Privacy and Identity Management: 15th IFIP WG 9.2, 9.6/11.7, 11.6/SIG 9.2.2 International Summer School, Maribor, Slovenia, September 21–23, 2020, ... and Communication Technology, 619) 3030724646, 9783030724641

This book contains selected papers presented at the 15th IFIP WG 9.2, 9.6/11.7, 11.6/SIG 9.2.2 International Summer Scho

115 36 13MB

English Pages 275 [273] Year 2021

Report DMCA / Copyright

DOWNLOAD PDF FILE

Table of contents :
Preface
Organization
Contents
Tutorial Paper
Don't Put the Cart Before the Horse – Effective Incident Handling Under GDPR and NIS Directive
1 Introduction
2 Background
2.1 Information Security vs Privacy
2.2 Incident Handling Under NIS Directive and GDPR
3 The Dilemma: When Immediate Notification of the Data Subject Contradicts the General Interest of Information Security
4 Conclusion and Lessons Learned
References
Selected Student Papers
Ethical Principles for Designing Responsible Offensive Cyber Security Training
1 Introduction
1.1 Outline
2 Literature Review
2.1 Ethical Studies in Other Domains
2.2 Ethical Studies on Cyber Security
2.3 Ethical Studies on Offensive Cyber Security
2.4 Hacker Motivations
3 Methodology
3.1 Literature Review
3.2 Ethical Guidelines from Computer Science Societies
3.3 Ethical Principles from Standardization Bodies - NIST
3.4 Ethical Principles Within the Military, Using Violence to Keep Peace
3.5 Ethical Principles Within Professional Offensive Security Courses
3.6 Subject Matter Experts
4 Result
4.1 Result from the Expert Consultations
5 Ethical Principles for Offensive Cyber Security Education
5.1 Principle 1 - Include Ethics in Offensive Cyber Security Education
5.2 Principle 2 - Inform the Students of Lucrative and Legal Ways of Applying Their Hacking Knowledge
5.3 Principle 3 - Introduce Ways for Students to Earn Positive Reputation from Their Hacking Skills
5.4 Principle 4 - Have Selective Application Criteria for Joining an Offensive Cyber Security Course
5.5 Principle 5 - Offensive Cyber Security Courses Should Avoid Techniques for Hacking Critical Infrastructures and Other Industries that Are Crucial for Society to Function
6 Discussion
6.1 Future Work
7 Conclusion
References
Longitudinal Collection and Analysis of Mobile Phone Data with Local Differential Privacy
1 Introduction
1.1 Context of the Problem
1.2 Purpose and Contributions
2 Related Work
3 Background
3.1 Local Differential Privacy (LDP)
3.2 Generalized Randomized Response (GRR)
3.3 Collecting Multi-dimensional Data with GRR
4 LDP-Based Privacy-Preserving Longitudinal Data Collection Through Mobile Connections
4.1 Proposed Methodology
4.2 Limitations
5 Results and Discussion
5.1 Cumulative Frequency Estimates Results
5.2 Discussion
6 Conclusion
References
Privacy-Preserving IDS for In-Vehicle Networks with Local Differential Privacy
1 Introduction and Motivation
2 Background
3 Privacy Limitations in Generic In-Vehicle IDS
4 Our Approach
4.1 Generic IVN IDS with LDP
4.2 Modelling Anomaly Logs
4.3 Scenarios of Anomaly Log Transmission
5 Evaluation
5.1 Dataset
5.2 Methodology
5.3 Results
6 Conclusion
6.1 Further Research
References
Strong Customer Authentication in Online Payments Under GDPR and PSD2: A Case of Cumulative Application
1 Introduction
2 Strong Customer Authentication in EU Legal Framework
2.1 General Data Protection Regulation (GDPR)
2.2 Second Payment Services Directive (PSD2)
2.3 Regulatory Technical Standards (RTS)
3 Theoretical Overview of the Overlap Between PSD2 and GDPR
4 Relationship Between GDPR and PSD2
4.1 Relationship Between the PSD2 and GDPR – Article 94 of PSD2
4.2 The Curious Case of Explicit Consent
4.3 Lex Specialis and Lex Generalis, or Cumulative Use?
4.4 The Implications of Cumulative Use
5 Open Questions
References
Privacy in Payment in the Age of Central Bank Digital Currency
Abstract
1 Introduction
2 Aim of This Paper
3 Central Bank Digital Currency
4 Methodology
5 Results of the Literature Review
6 Pilot Projects on CBDC
7 Discussion
8 Conclusion and Future Work
9 Limitations and Contributions
Appendix
References
Analysing Drivers' Preferences for Privacy Enhancing Car-to-Car Communication Systems
1 Introduction
2 Background
2.1 Privacy in South Africa
2.2 Privacy Trade-Offs
3 Methodology
3.1 Participants
3.2 Interview Procedure
3.3 Data Analysis
4 Results
4.1 Privacy Perceptions About Car-to-Car Communication
4.2 Preferences for PETs
4.3 Privacy Trade-Off Preferences
5 Discussion
6 Related Work
7 Conclusions
References
Learning Analytics and Privacy—Respecting Privacy in Digital Learning Scenarios
1 Introduction
2 Background
3 Related Work
4 Methodology
5 Analysis
5.1 Overview of Search Results
5.2 Analysis of Criteria
5.3 Proposed Clusters Based on Analysis
5.4 Privacy Risks
6 Discussion and Conclusion
References
Preserving Privacy in Caller ID Applications
1 Introduction
2 Background and Motivation
2.1 Caller ID App Features
2.2 Violating Individual's Privacy
3 Compliance with the Data Privacy Laws
3.1 Truecaller and Everybody Privacy Policies
3.2 Compliance with the GDPR, ePrivacy Directive and ePrivacy Regulation
4 The Inverse Privacy Problem
4.1 The Inverse Privacy
4.2 Caller ID App Privacy Problem and the Inverse Privacy Problem
5 Preserving Privacy in Caller ID Apps
5.1 Name Sensitivity and Privacy Variables
5.2 APPN Algorithm
5.3 The Position of the Name Sensitivity Function
6 Discussion
7 Conclusion and Further Work
References
“Identity Management by Design” with a Technical Mediator Under the GDPR
Abstract
1 Introduction
2 The Term “Dynamic Identities”
2.1 The Term “Dynamic Identities” in the Charter of Fundamental Rights
2.2 The Term Identity from an Interdisciplinary Perspective
2.3 “Dynamic Identity” in the GDPR
2.4 Protection of Dynamic Identities
3 Contextual Protection of Dynamic Identities in the GDPR
4 “Identity Management by Design” Based on Art. 25 GDPR
5 Negotiable Personal Identities with a Technical Mediator
5.1 Cooperation in the GDPR
5.2 Relationship Between Controller and Data Subject
5.3 Resolution with a Technical Mediator
5.4 Technical Mechanism for Dynamic Identities
6 Conclusion
References
Open About the Open-Rate?
1 Introduction
2 Background
2.1 Overview of the Email Marketing Eco-system
2.2 Remote Resources and HTTP Requests
2.3 Countermeasures
3 Data Collections
3.1 Collecting Newsletter Corpus with Multiple Subscription
3.2 Email Preprocessing
3.3 Identifying Personalized Parameters
4 Results
5 Discussion
5.1 Privacy Concerns of Email Tracking
5.2 Toward Mitigation: Multi-level Content Blocking
6 Conclusion
References
Privacy Respecting Data Sharing and Communication in mHealth: A Case Study
1 Introduction
2 Background
3 Related Work
4 Methodology
5 Analysis
5.1 For Individual or General Deployments
5.2 Deployments with Existing Role-Based Structures
6 Discussion
7 Conclusion
References
Privacy-Preserving Analytics for Data Markets Using MPC
1 Introduction
1.1 Contribution
2 Preliminaries
2.1 Cryptographic Building Blocks
2.2 Self-Sovereign Identity
2.3 LINDDUN Methodology
3 KRAKEN Architecture
4 LINDDUN Analysis of KRAKEN
4.1 Threat Tables
4.2 Threat Elicitation
4.3 Prioritizing Threats
4.4 Mitigating Threats
4.5 Privacy Analysis Outcome
5 Conclusion and Future Work
References
Towards Models for Privacy Preservation in the Face of Metadata Exploitation
1 Introduction
2 Background and Motivation
2.1 Metadata and Dataveillance
2.2 Data Ownership
2.3 An Alternative Approach
3 CBAC
4 A Formal Model
4.1 Types and Relations
4.2 The MModel Schema
4.3 Support for Modularity
4.4 Example Operations: Permissions
4.5 Example Operations: Principals
4.6 Example Operations: Categories
5 Conclusion
References
Author Index

Privacy and Identity Management: 15th IFIP WG 9.2, 9.6/11.7, 11.6/SIG 9.2.2 International Summer School, Maribor, Slovenia, September 21–23, 2020, ... and Communication Technology, 619)
 3030724646, 9783030724641

  • 0 0 0
  • Like this paper and download? You can publish your own PDF file online for free in a few minutes! Sign Up
File loading please wait...
Recommend Papers