Ändra sökning
Länk till posten
Permanent länk

Direktlänk
BETA
Framner, Erik
Publikationer (3 of 3) Visa alla publikationer
Framner, E., Fischer-Hübner, S., Lorünser, T., Alaqra, A. & Pettersson, J. S. (2019). Making secret sharing based cloud storage usable. Information and Computer Security, 27(5), 647-667
Öppna denna publikation i ny flik eller fönster >>Making secret sharing based cloud storage usable
Visa övriga...
2019 (Engelska)Ingår i: Information and Computer Security, E-ISSN 2056-4961, Vol. 27, nr 5, s. 647-667Artikel i tidskrift (Refereegranskat) Published
Abstract [en]

The purpose of this paper is to develop a usable configuration management for Archistar, whichutilizes secret sharing for redundantly storing data over multiple independent storage clouds in a secure andprivacy-friendly manner. Selecting the optimal secret sharing parameters, cloud storage servers and othersettings for securely storing the secret data shares, while meeting all of end user’s requirements and otherrestrictions, is a complex task. In particular, complex trade-offs between different protection goals and legalprivacy requirements need to be made.

Ort, förlag, år, upplaga, sidor
Emerald Group Publishing Limited, 2019
Nyckelord
Privacy, Decision support systems, Usability, Security, Cloud computing, Secret sharing
Nationell ämneskategori
Datavetenskap (datalogi)
Forskningsämne
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-75182 (URN)10.1108/ICS-01-2019-0016 (DOI)
Projekt
Prismacloud (4805)
Forskningsfinansiär
EU, Horisont 2020
Tillgänglig från: 2019-10-09 Skapad: 2019-10-09 Senast uppdaterad: 2019-12-16Bibliografiskt granskad
Alaqra, A., Fischer-Hübner, S. & Framner, E. (2018). Enhancing Privacy Controls for Patients via a Selective Authentic Electronic Health Record Exchange Service: Qualitative Study of Perspectives by Medical Professionals and Patients. Journal of Medical Internet Research, 20(12), Article ID e10954.
Öppna denna publikation i ny flik eller fönster >>Enhancing Privacy Controls for Patients via a Selective Authentic Electronic Health Record Exchange Service: Qualitative Study of Perspectives by Medical Professionals and Patients
2018 (Engelska)Ingår i: Journal of Medical Internet Research, ISSN 1438-8871, E-ISSN 1438-8871, Vol. 20, nr 12, artikel-id e10954Artikel i tidskrift (Refereegranskat) Published
Abstract [en]

Background: Patients' privacy is regarded as essential for the patient-doctor relationship. One example of a privacy-enhancing technology for user-controlled data minimization on content level is a redactable signature. It enables users to redact personal information from signed documents while preserving the validity of the signature, and thus the authenticity of the document. In this study, we present end users' evaluations of a Cloud-based selective authentic electronic health record (EHR) exchange service (SAE-service) in an electronic health use case. In the use case scenario, patients were given control to redact specified information fields in their EHR, which were signed by their doctors with a redactable signature and transferred to them into a Cloud platform. They can then selectively disclose the remaining information in the EHR, which still bears the valid digital signature, to third parties of their choice. Objective: This study aimed to explore the perceptions, attitudes, and mental models concerning the SAE-service of 2 user roles: signers (medical professionals) and redactors (patients with different technical knowledge) in Germany and Sweden. Another objective was to elicit usability requirements for this service based on the analysis of our investigation. Methods: We chose empirical qualitative methods to address our research objective. Designs of mock-ups for the service were used as part of our user-centered design approach in our studies with test participants from Germany and Sweden. A total of 13 individual walk-throughs or interviews were conducted with medical staff to investigate the EHR signers' perspectives. Moreover, 5 group walk-throughs in focus groups sessions with (N=32) prospective patients with different technical knowledge to investigate redactor's perspective of EHR data redaction control were used. Results: We found that our study participants had correct mental models with regard to the redaction process. Users with some technical models lacked trust in the validity of the doctor's signature on the redacted documents. Main results to be considered are the requirements concerning the accountability of the patients' redactions and the design of redaction templates for guidance and control. Conclusions: For the SAE-service to be means for enhancing patient control and privacy, the diverse usability and trust factors of different user groups should be considered.

Ort, förlag, år, upplaga, sidor
JMIR Publications, 2018
Nationell ämneskategori
Datavetenskap (datalogi)
Forskningsämne
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-70971 (URN)10.2196/10954 (DOI)000454351700001 ()30578189 (PubMedID)
Anmärkning

This paper was included as manuscript in Alaqra's licentiate thesis The Wicked Problem of Privacy: Design Challenge for Crypto-based Solutions

This paper was included as manuscript in Alaqra's licentiate thesis Tinkering the Wicked Problem of Privacy: Design Challenges and Opportunities for Crypto-based Services, with the title: Enhancing Privacy Controls for Patients via a Selective Authentic Electronic Health Record Exchange Service: Perspectives by Medical Professionals and Patients

Tillgänglig från: 2019-02-07 Skapad: 2019-02-07 Senast uppdaterad: 2020-01-09Bibliografiskt granskad
Länger, T., Alaqra, A., Fischer-Hübner, S., Framner, E., Pettersson, J. S. & Reimer, K. (2018). HCI patterns for cryptographically equipped cloud services. In: Kuroso, M (Ed.), Masaaki Kurosu (Ed.), Human-Computer Interaction. Theories, Methods, and Human Issues: . Paper presented at 20th International Conference, HCI International 2018, Las Vegas, NV, USA, July 15–20, 2018. (pp. 567-586). Springer
Öppna denna publikation i ny flik eller fönster >>HCI patterns for cryptographically equipped cloud services
Visa övriga...
2018 (Engelska)Ingår i: Human-Computer Interaction. Theories, Methods, and Human Issues / [ed] Masaaki Kurosu, Springer, 2018, s. 567-586Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

Recent cryptographic research has devised several new algorithms and protocols with a potential of mitigating several of the most ardent security and privacy threats, existing in currently available public cloud services. Nevertheless, such cryptographic schemes often exhibit counterintuitive functionality to end users, or they work differently to other already established traditional schemes with which users are already familiar. A practical solution to address these problems involves a human centered design approach, deriving Human Computer Interaction (HCI) requirements from consultations and extensive testing with experts, prospective end users, and other stakeholders. The European Horizon 2020 project PRISMACLOUD “Privacy and Security Maintaining Services for the Cloud” uses such an approach and provides HCI patterns as part of its proper cloud service development methodology CryptSDLC to communicate HCI requirements to cloud service designers and user interface implementers. In this article, we present several new cryptographic cloud services, e.g. for redacting digitally signed data, and for redundant storage and sharing of confidential data in a public cloud scenario, together with three example HCI patterns for specific interactions of end users with these services. We show how these patterns were elaborated and validated in practice to prove the suitability for their intended purpose. To summarize, we give an account on our practical experience during the actual prototype development and implementation and show how they constitute an essential element of the CryptSDLC development methodology.

Ort, förlag, år, upplaga, sidor
Springer, 2018
Serie
Lecture Notes in Computer Science, ISSN 0302-9743, E-ISSN 1611-3349 ; 10901
Nyckelord
Cloud computing, Cryptography, HCI patterns, End-user security, End-user privacy
Nationell ämneskategori
Datavetenskap (datalogi)
Forskningsämne
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-67347 (URN)10.1007/978-3-319-91238-7_44 (DOI)000450991000044 ()978-3-319-91237-0 (ISBN)978-3-319-91238-7 (ISBN)
Konferens
20th International Conference, HCI International 2018, Las Vegas, NV, USA, July 15–20, 2018.
Tillgänglig från: 2018-05-23 Skapad: 2018-05-23 Senast uppdaterad: 2019-12-16Bibliografiskt granskad
Organisationer

Sök vidare i DiVA

Visa alla publikationer