SecureCheck: User-Centric and Geolocation-Aware Access Mediation Contracts for Sharing Private Data
Pages 53 - 58
Abstract
Data oversharing is a critical issue in today's technologically driven society. Numerous entities, i.e., corporations, governments, criminal groups, are collecting individuals' data. One potential cause is that current systems, such as verification systems, do not prioritize the minimization of exchanged data. To address this issue, we propose SecureCheck, a novel privacy-enhancing technology (PET) framework that prioritizes data minimization. We aim to ensure that individuals control technology and its access to themselves, and not technology controlling individuals or their data. To that end, our proposed framework is comprised of two components: a novel access control model, called access mediation contracts, that enables users to negotiate with third parties over what data is used in a verification event, and a novel recommendation system that recommends the access mediation contracts in situationally-aware manner using geolocation data. As a part of ongoing work, we are developing a privacy calculus model detailing the decision process for data exchange. Also, we are conducting an exploratory study to better identify how to resolve conflicts between data owners and verifiers. Finally, we are actively working towards VaxCheck, a prototype implementation of SecureCheck focused on vaccine verification systems, so we can assess its effectiveness and suitability for future deployments in practice.
References
[1]
Alessandro Acquisti, Curtis Taylor, and Liad Wagman. 2016. The economics of privacy. Journal of economic Literature, 54, 2, 442--492.
[2]
Irwin Altman. 1975. The environment and social behavior: privacy, personal space, territory, crowding. Brooks/Cole Pub. Co, Monterey, Calif. isbn: 9780818501685.
[3]
Hamza Baniata and Attila Kertesz. 2022. Prifob: a privacy-aware fog-enhanced blockchain-based system for global accreditation and credential verification. Journal of Network and Computer Applications, 205, 103440.
[4]
Christoph Bösch. 2018. An efficient privacy-preserving outsourced geofencing service using bloom filter. In 2018 IEEE Vehicular Networking Conference (VNC). IEEE, Taipei, Taiwan, 1--8.
[5]
Jan Camenisch and Anna Lysyanskaya. 2001. An efficient system for nontransferable anonymous credentials with optional anonymity revocation. In Advances in Cryptology - EUROCRYPT 2001. Birgit Pfitzmann, (Ed.) Springer Berlin Heidelberg, Berlin, Heidelberg, 93--118. isbn: 978--3--540--44987--4.
[6]
David Chaum. 1982. Blind signatures for untraceable payments. In Advances in Cryptology Proceedings of Crypto 82. Plenum Press, New York, USA, Santa Barbara, California, 199--203.
[7]
Luis Claramunt, Carlos Rubio-Medrano, Jaejong Baek, and Gail-Joon Ahn. 2023. Spacemediator: leveraging authorization policies to prevent spatial and privacy attacks in mobile augmented reality. In Proc. of the 28th ACM Symposium on Access Control Models and Technologies (SACMAT '23). Association for Computing Machinery, Trento, Italy, 79--90.
[8]
David M. Cutler and Lawrence H. Summers. 2020. The covid-19 pandemic and the $16 trillion virus. English. JAMA : the journal of the American Medical Association, 324, 15, 1495.
[9]
World Health Organization 2023 data.who.int. 2023. Who coronavirus (covid- dashboard > cases [dashboard]. (2023). https://data.who.int/dashboards/co vid19/cases.
[10]
Dominic Deuber, Matteo Maffei, Giulio Malavolta, Max Rabkin, Dominique Schröder, Mark Simkin, et al. 2018. Functional credentials. In Proc. on Privacy Enhancing Technologies Symposium number 2. Vol. 2018. Barcelona, Spain, 64-- 84.
[11]
Tamara Dinev and Paul Hart. 2006. An extended privacy calculus model for e-commerce transactions. Information Systems Research, 17, 1, 61--80.
[12]
European Parliament and Council of the European Union. 2016. Regulation (EU) 2016/679 of the European Parliament and of the Council. (May 4, 2016). Retrieved Jan. 19, 2024 from https://eur-lex.europa.eu/legal-content/EN/TXT/ PDF/?uri=CELEX:32016R0679.
[13]
Leonardo Ferreira, Daniel C. Silva, and Mikel U. Itzazelaia. 2023. Recommender systems in cybersecurity. English. Knowledge and information systems, 65, 12, 5523--5559.
[14]
OpenStreetMap Foundation. 2004. (Aug. 2004). https://www.openstreetmap.or g/copyright.
[15]
Lorenzo Franceschi-Bicchierai. 2023. Hacker leaks millions more 23andme user records on cybercrime forum. (Oct. 2023). https://techcrunch.com/2023/10/18/h acker-leaks-millions-more-23andme-user-records-on-cybercrime-forum/.
[16]
Matteo Giomi, Franziska Boenisch, Christoph Wehmeyer, and Borbála Tasnádi. 2023. A unified framework for quantifying privacy risk in synthetic data. English. Proceedings on Privacy Enhancing Technologies, 2023, 2, 312--328.
[17]
Johannes Heurix, Peter Zimmermann, Thomas Neubauer, and Stefan Fenz. 2015. A taxonomy for privacy enhancing technologies. Computers & Security, 53, 1--17.
[18]
Nesrine Kaaniche, Maryline Laurent, and Sana Belguith. 2020. Privacy enhancing technologies for solving the privacy-personalization paradox: taxonomy and survey. Journal of Network and Computer Applications, 171, 102807.
[19]
Lily Hay Newman. 2023. The 23andme data breach keeps spiraling. (Dec. 2023). https://www.wired.com/story/23andme-breach-sec-update/.
[20]
Helen F. Nissenbaum. 2010. Privacy in context: technology, policy, and the integrity of social life. English. (1st ed.). Stanford Law Books. isbn: 9780804772891.
[21]
Deepjyoti Roy and Mala Dutta. 2022. A systematic review and research perspective on recommender systems. Journal of Big Data, 9, 1, 59. i.org/10.1186/s40537-022-00592--5.
[22]
T.C. Sottek and Janus Kopfstein. 2013. Everything you need to know about prism. (July 2013). https://www.theverge.com/2013/7/17/4517480/nsa-spyingprism- surveillance-cheat-sheet.
[23]
Theresa Stadler and Carmela Troncoso. 2022. Why the search for a privacypreserving data sharing mechanism is failing. Nature Computational Science, 2, 4, 208--210. https://doi.org/10.1038/s43588-022-00236-x.
[24]
Rob Stumpf. 2023. Carmakers are allowed to collect so much data on you-even about your sex life. (Sept. 2023). https://www.thedrive.com/news/carmakers-a re-allowed-to-collect-so-much-data-on-you-even-about-your-sex-life.
[25]
Vihangi Vagal, Konstantinos Markantonakis, and Carlton Shepherd. 2021. A new approach to complex dynamic geofencing for unmanned aerial vehicles. In 2021 IEEE/AIAA 40th Digital Avionics Systems Conf. (DASC). IEEE, 1--7.
[26]
Sokratis Vavilis, Milan Petkovi?, and Nicola Zannone. 2016. A severity-based quantification of data leakages in database systems. Journal of Computer Security, 24, 3, 321--345.
[27]
K. Vijayalakshmi and V. Jayalakshmi. 2022. A study on current research and challenges in attribute-based access control model. In Intelligent Data Communication Technologies and Internet of Things. D. Jude Hemanth, Danilo Pelusi, and Chandrasekar Vuppalapati, (Eds.) Springer Nature Singapore, Singapore, 17--31. isbn: 978--981--16--7610--9.
[28]
Binhua Wang and Yuan Ping. 2022. A comparative analysis of covid-19 vaccination certificates in 12 countries/regions around the world: rationalising health policies for international travel and domestic social activities during the pandemic. Health Policy, 126, 8, 755--762.
[29]
Samuel D. Warren and Louis D. Brandeis. 1890. The right to privacy. Harvard Law Review, 4, 5, 193--220. Retrieved Jan. 11, 2024 from http://www.jstor.org/stable/1321160.
[30]
Alan F Westin. 1968. Privacy and freedom. Washington and Lee Law Review, 25, 1, 166. https://scholarlycommons.law.wlu.edu/wlulr/vol25/iss1/20.
[31]
Shiwen Wu, Fei Sun, Wentao Zhang, Xu Xie, and Bin Cui. 2022. Graph neural networks in recommender systems: a survey. ACM Comput. Surv., 55, 5, Article 97, (Dec. 2022), 37 pages.
Index Terms
- SecureCheck: User-Centric and Geolocation-Aware Access Mediation Contracts for Sharing Private Data
Recommendations
Privacy-preserving data sharing in cloud computing
Storing and sharing databases in the cloud of computers raise serious concern of individual privacy. We consider two kinds of privacy risk: presence leakage, by which the attackers can explicitly identify individuals in (or not in) the database, and ...
GuardSpark++: Fine-Grained Purpose-Aware Access Control for Secure Data Sharing and Analysis in Spark
ACSAC '20: Proceedings of the 36th Annual Computer Security Applications ConferenceWith the development of computing and communication technologies, extremely large amount of data has been collected, stored, utilized, and shared, while new security and privacy challenges arise. Existing platforms do not provide flexible and practical ...
A Privacy-Aware Access Model on Anonymized Data
INTRUST 2014: Revised Selected Papers of the 6th International Conference on Trusted Systems - Volume 9473With development of information technology and communication, corporations and individuals will collect some digital information to support information-based decisions. However, under some conditions, if all original data are released, some privacy will ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
June 2024
205 pages
Copyright © 2024 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 25 June 2024
Check for updates
Author Tags
Qualifiers
- Short-paper
Funding Sources
Conference
SACMAT 2024
Sponsor:
SACMAT 2024: The 29th ACM Symposium on Access Control Models and Technologies
May 15 - 17, 2024
TX, San Antonio, USA
Acceptance Rates
Overall Acceptance Rate 177 of 597 submissions, 30%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 136Total Downloads
- Downloads (Last 12 months)136
- Downloads (Last 6 weeks)17
Reflects downloads up to 14 Nov 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in