Lothar Fritsch’s research while affiliated with Karlstads Universitet and other places

What is this page?


This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.

Publications (129)


Body Area Networks. Smart IoT and Big Data for Intelligent Health Management.pdf
  • Data
  • File available

July 2024

·

3 Reads

·

·

Lothar Fritsch
Download

FIGURE 1. Overview of a generalized PIA process, highlighting the core components of a PIA, i.e., PTM or a PRA.
FIGURE 4. Overview of publishers against studies published.
Fig. 5 illustrates the classification of the included studies based on the type of research proposed by Wieringa et al. [70].
FIGURE 5. Overview of studies based on research type [70].
FIGURE 8. Research designs of studies that evaluate privacy risk and impact assessment methodologies.
On the Evaluation of Privacy Impact Assessment and Privacy Risk Assessment Methodologies: A Systematic Literature Review

February 2024

·

424 Reads

·

13 Citations

IEEE Access

Assessing privacy risks and incorporating privacy measures from the onset requires a comprehensive understanding of potential impacts on data subjects. Privacy Impact Assessments (PIAs) offer a systematic methodology for such purposes, which are closely related to Data Protection Impact Assessments (DPIAs), particularly outlined in Article 35 of the General Data Protection Regulation (GDPR). The core of a PIA is a Privacy Risk Assessment (PRA). PRAs can be integrated as part of full-fledged PIAs or independently developed to support PIA processes. Although these methodologies have been identified as essential enablers of privacy by design, their effectiveness has been criticized because of the lack of evidence of their rigorous and systematic evaluation. Hence, we conducted a Systematic Literature Review (SLR) to identify published PIA and PRA methodologies and assess how and to what extent they have been scientifically validated or evaluated. We found that these methodologies are rarely evaluated for their performance in practice, and most of them have only been validated in limited studies. Most validation evidence is found with PRA methodologies. Of the evaluated methodologies, PIAs were the most evaluated, where case studies were the predominant evaluation method. These evaluated methodologies can be easily transferred to an industrial setting or used by practitioners, as they provide evidence of their use in practice. In addition, the findings in this study can be used to inform researchers of the current state-of-the-art, and practitioners can understand the benefits and current limitations of the methodologies and adopt evidence-based practices.


Operationalizing Privacy Harms for Enhanced Risk Assessments: Understanding the Practitioners' Adoption, Perceptions and Practices

January 2024

·

8 Reads

Privacy Impact Assessments (PIAs), also known as Data Protection Impact Assessments (DPIAs) under the European General Data Protection Regulation (EU GDPR), and Privacy Risk Assessments (PRAs) have emerged as prominent privacy engineering methodologies, aiding developers to systematically identify privacy risk sources and assign appropriate controls. As part of such methodologies, the concept of privacy harms has been proposed as a valuable, well-structured taxonomy or typology that contributes to the rationalization and justification of assessment decisions made by practitioners. Although some PRA methodologies have integrated privacy harms into their methods, the evidence that such inclusions improve the assessors' decision-making process results remains incipient. This study aims to understand whether adhering to and integrating privacy harm concepts can enhance the PRA outcomes by investigating PIA/DPIA and PRA practitioner's perspectives on practical operationalization aspects. A qualitative approach based on semi-structured interviews, including a workable PRA exercise, was used to elicit the practitioner's opinions and experiences concerning the use of privacy harms, with the data interpretation process following a reflexive thematic analysis. In total, 17 privacy practitioners were interviewed, allowing for an extensive range of positive (e.g., informative and educational, etc) and negative opinions (e.g., misleading, too broad, etc) on the practical inclusion and operationalization of privacy harms in PRA methodologies and the conceptualization of privacy harms when conducting assessments. The results indicate a lack of a standardized concept of privacy harm, as differing definitions have been provided. Participants also highlighted that privacy harms are highly context-dependent and vary based on the data subject and hence could result in difficulty in quantifying. Nevertheless, privacy harms are a critical addition to PIA/DPIA and PRA methodologies, supporting more rationalized and justifiable decisions when ascertaining risk and severity levels and implementing mitigating controls to prevent the materialization of harm. Yet, some prioritization of harm categories is advisable so that time and resources for assessment are efficiently allocated.


Early Labour App: Developing a practice-based mobile health application for digital early labour support

July 2023

·

60 Reads

·

9 Citations

International Journal of Medical Informatics

·

·

Lothar Fritsch

·

[...]

·

Background: Pregnant women in early labour have felt excluded from professional care, and their partners have been restricted from being involved in the birthing process. Expectant parents must be better prepared to deal with fear and stress during early labour. There is a need for evidence-based information and digital applications that can empower couples during childbirth. Objective: To develop and identify requirements for a practice-based mobile health (mHealth) application for Digital Early Labour Support. Methods: This research started with creating an expert group composed of a multidisciplinary team capable of informing the app development process on evidence-based practices. In consultation with the expert group, the app was built using an agile development approach (i.e., Scrum) within a continuous software engineering setting (i.e., CI/CD, DevOps), also including user and security tests. Results: During the development of the Early Labour App, two main types of challenges emerged: (1) user challenges, related to understanding the users' needs and experience with the app, and (2) team challenges, related to the software development team in particular, and the necessary skills for translating an early labour intervention into a digital solution. This study reaffirms the importance of midwife support via blended care and the opportunity of complementing it with an app. The Early Labour App was easy to use, the women needed little to no help, and the partner's preparation was facilitated. The combination of the app together with blended care opens up awareness, thoughts and feelings about the method and provides good preparation for the birth. Conclusion: We propose the creation of the Early Labour App, a mHealth app for early labour support. The preliminary tests conducted for the Early Labour App show that the app is mature, allowing it to be used in the project's Randomised Control Trial, which is already ongoing.


An Overview of Artificial Intelligence Used in Malwar

February 2023

·

333 Reads

·

17 Citations

Communications in Computer and Information Science

Artificial intelligence (AI) and machine learning (ML) methods are increasingly adopted in cyberattacks. AI supports the establishment of covert channels, as well as the obfuscation of malware. Additionally, AI results in new forms of phishing attacks and enables hard-to-detect cyber-physical sabotage. Malware creators increasingly deploy AI and ML methods to improve their attack’s capabilities. Defenders must therefore expect unconventional malware with new, sophisticated and changing features and functions. AI’s potential for automation of complex tasks serves as a challenge in the face of defensive deployment of anti-malware AI techniques. This article summarizes the state of the art in AI-enhanced malware and the evasion and attack techniques it uses against AI-supported defensive systems. Our findings include articles describing targeted attacks against AI detection functions, advanced payload obfuscation techniques, evasion of networked communication with AI methods, malware for unsupervised-learning-based cyber-physical sabotage, decentralized botnet control using swarm intelligence and the concealment of malware payloads within neural networks that fulfill other purposes.


Early Labour App: Developing a Practice-Based Mobile Health Application for Digital Early Labour Support

January 2023

·

87 Reads

Background: Pregnant women in early labour have felt excluded from professional care, and their partners have been restricted from being involved in the birthing process. Expectant parents must be better prepared to deal with fear and stress during early labour. There is a need for evidence-based information and digital applications that can empower couples during childbirth. Objective: To develop and identify requirements for a practice-based mobile health (mHealth) application for Digital Early Labour Support. Methods: The entire app development process is presented, describing the app’s conceptualisation, requirement analysis, design, development, user and security testing. Experiences are shared about the development, such as the creation of the project’s expert group, the importance of involving multidisciplinary stakeholders, and the importance of evidence-based research for generating digital health technologies. Results: During the development of the Early Labour App, two main types of challenges emerged: (1) user challenges, related to understanding the users’ needs and experience with the app, and (2) team challenges, related to the software development team in particular, and the necessary skills for translating an early labour intervention into a digital solution. This study reaffirms the importance of midwife support via blended care and the opportunity of complementing it with an app. The Early Labour App was easy to use, the women needed little to no help, and the partner’s preparation was facilitated. The combination of the app together with blended care opens up awareness, thoughts and feelings about the method and provides good preparation for the birth. Conclusion: We propose the creation of the Early Labour App, a mHealth app for early labour support. The preliminary tests conducted for the Early Labour App show that the app is mature, allowing it to be used in the project’s Randomised Control Trial, which is already ongoing.


Emerging Biometric Modalities and their Use: Loopholes in the Terminology of the GDPR and Resulting Privacy Risks

November 2022

·

24 Reads

Technological advancements allow biometric applications to be more omnipresent than in any other time before. This paper argues that in the current EU data protection regulation, classification applications using biometric data receive less protection compared to biometric recognition. We analyse preconditions in the regulatory language and explore how this has the potential to be the source of unique privacy risks for processing operations classifying individuals based on soft traits like emotions. This can have high impact on personal freedoms and human rights and therefore, should be subject to data protection impact assessment.


Towards AI-powered Cybersecurity Attack Modeling with Simulation Tools: Review of Attack Simulators

October 2022

·

1,754 Reads

·

13 Citations

Cybersecurity currently focuses primarily on defenses that detect and prevent cyber-attacks. However, it is more important to regularly verify an organization’s security posture to reinforce its cybersecurity defenses as the IT environment becomes more complex and competitive. Confronted with an increasing use of artificial intelligence (AI) in cyber attacks, attack simulation platforms need to allow software vulnerabilities to be found against AI-powered attacks too. Such simulators will enable defenders to maintain a basic safety level and gain control over their security posture. Gradually, we are moving towards smart and autonomous platforms. This paper reviews established cyberattack simulation scientific research techniques with the goal of presenting a selection of tools and platforms that minimize the biases and inaccuracies inherent in traditional, isolated ad hoc research on A-powered cyberattacks.


Modelling privacy harms of compromised personal medical data - beyond data breach

August 2022

·

385 Reads

·

7 Citations

What harms and consequences do patients experience after a medical data breach? This article aims at the improvement of privacy impact analysis for data breaches that involve personal medical data. The article has two major findings. First, scientific literature does not mention consequences and harms to the data subjects when discussing data breaches in the healthcare sector. For conceptualizing actual documented harm, we had to search court rulings and popular press articles instead. We present the findings of our search for empirically founded harms in the first part of the article. Second, we present a modified PRIAM assessment method with the goal of better assessment of harms and consequences of such data breaches for the patient/employee data subject in healthcare. We split the risk assessment into parallel categories of assessment rather than calculating a single risk score. In addition, we quantify the original PRIAM categories into a calculus for risk assessment. The article presents our modified PRIAM which is the result of these modifications. Our overall contribution is the collection of actual harms and consequences of e-health data breaches that complement the overly theoretical discussion in publications. With our operationalization of PRIAM and by providing a catalog of real harms examples, we focus privacy impact assessment on actual harms to persons.



Citations (56)


... Existing auditing scenarios for DP suffer from the limitation that they provide narrow estimates under implausible worst-case assumptions and that they require thousands or millions of training runs to produce non-trivial statistical estimates of privacy leakage [43]. Third, if we are unable to rigorously prove how private our model is, then auditing provides a heuristic measure of how private it is [44]. ...

Reference:

Privacy Auditing in Differential Private Machine Learning: The Current Trends
On the Evaluation of Privacy Impact Assessment and Privacy Risk Assessment Methodologies: A Systematic Literature Review

IEEE Access

... In a study to promote adherence to medication for breast cancer patients, Singh et.al designed a mobile application using the agile approach with various methods like focus group discussion, interview, and survey [106]. Iwaya et al. leveraged the Agile approach and combined it with other techniques that allowed the possibility of implementing a design sprint cycle to provide regular feedback to the stakeholders [47]. ...

Early Labour App: Developing a practice-based mobile health application for digital early labour support

International Journal of Medical Informatics

... Some studies highlighted the development of more sophisticated deep learning models that can analyze not just the content of emails but also their metadata and sending patterns. Additionally, the integration of AI with other cybersecurity measures, such EAI Endorsed Transactions on Scalable Information Systems | | Online First | 2024 | as user behavior analytics and threat intelligence systems, is gaining traction [30]. These integrations allow for a more holistic approach to spear phishing defense, increasing the overall effectiveness of AI systems. ...

An Overview of Artificial Intelligence Used in Malwar

Communications in Computer and Information Science

... Furthermore, according to [7], the number of attacks on CPSs is increasing due to the information technology environment being more complex and rapidly evolving. Therefore, development of CPSs raises new concerns regarding the security and protection of control systems, such as prevention and resilience against cyberattacks [8]. ...

Towards AI-powered Cybersecurity Attack Modeling with Simulation Tools: Review of Attack Simulators

... As virtual care becomes increasingly integral to healthcare delivery, its expanded accessibility introduces heightened risks, attracting cybercriminals seeking unauthorized access [20]. As a result, violations related to PHI have become increasingly prevalent [21]. This significantly raises concerns related to data security, privacy, and regulatory compliance, necessitating a well-defined threat model to anticipate and mitigate potential security risks in virtual healthcare environments. ...

Modelling privacy harms of compromised personal medical data - beyond data breach

... Pre-Birth: Pre-birth origins of allergy and asthma, and other problems have been identified [27] [28]. Pre-birth Stress management has been evaluated using wristbands on mother [29]. The effects of pre-birth happenings are stored in the developing brain of the fetus for stage 1. ...

Body-Area Sensing in Maternity Care: Evaluation of Commercial Wristbands for Pre-birth Stress Management
  • Citing Chapter
  • January 2022

Lecture Notes of the Institute for Computer Sciences

... This trend was exemplified when cyber incidents in July 2023 disrupted over 5,000 government services for 48 hours, impacting Kenya's digital financial ecosystem,including key platforms likeeCitizen(Kabui & Omondi, 2023). The COVID-19 pandemic's digital acceleration heightened cybersecurity concerns, with a surge in remote work creating opportunities for cybercriminals(Jaber et al., 2021). Kenya faces significant cybersecurity challenges, with the Communications Authority of Kenya (CAK) reporting over 7.7 million attacks since 2017, targeting critical information infrastructure and essential government services(Africanews, 2023). ...

COVID-19 and Global Increases in Cybersecurity Attacks: Review of Possible Adverse Artificial Intelligence Attacks

... Despite protections such as these, many ethical questions about the processing of different forms of biometric data remain unclear. For example, scholars have raised questions about whether biometric data that is not used for identification (such as for measuring emotional reactions) [14], images of biometric characteristics [163] and unprocessed biometric data [45] are actually afforded special protections under the GDPR, and point out that "broad exceptions and overall vagueness of the law leaves the door open for specifically risky uses of biometric data" ( [45], see also [71]). Furthermore, as the GDPR is an EU regulation, it may not apply to biometric data collection that occurs outside of Europe. ...

Emerging Biometric Modalities and their Use: Loopholes in the Terminology of the GDPR and Resulting Privacy Risks

... A privacy and security analysis of early-deployed COVID-19 contact tracing Android apps (Hatamian et al., 2021) 2021 ...

A privacy and security analysis of early-deployed COVID-19 contact tracing Android apps

Empirical Software Engineering