacy Protection in the Context Broker Architecture(2004-07-12) Chen, Harry; Finin, Tim; Joshi, AnupamPrivacy protection is a key requirement for the future pervasive computing systems. This paper describes the design and implementation of a privacy protection framework that exploits the SOUPA policy ontology and its associated policy reasoning algorithm. The SOUPA policy ontology expressed in the Web Ontology Language OWL allows users to define policy rules to permit or forbid actions that attempt to access the users' private information. Central to the policy reasoning algorithm is the use of a Description Logic inference engine that reasons over the OWL-DL constructs of the policy ontology. We also show the feasibility of this framework through a prototype of the Context Broker Architecture (CoBrA).Item A Policy Based Infrastructure for Social Data Access with Privacy Guarantees(IEEE, 2010-07-21) Kodeswaran, Palanivel Andiappan; Viegas, EvelyneIn this paper, we present a policy based infrastructure for social data access with the goal of enabling scientific research, while preservingprivacy. We describe motivating application scenarios that could be enabled with the growing number of user datasets such as social networks, medical datasets etc. These datasets contain sensitive user information and sufficient caution must be exercised while sharing them with third parties to prevent privacy leaks. One of the goals of our framework is to allow users to control how their data is used, while at the same time enable researchers to use the aggregate data for scientific research. We extend existing access control languages to explicitly model user intent in data sharing as well as supporting additional access modes viz. Complete Access, Abstract Access and Statistical Access that go beyond the traditional allow/deny binary semantics of access control. We then describe our policy infrastructure and show how it can be used to enable the above scenarios while still guaranteeing individual privacy. We then present our initial implementation of the framework extending the SecPAL authorization language to account for new roles and operations.Item Preserving Privacy in Context-Aware Systems(IEEE, 2011-10-09) Jagtap, Pramod; Joshi, Anupam; Finin, Tim; Zavala, LauraRecent years have seen a confluence of two major trends – the increase of mobile devices such as smart phones as the primary access point to networked information and the rise of social media platforms that connect people. Their convergence supports the emergence of a new class of context-aware geosocial networking applications. While existing systems focus mostly on location, our work centers on models for representing and reasoning about a more inclusive and higher-level notion of context, including the user’s location and surroundings, the presence of other people and devices, and the inferred activities in which they are engaged. A key element of our work is the use of collaborative information sharing where devices share and integrate knowledge about their context. This introduces the need for privacy and security mechanisms. We present a framework to provide users with appropriate levels of privacy to protect the personal information their mobile devices are collecting, including the inferences that can be drawn from the information. We use Semantic Web technologies to specify high-level, declarative policies that describe user information sharing preferences. We have built a prototype system that aggregates information from a variety of sensors on the phone, online sources, and sources internal to the campus intranet, and infers the dynamic user context. We show how our policy framework can be effectively used to devise better privacy control mechanisms to control inItem Privacy Preservation in Context Aware Geosocial Networking Applications(University of Maryland, Baltimore County, 2011-05-01) Jagtap, Pramod; Joshi, Anupam; Finin, Tim; Zavala, LauraRecent years have seen a confluence of two major trends - the increase of mobile devices such as smart phones as the primary access point to networked information and the rise of social media platforms that connect people. Their convergence supports the emergence of a new class of context-aware geo-social networking applications. While existing systems focus mostly on location, our work centers on models for representing and reasoning about a more inclusive and higher-level notion of context, including the user's location and surroundings, the presence of other people and devices, feeds from social networking systems they use, and the inferred activities in which they are engaged. A key element of our work is the use of collaborative information sharing where devices share and integrate knowledge about their context. This introduces the need for privacy and security mechanisms. We present a framework to provide users with appropriate levels of privacy to protect the personal information their mobile devices are collecting including the inferences that can be drawn from the information. We use Semantic Web technologies to specify high-level, declarative policies that describe user's information sharing preferences. We have built a prototype system that aggregates information from a variety of sensors on the phone, online sources, and sources internal to the campus intranet, and infers the dynamic user context. We show how our policy framework can be e ffectively used to devise better privacy control mechanisms to control information ow between users in such dynamic mobile systems.Item Private Virtual Infrastructure for Cloud Computing(2009) Krautheim, F. JohnCloud computing places an organization’s sensitive data in the control of a third party, introducing a significant level of risk on the privacy and security of the data. We propose a new management and security model for cloud computing called the Private Virtual Infrastructure (PVI) that shares the responsibility of security in cloud computing between the service provider and client, decreasing the risk exposure to both. The PVI datacenter is under control of the information owner while the cloud fabric is under control of the service provider. A cloud Locator Bot pre-measures the cloud for security properties, securely provisions the datacenter in the cloud, and provides situational awareness through continuous monitoring of the cloud security. PVI and Locator Bot provide the tools that organizations require to maintain control of their information in the cloud and realize the benefits of cloud computing.Item Protecting the privacy of RFID tags(2006-09-01) Vartak, Nimish; Patwardhan, Anand; Joshi, Anupam; Nagy, PaulRadio Frequency Identification (RFID) is an emerging wireless technology with many potential applications, including supply chain management, personnel tracking and point of sale checkout. Its wide spread adoption raises concerns about known security and privacy vulnerabilities, including the ability of rogue RFID readers to access the unique identifier and data of RFID tags. To prevent the eavesdropping of tag through communication channel, methods like one-way hashing, cryptography and one-time pads have been used; however they do not prevent the clandestine tracking of tags using their unique identifier.We describe a novel scheme to protect the identity of tags, and prevent them from being clandestinely tracked and inventoried. Our approach uses inexpensive passive RFID tags, an RFID reader, an authenticating agent, and a local entity that can dynamically reprogram tags to protect their identity. We ensure visibility of goods to authorized RFID readers at any point in the transit of RFID tagged goods from one location to another, while denying information to unauthorized readers. The approach protects the identity of the RFID tags without significant changes to the existing infrastructure and obviates the need for expensive active RFID tags. We present our scheme in the context of a transit vehicle like a truck which carries RFID tagged goods from one place to another.Item RISK ANALYSIS OF THE DISCOVERABILITY OF PERSONAL DATA USED FOR PRIMARY AND SECONDARY AUTHENTICATION(2017-01-01) Richards, Kirsten E.; Norcio, Anthony F; Information Systems; Information SystemsPersonal data are frequently leveraged to create passwords for password based authentication systems. Personal data are also used in secondary authentication systems, particularly those based around a question and answer format. The use of personal data in authenticators is believed to be driven, to some degree, by usability. The antinomic proposition of usable system authentication, an easily remembered and usable scheme for the proper user which is simultaneously unknown and unusable to any other entity, historically proves to be an elusive goal. While alternative propositions for authentication protocols are numerous, lacking in literature is foundational work directly relating potential authenticators with the discoverability of personal data online. This dissertations investigates the discoverability of personal data, particularly whether another human is able to purposefully find particular personal data commonly used in authentication protocols. Between fifty and sixty participants provide search results for specific personal data regarding four additional participants. The four participants acted as a source for the personal data, consented to the web search and validated the accuracy of data supplied by the data seeking participants. Analyses of the results reveals consistent patterns in the personal data discovered. The results lay a foundation for the improvement of current authentication systems and provide a significant step in both methodology and recommendations to guide the development of alternatives with a goal towards the creation of usable, secure authentication systems. Furthermore, the results provide insight into the nature of privacy, user control of data and the availability of personal data on Web sources.Item Semantic knowledge and privacy in the physical web(CEUR, 2016-10-18) Das, Prajit Kumar; Kashyap, Abhay L.; Singh, Gurpreet; Matuszek, Cynthia; Finin, Tim; Joshi, AnupamIn the past few years, the Internet of Things has started to become a reality; however, its growth has been hampered by privacy and security concerns. One promising approach is to use Semantic Web technologies to mitigate privacy concerns in an informed, flexible way. We present CARLTON, a framework for managing data privacy for entities in a Physical Web deployment using Semantic Web technologies. CARLTON uses context-sensitive privacy policies to protect privacy of organizational and personnel data. We provide use case scenarios where natural language queries for data are handled by the system, and show how privacy policies may be used to manage data privacy in such scenarios, based on an ontology of concepts that can be used as rule antecedents in customizable privacy policies.Item Using a participatory activities toolkit to elicit privacy expectations of adaptive assistive technologies(ACM, 2020-04-20) Hamidi, Foad; Poneres, Kellie; Massey, Aaron; Hurst, AmyIndividuals whose abilities change over time can benefit from assistive technologies that can detect and adapt to their current needs. While these Adaptive Assistive Technologies (AATs) offer exciting opportunities, their use presents an often-overlooked privacy tradeoff between usability and disclosing ability data. To explore this tradeoff from end-user perspectives, we developed a participatory activities toolkit comprised of tangible low-fidelity physical cards, charts, and two software AAT prototypes. We used the kit in interviews with six older adults who experience pointing and typing difficulties when accessing the Internet. Participants had conflicting views about AATs collecting their data, and strong preferences about what data should be collected, how should it be used, and who should have access to it. The contributions of this paper are twofold: (1) we describe a novel approach to elicit detailed end-user privacy preferences and expectations, and (2) we provide insights from representative users of AATs towards their privacy.Item Using a Participatory Toolkit to Elicit Youth’s Workplace Privacy Perspectives(ACM, 2021-12-11) Easley III, William; Asgarali-Hoffman, Nisa; Hurst, Amy; Mentis, Helena; Hamidi, FoadThe rapid evolution of technology has enabled us to perform complex, interdependent, and geographically distributed work. As a result, the effective use of communication and coordination technologies is increasingly crucial to success in the workplace, raising at the same time concerns about workplace privacy. In this paper, we present a case study showing how we adapted and used a participatory toolkit to elicit the privacy perspectives of a 3D print shop’s youth employees. Participants expected their managers and co-workers, rather than other third-parties, to see their data, and yet prioritized keeping their co-workers informed rather than being overly concerned about third-parties accessing their data. We found this approach effective at creating an expressive space for the youth to reflect on and share their expectations and preferences on workplace data privacy, a practice that can enhance both their workplace participation and professional communication training. We conclude with thoughts on how using open-ended participatory mechanisms can support employees’ ongoing reflection on the privacy of communication and coordination technologies, leading to increased fluency and participation in workplace decision-making.Item VoteXX: A Remote Voting System that is Coercion Resistant(2020-10-29) Chaum, David; Carback III, Richard T.; Clark, Jeremy; Liu, Chao; Nejadgholi, Mahdi; Preneel, Bart; Sherman, Alan T.; Yaksetig, Mario; Zagorski, FilipDesigning voting systems is notoriously difficult because both outcome integrity and ballot privacy are essential. Remote voting, including by mail or Internet, adds major additional challenges. While internet voting can offer numerous advantages, including improved usability and accessibility, the current systems don’t solve these challenges. In short, there currently is no such thing as a "secure" Internet voting system, despite the claims made by vendors. Remote voting by mail is already here, and we are concerned with some of it's inherent weaknesses. Notably, people selling votes online by videoing the marking and mailing of their ballots is extremely concerning, as is the lack of a concrete way to be sure your ballot is included in the tally. VoteXX team has developed several promising new strategies that we believe, with sufficient research and development, can be used to make viable internet voting systems:Item Young Adult Preferences for Campaign Website Personalization and Privacy: A Data-driven Instrument for Design(2017-01-01) Richards, Timothy Michael; Ozok, Asim A; Information Systems; Information SystemsWebsites have been used by political campaigns for nearly two and a half decades and the literature has adequately covered human factors aspects of political campaign websites with the help of usability, task analysis, and content analysis studies. However, there was a gap in the literature concerning the relationship between campaign website visitor privacy preferences, content personalization, and trust in the candidate or campaign. This dissertations presents the idea that user preferences regarding privacy and personalization inform the design process of such websites and impact user trust. Built upon the human factors, political communication, and Internet politics literature, this dissertations examines the privacy and personalization preferences of young adult website users in the political sphere by seeking which factors have an impact on trust. The focus is on obtaining data before design regarding existent user privacy knowledge, user behavior patterns, user perceptions, and user expectations rather than on relying on post-campaign website analysis. In this dissertations a theoretical framework between privacy, personalization, and trust is developed using a mixed methods approach. Data was collected from young adults using an online survey and in-person interviews. Quantitative data collected from the survey was statistically analyzed and qualitative data from the interviews was coded for themes. The results of the study provide a theoretical model showing the relationship between privacy, personalization, and trust in a political campaign website as perceived by young adults. Control of the website experience and of data self-disclosure is foundational in young adult trust of campaign websites. Automated content personalization can limit this control and places a higher requisite of disclosure on the website user than on the campaign and candidate. This is perceived negatively by users and heightens their need for privacy and raises "red flags" regarding the trustworthiness of the campaign website and candidate. Practical implications for design can mitigate this mistrust of political websites by young adults. This dissertations describes treatment of the privacy policy, privacy awareness tools, opt-in processes, user controlled personalization tools as campaign website features that can allow personalization and privacy balance.