Every Byte Matters

Wearable devices such as smartwatches, fitness trackers, and blood-pressure monitors process, store, and communicate sensitive and personal information related to the health, life-style, habits and interests of the wearer. This data is typically synchronized with a companion app running on a smartphone over a Bluetooth (Classic or Low Energy) connection. In this work, we investigate what can be inferred from the metadata (such as the packet timings and sizes) of encrypted Bluetooth communications between a wearable device and its connected smartphone. We show that a passive eavesdropper can use traffic-analysis attacks to accurately recognize (a) communicating devices, even without having access to the MAC address, (b) human actions (e.g., monitoring heart rate, exercising) performed on wearable devices ranging from fitness trackers to smartwatches, (c) the mere opening of specific applications on a Wear OS smartwatch (e.g., the opening of a medical app, which can immediately reveal a condition of the wearer), (d) fine-grained actions (e.g., recording an insulin injection) within a specific application that helps diabetic users to monitor their condition, and (e) the profile and habits of the wearer by continuously monitoring her traffic over an extended period. We run traffic-analysis attacks by collecting a dataset of Bluetooth communications concerning a diverse set of wearable devices, by designing features based on packet sizes and timings, and by using machine learning to classify the encrypted traffic to actions performed by the wearer. Then, we explore standard defense strategies against traffic-analysis attacks such as padding, delaying packets, or injecting dummy traffic. We show that these defenses do not provide sufficient protection against our attacks and introduce significant costs. Overall, our research highlights the need to rethink how applications exchange sensitive information over Bluetooth, to minimize unnecessary data exchanges, and to research and design new defenses against traffic-analysis tailored to the wearable setting.

Download Full-text

Automated Extraction and Presentation of Data Practices in Privacy Policies

Proceedings on Privacy Enhancing Technologies ◽

10.2478/popets-2021-0019 ◽

2021 ◽

Vol 2021 (2) ◽

pp. 88-110

Author(s):

Duc Bui ◽

Kang G. Shin ◽

Jong-Min Choi ◽

Junbum Shin

Keyword(s):

User Study ◽

Personal Information ◽

Personal Data ◽

Neural Model ◽

Automated Analysis ◽

Entity Recognition ◽

Automated System ◽

Privacy Policies ◽

Fine Grained ◽

Data Practices

Abstract Privacy policies are documents required by law and regulations that notify users of the collection, use, and sharing of their personal information on services or applications. While the extraction of personal data objects and their usage thereon is one of the fundamental steps in their automated analysis, it remains challenging due to the complex policy statements written in legal (vague) language. Prior work is limited by small/generated datasets and manually created rules. We formulate the extraction of fine-grained personal data phrases and the corresponding data collection or sharing practices as a sequence-labeling problem that can be solved by an entity-recognition model. We create a large dataset with 4.1k sentences (97k tokens) and 2.6k annotated fine-grained data practices from 30 real-world privacy policies to train and evaluate neural networks. We present a fully automated system, called PI-Extract, which accurately extracts privacy practices by a neural model and outperforms, by a large margin, strong rule-based baselines. We conduct a user study on the effects of data practice annotation which highlights and describes the data practices extracted by PI-Extract to help users better understand privacy-policy documents. Our experimental evaluation results show that the annotation significantly improves the users’ reading comprehension of policy texts, as indicated by a 26.6% increase in the average total reading score.

Download Full-text

Smishing Detection: Using Artificial Intelligence

International Journal for Research in Applied Science and Engineering Technology ◽

10.22214/ijraset.2021.37737 ◽

2021 ◽

Vol 9 (8) ◽

pp. 2218-2224

Author(s):

Samyak Sadanand Shravasti

Keyword(s):

Artificial Intelligence ◽

Short Message Service ◽

Personal Information ◽

Critical Issue ◽

Cyber Attacks ◽

Sensitive Information ◽

Short Message ◽

Proposed Model ◽

Message Service ◽

A Company

Abstract: Phishing occurs when people's personal information is stolen via email, phone, or text communications. In Smishing Short Message Service (SMS) is used for cyber-attacks, Smishing is a type of theft of sensitive information. People are more likely to give personal information such as account details and passwords when they receive SMS messages. This data could be used to steal money or personal information from a person or a company. As a result, Smishing is a critical issue to consider. The proposed model uses an Artificial Intelligence to detect smishing. Analysing a SMS and successfully detecting Smishing is possible. Finally, we evaluate and analyse our proposed model to show its efficacy. Keywords: Phishing, Smishing, Artificial Intelligence, LSTM, RNN

Download Full-text

Assessment of current practices in creating and using passwords as a control mechanism for information access

SA Journal of Information Management ◽

10.4102/sajim.v9i2.27 ◽

2007 ◽

Vol 9 (2) ◽

Cited By ~ 1

Author(s):

P. L. Wessels ◽

L. P. Steenkamp

Keyword(s):

Control Mechanism ◽

Personal Information ◽

Information Access ◽

Sensitive Information ◽

Access To Information ◽

Network Servers ◽

Critical Issues ◽

Data Files ◽

Gain Access ◽

Current Practices

One of the critical issues in managing information within an organization is to ensure that proper controls exist and are applied in allowing people access to information. Passwords are used extensively as the main control mechanism to identify users wanting access to systems, applications, data files, network servers or personal information. In this article, the issues involved in selecting and using passwords are discussed and the current practices employed by users in creating and storing passwords to gain access to sensitive information are assessed. The results of this survey conclude that information managers cannot rely only on users to employ proper password control in order to protect sensitive information.

Download Full-text

Accurate Filtering of Privacy-Sensitive Information in Raw Genomic Data

10.1101/292185 ◽

2018 ◽

Author(s):

Jérémie Decouchant ◽

Maria Fernandes ◽

Marcus Völp ◽

Francisco M Couto ◽

Paulo Esteves-Veríssimo

Keyword(s):

High Performance ◽

Genomic Data ◽

Sensitive Information ◽

Sensitive Data ◽

Variable Regions ◽

Fine Grained ◽

Sequencing Errors ◽

Sequencing Technologies ◽

Human Genomes ◽

Long Reads

AbstractSequencing thousands of human genomes has enabled breakthroughs in many areas, among them precision medicine, the study of rare diseases, and forensics. However, mass collection of such sensitive data entails enormous risks if not protected to the highest standards. In this article, we follow the position and argue that post-alignment privacy is not enough and that data should be automatically protected as early as possible in the genomics workflow, ideally immediately after the data is produced. We show that a previous approach for filtering short reads cannot extend to long reads and present a novel filtering approach that classifies raw genomic data (i.e., whose location and content is not yet determined) into privacy-sensitive (i.e., more affected by a successful privacy attack) and non-privacy-sensitive information. Such a classification allows the fine-grained and automated adjustment of protective measures to mitigate the possible consequences of exposure, in particular when relying on public clouds. We present the first filter that can be indistinctly applied to reads of any length, i.e., making it usable with any recent or future sequencing technologies. The filter is accurate, in the sense that it detects all known sensitive nucleotides except those located in highly variable regions (less than 10 nucleotides remain undetected per genome instead of 100,000 in previous works). It has far less false positives than previously known methods (10% instead of 60%) and can detect sensitive nucleotides despite sequencing errors (86% detected instead of 56% with 2% of mutations). Finally, practical experiments demonstrate high performance, both in terms of throughput and memory consumption.

Download Full-text

A Study on Extent of Awareness Among College Students in Security and Privacy Issues in Social Media

International Journal of Scientific Research in Computer Science Engineering and Information Technology ◽

10.32628/cseit2173147 ◽

2021 ◽

pp. 676-682

Author(s):

Dr. J. Padmavathi ◽

Sirvi Ashok Kumar Mohanlal

Keyword(s):

College Students ◽

Social Media ◽

Social Networking Sites ◽

Personal Information ◽

Security And Privacy ◽

Sensitive Information ◽

Social Media Networks ◽

Area Of Interest ◽

Unrestricted Access ◽

Privacy Issues

Today Social Media is an integral part of many people’s lives. Most of us are users of one or many of these such as Facebook, Twitter, Instagram, LinkedIn etc. Social media networks are the most common platform to communicate with our friends, family and share thoughts, photos, videos and lots of other information in the common area of interest. Privacy has become an important concern in social networking sites. Users are not aware of the privacy risks involved on social media sites and they share their sensitive information on social network sites. While these platforms are free and offer unrestricted access to their services, they puzzle the users with many issues such as privacy, security, data harvesting, content censorship, leaking personal information etc. This paper aims at analyzing, the major users of social media networks, namely, the college students. It was intended to assess the extent the consumers’ are aware of the risks of free usage and how to mitigate against these privacy issues.

Download Full-text

Evaluating the Validity of Current Mainstream Wearable Devices in Fitness Tracking Under Various Physical Activities: Comparative Study (Preprint)

10.2196/preprints.9754 ◽

2018 ◽

Cited By ~ 1

Author(s):

Junqing Xie ◽

Dong Wen ◽

Lizhong Liang ◽

Yuxi Jia ◽

Li Gao ◽

...

Keyword(s):

Heart Rate ◽

Energy Consumption ◽

Sleep Duration ◽

Measurement Accuracy ◽

Health Indicators ◽

Wearable Devices ◽

Health Related ◽

Fitness Tracking ◽

Activity State ◽

Fitness Trackers

BACKGROUND Wearable devices have attracted much attention from the market in recent years for their fitness monitoring and other health-related metrics; however, the accuracy of fitness tracking results still plays a major role in health promotion. OBJECTIVE The aim of this study was to evaluate the accuracy of a host of latest wearable devices in measuring fitness-related indicators under various seminatural activities. METHODS A total of 44 healthy subjects were recruited, and each subject was asked to simultaneously wear 6 devices (Apple Watch 2, Samsung Gear S3, Jawbone Up3, Fitbit Surge, Huawei Talk Band B3, and Xiaomi Mi Band 2) and 2 smartphone apps (Dongdong and Ledongli) to measure five major health indicators (heart rate, number of steps, distance, energy consumption, and sleep duration) under various activity states (resting, walking, running, cycling, and sleeping), which were then compared with the gold standard (manual measurements of the heart rate, number of steps, distance, and sleep, and energy consumption through oxygen consumption) and calculated to determine their respective mean absolute percentage errors (MAPEs). RESULTS Wearable devices had a rather high measurement accuracy with respect to heart rate, number of steps, distance, and sleep duration, with a MAPE of approximately 0.10, whereas poor measurement accuracy was observed for energy consumption (calories), indicated by a MAPE of up to 0.44. The measurements varied for the same indicator measured by different fitness trackers. The variation in measurement of the number of steps was the highest (Apple Watch 2: 0.42; Dongdong: 0.01), whereas it was the lowest for heart rate (Samsung Gear S3: 0.34; Xiaomi Mi Band 2: 0.12). Measurements differed insignificantly for the same indicator measured under different states of activity; the MAPE of distance and energy measurements were in the range of 0.08 to 0.17 and 0.41 to 0.48, respectively. Overall, the Samsung Gear S3 performed the best for the measurement of heart rate under the resting state (MAPE of 0.04), whereas Dongdong performed the best for the measurement of the number of steps under the walking state (MAPE of 0.01). Fitbit Surge performed the best for distance measurement under the cycling state (MAPE of 0.04), and Huawei Talk Band B3 performed the best for energy consumption measurement under the walking state (MAPE of 0.17). CONCLUSIONS At present, mainstream devices are able to reliably measure heart rate, number of steps, distance, and sleep duration, which can be used as effective health evaluation indicators, but the measurement accuracy of energy consumption is still inadequate. Fitness trackers of different brands vary with regard to measurement of indicators and are all affected by the activity state, which indicates that manufacturers of fitness trackers need to improve their algorithms for different activity states.

Download Full-text

Wearables and Workload

Critical Issues Impacting Science, Technology, Society (STS), and Our Future - Advances in Human and Social Aspects of Technology ◽

10.4018/978-1-5225-7949-6.ch007 ◽

2019 ◽

pp. 145-170 ◽

Cited By ~ 2

Author(s):

Michael Schwartz ◽

Paul Oppold ◽

P. A. Hancock

Keyword(s):

Sensation Seeking ◽

Prior Experience ◽

Wearable Devices ◽

Fitness Tracker ◽

Fitness Trackers

Prior research has reported that novelty affects the usage cycle of wearable devices. This chapter investigates the effects of sensation seeking, intensity, novelty, gender, and prior experience on the workload experienced during one aspect of using wearable fitness trackers, the device installation process. Contrary to the authors' hypotheses, prior experience, sensation seeking, intensity, and novelty did not significantly affect workload. The findings suggest that males tend to experience less workload during the setup of wearable fitness trackers; however, only for the Basis B1 and only for some aspects of workload. The claims made by prior research may be limited to specific aspects of the wearable fitness tracker use cycle, and more investigation is needed before broader claims can be made.

Download Full-text

DNA Cryptography

Cyber Security and Threats ◽

10.4018/978-1-5225-5634-3.ch037 ◽

2018 ◽

pp. 703-728

Author(s):

Pradipta Roy ◽

Debarati Dey ◽

Debashis De ◽

Swati Sinha

Keyword(s):

Data Transmission ◽

Communication Channel ◽

Personal Information ◽

Public Communication ◽

Secret Message ◽

Sensitive Information ◽

Computational Tool ◽

Medical Report ◽

Dna Cryptography ◽

Random Nature

In today's world, sensitive information like secret message, financial transaction, medical report, personal information is transferred over public communication channel. Since the advancement of communication begins, data security becomes a massive problem. The increasing rate of eavesdropping over communication channel leads the introduction of cryptography algorithm for data transmission. Different traditional cryptographic technique is adopted worldwide for protected data transmission. The recent advancement on this field is DNA based cryptography. This chapter describes the application of DNA as computational tool after the exposure of its capability was discovered by Leonard M. Adleman in 1994. Its random nature also helps the cryptography algorithm to become unbreakable. Conventional cryptography methods are sometimes susceptible to attack by the intruder. Therefore the idea of using codon based DNA as a computational tool is used in this cryptography method as an alternative method that fetches new hope in communication technology.

Download Full-text

The Dutch Participation Society Needs Open Data, but What is Meant by Open?

Handbook of Research on Citizen Engagement and Public Participation in the Era of New Media - Advances in Public Policy and Administration ◽

10.4018/978-1-5225-1081-9.ch017 ◽

2017 ◽

pp. 304-322

Author(s):

Roel During ◽

Marcel Pleijte ◽

Rosalie I. van Dam ◽

Irini E. Salverda

Keyword(s):

Social Action ◽

Web Sites ◽

Information Exchange ◽

Personal Information ◽

Open Data ◽

Data Access ◽

Representative Democracy ◽

Sensitive Information ◽

Data Governance ◽

Societal Benefit

Open data and citizen-led initiatives can be both friends and foes. Where it is available and ‘open', official data not only encourages increased public participation but can also generate the production and scrutiny of new material, potentially of benefit to the original provider and others, official or otherwise. In this way, official open data can be seen to improve democracy or, more accurately, the so-called ‘participative democracy'. On the other hand, the public is not always eager to share their personal information in the most open ways. Private and sometimes sensitive information however is required to initiate projects of societal benefit in difficult times. Many citizens appear content to channel personal information exchange via social media instead of putting it on public web sites. The perceived benefits from sharing and complete openness do not outweigh any disadvantages or fear of regulation. This is caused by various sources of contingency, such as the different appeals on citizens, construed in discourses on the participation society and the representative democracy, calling for social openness in the first and privacy protection in the latter. Moreover, the discourse on open data is an economic argument fighting the rules of privacy instead of the promotion of open data as one of the prerequisites for social action. Civil servants acknowledge that access to open data via all sorts of apps could contribute to the mushrooming of public initiatives, but are reluctant to release person-related sensitive information. The authors will describe and discuss this dilemma in the context of some recent case studies from the Netherlands concerning governmental programmes on open data and citizens' initiatives, to highlight both the governance constraints and uncertainties as well as citizens' concerns on data access and data sharing. It will be shown that openness has a different meaning and understanding in the participation society and representative democracy: i.e. the tension surrounding the sharing of private social information versus transparency. Looking from both sides at openness reveals double contingency: understanding and intentions on this openness invokes mutual enforcing uncertainties. This double contingency hampers citizens' eagerness to participate. The paper will conclude with a practical recommendation for improving data governance.

Download Full-text

E-Government, Security, and Cyber-Privacy

Cyber Crime ◽

10.4018/978-1-61350-323-2.ch607 ◽

2013 ◽

pp. 1314-1327

Author(s):

Ross Wolf ◽

Ronnie Korosec

Keyword(s):

Personal Information ◽

The United States ◽

Advanced Technology ◽

Sensitive Information ◽

Government Responsibility ◽

Public And Private ◽

On Line ◽

Enhance Efficiency ◽

Technology And Communication ◽

Public And Private Sector

E-government involves governments at all levels using advanced technology and communication tools to provide services, allow for transactions, and respond to citizen’s needs and requests. This on-line version of government, which is designed to enhance efficiency and improve operations, relies heavily on a network of data structures that are currently in place. While much has been written about e-government, few studies exist that link the concepts of e-government and security with individual rights and government responsibility. Now more than ever, progressive changes in technology allow public and private sector entities to routinely collect, store, and disseminate large files of personal information about the citizens and clients they interact with. The power associated with the magnitude of this information requires great responsibility and accountability. This chapter is a beginning point to discuss how governments in the United States attempt to maintain secure fortresses of data, limit the dissemination of sensitive information to unauthorized parties, and ensure on line privacy for citizens.

Download Full-text