The characteristics of international trade are constantly changing. Electronic business is an example of a development that has involved new preconditions and new barriers. Security and privacy issues are becoming more crucial in the current global e-business environment as key factors for its future success.
The main purpose of this research is the study of the perception of the security and privacy issues by consumers as one of the barriers impeding the e-business development in Albania. In Albania, as in other Western Balkan countries, e- commerce is regarded as an opportunity for the development of the international trade.
This research gives a general review of the latest developments in e-commerce security and privacy in the world compared to the results of the survey conducted in Albania. The Albanian consumers are interested in being involved in e-commerce but sceptical and with a basic level of knowledge regarding privacy and security issues.
Vasilios Mavroudis, Shuang Hao, Yanick Fratantonio, Federico Maggi, Christopher Kruegel and Giovanni Vigna
Nowadays users often possess a variety of electronic devices for communication and entertainment. In particular, smartphones are playing an increasingly central role in users’ lives: Users carry them everywhere they go and often use them to control other devices. This trend provides incentives for the industry to tackle new challenges, such as cross-device authentication, and to develop new monetization schemes. A new technology based on ultrasounds has recently emerged to meet these demands. Ultrasound technology has a number of desirable features: it is easy to deploy, flexible, and inaudible by humans. This technology is already utilized in a number of different real-world applications, such as device pairing, proximity detection, and cross-device tracking.
This paper examines the different facets of ultrasound-based technology. Initially, we discuss how it is already used in the real world, and subsequently examine this emerging technology from the privacy and security perspectives. In particular, we first observe that the lack of OS features results in violations of the principle of least privilege: an app that wants to use this technology currently needs to require full access to the device microphone. We then analyse real-world Android apps and find that tracking techniques based on ultrasounds suffer from a number of vulnerabilities and are susceptible to various attacks. For example, we show that ultrasound cross-device tracking deployments can be abused to perform stealthy deanonymization attacks (e.g., to unmask users who browse the Internet through anonymity networks such as Tor), to inject fake or spoofed audio beacons, and to leak a user’s private information.
Based on our findings, we introduce several defense mechanisms. We first propose and implement immediately deployable defenses that empower practitioners, researchers, and everyday users to protect their privacy. In particular, we introduce a browser extension and an Android permission that enable the user to selectively suppress frequencies falling within the ultrasonic spectrum. We then argue for the standardization of ultrasound beacons, and we envision a flexible OS-level API that addresses both the effortless deployment of ultrasound-enabled applications, and the prevention of existing privacy and security problems.
Aurelija Pūraitė, Daiva Bereikienė and Neringa Šilinskė
In the past few years the use of unmanned aerial vehicles in Lithuania has significantly increased. However, enjoying the advantages of this technology, which improves society’s socio-economical safety (public safety in a broad sense), raises some privacy concerns. This article analyses European Union and national legal regulations regarding the use of unmanned aerial vehicles as well as legal tools for defence of the right to privacy or prevention from its breaches in the Republic of Lithuania. Unmanned aerial vehicles have become popular only recently; thus, legislation regarding their use has not yet become a common topic among lawyers. Furthermore, case law of the Republic of Lithuania is silent about it. Thus, the authors model a situation of breach of privacy using an unmanned aerial vehicle and analyse possible defence mechanisms.
Thierer, A. D. (2015). The Internet of Things and Wearable Technology: Addressing PrivacyandSecurity Concerns without Derailing Innovation. Richmond Journal of Law & Technology, XXI(2). Retrieved from http://jolt.richmond.edu/jolt-archive/v21i2/article6.pdf
Tomico, O., & Wilde, D. (2016). Soft, embodied, situated & connected: enriching interaction with soft wearables. The Journal of Mobile User Experience, 5(3), 1-17.
Williams, J. L. (2015). Privacy in the Age of the Internet of Things. Human Rights, 14-16.
Luís T. A. N. Brandão, Nicolas Christin, George Danezis and Anonymous
Available online public/governmental services requiring authentication by citizens have considerably expanded in recent years. This has hindered the usability and security associated with credential management by users and service providers. To address the problem, some countries have proposed nation-scale identification/authentication systems that intend to greatly reduce the burden of credential management, while seemingly offering desirable privacy benefits. In this paper we analyze two such systems: the Federal Cloud Credential Exchange (FCCX) in the United States and GOV.UK Verify in the United Kingdom, which altogether aim at serving more than a hundred million citizens. Both systems propose a brokered identification architecture, where an online central hub mediates user authentications between identity providers and service providers. We show that both FCCX and GOV.UK Verify suffer from serious privacy and security shortcomings, fail to comply with privacy-preserving guidelines they are meant to follow, and may actually degrade user privacy. Notably, the hub can link interactions of the same user across different service providers and has visibility over private identifiable information of citizens. In case of malicious compromise it is also able to undetectably impersonate users. Within the structural design constraints placed on these nation-scale brokered identification systems, we propose feasible technical solutions to the privacy and security issues we identified. We conclude with a strong recommendation that FCCX and GOV.UK Verify be subject to a more in-depth technical and public review, based on a defined and comprehensive threat model, and adopt adequate structural adjustments.
Knowing the trust level of cloud service providers is a significant issue in the field of cloud computing for privacy and security reasons. The idea of this paper is to build up a Consumer and Cloud-Data Envelopment Analysis (CCDEA) trust assessment model for evaluating cloud services in two stages. In first stage, the believability index of each cloud Consumer (C) is calculated. The second stage incorporates Cloud-Data Envelopment Analysis (C-DEA) model for the trust assessment of cloud services from the viewpoint of cloud consumers. Several experiments were conducted and the results were analyzed to show the stability of our method in measuring the relative efficiency and effectiveness of cloud services through ranking mechanism.
Over the last years, there has been a real revolution of mobile devices, which has effectively translated into the exponential increase in internet access rates on a mobile device as opposed to accessing it on desktop systems. Given the growing importance of smartphones, it is important to assess the privacy and security risks of these devices in order to mitigate them. However, as we know, in modern mobile security architecture, applications represent the most critical elements. In this paper we review common mobile applications flaws involving network communications, data storage, user input handling and also exploring a number of vulnerabilities. While applications provide amazing features and benefits for users, they also represent the main attraction for cyber criminals. In order to have a true picture of the mobile security threat spectrum, this article presents the means of how mobile applications can impact systems security, stability and compromise personal data if they are not handled properly.
The advent of the Internet continues to open new frontiers in digital marketing. One visible impact of the Internet in marketing has been the growing increase in online transactions which profits marketers and seemingly satisfies customers. However, in developing countries, the potential of online shopping has not been fully explored, and in some cases, are just non-existent. Lack of online infrastructure has often been attributed to the slower growth in online transactions in Africa, however, the customers’ preparedness and inclination to use the service is ignored. .Against this backdrop, this study seeks to analyze consumers’ propensity to engage in online transactions with a focus on demographic attributes such as age, gender and education. Using customers in Ghana as a case study, key reasons as well as the demographics that fancy online transactions are revealed. The results indicate that delivery problems, poor internet connection, privacy and security issues are some of the reasons preventing customers to shop online
Nowadays, smart devices like computers, tablets, and smartphones allow transmitting the information everywhere, with high speed, over the World Wide Web. However, risks regarding data integrity, privacy and security when using the Internet, increased dramatically, as methods designed to exploit the system’s vulnerabilities are more and more sophisticated. Therefore the need for people working in professional environments to protect their private data when using unsecure connections, by employing advanced tools. There are multiple solutions, but we will focus on the use of virtualization software like VMware or Oracle Virtual Box, together with traditional privacy measures (use of proxies and VPN’s). Today’s smart devices store an important amount of data about their owners and, in most of the cases, people don’t even realize this. Installing and using protection means is often not enough. They have to be properly setup in order to ensure the desired level of security, or anonymity, when using the Internet, and require for the military personnel a good knowledge not only about cyber vulnerabilities and risks, but also technical capabilities and features of the employed security solutions.
DISCLAIMER: This paper expresses the views, interpretations, and independent position of the authors. It should not be regarded as an official document, nor expressing formal opinions or policies, of NATO or the HUMINT Centre of Excellence (HCOE).
Anastasia Shuba, Athina Markopoulou and Zubair Shafiq
Although advertising is a popular strategy for mobile app monetization, it is often desirable to block ads in order to improve usability, performance, privacy, and security. In this paper, we propose NoMoAds to block ads served by any app on a mobile device. NoMoAds leverages the network interface as a universal vantage point: it can intercept, inspect, and block outgoing packets from all apps on a mobile device. NoMoAds extracts features from packet headers and/or payload to train machine learning classifiers for detecting ad requests. To evaluate NoMoAds, we collect and label a new dataset using both EasyList and manually created rules. We show that NoMoAds is effective: it achieves an F-score of up to 97.8% and performs well when deployed in the wild. Furthermore, NoMoAds is able to detect mobile ads that are missed by EasyList (more than one-third of ads in our dataset). We also show that NoMoAds is efficient: it performs ad classification on a per-packet basis in real-time. To the best of our knowledge, NoMoAds is the first mobile ad-blocker to effectively and efficiently block ads served across all apps using a machine learning approach.