No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
A Data Protection-Oriented System Model Enforcing Purpose Limitation for Connected Mobility
Abstract
Cars are getting rapidly connected with their environment allowing all kind of mobility services based on the data from various sensors in the car. Data privacy is in many cases only ensured by legislation, i. e., the European General Data Protection Regulation (GDPR), but not technically enforced. Therefore, we present a system model for enforcing purpose limitation based on data tagging and attribute-based encryption. By encrypting sensitive data in a way only services for a certain purpose can decrypt the data, we ensure access control based on the purpose of a service. In this paper, we present and discuss our system model with the aim to improve technical enforcement of GDPR principles. CCS CONCEPTS • Security and privacy → Human and societal aspects of security and privacy; Privacy protections; Usability in security and privacy; • Computer systems organization → Special purpose systems.
... Bella et al. [6] investigate privacy policies for cars as well as user concerns and find that privacy for cars is insufficiently understood, mostly due to a lack of awareness. Syed et al. [30] propose a system model for enforcing purpose limitation, and Pape et al. [26] propose a system model to model and analyse suitable locations in the vehicle to add PETs. Concerning robotaxis, researchers proposed a privacy-preserving architecture [2] and others [21] examined people's perception of privacy in robotaxi which turned to be falsely positive. ...
The aim of this study is the technical evaluation of de-identification methods based on decentralization, in particular methods of distributed and federated learning for personal data in concrete use cases in the mobility domain. The General Data Protection Regulation (GDPR) has significantly increased the incentive and effort for companies to process personal data in compliance with the law. This includes the creation, distribution, storage and deletion of personal data. Non- compliance with the GDPR and other legislation now poses a significant financial risk to companies that work with personal data. With a substancial increase in computing power at the users’ side, distributed and federated learning techniques provide a promising path for de-identification of personal data. Such methods and techniques enable organizations to store and process sensitive user data locally. To do so, a sub-model of the main model that processes data is stored in the local environment of the users. Since only necessary updates are transmitted between the submodel and the main model, two advantages can be achieved from this approach. First, there is no central database, which makes it immensely difficult for potential attackers to obtain large amounts of data. Second, only fragments of the locally stored data are transferred to the main model. In the first work package of this report, suitable use cases for this study are identified through a scientific literature review. The following use cases are identified and analyzed with regard to data, benefits, model and sensible data: Traffic flow prediction, Energy demand prediction, Eco-routing, Autonomous driving, Vehicular object detection, Parking space estimation.
This paper aims to show that it is possible to improve security for over the air update functionalities in an automotive scenario through the use of a cryptographic scheme, called “Attribute-Based-Encryption” (ABE), which grants confidentiality to the software/firmware update done Over The Air (OTA). We demonstrate that ABE is seamlessly integrable into the state of the art solutions regarding the OTA update by showing that the overhead of the ABE integration in terms of computation time and its storage is negligible w.r.t. the other overheads that are introduced by the OTA process, also proving that security can be enhanced with a minimum cost. In order to support our claim, we report the experimental results of an implementation of the proposed ABE OTA technique on a Xilinx ZCU102 evaluation board, which is an automotive-oriented HW/SW platform that is equipped with a Zynq UltraScale+ MPSoC chip that is representative of the computing capability of real automotive Electronic Control Units (ECUs).
Regulating the access to the Internet of Things (IoT) network’s resources is a complex-prone task, which requires to pay a great attention on how policies are defined, shared, and enforced. The present paper considers the specific context of a smart home, which represents one of the main IoT application domains, and it focuses on two solutions proposed in the literature to cope with the aforementioned issues. On the one side, approaches based on attribute-based encryption (ABE) allow one to encrypt data for multiple recipients, in such a way that only those recipients whose attributes satisfy a given access policy can decrypt afterward. ABE guarantees a high level of customization due to the variety of attributes which can be defined, and it is also flexible enough to be adapted to different kinds of scenarios. On the other side, approaches based on sticky policies allow to attach an access policy directly to the data itself, and to employ a trusted authority to evaluate and enforce the policy itself. Sticky policies also guarantee a highly distributed and customizable enforcement of access control rules. In this paper, we compare the advantages and the drawbacks in terms of performance and robustness of such two techniques by means of their integration within the prototype of an IoT middleware, named networked smart object. Hence, the effectiveness of the presented solutions is validated by means of a real test-bed in the smart home scenario, in terms of storage occupancy, CPU load, and data retrieval delay. The final goal is to reveal the best approach to be used depending on the application’s requirements.
In the digital age, where the Internet connects things across the globe and individuals are constantly online, data security and privacy are becoming key drivers (and barriers) of change for adoption of innovative solutions. Traditional approaches, whereby communication links are secured by means of encryption, and access control is run in a static way by a centralised authority, are showing their limits when applied to massive-scale, interconnected and distributed systems. Regulations, while still fragmented, are moving to adapt to changes in technology and society, with the aim to protect confidential information by governments, businesses, and individual citizens. In this landscape, proper mechanisms should be defined to allow a strict control over the data life-cycle and to guarantee the privacy and the application of specific regulations on personal information's disclosure, usage and access. Sticky policies represent one approach to improve owners' control over their data. In such an approach, machine-readable policies are attached to data. They are called ‘sticky’ in that they travel together with data, as data travels across multiple administrative domains. In this article we survey the state-of-the-art in sticky policies, discussing limitations, open issues, applications and research challenges, with a specific focus on their applicability to Internet of Things, cloud computing and Content Centric Networking.
The concept of cloud computing relies on central large datacentres with huge amounts of computational power. The rapidly growing Internet of Things with its vast amount of data showed that this architecture produces costly, inefficient and in some cases infeasible communication. Thus, fog computing, a new architecture with distributed computational power closer to the IoT devices was developed. So far, this decentralised fog-oriented architecture has only been used for performance and resource management improvements. We show how it could also be used for improving the users’ privacy. For that purpose, we map privacy patterns to the IoT / fog computing / cloud computing architecture. Privacy patterns are software design patterns with the focus to translate “privacy-by-design” into practical advice. As a proof of concept, for each of the used privacy patterns we give an example from a smart vehicle scenario to illustrate how the patterns could improve the users’ privacy.
The advent of connected vehicles has increased the relevance of privacy in cars. While current approaches to increase security and privacy in connected vehicles are mainly driven from technological perspectives, users do not have active control over their personal data. Therefore, the user-centered privacy-aware control system PrivacyController (PRICON) has been developed which incorporates expertise from judicial, technical and user-centered perspectives. PRICON provides users with a user-friendly possibility to define self-determined privacy policies which are applied to the vehicular system. In this paper, we report the evaluation of PRICON from a legal, technical and user-centered point-of-view. The evaluation results are discussed and practical implications are derived.
Ciphertext-policy attribute-based encryption (CP-ABE) is a promising cryptographic technique that integrates data encryption with access control for ensuring data security in IoT systems. However, the efficiency problem of CP-ABE is still a bottle neck limiting its development and application. A widespread consensus is that the computation overhead of bilinear pairing is excessive in the practical application of ABE, especially for the devices or the processors with limited computational resources and power supply. In this paper, we proposed a novel pairing-free data access control scheme based on CP-ABE using elliptic curve cryptography, abbreviated PF-CP-ABE. We replace complicated bilinear pairing with simple scalar multiplication on elliptic curves, thereby reducing the overall computation overhead. And we designed a new way of key distribution that it can directly revoke an user or an attribute without updating other users’ keys during the attribute revocation phase. Besides, our scheme use linear secret sharing scheme (LSSS) access structure to enhance the expressiveness of the access policy. The security and performance analysis show that our scheme significantly improved the overall efficiency as well as ensured the security.
Security and privacy of big data becomes challenging as data grows and more accessible by more and more clients. Large-scale data storage is becoming a necessity for healthcare, business segments, government departments, scientific endeavors and individuals. Our research will focus on the privacy, security and how we can make sure that big data is secured. Managing security policy is a challenge that our framework will handle for big data. Privacy policy needs to be integrated, flexible, context-aware and customizable. We will build a framework to receive data from customer and then analyze data received, extract privacy policy and then identify the sensitive data. In this paper we will present the techniques for privacy policy which will be created to be used in our framework.
This paper discusses the challenges in detecting privacy revealing information using ontologies, natural language processing and machine learning techniques. It reviews current definitions, and sketches problem levels towards identifying the main open challenges. Furthermore, it elicits that the current notion of personally identifiable information lacks robustness to be used in varying contexts and user perceptions, and shows the need to additionally consider privacy sensitive information.
The Internet of Things (IoT) is emerging with the pace of technology evolution, connecting people and things through the Internet. IoT devices enable large-scale data collection and sharing for a wide range of applications. However, it is challenging to securely manage interconnected IoT devices because the collected data could contain sensitive personal information. The authors believe that attribute-based encryption (ABE) could be an effective cryptographic tool for secure management of IoT devices. However, little research has addressed ABE's actual feasibility in the IoT thus far. This article investigates such feasibility considering well-known IoT platforms--specifically, Intel Galileo Gen 2, Intel Edison, Raspberry Pi 1 Model B, and Raspberry Pi Zero. A thorough evaluation confirms that adopting ABE in the IoT is indeed feasible.
[source code is available here: http://spritz.math.unipd.it/projects/andraben/ ]
In this position paper we discuss the effect of open data on privacy. In order to reduce privacy issues due to the publication of open data, we suggest to build a database which overviews open data in a structured way with a special focus on privacy. This database could be enhanced with tools which automatically try to link existing datasets and allow publishers to check potential de-anonymization risks.
Attribute-Based Encryption (ABE) is a powerful cryptographic tool that allows fine-grained access control over data. Due to its features, ABE has been adopted in several applications, such as encrypted storage or access control systems. Recently, researchers argued about the non acceptable performance of ABE when implemented on mobile devices. Indeed, the non feasibility of ABE on
mobile devices would hinder the deployment of novel protocols and services--that could instead exploit the full potential of such devices. However, we believe the conclusion of non usability was driven by a not-very efficient implementation. In this paper, we want to shine a light on this concern by studying the
feasibility of applying ABE on smartphone devices. In particular, we implemented AndrABEn, an ABE library for Android operating system. Our library is written in the C language and implements two main ABE schemes: Ciphertext-Policy Attribute-Based Encryption, and Key- Policy Attribute-Based
Encryption. We also run a thorough set of experimental evaluation for AndrABEn, and compare it with the current state-of-the-art (considering the same experimental setting). The results confirm the possibility to effectively use ABE on smartphone devices, requiring an acceptable amount of resources in terms of computations and energy consumption. Since the current state-of-the-art claims the non feasibility of ABE on mobile devices, we believe that our study (together with the AndrABEn library that we made available online) is a key result that will pave the way for researchers and developers to design and implement novel protocols and applications for mobile devices.
[source code is available here: http://spritz.math.unipd.it/projects/andraben/ ]
Here we sketch the rudiments of what constitutes a smart city which we define as a city in which ICT is merged with traditional infrastructures, coordinated and integrated using new digital technologies. We first sketch our vision defining seven goals which concern: developing a new understanding of urban problems; effective and feasible ways to coordinate urban technologies; models and methods for using urban data across spatial and temporal scales; developing new technologies for communication and dissemination; developing new forms of urban governance and organisation; defining critical problems relating to cities, transport, and energy; and identifying risk, uncertainty, and hazards in the smart city. To this, we add six research challenges: to relate the infrastructure of smart cities to their operational functioning and planning through management, control and optimisation; to explore the notion of the city as a laboratory for innovation; to provide portfolios of urban simulation which inform future designs; to develop technologies that ensure equity, fairness and realise a better quality of city life; to develop technologies that ensure informed participation and create shared knowledge for democratic city governance; and to ensure greater and more effective mobility and access to opportunities for urban populations. We begin by defining the state of the art, explaining the science of smart cities. We define six scenarios based on new cities badging themselves as smart, older cities regenerating themselves as smart, the development of science parks, tech cities, and technopoles focused on high technologies, the development of urban services using contemporary ICT, the use of ICT to develop new urban intelligence functions, and the development of online and mobile forms of participation. Seven project areas are then proposed: Integrated Databases for the Smart City, Sensing, Networking and the Impact of New Social Media, Modelling Network Performance, Mobility and Travel Behaviour, Modelling Urban Land Use, Transport and Economic Interactions, Modelling Urban Transactional Activities in Labour and Housing Markets, Decision Support as Urban Intelligence, Participatory Governance and Planning Structures for the Smart City. Finally we anticipate the paradigm shifts that will occur in this research and define a series of key demonstrators which we believe are important to progressing a science of smart cities.
Graphical abstract
We present TaintEraser, a new tool that tracks the movement of sensitive user data as it flows through off-the-shelf applications. TaintEraser uses application-level dynamic taint analysis to let users run applications in their own environment while preventing unwanted information exposure. It is made possible by techniques we developed for accurate and efficient tainting: (1) Semantic-aware instruction-level tainting is critical to track taint accurately, without explosion or loss. (2) Function summaries provide an interface to handle taint propagation within the kernel and reduce the overhead of instruction-level tracking. (3) On-demand instrumentation enables fast loading of large applications. Together, these techniques let us analyze large, multi-threaded, networked applications in near real-time. In tests on Internet Explorer, Yahoo! Messenger, and Windows Notepad, Taint- Eraser generated no false positives and instrumented fewer than 5% of the executed instructions while precisely scrubbing user-defined sensitive data that would otherwise have been exposed to restricted output channels. Our research provides the first evidence that it is viable to track taint accurately and efficiently for real, interactive applications running on commodity hardware.
In diesem Kapitel werden die Architektur, die Akteure, die Sicherheitsinfrastruktur und -mechanismen sowie die Prinzipien von Self-Sovereign Identity (SSI) erläutert.
The Internet of Things (IoT) is increasingly transforming the way we work, live, and travel. IoT devices collect, store, analyze, and act upon a continuous stream of data as a by-product of everyday use. However, IoT devices need unrestricted data access to fully function. As such, they invade users' virtual and physical space and raise far-reaching privacy challenges that are unlike those examined in other contexts. As advanced IoT devices, connected cars offer a unique setting to review and extend established theory and evidence on privacy and data sharing. Employing a sequential mixed methods design, we conducted an interview study (n=120), a survey study (n=333), and a field experiment (n=324) among car drivers to develop and validate a contextualized model of individuals' data sharing decisions. Our findings from the three studies highlight the interplay between virtual and physical risks in shaping drivers' privacy concerns and data sharing decisions-with information privacy and data security emerging as discrete yet closely interrelated concepts. Our findings also highlight the importance of psychological ownership, conceptualized as drivers' feelings of possession toward their driving data, as an important addition to established privacy calculus models of data sharing. This novel perspective explains why individuals are reluctant to share even low-sensitivity data that do not raise privacy concerns. The psychological ownership perspective has implications for designing incentives for data-enabled services in ways that augment drivers' self-efficacy and psychological ownership and thereby encourage them to share driving data. These insights help reconcile a fundamental tension among IoT users-how to avail the benefits of data-enabled IoT devices while reducing the psychological costs associated with the sharing of personal data.
Vehicles are becoming interconnected and autonomous while collecting, sharing and processing large amounts of personal, and private data. When developing a service that relies on such data, ensuring privacy preserving data sharing and processing is one of the main challenges. Often several entities are involved in these steps and the interested parties are manifold. To ensure data privacy, a variety of different de-identification techniques exist that all exhibit unique peculiarities to be considered. In this paper, we show at the example of a location-based service for weather prediction of an energy grid operator, how the different de-identification techniques can be evaluated. With this, we aim to provide a better understanding of state-of-the-art de-identification techniques and the pitfalls to consider by implementation. Finally, we find that the optimal technique for a specific service depends highly on the scenario specifications and requirements.
Um Datenschutz im vernetzten Fahrzeug umzusetzen, ist es notwendig, Fahrer und andere Insassen geeignet zu informieren und ihnen die Möglichkeit zu geben, auf die Verarbeitung personenbezogener Daten Einfluss zu nehmen. Der Beitrag basiert auf Ergebnissen des Forschungsprojekts Selbstdatenschutz im vernetzten Fahrzeug (SeDaFa) und stellt typische Anwendungsfälle vernetzter Fahrzeuge vor, zeigt Angriffsmöglichkeiten auf, identifiziert Sicherheits- und Datenschutzanforderungen für eine technische Lösung und beschreibt eine mögliche technische Architektur zum Selbstdatenschutz. Exemplarisch wird am Beispiel Parkplatzfinder eine konkrete Umsetzung der Architektur gezeigt, wie Selbstdatenschutz auch in einem vernetzten Fahrzeug gewährleistet werden kann.
We present TaintEraser, a new tool that tracks the movement of sensitive user data as it flows through off-the-shelf applications. TaintEraser uses application-level dynamic taint analysis to let users run applications in their own environment while preventing unwanted information exposure. It is made possible by techniques we developed for accurate and efficient tainting: (1) Semantic-aware instruction-level tainting is critical to track taint accurately, without explosion or loss. (2) Function summaries provide an interface to handle taint propagation within the kernel and reduce the overhead of instruction-level tracking. (3) On-demand instrumentation enables fast loading of large applications. Together, these techniques let us analyze large, multi-threaded, networked applications in near real-time. In tests on Internet Explorer, Yahoo! Messenger, and Windows Notepad, Taint- Eraser generated no false positives and instrumented fewer than 5% of the executed instructions while precisely scrubbing user-defined sensitive data that would otherwise have been exposed to restricted output channels. Our research provides the first evidence that it is viable to track taint accurately and efficiently for real, interactive applications running on commodity hardware.
Today’s smartphone operating systems frequently fail to provide users with visibility into how third-party applications collect and share their private data. We address these shortcomings with TaintDroid, an efficient, system-wide dynamic taint tracking and analysis system capable of simultaneously tracking multiple sources of sensitive data. TaintDroid enables realtime analysis by leveraging Android’s virtualized execution environment. TaintDroid incurs only 32% performance overhead on a CPU-bound microbenchmark and imposes negligible overhead on interactive third-party applications. Using TaintDroid to monitor the behavior of 30 popular third-party Android applications, in our 2010 study we found 20 applications potentially misused users’ private information; so did a similar fraction of the tested applications in our 2012 study. Monitoring the flow of privacy-sensitive data with TaintDroid provides valuable input for smartphone users and security service firms seeking to identify misbehaving applications.
Internet of Things (IoT) is an emerging network paradigm, which realizes the interconnections among the ubiquitous things and is the foundation of smart society. Since IoT are always related to user’s daily life or work, the privacy and security are of great importance. The pervasive, complex and heterogeneous properties of IoT make its security issues very challenging. In addition, the large number of resources-constraint nodes makes a rigid lightweight requirement for IoT security mechanisms. Presently, the attribute-based encryption (ABE) is a popular solution to achieve secure data transmission, storage and sharing in the distributed environment such as IoT. However, the existing ABE schemes are based on expensive bilinear pairing, which make them not suitable for the resources-constraint IoT applications. In this paper, a lightweight no-pairing ABE scheme based on elliptic curve cryptography (ECC) is proposed to address the security and privacy issues in IoT. The security of the proposed scheme is based on the ECDDH assumption instead of bilinear Diffie-Hellman assumption, and is proved in the attribute based selective-set model. By uniformly determining the criteria and defining the metrics for measuring the communication overhead and computational overhead, the comparison analyses with the existing ABE schemes are made in detail. The results show that the proposed scheme has improved execution efficiency and low communication costs. In addition, the limitations and the improving directions of it are also discussed in detail.
Consider a data holder, such as a hospital or a bank, that has a privately held collection of person-specific, field structured data. Suppose the data holder wants to share a version of the data with researchers. How can a data holder release a version of its private data with scientific guarantees that the individuals who are the subjects of the data cannot be re-identified while the data remain practically useful? The solution provided in this paper includes a formal protection model named k-anonymity and a set of accompanying policies for deployment. A release provides k-anonymity protection if the information for each person contained in the release cannot be distinguished from at least k-1 individuals whose information also appears in the release. This paper also examines re-identification attacks that can be realized on releases that adhere to k-anonymity unless accompanying policies are respected. The k-anonymity protection model is important because it forms the basis on which the real-world systems known as Datafly, μ-Argus and k-Similar provide guarantees of privacy protection.
Dynamic taint analysis and forward symbolic execution are quickly becoming staple techniques in security analyses. Example applications of dynamic taint analysis and forward symbolic execution include malware analysis, input filter generation, test case generation, and vulnerability discovery. Despite the widespread usage of these two techniques, there has been little effort to formally define the algorithms and summarize the critical issues that arise when these techniques are used in typical security contexts. The contributions of this paper are two-fold. First, we precisely describe the algorithms for dynamic taint analysis and forward symbolic execution as extensions to the run-time semantics of a general language. Second, we highlight important implementation choices, common pitfalls, and considerations when using these techniques in a security context.
Machine-readable policies can stick to data to define allowed usage and obligations as it travels across multiple parties, enabling users to improve control over their personal information. The EnCoRe project has developed such a technical solution for privacy management that is suitable for use in a broad range of domains.
In several distributed systems a user should only be able to access data if a user posses a certain set of credentials or attributes. Currently, the only method for enforcing such policies is to employ a trusted server to store the data and mediate access control. However, if any server storing the data is compromised, then the confidentiality of the data will be compromised. In this paper we present a system for realizing complex access control on encrypted data that we call Ciphertext-Policy Attribute-Based Encryption. By using our techniques encrypted data can be kept confidential even if the storage server is untrusted; moreover, our methods are secure against collusion attacks. Previous Attribute- Based Encryption systems used attributes to describe the encrypted data and built policies into user's keys; while in our system attributes are used to describe a user's credentials, and a party encrypting data determines a policy for who can decrypt. Thus, our methods are conceptually closer to traditional access control methods such as Role-Based Access Control (RBAC). In addition, we provide an implementation of our system and give performance measurements.
We introduce a new type of Identity-Based Encryption (IBE) scheme that we call Fuzzy Identity-Based Encryption. In Fuzzy IBE we view an identity as set of descriptive attributes. A Fuzzy IBE scheme allows for a private key for an identity, ω, to decrypt a ciphertext encrypted with an identity, ω ′, if and only if the identities ω and ω ′ are close to each other as measured by the “set overlap” distance metric. A Fuzzy IBE scheme can be applied to enable encryption using biometric inputs as identities; the error-tolerance property of a Fuzzy IBE scheme is precisely what allows for the use of biometric identities, which inherently will have some noise each time they are sampled. Additionally, we show that Fuzzy-IBE can be used for a type of application that we term “attribute-based encryption”.
In this paper we present two constructions of Fuzzy IBE schemes. Our constructions can be viewed as an Identity-Based Encryption of a message under several attributes that compose a (fuzzy) identity. Our IBE schemes are both error-tolerant and secure against collusion attacks. Additionally, our basic construction does not use random oracles. We prove the security of our schemes under the Selective-ID security model.
Sensitive information tracking in commodity {IoT}
- Leonardo Berkay Celik
- Amit Babun
- Hidayet Kumar Sikder
- Gang Aksu
- Patrick Tan
- Mcdaniel
- Uluagac
- Celik Z Berkay
Z Berkay Celik, Leonardo Babun, Amit Kumar Sikder, Hidayet Aksu, Gang Tan,
Patrick McDaniel, and A Selcuk Uluagac. 2018. Sensitive information tracking
in commodity {IoT}. In 27th USENIX Security Symposium (USENIX Security 18).
1687-1704.
Privacy Human Machine Interface
- Cybersecurity Continental
- Lab
Continental, Cybersecurity Lab. 2021. Privacy Human Machine Interface. Internal
Document.
{FlowFence} : Practical Data Protection for Emerging {IoT} Application Frameworks
- Earlence Fernandes
- Justin Paupore
- Amir Rahmati
- Daniel Simionato
- Mauro Conti
- Atul Prakash
- Fernandes Earlence
Earlence Fernandes, Justin Paupore, Amir Rahmati, Daniel Simionato, Mauro
Conti, and Atul Prakash. 2016. {FlowFence}: Practical Data Protection for
Emerging {IoT} Application Frameworks. In 25th USENIX security symposium
(USENIX Security 16). 531-548.
General data protection regulation
Protection Regulation. 2018. General data protection regulation. Intouch 25
(2018).
Identity-based cryptosystems and signature schemes
- Adi Shamir
Adi Shamir. 1984. Identity-based cryptosystems and signature schemes. In Workshop on the theory and application of cryptographic techniques. Springer, 47-53.
2002. k-anonymity: A model for protecting privacy. International journal of uncertainty, fuzziness and knowledge-based systems
- Latanya Sweeney
Latanya Sweeney. 2002. k-anonymity: A model for protecting privacy. International journal of uncertainty, fuzziness and knowledge-based systems 10, 05 (2002),
557-570.
Data tracing vs. data tagging
- Cristian Zamfir
Cristian Zamfir. 2020. Data tracing vs. data tagging. https://www.cyberhaven.
com/blog/data-tracing-vs-data-tagging/.
Privacy Human Machine Interface. Internal Document . Continental, Cybersecurity Lab. 2021. Privacy Human Machine Interface
- Cybersecurity Continental
- Lab
- Continental
Adi Shamir. 1984. Identity-based cryptosystems and signature schemes
- Adi Shamir
- Shamir Adi
Latanya Sweeney. 2002. k-anonymity: A model for protecting privacy. International journal of uncertainty, fuzziness and knowledge-based systems
- Latanya Sweeney
- Sweeney Latanya
Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData)
- Subhadeep Sarkar
- Jean-Pierre Banatre
- Louis Rilling
- Christine Morin
- Sarkar Subhadeep