Ala Sarah Alaqra | The Wicked Problem of Data Privacy | Wicked Ala Sarah Alaqra | The The Wicked Problem of Privacy Data privacy has been growing in importance in recent years, especially with the continuous increase of online activity. Researchers continuously study, design, The Wicked Problem of and develop solutions aimed at enhancing users’ data privacy. The wicked problem of data privacy is the continuous challenge that defies straightforward solutions. Since there are many factors involved in data privacy, such as technological, Privacy legal, and human aspects, we can only aim at mitigating rather than solving this 2018:23 wicked problem. Design Challenge for Crypto-based Solutions Our aim was to focus on human aspects for designing usable crypto-based privacy-enhancing solutions. In this thesis, we followed a user centered design method by using empirical qualitative means for investigating user’s perceptions and opinions of our solutions. Most of our work has focused on redactable Ala Sarah Alaqra signatures in the cloud context within an eHealth use-case. Redactable signatures are a privacy-enhancing scheme, which allow the removal of parts of a signed document by a specified party without invalidating the respective signature. Our results yielded key Human Computer Interaction considerations as well as guidelines of different means for supporting the design of future solutions. ISBN 978-91-7063-856-5 (print) ISBN 978-91-7063-951-7 (pdf) Faculty of Health, Science and Technology ISSN 1403-8099 Computer Science LICENTIATE THESIS | Karlstad University Studies | 2018:23 LICENTIATE THESIS | Karlstad University Studies | 2018:23 The Wicked Problem of Privacy Design Challenge for Crypto-based Solutions Ala Sarah Alaqra LICENTIATE THESIS | Karlstad University Studies | 2018:23 The Wicked Problem of Privacy - Design Challenge for Crypto-based Solutions Ala Sarah Alaqra LICENTIATE THESIS Karlstad University Studies | 2018:23 urn:nbn:se:kau:diva-67134 ISSN 1403-8099 ISBN 978-91-7063-856-5 (print) ISBN 978-91-7063-951-7 (pdf) © The author Distribution: Karlstad University Faculty of Health, Science and Technology Department of Mathematics and Computer Science SE-651 88 Karlstad, Sweden +46 54 700 10 00 Print: Universitetstryckeriet, Karlstad 2018 WWW.KAU.SE The Wicked Problem of Privacy Design for Crypto-based Solutions Ala Sarah Alaqra Department of Mathematics and Computer Science Karlstad University Abstract Data privacy has been growing in importance in recent years, especially with the continuous increase of online activity. Researchers continuously study, design, and develop solutions aimed at enhancing users’ data privacy. The wicked problem of data privacy is a continuous challenge that defies straightfor- ward solutions. Since there are many factors involved in data privacy, such as technological, legal, and human aspects, we can only aim at mitigating rather than solving this wicked problem. Our aim was to focus on human aspects for designing usable crypto-based privacy-enhancing solutions. In this thesis, we followed a user-centred design method by using empirical qualitative means for investigating user’s perceptions and opinions of our solutions. Most of our work has focused on redactable signatures in the cloud context within an eHealth use-case. Redactable signatures are a privacy-enhancing scheme, which allow the removal of parts of a signed document by a specified party, for achieving data minimisation without invalidating the respective signature. We mainly used semi-structures interviews and focus groups in our investigations. Our results yielded key Human Computer Interaction considerations as well as guidelines of different means for supporting the design of future solutions. Keywords: Data privacy, wicked problems, user-centred design, crypto-based solutions, usability, data minimisation, redactable signatures iii v Acknowledgements My acknowledgement goes to all entities, human and non-human alike, which contributed to the fuelling of my thoughts, knowledge, and mana. Specific thanks goes to my main supervisor for her valuable mentorship and generous support, and to my co-supervisor for our fruitful discussions and interesting talks. I would like to express appreciation to the challenges and discussions provided by my previous and current colleagues. A special gratitude goes to my family and friends, who nurtured me in my recent impediment and continue to have my back, in every way possible. In addition, I am particularly deeply grateful to the unconditional support, encouragement, and love of my special family; I would have not been able to re-spawn if it were not for you. Finally, I would like to thank those who contributed in our user-studies to the knowledge body of this work, my Com- piler for being the black box wizard, and my special board-gaming friends for priceless evenings. Karlstad University, May 10, 2018 Ala Sarah Alaqra vii List of Appended Papers This thesis is based on the work presented in the following papers: I. Ala Alaqra, Simone Fischer-Hübner, Thomas Groß, Thomas Lorünser, Daniel Slamanig. Signatures for Privacy, Trust and Accountability in the Cloud: Applications and Requirements. In: IFIP Summer School on Privacy and Identity Management. Time for a Revolution?, pp. 79-96, Springer International Publishing, 2016. II. Ala Alaqra, Simone Fischer-Hübner, John Sören Pettersson, Erik Wästlund. Stakeholders’ Perspectives on Malleable Signatures in a Cloud-based eHealth Scenario. In: Proceedings of the Tenth International Sympo- sium on Human Aspects of Information Security & Assurance (HAISA), pp. 220-230, 2016. III. Ala Alaqra, Simone Fischer-Hübner, Erik Framner. Enhancing Privacy Controls for Patients via a Selective Authentic EHR Exchange Service – Perspectives by Medical Professionals and Patients. Under Submission. IV. Thomas Länger, Ala Alaqra, Simone Fischer-Hübner, Erik Framner, John Sören Pettersson, Katrin Riemer. HCI Patterns for Cryptographi- cally Equipped Cloud Services. To appear in: HCI International 2018 (20th International conference on Human Computer Interaction), Springer International Publishing, August 2018. The papers have been subjected to minor editorial changes. Comments on my Participation Paper I I have designed and led the moderating and conducting of the inter- active workshop study (part 1). Co-Authors were responsible for the tutorial part of the workshop and helped in part 1 and also in summarising results. Paper II I was the main responsible for the paper. I have designed and led the conducting of studies, analysed results and participated in the requirements elicitation. John Sören helped in conducting the interviews, Simone Fischer- Hübner helped in moderating the workshop. Co-authors contributed to the discussions and analysis of the requirements. Paper III I was the main responsible for the paper’s work, and have led the conducting of the studies, and evaluations of results. Co-authors helped in conducting the studies, writing, and reviewing the paper. Paper IV I have been involved throughout the paper’s work. Thomas Länger was the main responsible for the paper. I took part in the paper’s contribution (patterns) analysis and was responsible for 2/3 of the patterns evaluation studies and writing. ix Contents List of Appended Papers vii Introductory Summary 1 1 Introduction 3 2 Background and Related Work 3 2.1 HCI and Design . .3 2.2 Privacy and Data . .4 2.3 Wicked Privacy Design . .4 2.4 PRISMACLOUD Context . .6 2.5 Other Related Work . .6 3 Research Questions 7 4 Research Methods 7 4.1 UCD Approach . .7 4.2 Measures for Studies Support . .8 4.3 Semi-structured Interviews . .8 4.4 Focus Groups . .9 5 Contributions 9 6 Summary of Appended Papers 10 7 Conclusions 12 Paper I: Signatures for Privacy, Trust and Accountability in the Cloud: Applications and Requirements 15 1 Introduction 17 2 Cryptographic Tools 19 3 Use-Case Scenarios 22 4 Day 1- Focus Groups Discussions 23 4.1 Workshop Format . 23 4.2 Focus Groups . 24 5 Day 2- Deep Dive on Cryptography: Graph Signatures and Topol- ogy Certification 32 6 Conclusions 33 x Paper II: Stakeholders’ Perspectives on Malleable Signatures in a Cloud- based eHealth Scenario 37 1 Introduction 39 2 Malleable Signatures in eHealth Scenario 40 3 User Studies Methodologies 41 3.1 Semi-structured Interviews . 41 3.2 Focus Groups (Workshop) . 42 4 Results and Discussions 43 4.1 General Requirements for the Hospital Platform . 44 4.2 General Requirements for the Cloud Portal . 45 4.3 Requirements for Malleable Signatures Creation . 45 4.4 Requirements for Redactions of Signed Documents . 46 4.5 Requirements for Accessing Redacted Documents . 47 5 Conclusions 48 Paper III: Enhancing Privacy Controls for Patients via a Selective Au- thentic EHR Exchange Service – Perspectives by Medical Professionals and Patients 51 1 Introduction 54 2 Methods 56 2.1 Recruitment . 57 2.2 Documentation and Analysis . 58 2.3 Ethical Review . 58 2.4 Individual Walk-throughs: Interviews . 58 2.5 Group Walk-throughs: Focus Groups . 59 3 Mock-ups UI Designs 60 3.1 Mock-ups Interfaces: Hospital Platform for Medical Staff . 61 3.2 Mock-ups Interfaces Sequences: Cloud Portal for End Users . 65 4 Results 68 4.1 Individual Walk-throughs/Interviews: Medical Staff Perspec- tives on Signing a Redactable EHR . 68 4.2 Group Walk-throughs/Focus Groups: Patients Perspectives on Redacting Their EHR . 73 xi 5 Discussion 78 5.1 Comparison with Previous Work . 78 5.2 Comparison: Sweden and Germany . 79 5.3 Limitations . 79 5.4 Conclusions . 80 6 Acknowledgements 80 Paper IV: HCI Patterns for Cryptographically Equipped Cloud Ser- vices 89 1 Use of Cryptography in the Cloud 92 1.1 Current Security and Privacy Situation . 92 1.2 Suitable Cryptographic Primitives and Protocols . 92 1.3 HCI Patterns as Promoter of Cryptography Diffusion . 93 2 HCI Patterns as Integral Part of a Cloud Service Development Methodology 94 2.1 The PRISMACLOUD CryptSDLC Method . 94 2.2 Experts Involved in the CryptSDLC . 95 2.3 Role of HCI Patterns . 96 2.4 HCI Patterns Methodology . 97 3 Example HCI Patterns for Cryptographic Applications in the Cloud 98 3.1 PRISMACLOUD Use-cases .