Sourya Joyee DeIndian Statistical Institute Kolkata · R. C. Bose Centre for Cryptology and Security
Sourya Joyee De
PhD
About
47
Publications
3,144
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
366
Citations
Introduction
Skills and Expertise
Additional affiliations
December 2014 - April 2015
June 2009 - December 2015
Publications
Publications (47)
In today’s digitized society of ever-increasing information sharing, Online Privacy Literacy (OPL) is not only important to feel safe but be safe as well. OPL refers to skills and knowledge of individuals that helps to protect their privacy online. OPL is crucial in the digital era, where extensive data collection poses privacy challenges. The lack...
The extant contact tracing privacy literature is yet to explore the significance of user emotions in privacy-related decision-making such as whether to use such potentially privacy-invasive apps. Using social media analytics, the present study examines users’ privacy-related emotions stimulated by privacy-related aspects of contact tracing apps. A...
Governments around the world are utilizing their digital ecosystems to respond to the COVID‐19 pandemic. To increase awareness among the beneficiaries about privacy risks, they must proactively publish the data handling practices for their digital initiatives through appropriate privacy policies. This study analyzes the privacy policies of public C...
The privacy scoring and privacy settings management mechanisms described in this discourse are early attempts to introduce privacy risk analysis concepts in the area of online social networks (OSNs) from the user perspective. They are also in alignment with the risk-based approach of the EU GDPR toward privacy protection. Privacy scores make users...
As the need to inform OSN users about the privacy risks arising from sharing personal information is being increasingly appreciated, researchers have proposed various methods [5, 6, 8, 9, 15, 39, 95, 112, 116, 117, 132, 137, 147, 148, 150] to compute these risks and to present the result to users in terms of privacy scores.1 The primary aim of thes...
Users may publish various personal data in their OSN profiles, such as their birthday, gender, interests, education, and workplace, in the form of attributes. They can choose appropriate privacy settings, provided by the OSN, to reveal the attributes to suitable audiences such as friends, friends-of-friends, and even strangers who are members of th...
The EU GDPR [56] emphasizes that data subjects should be made aware of the risks related to personal data processing. In general, privacy impact assessment (PIA), whose technical core is referred to as privacy risk analysis (PRA) [45], is used to help service providers understand the privacy risks for data subjects from services they provide. With...
In an OSN, a user forms the first impression on other users by revealing different profile attributes such as his age, gender, interests, and workplace. These attributes constitute the basis of building new friendships as well as reviving and enhancing existing ones. Many studies have documented the relationship between the use of OSNs such as Face...
Privacy settings in OSN profiles allow users to choose the level of visibility of the attributes they reveal. When chosen correctly, the privacy settings of an attribute restricts the data to the intended audience. In Facebook for example, the user can keep an attribute private or reveal it to his friends or friends-of-friends or make it public. So...
The personal data disclosed by users in OSN profiles in terms of attributes can be exploited by other OSN members (e.g., complete strangers, future employers, colleagues, and relatives) to cause various privacy harms such as identity theft, discrimination, or sexual predation for the OSN user.
The privacy settings of the target user and his vicinity contribute to the attributes that are visible about him [39]. Attributes may be visible to a risk source either because they are directly revealed to it by the user or because the risk source can infer their values based on the attributes disclosed by the user’s vicinity.
The EU General Data Protection Regulation (GDPR) recognizes the data subject’s consent as one of the legal grounds for data processing. Targeted advertising, based on personal data processing, is a central source of revenue for data controllers such as Google and Facebook. At present, the implementation of consent mechanisms for such advertisements...
The EU General Data Protection Regulation (GDPR) recognizes data subject’s consent as a legitimate ground of data processing. At present, consent mechanisms in OSNs are either non-existent or not GDPR compliant. While the absence of consent means a lack of control of the OSN user (data subject) on his personal data, non-compliant consent mechanisms...
Online Social Network (OSN) profiles help users to create first impressions on other users and therefore lead to various social benefits. However, users can become the victims of privacy harms such as identity theft, stalking or discrimination due to the personal data revealed in these profiles. So they have to carefully select the privacy settings...
The social benefit derived from online social networks (OSNs) can lure users to reveal unprecedented volumes of personal data to a social graph that is much less trustworthy than the offline social circle. Although OSNs provide users privacy configuration settings to protect their data, these settings are not sufficient to prevent all situations of...
Fine grained access control is a requirement for data stored in untrusted servers like clouds. Owing to the large volume of data, decentralized key management schemes are preferred over centralized ones. Often encryption and decryption are quite expensive and not practical when users access data from resource constrained devices. We propose a decen...
The objective of this paper is to improve the cost effectiveness of privacy impact assessments through (1) a more systematic approach, (2) a better integration with privacy by design and (3) enhanced reusability. We present a three-tier process including a generic privacy risk analysis depending on the specifications of the system and two refinemen...
Privacy Impact Assessments (PIA) are recognized as a key step to enhance privacy protection in new information systems and services. They will be required in Europe when the new General Data Protection Regulation becomes effective. From a technical perspective, the core of a PIA is a Privacy Risk Analysis (PRA), which has received relatively less a...
Privacy Risk Analysis fills a gap in the existing literature by providing an introduction to the basic notions, requirements, and main steps of conducting a privacy risk analysis.
The deployment of new information technologies can lead to significant privacy risks and a privacy impact assessment should be conducted before designing a product or sys...
In this chapter, we first discuss the differences between the definitions of personally identifiable information (PII) in the U.S. and personal data in Europe (Section 4.1). We also summarize the ongoing debates on anonymization which is a central issue in this context (Section 4.2). We proceed with a categorization of personal data and a discussio...
The first step of a privacy risk analysis is the definition of its scope, which requires a detailed and comprehensive description of the processing system under consideration. This description should include all personal data flows between the components of the system and communications with the outside world. This information is necessary for the...
Before getting into the substance of the matter, it is necessary to define precisely the main concepts involved in a privacy risk analysis. Indeed, technical terms are not always used in a consistent way in this area and different authors sometimes use the same words with different meanings. The objective of this chapter is to set the scene and int...
As discussed in the previous chapter, a privacy risk analysis should include, in addition to the evaluation of the likelihood of the feared events, an analysis of their potential impacts in terms of privacy, which we call privacy harms in this book. For example, the disclosure of personal data—a feared event in our terminology—can cause different t...
In the previous chapters, we have presented and discussed the attributes of the main components of a privacy risk analysis (PRA). In this chapter, we turn our attention to the use of these ingredients in a PRA process. Considering that a PRA should be part of a more general Privacy Impact Assessment (PIA) and PIAs have received a lot of attention d...
We use the expression “feared event” to denote the events (in the technical sense) of the processing system that should be avoided because they may lead to privacy harms. The privacy harm itself is the impact of a feared event on people (data subjects, groups, society). Different privacy harms may result from the same feared event, and different fe...
The stakeholders are the entities that are concerned, in one way or another, by the processing of the personal data. They include the individuals to whom the data relates (or who can be affected by the processing of the data) and the entities taking part in the processing of the data or having (legally or illegally) access to it. Identifying all st...
One of the first questions to be addressed in any type of risk analysis is: what are the potential sources of risk? The sources of risk are the entities whose actions can lead to a privacy breach. Theses entities are often referred to as “adversaries” or “attackers” in the security literature but we prefer to use the term “risk source” here as it i...
In this book, we have focused on privacy risk analysis (PRA) considered as the technical core of privacy impact assessment (PIA). We have mentioned, without going into detail, the other (mostly organizational) aspects of PIAs which are already well documented and discussed in the literature. Computer security is another strongly connected area that...
A rational secret sharing scheme is a game in which each party responsible
for reconstructing a secret tries to maximize his utility by obtaining the
secret alone. Quantum secret sharing schemes, either derived from quantum
teleportation or from quantum error correcting code, do not succeed when we
assume rational participants. This is because all...
Parties in a rational secret sharing protocol may use mobile devices which are severely resource-constrained. Therefore, it may be in the interest of such parties to try to obtain the secret while spending as little as possible on communication and computation. This preference is different from a traditional rational player and is similar to freeri...
This paper discusses the role of Financial Inclusion in a country like India and mobile banking as a means to attain it. The paper discusses the increasing penetration of mobile phones and the key considerations of use of mobile banking. The paper proposes an Interactive Voice Response (IVR) based mobile banking model in the cloud suitable for a de...
A whole range of security concerns that can act as barriers to the adoption of cloud computing have been identified by researchers over the last few years. While outsourcing its business-critical data and computations to the cloud, an enterprise loses control over them. How should the organization decide what security measures to apply to protect i...
Security of various types of online auctions has received a considerable attention from researchers. However, very few works have analyzed the problem of security in online sealed-bid auctions from the point of view of rational participants. The paper deals with an online auction scenario where two types of participants co-exist: 1) a party corrupt...
In rational secret sharing, parties may prefer to mislead others in believing a wrong secret as the correct one over everybody obtaining the secret (i.e. a fair outcome). Prior rational secret reconstruction protocols for non-simultaneous channel only address the case where a fair outcome is preferred over misleading and hence are fair but not corr...
Each day newer security and privacy risks are emerging in the online world. Users are often wary of using online services because they are not entirely confident of the level of security the provider is offering, particularly when such services may involve monetary transactions. Often the level of security in the algorithms underlying online and cl...
Computation offloading to the Cloud for energy efficiency in portable devices is an emerging area of research triggered by the widespread use and acceptance of smart phones. A number of architectures have already been proposed in this context. However, security issues in the cloud still remain a concern that can play an important role in deciding w...