Acatech STUDIE September 2012 Titel
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Mapping the Space of Location-Based Services 5
CHARLIEDETAR MAPPINGTHESPACEOFLOCATION- BASEDSERVICES 2 charlie detar Abstract This paper is an attempt to both summarize the current state of Lo- cation Based Services (LBS), and to unpack and problematize the underlying assumptions on which they operate. Location based ser- vices — including applications for mapping and navigation, social networking, gaming, and tourism and information services — are all based on the idea that information about a user’s location can be used to adapt the content and user interface of a service, improving it. However, the “location” used by these systems is usually restricted to data-poor representations such as geographic coordinates, and as such provides an insufficient cue for the rich and culturally contin- gent context embodied in the notion of a “place”. I will argue that developers should consider both the salience of the particular place- or space-based context to their application domain, and the potential impacts the application will have on a user’s sense of place when designing location based services. Contents 1 Introduction: Location, Location, Location 4 2 Space: the geometry of location 7 3 Place: the interpretation of location 12 4 Technology of space and place 17 5 Space, place, and location based services 22 6 Conclusion 45 7 Bibliography 46 1 Introduction: Location, Location, Location Location is a deep component of how we experience the world — it encapsulates not only a mathematical abstraction for our positions in space, but also a rich set of cultural meanings that we associate with particular places, which bound and contextualize our experience. The concept of “place” combines both geography and sociality — one has a “place” in relation to other people (and deviant behavior is “out of place”). -
The Web Never Forgets: Persistent Tracking Mechanisms in the Wild
The Web Never Forgets: Persistent Tracking Mechanisms in the Wild Gunes Acar1, Christian Eubank2, Steven Englehardt2, Marc Juarez1 Arvind Narayanan2, Claudia Diaz1 1KU Leuven, ESAT/COSIC and iMinds, Leuven, Belgium {name.surname}@esat.kuleuven.be 2Princeton University {cge,ste,arvindn}@cs.princeton.edu ABSTRACT 1. INTRODUCTION We present the first large-scale studies of three advanced web tracking mechanisms — canvas fingerprinting, evercookies A 1999 New York Times article called cookies compre and use of “cookie syncing” in conjunction with evercookies. hensive privacy invaders and described them as “surveillance Canvas fingerprinting, a recently developed form of browser files that many marketers implant in the personal computers fingerprinting, has not previously been reported in the wild; of people.” Ten years later, the stealth and sophistication of our results show that over 5% of the top 100,000 websites tracking techniques had advanced to the point that Edward employ it. We then present the first automated study of Felten wrote “If You’re Going to Track Me, Please Use Cook evercookies and respawning and the discovery of a new ev ies” [18]. Indeed, online tracking has often been described ercookie vector, IndexedDB. Turning to cookie syncing, we as an “arms race” [47], and in this work we study the latest present novel techniques for detection and analysing ID flows advances in that race. and we quantify the amplification of privacy-intrusive track The tracking mechanisms we study are advanced in that ing practices due to cookie syncing. they are hard to control, hard to detect and resilient Our evaluation of the defensive techniques used by to blocking or removing. -
Zeszyty T 13 2018 Tytulowa I Redakcyjna
POLITECHNIKA KOSZALIŃSKA Zeszyty Naukowe Wydziału Elektroniki i Informatyki Nr 13 KOSZALIN 2018 Zeszyty Naukowe Wydziału Elektroniki i Informatyki Nr 13 ISSN 1897-7421 ISBN 978-83-7365-501-0 Przewodniczący Uczelnianej Rady Wydawniczej Zbigniew Danielewicz Przewodniczący Komitetu Redakcyjnego Aleksy Patryn Komitet Redakcyjny Krzysztof Bzdyra Walery Susłow Wiesław Madej Józef Drabarek Adam Słowik Strona internetowa https://weii.tu.koszalin.pl/nauka/zeszyty-naukowe Projekt okładki Tadeusz Walczak Skład, łamanie Maciej Bączek © Copyright by Wydawnictwo Uczelniane Politechniki Koszalińskiej Koszalin 2018 Wydawnictwo Uczelniane Politechniki Koszalińskiej 75-620 Koszalin, ul. Racławicka 15-17 Koszalin 2018, wyd. I, ark. wyd. 5,72, format B-5, nakład 100 egz. Druk: INTRO-DRUK, Koszalin Spis treści Damian Giebas, Rafał Wojszczyk ..................................................................................................................................................... 5 Zastosowanie wybranych reprezentacji graficznych do analizy aplikacji wielowątkowych Grzegorz Górski, Paweł Koziołko ...................................................................................................................................................... 27 Semantyczne ataki na aplikacje internetowe wykorzystujące język HTML i arkusze CSS Grzegorz Górski, Paweł Koziołko ..................................................................................................................................................... 37 Analiza skuteczności wybranych metod -
Location-Aware Applications Considering the Impact of Privacy Legislation
Richard Ferraro Murat Aktihanoglu MANNING Location Aware Applications Richard Ferraro Murat Aktihanoglu Chapter 10 Copyright 2011 Manning Publications brief contents PART 1LBS, THE BIG PICTURE 1 ■ Location-based services: an overview 2 ■ Positioning technologies 3 ■ Mapping 4 ■ Content options PART 2TECHNOLOGY 5 ■ Consumer applications 6 ■ Mobile platforms 7 ■ Connectivity issues 8 ■ Server-side integration PART 3CREATING WINNING LBS BUSINESSES 9 ■ Monetization of location-based services 10 ■ The privacy debate 11 ■ Distributing your application 12 ■ Securing your business idea v The privacy debate This chapter covers Explaining what privacy really means Exploring the two sides of the privacy debate Understanding who manages privacy within location-aware applications Considering the impact of privacy legislation We started part 3, the final part of the book, by discussing in chapter 9 the different ways in which we can monetize location -aware applications and ser vices. Where these services are directed at the general public, extra care is required because of the ongoing debate over privacy of location data. If you were to survey an expert panel of mobile and web professionals about what they thought was the number-one hurdle to a wider and faster spread of LBS, we’d bet a large sum of money that their answer would be “privacy concerns.” More and more, the terms privacy and location are mentioned together (try Googling for the two terms together, and you’ll get over 1,980,000,000 entries), and the driver behind this is that people value their locational privacy above all 214 What do we mean by privacy? 215 other types of privacy (religious privacy, cultural privacy, behavioral privacy, and so on). -
Privacy Considerations for Secure Identification in Social Wireless
Privacy considerations for secure identification in social wireless networks Master’s degree thesis ELENA KOZHEMYAK Academic supervisor: Sonja Buchegger, KTH External supervisor: Christian Gehrmann, SICS Examiner: Johan Håstad, KTH September 2011 iii Abstract This thesis focuses on privacy aspects of identification and key exchange schemes for mobile social networks. In particular, we consider identification schemes that combine wide area mobile communication with short range com- munication such as Bluetooth, WiFi. The goal of the thesis is to identify possi- ble security threats to personal information of users and to define a framework of security and privacy requirements in the context of mobile social networking. The main focus of the work is on security in closed groups and the procedures of secure registration, identification and invitation of users in mobile social net- works. The thesis includes an evaluation of the proposed identification and key exchange schemes and a proposal for a series of modifications that augments its privacy-preserving capabilities. The ultimate design provides secure and ef- fective identity management in the context of, and in respect to, the protection of user identity privacy in mobile social networks. Keywords: mobile social networks, identity privacy, identity management, pseudonyms. iv Sammanfattning Det här examensarbetet handlar om personlig integritet, identifiering och nyckelutbyte i mobila sociala nätverk. Speciellt adresserar vi dessa aspekter för system som kombinerar mobil kommunikation med kort räckviddskommunika- tion som Bluetooth och WiFi. Målet med detta arbete är att identifiera möjliga säkerhetshot mot användarinformation och att ta fram ett ramverk för säkerhet och krav på personlig integritet i mobila sociala nätverk. Tyngdpunkten i ar- betet ligger på säkerhet i slutna grupper och förfaranden för säker registrering, identifiering och inbjudan av användare i mobila sociala nätverk. -
Practical Forward Secure Signatures Using Minimal Security Assumptions
Practical Forward Secure Signatures using Minimal Security Assumptions Vom Fachbereich Informatik der Technischen Universit¨atDarmstadt genehmigte Dissertation zur Erlangung des Grades Doktor rerum naturalium (Dr. rer. nat.) von Dipl.-Inform. Andreas H¨ulsing geboren in Karlsruhe. Referenten: Prof. Dr. Johannes Buchmann Prof. Dr. Tanja Lange Tag der Einreichung: 07. August 2013 Tag der m¨undlichen Pr¨ufung: 23. September 2013 Hochschulkennziffer: D 17 Darmstadt 2013 List of Publications [1] Johannes Buchmann, Erik Dahmen, Sarah Ereth, Andreas H¨ulsing,and Markus R¨uckert. On the security of the Winternitz one-time signature scheme. In A. Ni- taj and D. Pointcheval, editors, Africacrypt 2011, volume 6737 of Lecture Notes in Computer Science, pages 363{378. Springer Berlin / Heidelberg, 2011. Cited on page 17. [2] Johannes Buchmann, Erik Dahmen, and Andreas H¨ulsing.XMSS - a practical forward secure signature scheme based on minimal security assumptions. In Bo- Yin Yang, editor, Post-Quantum Cryptography, volume 7071 of Lecture Notes in Computer Science, pages 117{129. Springer Berlin / Heidelberg, 2011. Cited on pages 41, 73, and 81. [3] Andreas H¨ulsing,Albrecht Petzoldt, Michael Schneider, and Sidi Mohamed El Yousfi Alaoui. Postquantum Signaturverfahren Heute. In Ulrich Waldmann, editor, 22. SIT-Smartcard Workshop 2012, IHK Darmstadt, Feb 2012. Fraun- hofer Verlag Stuttgart. [4] Andreas H¨ulsing,Christoph Busold, and Johannes Buchmann. Forward secure signatures on smart cards. In Lars R. Knudsen and Huapeng Wu, editors, Se- lected Areas in Cryptography, volume 7707 of Lecture Notes in Computer Science, pages 66{80. Springer Berlin Heidelberg, 2013. Cited on pages 63, 73, and 81. [5] Johannes Braun, Andreas H¨ulsing,Alex Wiesmaier, Martin A.G. -
Stuxnet : Analysis, Myths and Realities
ACTUSÉCU 27 XMCO David Helan STUXNET : ANALYSIS, MYTHS AND REALITIES CONTENTS Stuxnet: complete two-part article on THE virus of 2010 Keyboard Layout: analysis of the MS10-073 vulnerability used by Stuxnet Current news: Top 10 hacking techniques, zero-day IE, Gsdays 2010, ProFTPD... Blogs, softwares and our favorite Tweets... This document is the property of XMCO Partners. Any reproduction is strictly prohibited. !!!!!!!!!!!!!!!!! [1] Are you concerned by IT security in your company? ACTU SÉCU 27 XMCO Partners is a consultancy whose business is IT security audits. Services: Intrusion tests Our experts in intrusion can test your networks, systems and web applications Use of OWASP, OSSTMM and CCWAPSS technologies Security audit Technical and organizational audit of the security of your Information System Best Practices ISO 27001, PCI DSS, Sarbanes-Oxley PCI DSS support Consulting and auditing for environments requiring PCI DSS Level 1 and 2 certification. CERT-XMCO: Vulnerability monitoring Personalized monitoring of vulnerabilities and the fixes affecting your Information System CERT-XMCO: Response to intrusion Detection and diagnosis of intrusion, collection of evidence, log examination, malware autopsy About XMCO Partners: Founded in 2002 by experts in security and managed by its founders, we work in the form of fixed-fee projects with a commitment to achieve results. Intrusion tests, security audits and vulnerability monitoring are the major areas in which our firm is developing. At the same time, we work with senior management on assignments providing support to heads of information- systems security, in drawing up master plans and in working on awareness-raising seminars with several large French accounts. -
Privacy Leakage in Mobile Online Social Networks
Privacy Leakage in Mobile Online Social Networks Balachander Krishnamurthy, AT&T Labs – Research Craig E. Wills, Worcester Polytechnic Institute Workshop on Online Social Networks Boston, MA USA June 2010 1 Introduction Previously studied the leakage of personally identifiable information via Online Social Networks (OSNs) to third-party aggregators. Trend towards use of mobile devices to access OSNs (Facebook reports 25% of users access OSN via a mobile device every month). Also development of new OSNs—mobile OSNs (mOSNs)—that primarily cater to mobile users. Examples include Brightkite, Foursquare, Gowalla, Loopt, Urbanspoon, Whrrl. Mobile access to Web sites designed specifically for mobile devices and through the development of “apps” that are specific to a site and to a mobile platform. 2 New Privacy Concerns Mobile devices potentially introduce new privacy concerns for mOSNs. These include: • user presence and geographic location • information shared with a mOSN connected to a traditional OSN is also shared with that OSN • unique device identifiers Examine the degree to which leakage of private information is occurring via mOSNs. Related work by Chen&Rahman’08 on analyzing privacy designs of social networking apps focusing on location. 3 Interfaces and Interconnections for mOSNs Mobile Browser Mobile Browser 3rd−Party 3rd−Party 3rd−Party Server Server Server 1 2 3 Mobile Web Site Mobile Web Site Mobile API ConnectOSN API Connect Mobile OSN 1 Providing API Mobile OSN 2 Apps Connect Full Web Site Full Web Site 3rd−Party 3rd−Party Server Server 4 5 Traditional Browser Traditional Browser Interfaces include full Web site, mobile Web site and mobile app. -
Tracking the Cookies a Quantitative Study on User Perceptions About Online Tracking
Bachelor of Science in Computer Science Mars 2019 Tracking the cookies A quantitative study on user perceptions about online tracking. Christian Gribing Arlfors Simon Nilsson Faculty of Computing, Blekinge Institute of Technology, 371 79 Karlskrona, Sweden This thesis is submitted to the Faculty of Computing at Blekinge Institute of Technology in partial fulfilment of the requirements for the degree of Bachelor of Science in Computer Science. The thesis is equivalent to 20 weeks of full time studies. The authors declare that they are the sole authors of this thesis and that they have not used any sources other than those listed in the bibliography and identified as references. They further declare that they have not submitted this thesis at any other institution to obtain a degree. Contact Information: Author(s): Christian Gribing Arlfors E-mail: [email protected] Simon Nilsson E-mail: [email protected] University advisor: Fredrik Erlandsson Department of Computer Science Faculty of Computing Internet : www.bth.se Blekinge Institute of Technology Phone : +46 455 38 50 00 SE–371 79 Karlskrona, Sweden Fax : +46 455 38 50 57 Abstract Background. Cookies and third-party requests are partially implemented to en- hance user experience when traversing the web, without them the web browsing would be a tedious and repetitive task. However, their technology also enables com- panies to track users across the web to see which sites they visit, which items they buy and their overall browsing habits which can intrude on users privacy. Objectives. This thesis will present user perceptions and thoughts on the tracking that occurs on their most frequently visited websites. -
On the Privacy Implications of Real Time Bidding
On the Privacy Implications of Real Time Bidding A Dissertation Presented by Muhammad Ahmad Bashir to The Khoury College of Computer Sciences in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Computer Science Northeastern University Boston, Massachusetts August 2019 To my parents, Javed Hanif and Najia Javed for their unconditional support, love, and prayers. i Contents List of Figures v List of Tables viii Acknowledgmentsx Abstract of the Dissertation xi 1 Introduction1 1.1 Problem Statement..................................3 1.1.1 Information Sharing Through Cookie Matching...............3 1.1.2 Information Sharing Through Ad Exchanges During RTB Auctions....5 1.2 Contributions.....................................5 1.2.1 A Generic Methodology For Detecting Information Sharing Among A&A companies..................................6 1.2.2 Transparency & Compliance: An Analysis of the ads.txt Standard...7 1.2.3 Modeling User’s Digital Privacy Footprint..................9 1.3 Roadmap....................................... 10 2 Background and Definitions 11 2.1 Online Display Advertising.............................. 11 2.2 Targeted Advertising................................. 13 2.2.1 Online Tracking............................... 14 2.2.2 Retargeted Ads................................ 14 2.3 Real Time Bidding.................................. 14 2.3.1 Overview................................... 15 2.3.2 Cookie Matching............................... 16 2.3.3 Advertisement Served via RTB....................... -
Location-Sharing Technologies: Privacy Risks and Controls
Location-Sharing Technologies: Privacy Risks and Controls Janice Y. Tsai, Patrick Gage Kelley, Lorrie Faith Cranor, Norman Sadeh Carnegie Mellon University Pittsburgh, PA [email protected], [email protected], [email protected], [email protected] Updated February 2010 Abstract. Due to the ability of cell phone providers to use cell phone towers to pinpoint users’ locations, federal E911 requirements, the increasing popularity of GPS-capabilities in cellular phones, and the rise of cellular phones for Internet use, a plethora of new applications have been developed that share users’ real-time location information online [27]. This paper evaluates users’ risk and benefit perceptions related to the use of these technologies and the privacy controls of existing location-sharing applications. We conducted an online survey of American Internet users (n = 587) to evaluate users’ perceptions of the likelihood of several location-sharing use scenarios along with the magnitude of the benefit or harm of each scenario (e.g. being stalked or finding people in an emergency). We find that although the majority of our respondents had heard of location-sharing technologies (72.4%), they do not yet understand the potential value of these applications, and they have concerns about sharing their location information online. Most importantly, participants are extremely concerned about controlling who has access to their location. Generally, respondents feel the risks of using location-sharing technologies outweigh the benefits. Respondents felt that the most likely harms would stem from revealing the location of their home to others or being stalked. People felt the strongest benefit were being able to find people in an emergency and being able to track their children. -
Social Networking on Android
MeetYou – Social Networking on Android Alexandra-Mihaela Siriteanu Adrian Iftene Faculty of Computer Science Faculty of Computer Science “Al. I. Cuza” University “Al. I. Cuza” University Iasi, Romania Iasi, Romania [email protected] [email protected] Abstract – This paper aims to present a system that illustrates the According to Wikipedia, Android architecture consists in a social nature of a human being – the need to be always in touch “Linux kernel with middleware, libraries and APIs written in C with family and friends – taking into account facilities available and application software running on a platform which includes on Android platform. The role of this application is to create a Java-compatible libraries based on Apache”, a free type social network in which the users are being alerted when their software and open source license, aspect that makes it very friends are around. This gives them the possibility to set up a meeting or to avoid one. The users have the possibility to check in attracted among developers [3]. We will show in this paper some locations and allow their friends to follow their activity. how we used this architecture in order to build MeetYou Taking into account the security of the users, we included in the application. facilities of the application an option which allows close friends or family to check the user’s location based on a keyword text MeetYou application comes with two new facilities in message. For this purpose, available Android location and comparison with existing solutions. First one is related to the messages services are used for finding an approximate location of fact that users can place their contacts in groups (like family, a mobile phone running this program and then sharing it friends, colleagues, etc.) and they can set different parameters through MeetYou or via SMS.