Xiang Su,Jarkko Hyysalo,Mika Rautiainen,Jukka Riekki,Jaakko Sauvola,Altti Ilari Maarala,Harri Honko

DOI: https://doi.org/10.48550/arXiv.1605.00833

2016-05-03

Abstract:Privacy is a key challenge for continued digitalization of health. The forthcoming European General Data Protection Regulation (GDPR) is transforming this challenge into regulatory directives. User consent provisioning and coordinating across data services will be the keys in addressing this challenge. We suggest a privacy-driven architecture that provides tools for providing user consent as a service. This enables managing and reusing private health information between a large amount of data sources, individuals and services, even when they are not known beforehand. The proposed architecture integrates data security and semantic descriptions into a trust query framework to provide the required interoperability and co-operation support for future health services. This approach provides benefits for all stakeholders through safer data management, cost and process savings, multi-provider services, and services based on emerging new business models.

Computers and Society,Cryptography and Security

Antonio Capodieci,Luca Mainetti,Stefano Lisi,Roberto Paiano,Sara Matino,Mariavittoria Ugirashebuja

DOI: https://doi.org/10.1007/s11042-024-20308-6

IF: 2.577

2024-11-06

Multimedia Tools and Applications

Abstract:The European Parliament adopted the European General Data Protection Regulation (GDPR, EU 2016/679), which revolutionized the legislative framework for personal data protection within the European Union. The GDPR mandates organizations to shift from a passive approach, relying on minimum security measures outlined in the 1994 EU Directive, to a proactive accountability-based approach. Organizations are expected to implement verification systems, foster continuous improvement, and follow principles such as privacy by design and privacy by default. The latter principle emphasizes incorporating privacy considerations throughout the entire engineering process. The challenge for organizations lies in effectively auditing their compliance with the GDPR. This study proposes a structured approach based on the business process modeling to aid in GDPR compliance. It involves identifying crucial compliance points for the GDPR. A case study is presented where the method is applied to a purchase of a health insurance policy process in the context of the Secure Safe Apulia project.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Elias Grünewald,Johannes M. Halkenhäußer,Nicola Leschke,Johanna Washington,Cristina Paupini,Frank Pallas

DOI: https://doi.org/10.48550/arXiv.2302.10991

2023-04-17

Abstract:Transparency regarding the processing of personal data in online services is a necessary precondition for informed decisions on whether or not to share personal data. In this paper, we argue that privacy interfaces shall incorporate the context of display, personal preferences, and individual competences of data subjects following the principles of universal design and usable privacy. Doing so requires -- among others -- to consciously decouple the provision of transparency information from their ultimate presentation. To this end, we provide a general model of how transparency information can be provided from a data controller to data subjects, effectively leveraging machine-readable transparency information and facilitating versatile presentation interfaces. We contribute two actual implementations of said model: 1) a GDPR-aligned privacy dashboard and 2) a chatbot and virtual voice assistant enabled by conversational AI. We evaluate our model and implementations with a user study and find that these approaches provide effective and time-efficient transparency. Consequently, we illustrate how transparency can be enhanced using machine-readable transparency information and how data controllers can meet respective regulatory obligations.

Software Engineering,Cryptography and Security,Computers and Society

Piero A. Bonatti,Sabrina Kirrane,Iliana M. Petrova,Luigi Sauro

DOI: https://doi.org/10.1007/s13218-020-00677-4

2020-07-08

Abstract:The European General Data Protection Regulation (GDPR) calls for technical and organizational measures to support its implementation. Towards this end, the SPECIAL H2020 project aims to provide a set of tools that can be used by data controllers and processors to automatically check if personal data processing and sharing complies with the obligations set forth in the GDPR. The primary contributions of the project include: (i) a policy language that can be used to express consent, business policies, and regulatory obligations; and (ii) two different approaches to automated compliance checking that can be used to demonstrate that data processing performed by data controllers/processors complies with consent provided by data subjects, and business processes comply with regulatory obligations set forth in the GDPR.

Vanesa Daza,Matteo Signorini

DOI: https://doi.org/10.1007/978-3-319-09885-2_19

2014-08-22

Abstract:Market analysis predicts that in a few years, companies, universities, government agencies as well as common people in they daily life will increasingly adopt mobile computing systems thus increasingly enjoying the benefits of online, Internet-based services. However, such scenario will also expose user data privacy to severe attacks. This situation has led to the development of authentication approaches aimed at preventing unauthorized access to user data. Many different authentication approaches have been proposed over the last years, starting from basic password to more complex biometric solutions but all of them have proven to suffer from the same weaknesses. This issue drove us to design a solution based upon hardware intrinsic security features and aimed at guaranteeing a high level of data privacy while providing a user friendly authentication process. Our solution shows advanced features of data privacy policies definition making it a good candidate for the construction of future data privacy policies.

Gokhan Sagirlar,Barbara Carminati,Elena Ferrari

DOI: https://doi.org/10.48550/arXiv.1804.02161

2018-04-06

Abstract:Internet of Things (IoT) is now evolving into a loosely coupled, decentralized system of cooperating smart objects, where high- speed data processing, analytics and shorter response times are becoming more necessary than ever. Such decentralization has a great impact on the way personal information generated and consumed by smart objects should be protected, because, without centralized data management, it is more difficult to control how data are combined and used by smart objects. To cope with this issue, in this paper, we propose a framework where users of smart objects can specify their privacy preferences. Compliance check of user individual privacy preferences is performed directly by smart objects. Moreover, acknowledging that embedding the enforcement mechanism into smart objects implies some overhead, we have extensively tested the proposed framework on different scenarios, and the obtained results show the feasibility of our approach.

Cryptography and Security

Orlando Amaral,Sallam Abualhaija,Damiano Torre,Mehrdad Sabetzadeh,Lionel C. Briand

DOI: https://doi.org/10.48550/arXiv.2106.05688

2021-10-06

Abstract:Technological advances in information sharing have raised concerns about data protection. Privacy policies contain privacy-related requirements about how the personal data of individuals will be handled by an organization or a software system (e.g., a web service or an app). In Europe, privacy policies are subject to compliance with the General Data Protection Regulation (GDPR). A prerequisite for GDPR compliance checking is to verify whether the content of a privacy policy is complete according to the provisions of GDPR. Incomplete privacy policies might result in large fines on violating organization as well as incomplete privacy-related software specifications. Manual completeness checking is both time-consuming and error-prone. In this paper, we propose AI-based automation for the completeness checking of privacy policies. Through systematic qualitative methods, we first build two artifacts to characterize the privacy-related provisions of GDPR, namely a conceptual model and a set of completeness criteria. Then, we develop an automated solution on top of these artifacts by leveraging a combination of natural language processing and supervised machine learning. Specifically, we identify the GDPR-relevant information content in privacy policies and subsequently check them against the completeness criteria. To evaluate our approach, we collected 234 real privacy policies from the fund industry. Over a set of 48 unseen privacy policies, our approach detected 300 of the total of 334 violations of some completeness criteria correctly, while producing 23 false positives. The approach thus has a precision of 92.9% and recall of 89.8%. Compared to a baseline that applies keyword search only, our approach results in an improvement of 24.5% in precision and 38% in recall.

Cryptography and Security,Artificial Intelligence,Software Engineering

Iulian Aciobăniței,Ștefan-Ciprian Arseni,Emil Bureacă,Mihai Togan

DOI: https://doi.org/10.3390/electronics13040757

IF: 2.9

2024-02-15

Electronics

Abstract:The current shift towards digital transactions emphasizes the need for robust Qualified Electronic Signature (QES) frameworks that safeguard integrity and privacy. Having the potential to become the leading type of adopted QES, the main challenge that Remote QESs present to end users is choosing between transmitting the entire document or only its digest to the Trust Service Provider (TSP). The first option compromises the document's confidentiality, while the second one requires the development of signature applications compliant with advanced signature formats, a task that often needs additional time and resources. In this paper, we introduce a comprehensive strategy for remote QESs, designed for seamless integration with current client applications, while simultaneously maintaining user privacy. The main topics approached in this paper are the following: a comprehensive architecture for privacy-aware remote QES systems, relevant standards and legislation, integration scenarios for clients, and remote QES standard protocols to assure communication between client and TSP environments. Furthermore, we also explore the integration of our proposed solution with an enhanced long-term preservation service that uses Ethereum smart contracts and methodologies to implement signature applications with advanced electronic signatures via open-source libraries while ensuring document privacy. The main result of this work is a flexible on-premise module that provides the ability to sign, validate, and preserve documents, with a minimal integration effort.

engineering, electrical & electronic,computer science, information systems,physics, applied

C Parretti,E Pourabbas,F Rolli,F Pecoraro,P Citti

DOI: https://doi.org/10.1088/1757-899X/1174/1/012015

2021-09-10

IOP Conference Series: Materials Science and Engineering

Abstract:Recent developments in Information and Communication Technology have paved the foundations for new forms of collaboration between health systems in different countries. These collaborations allow, on the one hand, to monitor recurrent health emergencies on territories, and on the other hand, they allow national health systems to share information about foreign citizens in transit on their territory. European legislation regarding the processing of personal data places strict constraints on the cross-border transfer of personal data. In this case, companies or organizations, operating on information interchange, must adopt robust mechanisms to verify the adequacy requirements, in order to allow monitoring of security levels, identification of possible intervention actions and preparation of updated security plans for inspection visits required by European standards. In this context, Axiomatic Design allows not only to design medical systems and equipment in compliance with current regulations, but also to provide representations of the design artifact already prepared to implant privacy risk assessment mechanisms. This makes it possible to identify the activities/components to be assessed up to a level of elementary granularity such as to allow risk assessment for the single module. At the same time, the axiomatic approach enables the overall recomposition of privacy violation risks on the basis of a modular representation of the whole system according to the well-known V model scheme. This recomposition allows to build the so-called risk privacy coverage matrix, in order to trace the risk level of the elementary modules, associating them with more and more complex components. In this way, the foundations to build a dynamic monitoring system of the privacy risk level of the system can be defined.

Said Daoudagh,Eda Marchetti,Vincenzo Savarino,Jorge Bernal Bernabe,Jesús García-Rodríguez,Rafael Torres Moreno,Juan Antonio Martinez,Antonio F Skarmeta

DOI: https://doi.org/10.3390/s21217154

2021-10-28

Abstract:The growing availability of mobile devices has lead to an arising development of smart cities services that share a huge amount of (personal) information and data. Without accurate and verified management, they could become severe back-doors for security and privacy. In this paper, we propose a smart city infrastructure able to integrate a distributed privacy-preserving identity management solution based on attribute-based credentials (p-ABC), a user-centric Consent Manager, and a GDPR-based Access Control mechanism so as to guarantee the enforcement of the GDPR's provisions. Thus, the infrastructure supports the definition of specific purpose, collection of data, regulation of access to personal data, and users' consents, while ensuring selective and minimal disclosure of personal information as well as user's unlinkability across service and identity providers. The proposal has been implemented, integrated, and evaluated in a fully-fledged environment consisting of MiMurcia, the Smart City project for the city of Murcia, CaPe, an industrial consent management system, and GENERAL_D, an academic GDPR-based access control system, showing the feasibility.

J M Auñón,D Hurtado-Ramírez,L Porras-Díaz,B Irigoyen-Peña,S Rahmian,Y Al-Khazraji,J Soler-Garrido,A Kotsev

DOI: https://doi.org/10.1016/j.dib.2024.110560

2024-05-31

Abstract:Data sharing has facilitated the digitisation of society. We can access our bank accounts or make an appointment with our doctor anytime and anywhere. To achieve this, we have to share certain information, whether personal, professional, etc. This may seem like a minor cost for an individual user, but actually the data economy as the backbone of a digital transformation that is reshaping all aspects of human life. However, one of the major concerns arises regarding what happens to such individual data; once shared, control over it is often lost. For that reason, users and companies are reluctant to share their data. The European Union, through its European Strategy for Data, is establishing a policy and legal framework for establishing a single market for data in Europe by improving the trust and fairness of the data economy. Data spaces are a commitment to sharing data in a reliable and secure way, but this endeavour should, of course, not be at the expense of privacy rights. In recent years, Privacy-Enhancing Technologies (PETs) have emerged to achieve data sharing and privacy preservation that can address the requirements of data spaces around sensitive citizen and business data. In this work, we review existing PETs and assess their relevance, technological maturity, and applicability in the context of common European data spaces. Finally, we illustrate the benefits of secure data sharing via Federated Learning in a healthcare use case, where the preservation of privacy is a primer requirement and is therefore to be guaranteed.

Tianpei Lu,Bingsheng Zhang,Kui Ren

DOI: https://doi.org/10.1109/tdsc.2023.3284565

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Privacy concerns often raise when sensitive data are collected, traded, and processed. The data owner typically loses her ultimate control of the data after data-outsourcing. In this work, we present the PrivData Network – a community-controlled privacy-preserving data factory and trading market. It can be viewed as a standalone data ecosystem that enables privacy-preserving data-driven workflows in a controlled environment for orchestrating and automating data movement and data transformation. In particular, we design a data encapsulation mechanism with privacy assurance, which can guarantee data privacy, usage policy compliance and metadata validity. We also design a privacy policy language and utilize a static analysis library that transfers the program to the defined policy language. To ensure the correctness of data processing, we propose a publicly verifiable secure multiparty computation protocol for mixed circuits, which guarantees the output correctness even if all parties are corrupted. Its online efficiency is comparable to conventional semi-honest secret-sharing-based MPC schemes. Finally, we implemented a prototype of our system in C++ and benchmark it on various tasks, such as biometric matching, logistic regression, and decision trees, etc.

Soumia Zohra El Mestari,Gabriele Lenzini,Huseyin Demirci

DOI: https://doi.org/10.1016/j.cose.2023.103605

IF: 5.105

2023-11-01

Computers & Security

Abstract:The wide adoption of Machine Learning to solve a large set of real-life problems came with the need to collect and process large volumes of data, some of which are considered personal and sensitive, raising serious concerns about data protection. Privacy-enhancing technologies (PETs) are often indicated as a solution to protect personal data and to achieve a general trustworthiness as required by current EU regulations on data protection and AI. However, an off-the-shelf application of PETs is insufficient to ensure a high-quality of data protection, which one needs to understand. This work systematically discusses the risks against data protection in modern Machine Learning systems taking the original perspective of the data owners, who are those who hold the various data sets, data models, or both, throughout the machine learning life cycle and considering the different Machine Learning architectures. It argues that the origin of the threats, the risks against the data, and the level of protection offered by PETs depend on the data processing phase, the role of the parties involved, and the architecture where the machine learning systems are deployed. By offering a framework in which to discuss privacy and confidentiality risks for data owners and by identifying and assessing privacy-preserving countermeasures for machine learning, this work could facilitate the discussion about compliance with EU regulations and directives. We discuss current challenges and research questions that are still unsolved in the field. In this respect, this paper provides researchers and developers working on machine learning with a comprehensive body of knowledge to let them advance in the science of data protection in machine learning field as well as in closely related fields such as Artificial Intelligence.

computer science, information systems

Sylvain Chatel,Apostolos Pyrgelis,Juan R. Troncoso-Pastoriza,Jean-Pierre Hubaux

DOI: https://doi.org/10.48550/arXiv.2007.04025

2020-07-08

Cryptography and Security

Abstract:In the digital era, users share their personal data with service providers to obtain some utility, e.g., access to high-quality services. Yet, the induced information flows raise privacy and integrity concerns. Consequently, cautious users may want to protect their privacy by minimizing the amount of information they disclose to curious service providers. Service providers are interested in verifying the integrity of the users' data to improve their services and obtain useful knowledge for their business. In this work, we present a generic solution to the trade-off between privacy, integrity, and utility, by achieving authenticity verification of data that has been encrypted for offloading to service providers. Based on lattice-based homomorphic encryption and commitments, as well as zero-knowledge proofs, our construction enables a service provider to process and reuse third-party signed data in a privacy-friendly manner with integrity guarantees. We evaluate our solution on different use cases such as smart-metering, disease susceptibility, and location-based activity tracking, thus showing its versatility. Our solution achieves broad generality, quantum-resistance, and relaxes some assumptions of state-of-the-art solutions without affecting performance.

Fabio Giubilo,Ali Sajjad,Mark Shackleton,David W. Chadwick,Wenjun Fan,Rogerio de Lemos

DOI: https://doi.org/10.23919/icitst.2017.8356404

2017-01-01

Abstract:Increasing numbers of Small and Medium Enterprises (SME) are outsourcing or hosting their services on different Cloud Service Providers (CSP). They are also using different security services from these CSPs such as firewalls, intrusion detection/prevention systems and anti-malware. Although for the SMEs the main purpose of using these security services is to protect their cyber assets, either physical or virtual, from security threats and compromises, a very useful and valuable by-product of these security services is the wealth of Cyber Threat Information (CTI) that is collected over time. However, a common problem faced by SMEs is that they lack the resources and expertise for monitoring, analysing and reacting to any security notifications, alerts or events generated by the security services they have subscribed to. An obvious solution to this problem is that the SMEs outsource this problem to a cloud based service as well, by sharing their CTI with this service and allowing it to analyse the information and generate actionable reports or patches. The more CTI obtained from different SMEs, the better the analysis result. In this paper, we try to address some of the privacy and confidentiality issues that arise as a result of different SMEs sharing their CTI with such a third party analysis service for the aggregate analysis scenario we just described. We present the design and architecture of our solution that aims to allow SMEs to perform policy-based sharing of CTI, while also offering them flexible privacy and confidentiality controls.

Martin Henze,Lars Hermerschmidt,Daniel Kerpen,Roger Häußling,Bernhard Rumpe,Klaus Wehrle

DOI: https://doi.org/10.1109/FiCloud.2014.38

2014-12-09

Abstract:Internet of Things devices are envisioned to penetrate essentially all aspects of life, including homes and urbanspaces, in use cases such as health care, assisted living, and smart cities. One often proposed solution for dealing with the massive amount of data collected by these devices and offering services on top of them is the federation of the Internet of Things and cloud computing. However, user acceptance of such systems is a critical factor that hinders the adoption of this promising approach due to severe privacy concerns. We present UPECSI, an approach for user-driven privacy enforcement for cloud-based services in the Internet of Things to address this critical factor. UPECSI enables enforcement of all privacy requirements of the user once her sensitive data leaves the border of her network, provides a novel approach for the integration of privacy functionality into the development process of cloud-based services, and offers the user an adaptable and transparent configuration of her privacy requirements. Hence, UPECSI demonstrates an approach for realizing user-accepted cloud services in the Internet of Things.

Software Engineering

Winnie Cheng,Jun Li,Keith Moore,Alan H. Karp

2007-01-01

Abstract:Mobile companions such as smartphones and PDAs are very personal and carry a lot of sensitive data about their owners. With new services aimed at providing more targeted information retrieval through increased interactions with these devices, privacy concerns of individuals must be addressed. Existing solutions give users little control over release of this information. MUPPET is a privacy-aware information brokerage framework that incorporates a number of novel techniques to give users control over the release of their data. First, it introduces Operation-focused Access Control, a purpose-based access control model that supports flexible and fine-grain policies using typed operation labels. Second, our system allows RewardDriven Information Exchange. It provides a protocol for explicit communication of justifications and rewards and tunable privacy policies based on ongoing evaluation of the information exchange. Third, MUPPET includes a Purpose Detection Engine with an intuitive user interface for purpose management and supports explicit as well as implicit purpose activations based on context or authorizations. To validate our design, the MUPPET prototype has been integrated with a coupon personalization application for two different service providers in an experimental retail kiosk setting.

Vy-An Phan

DOI: https://doi.org/10.48550/arXiv.1905.09478

2019-05-13

Cryptography and Security

Abstract:Despite increasing advancements in today's information exchange infrastructure, the preservation of user data and privacy still remains a problem. Both insecure baselines and secure solutions leak user data. For example, Certificate Transparency (CT) promises significant security improvements to existing Public Key Infrastructure solutions that up-to-now have solely relied on the Certificate Authority hierarchy. CT provides a robust auditing layer and transparency solution to quickly detect such compromises, but introduces the requirement that client browsers interact with third-party servers when validating a site certificate. In the existing CT system, these requests leak information about each user's browsing habits to the hosting server. It is not a stretch to think that this valuable data could be collected and exploited, as corporations and governments have plenty of financial and political incentive to do so. In this project, we seek to address this problem by using an oblivious file sharing system with strong anonymity properties, to provide a more scalable, performant solution to privacy-preserving queries.

Michela Iezzi

DOI: https://doi.org/10.1109/bigdata50022.2020.9377989

2020-12-10

Abstract:Privacy has gained a growing interest nowadays due to the increasing and unmanageable amount of produced confidential data. Concerns about the possibility of sharing data with third parties to gain fruitful insights beset enterprise environments; value not only resides in data, but also in the intellectual property of algorithms and models that offer analysis results. This impasse locks both the availability of highperformance computing resources in the "as-a-service" paradigm and the exchange of knowledge with the scientific community in a collaborative view. Privacy-preserving data science enables the use of private data and algorithms without putting their privacy at risk. Conventional encryption schemes are not able to work on encrypted data without decrypting them first. Homomorphic Encryption (HE) is a form of encryption that allows the computation on encrypted data while preserving the features and the format of the plaintext. Against the background of interesting use cases for the Central Bank of Italy, this article focuses on how HE and data science can be leveraged to design and develop privacy-preserving enterprise applications. We propose a survey of main Homomorphic Encryption techniques and recent advances in the conubium between data science and HE.

Kalle Hjerppe,Jukka Ruohonen,Ville Leppänen

DOI: https://doi.org/10.1109/EuroSPW51379.2020.00050

2020-04-30

Abstract:Web services are important in the processing of personal data in the World Wide Web. In light of recent data protection regulations, this processing raises a question about consent or other basis of legal processing. While a consent must be informed, many web services fail to provide enough information for users to make informed decisions. Privacy policies and privacy languages are one way for addressing this problem; the former document how personal data is processed, while the latter describe this processing formally. In this paper, the socalled Layered Privacy Language (LPL) is coupled with web services in order to express personal data processing with a formal analysis method that seeks to generate the processing purposes for privacy policies. To this end, the paper reviews the background theory as well as proposes a method and a concrete tool. The results are demonstrated with a small case study.

Software Engineering