Another Look at Privacy-Preserving Automated Contact Tracing

In the current COVID-19 pandemic, manual contact tracing has been proven to be very helpful to reach close contacts of infected users and slow down spread of the virus. To improve its scalability, a number of automated contact tracing (ACT) solutions have been proposed, and some of them have been deployed. Despite the dedicated efforts, security and privacy issues of these solutions are still open and under intensive debate. In this article, we examine the ACT concept from a broader perspective, by focusing on not only security and privacy issues but also functional issues such as interface, usability, and coverage. We first elaborate on these issues and particularly point out the inevitable privacy leakages in existing Bluetooth Low Energy based ACT solutions, including centralized and decentralized ones. In addition, we examine the existing venue-based ACT solutions and identify their privacy and security concerns. Then, we propose a generic venue-based ACT solution and a concrete instantiation based on Bluetooth Low Energy technology. Our solution monitors users’ contacting history only in virus-spreading-prone venues and offers higher-level protection for both security and privacy than its predecessors. Finally, we evaluate our solution from security, privacy, and efficiency perspectives, and also highlight how to reduce false positives in some specific indoor environments.

Privacy and Safety on Social Networking Sites: Autistic and Non-Autistic Teenagers’ Attitudes and Behaviors

Autistic teenagers are suspected to be more vulnerable to privacy and safety threats on social networking sites (SNS) than the general population. However, there are no studies comparing these users’ privacy and safety concerns and protective strategies online with those reported by non-autistic teenagers. Furthermore, researchers have yet to identify possible explanations for autistic teenagers’ increased risk of online harms. To address these research gaps, we conducted semi-structured interviews with 12 autistic and 16 non-autistic teenagers assessing their privacy- and safety-related attitudes and behaviors on SNS, and factors affecting them. We used videos demonstrating relevant SNS scenarios as prompts to engage participants in conversation. Through our thematic analyses, we found evidence that autistic teenagers may be more averse to taking risks on SNS than non-autistic teenagers. Yet, several personal, social, and SNS design factors may make autistic teenagers more vulnerable to cyberbullying and social exclusion online. We provide recommendations for making SNS safer for autistic teenagers. Our research highlights the need for more inclusive usable privacy and security research with this population.

Designing and Evaluating an Automatic Forensic Model for Fast Response of Cross-border E-commerce Security Incidents

The rapid development of cross-border e-commerce over the past decade has accelerated the integration of the global economy. At the same time, cross-border e-commerce has increased the prevalence of cybercrime, and the future success of e-commerce depends on enhanced online privacy and security. However, investigating security incidents is time- and cost-intensive as identifying telltale anomalies and the source of attacks requires the use of multiple forensic tools and technologies and security domain knowledge. Prompt responses to cyber-attacks are important to reduce damage and loss and to improve the security of cross-border e-commerce. This article proposes a digital forensic model for first incident responders to identify suspicious system behaviors. A prototype system is developed and evaluated by incident response handlers. The model and system are proven to help reduce time and effort in investigating cyberattacks. The proposed model is expected to enhance security incident handling efficiency for cross-border e-commerce.

Designing and Evaluating an Automatic Forensic Model for Fast Response of Cross-Border E-Commerce Security Incidents

The rapid development of cross-border e-commerce over the past decade has accelerated the integration of the global economy. At the same time, cross-border e-commerce has increased the prevalence of cybercrime, and the future success of e-commerce depends on enhanced online privacy and security. However, investigating security incidents is time- and cost-intensive as identifying telltale anomalies and the source of attacks requires the use of multiple forensic tools and technologies and security domain knowledge. Prompt responses to cyber-attacks are important to reduce damage and loss and to improve the security of cross-border e-commerce. This article proposes a digital forensic model for first incident responders to identify suspicious system behaviors. A prototype system is developed and evaluated by incident response handlers. The model and system are proven to help reduce time and effort in investigating cyberattacks. The proposed model is expected to enhance security incident handling efficiency for cross-border e-commerce.

Do I Spit or Do I Pass?

This study explores privacy concerns perceived by people with respect to having their DNA tested by direct-to-consumer (DTC) genetic testing companies such as 23andMe and Ancestry.com. Data collected from 510 respondents indicate that those who have already obtained a DTC genetic test have significantly lower levels of privacy and security concerns than those who have not obtained a DTC genetic test. Qualitative data from respondents of both these groups show that the concerns are mostly similar. However, the factors perceived to alleviate privacy concerns are more varied and nuanced amongst those who have obtained a DTC genetic test. Our data suggest that privacy concerns or lack of concerns are based on complex and multiple considerations including data ownership, access control of data and regulatory authorities of social, political and legal systems. Respondents do not engage in a full cost/benefit analysis of having their DNA tested.

Editorial Introduction - GROUP 2022 Second Wave

For over a quarter century, GROUP has offered a premier yet intimate and welcoming venue for agenda-setting, diverse research. Although the traditional focus of the conference is on supporting group work, it has expanded to include research from computer-supported cooperative work, sociotechnical studies, practice-centered computing, human-computer interaction, computersupported collaborative learning, participatory technology design, and other related areas. The work presented in this issue embodies that interdisciplinary ethos. Papers in this issue cover a wide range topics, from human-AI collaboration, to collaboration in virtual reality, to perceptions of privacy and security, to the myriad impacts of the COVID-19 pandemic. The application domains are similarly wide ranging, from health data, to civic engagement, to educational settings, to government provision of social services. Similar to the 2021 issue, this issue also continues the tradition of design fiction at GROUP. This issue of PACM:HCI brings you papers from the planned 2022 ACMConference on Supporting Group Work (GROUP 2022). Typically, the GROUP conference occurs every two years. However, research developments do not necessarily follow conference deadline cycles. Thus, the GROUP conference offers authors the opportunity to submit to multiple waves. The first wave of papers for this conference were published in July 2021 in Volume 5 of PACM:HCI, and papers from this current issue were first submitted in May 2021. Both of these sets of papers published as part of the planned GROUP 2022 conference were authored and reviewed during the COVID-19 pandemic. These papers represent commendable volumes of hard work and resilience, not just from the authors, but also from the reviewers, the program committee, and the conference organizers. Additionally, the pandemic forced a major change to the conference at which these papers will be presented.

Understanding Users’ Behavior towards Applications Privacy Policies

Recently, smartphone usage has increased tremendously, and smartphones are being used as a requirement of daily life, equally by all age groups. Smartphone operating systems such as Android and iOS have made it possible for anyone with development skills to create apps for smartphones. This has enabled smartphone users to download and install applications from stores such as Google Play, App Store, and several other third-party sites. During installation, these applications request resource access permissions from users. The resources include hardware and software like contact, memory, location, managing phone calls, device state, messages, camera, etc. As per Google’s permission policy, it is the responsibility of the user to allow or deny any permissions requested by an app. This leads to serious privacy violation issues when an app gets illegal permission granted by a user (e.g., an app might request for granted map permission and there is no need for map permission in the app, and someone can thereby access your location by this app). This study investigates the behavior of the user when it comes to safeguarding their privacy while installing apps from Google Play. In this research, first, seven different applications with irrelevant permission requests were developed and uploaded to two different Play Store accounts. The apps were live for more than 12 months and data were collected through Play Store analytics as well as the apps’ policy page. The preliminary data analysis shows that only 20% of users showed concern regarding their privacy and security either through interaction with the development team through email exchange or through commenting on the platform and other means accordingly.

A Review on Security and Privacy Issues in IoT Devices

In our everyday lives, the IoT is everywhere. They are used for the monitoring and documentation of environmental improvements, fire safety and even other useful roles in our homes, hospitals and the outdoors. IoT-enabled devices that are linked to the internet transmit and receive a large amount of essential data over the network. This provides an opportunity for attackers to infiltrate IoT networks and obtain sensitive data. However, the risk of a loss of privacy and security could outweigh any of these benefits. Many tests have been carried out in order to solve these concerns and find a safer way to minimize or remove the effect of IoT technologies on privacy and security practices in order to protect them. The issue with IoT devices is that they have small output modules, making it impossible to adapt current protection methods to them. This constraint necessitates the presentation of lightweight algorithms that enable IoT devices. In this article, investigated the context and identify different safety, protection, and approaches for securing components of IoT-based ecosystems and systems, as well as evolving security solutions. In addition, several proposed algorithms and authentication methods in IoT were discussed in order to avoid various types of attacks while keeping the limitations of the IoT framework in mind. Also discuss some hardware security in IoT devices.

An Introduction to the Federated Learning Standard

With the growing concern on data privacy and security, it is undesirable to collect data from all users to perform machine learning tasks. Federated learning, a decentralized learning framework, was proposed to construct a shared prediction model while keeping owners' data on their own devices. This paper presents an introduction to the emerging federated learning standard and discusses its various aspects, including i) an overview of federated learning, ii) types of federated learning, iii) major concerns and the performance evaluation criteria of federated learning, and iv) associated regulatory requirements. The purpose of this paper is to provide an understanding of the standard and facilitate its usage in model building across organizations while meeting privacy and security concerns.

Anonymous Mutual and Batch Authentication with Location Privacy of UAV in FANET

As there has been an advancement in avionic systems in recent years, the enactment of unmanned aerial vehicles (UAV) has upgraded. As compared to a single UAV system, multiple UAV systems can perform operations more inexpensively and efficiently. As a result, new technologies between user/control station and UAVs have been developed. FANET (Flying Ad-Hoc Network) is a subset of the MANET (Mobile Ad-Hoc Network) that includes UAVs. UAVs, simply called drones, are used for collecting sensitive data in real time. The security and privacy of these data are of priority importance. Therefore, to overcome the privacy and security threats problem and to make communication between the UAV and the user effective, a competent anonymous mutual authentication scheme is proposed in this work. There are several methodologies addressed in this work such as anonymous batch authentication in FANET which helps to authenticate a large group of drones at the same time, thus reducing the computational overhead. In addition, the integrity preservation technique helps to avoid message alteration during transmission. Moreover, the security investigation section discusses the resistance of the proposed work against different types of possible attacks. Finally, the proposed work is related to the prevailing schemes in terms of communication and computational cost and proves to be more efficient.