A Survey on the Evolution of Privacy Enforcement on Smartphones and the Road Ahead

This file was created by the TYPO3 extension bib --- Timezone: CEST Creation date: 2024-05-01 Creation time: 02-38-19 --- Number of references 11 article 2017-pennekamp-pmc-survey A Survey on the Evolution of Privacy Enforcement on Smartphones and the Road Ahead Pervasive and Mobile Computing 2017 12 42 58-76 With the increasing proliferation of smartphones, enforcing privacy of smartphone users becomes evermore important. Nowadays, one of the major privacy challenges is the tremendous amount of permissions requested by applications, which can significantly invade users' privacy, often without their knowledge. In this paper, we provide a comprehensive review of approaches that can be used to report on applications' permission usage, tune permission access, contain sensitive information, and nudge users towards more privacy-conscious behavior. We discuss key shortcomings of privacy enforcement on smartphones so far and identify suitable actions for the future. Smartphones; Permission Granting; Privacy; Nudging trinics https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-pennekamp-pmc-survey.pdf Online Elsevier en 1574-1192 10.1016/j.pmcj.2017.09.005 1 JanPennekamp MartinHenze KlausWehrle incollection 2017-cps-henze-network Network Security and Privacy for Cyber-Physical Systems 2017 11 13 25-56 sensorcloud,ipacs Song, Houbing and Fink, Glenn A. and Jeschke, Sabina Wiley-IEEE Press First 2 Security and Privacy in Cyber-Physical Systems: Foundations, Principles and Applications en 978-1-119-22604-8 10.1002/9781119226079.ch2 1 MartinHenze JensHiller RenéHummen RomanMatzutt KlausWehrle Jan HenrikZiegeldorf inproceedings 2017-henze-mobiquitous-comparison Privacy-preserving Comparison of Cloud Exposure Induced by Mobile Apps 2017 11 7 543-544 trinics https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-henze-mobiquitous-comparison.pdf Online ACM Proceedings of the 14th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (MobiQuitous) - Poster Session, Melbourne, VIC, Australia en 978-1-4503-5368-7 10.1145/3144457.3144511 1 MartinHenze RitsumaInaba Ina BereniceFink Jan HenrikZiegeldorf inproceedings 2017-henze-mobiquitous-cloudanalyzer CloudAnalyzer: Uncovering the Cloud Usage of Mobile Apps 2017 11 7 262-271 Developers of smartphone apps increasingly rely on cloud services for ready-made functionalities, e.g., to track app usage, to store data, or to integrate social networks. At the same time, mobile apps have access to various private information, ranging from users' contact lists to their precise locations. As a result, app deployment models and data flows have become too complex and entangled for users to understand. We present CloudAnalyzer, a transparency technology that reveals the cloud usage of smartphone apps and hence provides users with the means to reclaim informational self-determination. We apply CloudAnalyzer to study the cloud exposure of 29 volunteers over the course of 19 days. In addition, we analyze the cloud usage of the 5000 most accessed mobile websites as well as 500 popular apps from five different countries. Our results reveal an excessive exposure to cloud services: 90 % of apps use cloud services and 36 % of apps used by volunteers solely communicate with cloud services. Given the information provided by CloudAnalyzer, users can critically review the cloud usage of their apps. Privacy; Smartphones; Cloud Computing; Traffic Analysis trinics https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-henze-mobiquitous-cloudanalyzer.pdf Online ACM Proceedings of the 14th EAI International Conference on Mobile and Ubiquitous Systems: Computing, Networking and Services (MobiQuitous '17), November 7-10, 2017, Melbourne, VIC, Australia Melbourne, VIC, Australia November 7-10, 2017 en 978-1-4503-5368-7 10.1145/3144457.3144471 1 MartinHenze JanPennekamp DavidHellmanns ErikMühmer Jan HenrikZiegeldorf ArthurDrichel KlausWehrle inproceedings 2017-panchenko-wpes-fingerprinting Analysis of Fingerprinting Techniques for Tor Hidden Services 2017 10 30 https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-panchenko-wpes-fingerprinting.pdf Online ACM Proceedings of the 16th Workshop on Privacy in the Electronic Society (WPES), co-located with the 24th ACM Conference on Computer and Communications Security (CCS), Dallas, TX, USA en 978-1-4503-5175-1 10.1145/3139550.3139564 1 AndriyPanchenko AsyaMitseva MartinHenze FabianLanze KlausWehrle ThomasEngel inproceedings 2017-henze-trustcom-dcam Distributed Configuration, Authorization and Management in the Cloud-based Internet of Things 2017 8 1 185-192 sscilops, ipacs https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-henze-trustcom-dcam.pdf Online IEEE Proceedings of the 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (IEEE TrustCom), Sydney, NSW, Australia en 978-1-5090-4905-9 2324-9013 10.1109/Trustcom/BigDataSE/ICESS.2017.236 1 MartinHenze BenediktWolters RomanMatzutt TorstenZimmermann KlausWehrle article 2017-ziegeldorf-bmcmedgenomics-bloom BLOOM: BLoom filter based Oblivious Outsourced Matchings BMC Medical Genomics 2017 7 26 10 Suppl 2 29-42 Whole genome sequencing has become fast, accurate, and cheap, paving the way towards the large-scale collection and processing of human genome data. Unfortunately, this dawning genome era does not only promise tremendous advances in biomedical research but also causes unprecedented privacy risks for the many. Handling storage and processing of large genome datasets through cloud services greatly aggravates these concerns. Current research efforts thus investigate the use of strong cryptographic methods and protocols to implement privacy-preserving genomic computations. We propose FHE-Bloom and PHE-Bloom, two efficient approaches for genetic disease testing using homomorphically encrypted Bloom filters. Both approaches allow the data owner to securely outsource storage and computation to an untrusted cloud. FHE-Bloom is fully secure in the semi-honest model while PHE-Bloom slightly relaxes security guarantees in a trade-off for highly improved performance. We implement and evaluate both approaches on a large dataset of up to 50 patient genomes each with up to 1000000 variations (single nucleotide polymorphisms). For both implementations, overheads scale linearly in the number of patients and variations, while PHE-Bloom is faster by at least three orders of magnitude. For example, testing disease susceptibility of 50 patients with 100000 variations requires only a total of 308.31 s (σ=8.73 s) with our first approach and a mere 0.07 s (σ=0.00 s) with the second. We additionally discuss security guarantees of both approaches and their limitations as well as possible extensions towards more complex query types, e.g., fuzzy or range queries. Both approaches handle practical problem sizes efficiently and are easily parallelized to scale with the elastic resources available in the cloud. The fully homomorphic scheme, FHE-Bloom, realizes a comprehensive outsourcing to the cloud, while the partially homomorphic scheme, PHE-Bloom, trades a slight relaxation of security guarantees against performance improvements by at least three orders of magnitude. Proceedings of the 5th iDASH Privacy and Security Workshop 2016 Secure outsourcing; Homomorphic encryption; Bloom filters sscilops; mynedata; rfc https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-ziegeldorf-bmcmedgenomics-bloom.pdf Online BioMed Central Chicago, IL, USA November 11, 2016 en 1755-8794 10.1186/s12920-017-0277-y 1 Jan HenrikZiegeldorf JanPennekamp DavidHellmanns FelixSchwinger IkeKunze MartinHenze JensHiller RomanMatzutt KlausWehrle inproceedings 2017-henze-tma-cloudemail Veiled in Clouds? Assessing the Prevalence of Cloud Computing in the Email Landscape 2017 6 21 trinics, ssiclops https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-henze-tma-cloudemail.pdf Online IEEE / IFIP Proceedings of the 2017 Network Traffic Measurement and Analysis Conference (TMA 2017), Dublin, Ireland en 978-3-901882-95-1 10.23919/TMA.2017.8002910 1 MartinHenze Mary PeytonSanford OliverHohlfeld inproceedings 2017-henze-ic2e-prada Practical Data Compliance for Cloud Storage 2017 4 4 252-258 ssiclops, ipacs https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-henze-ic2e-prada.pdf Online IEEE Proceedings of the 2017 IEEE International Conference on Cloud Engineering (IC2E 2017), Vancouver, BC, Canada en 978-1-5090-5817-4 10.1109/IC2E.2017.32 1 MartinHenze RomanMatzutt JensHiller ErikMühmer Jan HenrikZiegeldorf Johannesvan der Giet KlausWehrle inproceedings 2017-ziegeldorf-codaspy-priward Privacy-Preserving HMM Forward Computation 2017 3 22 83-94 mynedata https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-ziegeldorf-codaspy-priward.pdf Online ACM Proceedings of the 7th ACM Conference on Data and Application Security and Privacy (CODASPY 2017), Scottsdale, AZ, USA en 978-1-4503-4523-1 10.1145/3029806.3029816 1 Jan HenrikZiegeldorf JanMetzke JanRüth MartinHenze KlausWehrle inproceedings 2017-ziegeldorf-wons-tracemixer TraceMixer: Privacy-Preserving Crowd-Sensing sans Trusted Third Party 2017 2 21 17-24 mynedata https://www.comsys.rwth-aachen.de/fileadmin/papers/2017/2017-ziegeldorf-wons-tracemixer.pdf Online IEEE Proceedings of the 2017 13th Annual Conference on Wireless On-demand Network Systems and Services (WONS), Jackson Hole, WY, USA en 978-3-901882-88-3 10.1109/WONS.2017.7888771 1 Jan HenrikZiegeldorf MartinHenze JensBavendiek KlausWehrle