Conference Paper

Cross Domain Privacy Protection for Location-Based Services.

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

This paper investigates the current status of Information System Security (ISS) within New South Wales State government agencies in Australia. A 3-year longitudinal survey was used to increase awareness and motivate ISS managers. In addition, the survey was used as a management tool to monitor compliance with ISS standard’s controls (AS/NZS17799:2001). In 2004 an amendment to the standard added critical success factors (CSFs) as being necessary for an agency’s movement to accreditation. An analysis of the CSFs results was undertaken to determine the status of an independently acting agency’s security readiness and they were summarized to then provide an overall measure. This measure provided a ‘benchmark’ for an agency’s security readiness to the standard’s CSFs (AS/NZS17799:2004.AMDT). While the process for improving security based on CSFs is adequate, actual improvement in ISS across government requires further effort. This research contributes to the level of understanding of ISS compliance within e-Government.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

Article
Full-text available
Telecommunications services are for long subject to privacy regulations. At stake are traditionally: privacy of the communication and the protection of traffic data. Privacy of the communication is legally founded. Traffic data subsume under the notion of data protection and are central in the discussion. The telecommunications environment is profoundly changing. The traditionally closed markets with closed networks change into an open market with open networks. Within these open networks more privacy sensitive data are generated and have to be exchanged between growing numbers of parties. Also telecommunications and computer networks are rapidly being integrated and thus the distinction between telephony and computing disappears. Traditional telecommunications privacy regulations are revised to cover internet applications. In this paper telecommunications issues are recalled to aid the on-going debate. Cellular mobile phones have recently be introduced. Cellular networks process a particular category of traffic data namely location data, thereby introducing the issue of territorial privacy into the telecommunications domain. Location data are bound to be used for pervasive future services. Designs for future services are discussed and evaluated for their impact on privacy protection.
Conference Paper
Full-text available
Location-based services, such as flnding the nearest gas sta- tion, require users to supply their location information. However, a user's location can be tracked without her consent or knowledge. Lowering the spatial and temporal resolution of location data sent to the server has been proposed as a solution. Although this technique is efiective in pro- tecting privacy, it may be overkill and the quality of desired services can be severely afiected. In this paper, we suggest a framework where uncer- tainty can be controlled to provide high quality and privacy-preserving services, and investigate how such a framework can be realized in the GPS and cellular network systems. Based on this framework, we sug- gest a data model to augment uncertainty to location data, and propose imprecise queries that hide the location of the query issuer and yields probabilistic results. We investigate the evaluation and quality aspects for a range query. We also provide novel methods to protect our solu- tions against trajectory-tracing. Experiments are conducted to examine the efiectiveness of our approaches.
Article
Identity management is traditionally seen from the service providers' point of view, meaning that it is an activity undertaken by the service provider to manage service user identities. Traditional identity man-agement systems are designed to be cost effective and scalable primarily for the service providers, but not necessarily for the users, which often results in poor usability. Users are, for example, often required to memorise multiple passwords for accessing different services. This represents a minor inconvenience if users only access a few online services. However, with the rapid increase in the uptake of online ser-vices, the traditional approach to identity management is already having serious negative effects on the user experience. The industry has responded by proposing new identity management models to improve the user experience, but in our view these proposals give little relief to users at the cost of relatively high increase in server system complexity. This paper takes a new look at identity management, and proposes solutions that are designed to be cost effective and scalable from the users' perspective, while at the same time being compatible with traditional identity management systems.
Conference Paper
Identity management refers to the process of representing and recognising entities as digital identities in computer networks. Authentication, which is an integral part of identity management, serves to verify claims about holding specific identities. Identity management is therefore fundamental to, and sometimes include, other security constructs such as authorisation and access control. Different identity management models will have different trust requirements. Since there are costs associated with establishing trust, it will be an advantage to have identity management models with simple trust requirements. The purpose of this paper is to describe trust problems in current approaches to identity management, and to propose some solutions.
Conference Paper
With the increasing deployment of sensors, intelligent devices of all sizes, and wireless networking, ubiquitous computing environments are getting closer and closer to reality. Research in UBICOMP has focused on enabling technologies, such as networking, data management, security, and user interfaces (Bodupalli et al., 2003). However, privacy for UBICOMP has been a contentious issue and the privacy concerns that have been raised suggest that privacy may be the greatest barrier to the long-term success of UBICOMP (Hong et al., 2004). In this paper, we propose that privacy in UBICOMP can be managed using privacy policies. We propose a UBICOMP model for protecting privacy using privacy policies and derive the content of a UBICOMP privacy policy.