From February 9 to 11 Ansgar participated on behalf of CaSMa at the ICISSP 2015 (1st International Conference on Information System Security and Privacy) conference in Angers, France. The conference featured talks covering both technical and social issues that were addresses both from practical and theoretical perspectives. Topics included Data and Software Security, Trust, Privacy and Confidentiality, Mobile Systems Security, and Biometric Authentication.
CaSMa’s contribution to the conference was our position paper on “Research Ethics and Public Trust, Preconditions for Continued Growth of Internet Mediated Research“, in which we argue for the position that responsible safeguards for privacy and ethical treatment of human data are of vital importance to retain the public confidence and trust that is necessary for the development and future success of internet mediated research (IMR). We support our position based on the high level of popular and media attention that is currently directed at IMR, which in combination with the relative uncertainties that still exist around the ethics of various IMR methods, raises the risk that IMR might succumb to a public backlash of similar proportions to the controversy that hit genetically modified (GM) crops in Europe. Based on the lessons that came out of the GM crops controversy we discuss the ethics requirements and challenges that must be met in order to retain the public trust in IMR. We end our argument by briefly reviewing a couple of examples of “privacy protecting architectures” that are being developed for IMR.
Other highlights of the conference, related to CaSMa interests, were two of the keynote presentations and four of the papers that covered issues related to privacy and anonymity.
“Hiding in a Panocticon; Grand Challenges in Internet Anonymity” by Bryan Ford from Yale University (USA) [Keynote], which discussed vulnerabilities in current anonymity systems to global passive traffic analysis, active attacks, “denial-of-security” or DoSec attacks, intersection attacks, and software exploits and presented the Dissent project that is developing an anonymity and pseudonymity architecture incorporating protection against those five major classes of known attacks.
“Privacy in Social Networks; Existing Challenges and Proposals for Solution” by Günther Pernul from University of Regensburg (Germany) [Keynote], which discussed the issues of access control to private data on Social Networks. Specifically the talk focused on disconnect between the people that users think can see their various data, the access that Facebook is actually providing and the level of control that people would like to have. The most worrying of these being the difference between what people think they have set and how Facebook is actually behaving. As part of this research Prof. Pernul’s lab developed a Facebook app, Friend Inspector, which is ‘Serious Game’ that allows people to explore who among their ‘friends’ has access to which parts of their Facebook data.
“Model-driven Privacy Assessment in the Smart Grid” by F. Knirsch, D. Engel, C. Neureiter, M. Frincu and V. Prasanna from Salzburg University of Applied Sciences (Austria) and University of Southern California (USA) [Privacy and Confidentiality], which present a model-driven approach for the automated assessment of services and software architectures in the smart grid, built on the standardized reference models, with a focus on qualitative and quantitative evaluation of privacy.
“Adaptive Buffer Resizing for Efficient Anonymization of Streaming Data with Minimal Information Loss” by A.B. Sakpere and A.V.D.M. Kayem of University of Cape Town (South Africa), which presented work on the development of a streaming data anonymity scheme, based on k-anonymity. The scheme offers fast privacy preservation and query processing to allow “honest-but-curious” service providers to provide data analysis and mining services for privacy sensitive data, such as mobile crime reporting systems that have emerged as an effective and efficient approach to crime data collection in developing countries.
“Private Web Search with Constant Round Efficiency” by B. Kang, S.C.Goh and M. Kim of University of Suwon (South Korea), which addressed the issue of threats to privacy based on tracking of web search queries by looking at ways of improving ‘Private Web Search’ (PWS) solutions which allow users to ﬁnd information on the Internet while preserving their privacy. According to their underlying technology, existing PWS solutions were divided into three types: Proxy-based solutions, Obfuscation-based solutions, and Cryptography-based solutions. This paper focused on cryptography-based PWS (CB-PWS) systems because they provide strong privacy guarantees.
“Privacy and Security Concern of Online Social Networks from User Perspective” by A.A. Hossain and W. Zhang of University of Texas at San Antonio (USA), which presented results from a questionnaire survey of user views about online privacy, user knowledge about OSNs (Online Social Networks) privacy settings, and user awareness of privacy disclosure. The goal of the study was to find out from the users whether and how well users are knowledgable of, satisfied with, and able to effectively use available privacy settings, in order to help OSNs adjust their privacy settings to better match user expectations, and help privacy advocates design better ways to help users control the disclosure of their online information. Based on the responses of 377 users of multiple OSNs, including Facebook, Google+, and LinkedIn the study showed that 44% of the users lack the knowledge about privacy policies and mechanisms of their OSNs; 34% and 41% of the users, respectively, are seriously and somewhat concern about their privacy protection; and 80% of the users do not think their OSNs have provided sufficient privacy control or default privacy settings that match their