Smart Digital Forensic Readiness Model for Shadow IoT Devices

Internet of Things (IoT) is the network of physical objects for communication and data sharing. However, these devices can become shadow IoT devices when they connect to an existing network without the knowledge of the organization’s Information Technology team. More often than not, when shadow devices connect to a network, their inherent vulnerabilities are easily exploited by an adversary and all traces are removed after the attack or criminal activity. Hence, shadow connections pose a challenge for both security and forensic investigations. In this respect, a forensic readiness model for shadow device-inclusive networks is sorely needed for the purposes of forensic evidence gathering and preparedness, should a security or privacy breach occur. However, the hidden nature of shadow IoT devices does not facilitate the effective adoption of the most conventional digital and IoT forensic methods for capturing and preserving potential forensic evidence that might emanate from shadow devices in a network. Therefore, this paper aims to develop a conceptual model for smart digital forensic readiness of organizations with shadow IoT devices. This model will serve as a prototype for IoT device identification, IoT device monitoring, as well as digital potential evidence capturing and preservation for forensic readiness.

The Governance of Privacy

We can hardly underestimate the importance of privacy in our data-driven world. Privacy breaches are not just about disclosing information. Personal data is used to profile and manipulate us – sometimes on such a large scale that it affects society as a whole. What can governments do to protect our privacy? In The Governance of Privacy Hans de Bruijn first analyses the complexity of the governance challenge, using the metaphor of a journey. At the start, users have strong incentives to share data. Harvested data continue the journey that might lead to a privacy breach, but not necessarily – it can also lead to highly valued services. That is why both preparedness at the start of the journey and resilience during the journey are crucial to privacy protection. The book then explores three strategies to deal with governments, the market, and society. Governments can use the power of the law; they can exploit the power of the market by stimulating companies to compete on privacy; and they can empower society, strengthening its resilience in a data-driven world.

Entropy-Based Quantification of Privacy Attained Through User Profile Similarity

Location-based services refer to services that use location as primary input. But accessing user's location by an adversary invites issues of privacy breach. Instead of specific location coordinates, its surrounding area known as cloaking region is revealed in order to get the service. K anonymity technique of location privacy ensures that at least K-1 users should be included within a specific cloaked region. Researches have established that on combining K anonymity with the idea of including similar users together in a cloaked region provides stringent privacy (especially from background and heterogeneity attacks). This work quantifies the amount of privacy gain attained through, opting-for users with similar profiles instead of random users. The quantification is done by using KL divergence. Values of KL divergence of user profiles have been calculated for different cloaking regions containing similar and random users. Low KL divergence values depict privacy gains up to 33% for users with similar profiles.

Evaluating privacy of individuals in medical data

Although data protection is compulsory when personal data is shared, there is no systematic method available to evaluate to what extent each individual is at risk of a privacy breach. We use a collection of measures that quantify how much information is needed to uncover sensitive information. Combined with visualization techniques, our approach can be used to perform a detailed privacy analysis of medical data. Because privacy is evaluated per variable, these adjustments can be made while incorporating how likely it is that these variables will be exploited to uncover sensitive information in practice, as is mandatory in the European Union. Additionally, the analysis of privacy can be used to evaluate to what extent knowledge on specific variables in the data can contribute to privacy breaches, which can subsequently guide the use of anonymization techniques, such as generalization.

POSMASWEB

It has recently been discovered that large companies and nations “observe” their customers and citizens, disregarding any remaining moral and technological lines, being able to listen to telephone conversations and monitoring communications through powerful monitoring and surveillance programs. Elsewhere on the planet, nations in turmoil or wrapped in a cloak of censorship persecute their citizens, controlling them by denying them access to the free web without the threat of repercussions that threatens their dignity. To support the present research, an analysis of platforms that allow anonymous and secure browsing and a study of technologies and programs with potential privacy breach and computer intrusion were performed. The main objective of this work was to analyse the computer monitoring and surveillance technologies, identifying the available tools, trying to find potential solutions, developing and providing a methodology that enhances any desktop, server, or mobile operating system, with characteristics that combat the exposed in this summary.