Change search
Link to record
Permanent link

Direct link
Publications (10 of 48) Show all publications
Iwaya, L. H., Kamm, L., Martucci, L. & Pulls, T. (Eds.). (2024). Secure IT Systems: 29th Nordic Conference, NordSec 2024 Karlstad, Sweden, November 6–7, 2024 Proceedings. Paper presented at NordSec 2024. Cham: Springer
Open this publication in new window or tab >>Secure IT Systems: 29th Nordic Conference, NordSec 2024 Karlstad, Sweden, November 6–7, 2024 Proceedings
2024 (English)Conference proceedings (editor) (Refereed)
Abstract [en]

This book constitutes the refereed proceedings of the 29th International Conference on Secure IT Systems, NordSec 2024, held in Karlstad, Sweden, during November 6–7, 2024.

The 25 full papers presented in this book were carefully reviewed and selected from 59 submissions. They focus on topics such as: Authentication; Cryptography; Cyber-Physical Systems; Cybersecurity and Policy; LLMs for Security; Formal Verification; Mobile and IoT; Network Security; and Privacy.

Place, publisher, year, edition, pages
Cham: Springer, 2024. p. 502
Series
NordSec: Nordic Conference on Secure IT Systems, ISSN 0302-9743, E-ISSN 1611-3349
Keywords
computer crime, computer forensics, computer hardware, computer networks, communication systems, computer science, computer security, computer systems, cryptography, data communication systems, data security, identity management systems, network protocols, network security, privacy, data protection, artificial intelligence, cyber security, machine learning
National Category
Computer and Information Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-102875 (URN)10.1007/978-3-031-79007-2 (DOI)978-3-031-79006-5 (ISBN)978-3-031-79007-2 (ISBN)
Conference
NordSec 2024
Available from: 2025-01-29 Created: 2025-01-29 Last updated: 2025-01-29
Magnusson, J., Müller, M., Brunstrom, A. & Pulls, T. (2023). A Second Look at DNS QNAME Minimization. In: Anna Brunström; Marcel Flores; Marco Fiore (Ed.), Passive and Active Measurement: 24th International Conference, PAM 2023, Virtual Event, March 21–23, 2023, Proceedings. Paper presented at 24th International Conference, PAM 2023, Virtual Event, March 21–23, 2023 (pp. 496-521). Springer
Open this publication in new window or tab >>A Second Look at DNS QNAME Minimization
2023 (English)In: Passive and Active Measurement: 24th International Conference, PAM 2023, Virtual Event, March 21–23, 2023, Proceedings / [ed] Anna Brunström; Marcel Flores; Marco Fiore, Springer, 2023, p. 496-521Conference paper, Published paper (Refereed)
Abstract [en]

The Domain Name System (DNS) is a critical Internet infrastructure that translates human-readable domain names to IP addresses. It was originally designed over 35 years ago and multiple enhancements have since then been made, in particular to make DNS lookups more secure and privacy preserving. Query name minimization (qmin) was initially introduced in 2016 to limit the exposure of queries sent across DNS and thereby enhance privacy. In this paper, we take a look at the adoption of qmin, building upon and extending measurements made by De Vries et al. in 2018. We analyze qmin adoption on the Internet using active measurements both on resolvers used by RIPE Atlas probes and on open resolvers. Aside from adding more vantage points when measuring qmin adoption on open resolvers, we also increase the number of repetitions, which reveals conflicting resolvers – resolvers that support qmin for some queries but not for others. For the passive measurements at root and Top-Level Domain (TLD) name servers, we extend the analysis over a longer period of time, introduce additional sources, and filter out non-valid queries. Furthermore, our controlled experiments measure performance and result quality of newer versions of the qmin -enabled open source resolvers used in the previous study, with the addition of PowerDNS. Our results, using extended methods from previous work, show that the adoption of qmin has significantly increased since 2018. New controlled experiments also show a trend of higher number of packets used by resolvers and lower error rates in the DNS queries. Since qmin is a balance between performance and privacy, we further discuss the depth limit of minimizing labels and propose the use of a public suffix list for setting this limit.

Place, publisher, year, edition, pages
Springer, 2023
Series
Lecture Notes in Computer Science, ISSN 0302-9743, E-ISSN 1611-3349 ; 13882
Keywords
Internet protocols; Privacy-preserving techniques, Controlled experiment; Domain name system; Domain names; Human-readable; Internet infrastructure; Lookups; Minimisation; Performance; Privacy; QNAME minimization, Quality control
National Category
Computer and Information Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-94279 (URN)10.1007/978-3-031-28486-1_21 (DOI)2-s2.0-85151060508 (Scopus ID)
Conference
24th International Conference, PAM 2023, Virtual Event, March 21–23, 2023
Available from: 2023-04-19 Created: 2023-04-19 Last updated: 2024-12-05Bibliographically approved
Pulls, T. & Witwer, E. (2023). Maybenot: A Framework for Traffic Analysis Defenses. In: WPES 2023 - Proceedings of the 22nd Workshop on Privacy in the Electronic Society: . Paper presented at 22nd Workshop on Privacy in the Electronic Society, WPES, Copenhagen, Denmark, November 26, 2023. (pp. 75-89). Association for Computing Machinery (ACM)
Open this publication in new window or tab >>Maybenot: A Framework for Traffic Analysis Defenses
2023 (English)In: WPES 2023 - Proceedings of the 22nd Workshop on Privacy in the Electronic Society, Association for Computing Machinery (ACM), 2023, p. 75-89Conference paper, Published paper (Refereed)
Abstract [en]

In light of the increasing ubiquity of end-to-end encryption and the use of technologies such as Tor and VPNs, analyzing communications metadata - -traffic analysis - -is a last resort for network adversaries. Traffic analysis attacks are more effective thanks to improvements in deep learning, raising the importance of deploying defenses. This paper introduces Maybenot, a framework for traffic analysis defenses. Maybenot is an evolution and generalization of the Tor Circuit Padding Framework by Perry and Kadianakis, designed to support a wide range of protocols and use cases. Defenses are probabilistic state machines that trigger padding and blocking actions based on events. A lightweight simulator enables rapid development and testing of defenses. In addition to describing the Maybenot framework, machines, and simulator, we implement and thoroughly evaluate the state-of-the-art website fingerprinting defenses FRONT and RegulaTor as Maybenot machines. Our evaluation identifies challenges associated with state machine-based frameworks as well as possible enhancements that will further improve Maybenot’s support for effective defenses moving forward.

Place, publisher, year, edition, pages
Association for Computing Machinery (ACM), 2023
Keywords
Cryptography, Deep learning, Petroleum reservoir evaluation, Blockings, Development and testing, End-to-end encryption, Framework, Generalisation, Probabilistics, State-machine, Traffic analysis, Traffic analysis attacks, Website fingerprinting defense, Websites
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-97921 (URN)10.1145/3603216.3624953 (DOI)2-s2.0-85180006594 (Scopus ID)9798400702358 (ISBN)
Conference
22nd Workshop on Privacy in the Electronic Society, WPES, Copenhagen, Denmark, November 26, 2023.
Available from: 2024-01-04 Created: 2024-01-04 Last updated: 2024-01-04Bibliographically approved
Dahlberg, R. & Pulls, T. (2023). Timeless Timing Attacks and Preload Defenses in Tor's DNS Cache. In: Proceedings of the 32nd USENIX Security Symposium: . Paper presented at 32nd USENIX Security Symposium, Anaheim, USA, August 9-11, 2023. (pp. 2635-2652). USENIX - The Advanced Computing Systems Association, 4
Open this publication in new window or tab >>Timeless Timing Attacks and Preload Defenses in Tor's DNS Cache
2023 (English)In: Proceedings of the 32nd USENIX Security Symposium, USENIX - The Advanced Computing Systems Association, 2023, Vol. 4, p. 2635-2652Conference paper, Published paper (Refereed)
Abstract [en]

We show that Tor's DNS cache is vulnerable to a timeless timing attack, allowing anyone to determine if a domain is cached or not  without any false positives.  The attack requires sending a single TLS record. It can be repeated to determine when a domain is no longer cached to leak the insertion time.  Our evaluation in the Tor network shows no instances of cached domains being reported as uncached and vice versa after 12M repetitions while only targeting our own domains. This shifts DNS in Tor from an unreliable side-channel---using traditional timing attacks with network jitter---to being perfectly reliable.  We responsibly disclosed the attack and suggested two short-term mitigations.

As a long-term defense for the DNS cache in Tor against all types of (timeless) timing attacks, we propose a redesign where only an allowlist of domains is preloaded to always be cached across circuits.  We compare the performance of a preloaded DNS cache to Tor's current solution towards DNS by measuring aggregated statistics for four months from two exits (after engaging with the Tor Research Safety Board and our university ethical review process). The evaluated preload lists are variants of the following top-lists: Alexa, Cisco Umbrella, and Tranco. Our results show that four-months-old preload lists can be tuned to offer comparable performance under similar resource usage or to significantly improve shared cache-hit ratios (2--3x) with a modest increase in memory usage and resolver load compared to a 100 Mbit/s exit.  We conclude that Tor's current DNS cache is mostly a privacy harm because the majority of cached domains are unlikely to lead to cache hits but remain there to be probed by attackers.

Place, publisher, year, edition, pages
USENIX - The Advanced Computing Systems Association, 2023
Keywords
Tor, DNS, Side-channels, Timing attack, Timeless timing attack, Traffic Analysis, Website Fingerprinting, Website Oracle
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-94325 (URN)2-s2.0-85176112393 (Scopus ID)978-1-939133-37-3 (ISBN)
Conference
32nd USENIX Security Symposium, Anaheim, USA, August 9-11, 2023.
Projects
SURPRISE (SSF, RIT17-0005)
Funder
Swedish Foundation for Strategic ResearchSwedish Foundation for Strategic Research
Available from: 2023-04-18 Created: 2023-04-18 Last updated: 2023-11-28Bibliographically approved
Beckerle, M., Magnusson, J. & Pulls, T. (2022). Splitting Hairs and Network Traces: Improved Attacks Against Traffic Splitting as a Website Fingerprinting Defense. In: Yuan Hong; Lingyu Wang (Ed.), WPES 2022: Proceedings of the 21st Workshop on Privacy in the Electronic Society. Paper presented at WPES'22 @ CCS'22: 2022 ACM SIGSAC Conference on Computer and Communications Security, Los Angeles, USA, 7 November 2022 (pp. 15-27). Association for Computing Machinery (ACM)
Open this publication in new window or tab >>Splitting Hairs and Network Traces: Improved Attacks Against Traffic Splitting as a Website Fingerprinting Defense
2022 (English)In: WPES 2022: Proceedings of the 21st Workshop on Privacy in the Electronic Society / [ed] Yuan Hong; Lingyu Wang, Association for Computing Machinery (ACM), 2022, p. 15-27Conference paper, Published paper (Refereed)
Abstract [en]

The widespread use of encryption and anonymization technologies - -e.g., HTTPS, VPNs, Tor, and iCloud Private Relay - -makes network attackers likely to resort to traffic analysis to learn of client activity. For web traffic, such analysis of encrypted traffic is referred to as Website Fingerprinting (WF). WF attacks have improved greatly in large parts thanks to advancements in Deep Learning (DL). In 2019, a new category of defenses was proposed: traffic splitting, where traffic from the client is split over two or more network paths with the assumption that some paths are unobservable by the attacker. In this paper, we take a look at three recently proposed defenses based on traffic splitting: HyWF, CoMPS, and TrafficSliver BWR5. We analyze real-world and simulated datasets for all three defenses to better understand their splitting strategies and effectiveness as defenses. Using our improved DL attack Maturesc on real-world datasets, we improve the classification accuracy wrt. state-of-the-art from 49.2% to 66.7% for HyWF, the F1 score from 32.9% to 72.4% for CoMPS, and the accuracy from 8.07% to 53.8% for TrafficSliver BWR5. We find that a majority of wrongly classified traces contain less than a couple hundred of packets/cells: e.g., in every dataset 25% of traces contain less than 155 packets. What cannot be observed cannot be classified. Our results show that the proposed traffic splitting defenses on average provide less protection against WF attacks than simply randomly selecting one path and sending all traffic over that path.

Place, publisher, year, edition, pages
Association for Computing Machinery (ACM), 2022
Keywords
deep learning, network splitting, website fingerprinting, Classification (of information), Cryptography, HTTP, Network security, Anonymization, Classifieds, Learn+, Network attackers, Real-world datasets, Traffic analysis, Traffic splitting, Websites
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-92774 (URN)10.1145/3559613.3563199 (DOI)2-s2.0-85143255443 (Scopus ID)978-1-4503-9873-2 (ISBN)
Conference
WPES'22 @ CCS'22: 2022 ACM SIGSAC Conference on Computer and Communications Security, Los Angeles, USA, 7 November 2022
Funder
.SE (The Internet Infrastructure Foundation)
Available from: 2022-12-27 Created: 2022-12-27 Last updated: 2023-03-22Bibliographically approved
Dahlberg, R., Pulls, T., Ritter, T. & Syverson, P. (2021). Privacy-Preserving & Incrementally-Deployable Support for Certificate Transparency in Tor. In: Aaron Johnson and Florian Kerschbaum (Ed.), Proceedings on Privacy Enhancing Technologies Symposium: . Paper presented at The 21st Privacy Enhancing Technologies Symposium, [Digital], July 12-16, 2021. (pp. 194-213). Sciendo, 2021(2)
Open this publication in new window or tab >>Privacy-Preserving & Incrementally-Deployable Support for Certificate Transparency in Tor
2021 (English)In: Proceedings on Privacy Enhancing Technologies Symposium / [ed] Aaron Johnson and Florian Kerschbaum, Sciendo , 2021, Vol. 2021, no 2, p. 194-213Conference paper, Published paper (Refereed)
Abstract [en]

The security of the web improved greatly throughout the last couple of years.  A large majority of the web is now served encrypted as part of HTTPS, and web browsers accordingly moved from positive to negative security indicators that warn the user if a connection is insecure.  A secure connection requires that the server presents a valid certificate that binds the domain name in question to a public key.  A certificate used to be valid if signed by a trusted Certificate Authority (CA), but web browsers like Google Chrome and Apple's Safari have additionally started to mandate Certificate Transparency (CT) logging to overcome the weakest-link security of the CA ecosystem.  Tor and the Firefox-based Tor Browser have yet to enforce CT.

In this paper, we present privacy-preserving and incrementally-deployable designs that add support for CT in Tor. Our designs go beyond the currently deployed CT enforcements that are based on blind trust: if a user that uses Tor Browser is man-in-the-middled over HTTPS, we probabilistically detect and disclose cryptographic evidence of CA and/or CT log misbehavior.  The first design increment allows Tor to play a vital role in the overall goal of CT: detect mis-issued certificates and hold CAs accountable.  We achieve this by randomly cross-logging a subset of certificates into other CT logs.  The final increments hold misbehaving CT logs accountable, initially assuming that some logs are benign and then without any such assumption.  Given that the current CT deployment lacks strong mechanisms to verify if log operators play by the rules, exposing misbehavior is important for the web in general and not just Tor.  The full design turns Tor into a system for maintaining a probabilistically-verified view of the CT log ecosystem available from Tor's consensus.  Each increment leading up to it preserves privacy due to and how we use Tor.

Place, publisher, year, edition, pages
Sciendo, 2021
Keywords
Certificate Transparency, Tor
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-94320 (URN)10.2478/popets-2021-0024 (DOI)
Conference
The 21st Privacy Enhancing Technologies Symposium, [Digital], July 12-16, 2021.
Projects
HITS (4707), SURPRISE (SSF, RIT17-0005)
Funder
Swedish Foundation for Strategic Research
Available from: 2023-04-18 Created: 2023-04-18 Last updated: 2023-04-20Bibliographically approved
Pulls, T. & Dahlberg, R. (2020). Website fingerprinting with website oracles. Proceedings on Privacy Enhancing Technologies, 2020(1), 235-255
Open this publication in new window or tab >>Website fingerprinting with website oracles
2020 (English)In: Proceedings on Privacy Enhancing Technologies, ISSN 2299-0984, Vol. 2020, no 1, p. 235-255Article in journal (Refereed) Published
Abstract [en]

Website Fingerprinting (WF) attacks are a subset of traffic analysis attacks where a local passive attacker attempts to infer which websites a target victim is visiting over an encrypted tunnel, such as the anonymity network Tor. We introduce the security notion of a Website Oracle (WO) that gives a WF attacker the capability to determine whether a particular monitored website was among the websites visited by Tor clients at the time of a victim’s trace. Our simulations show that combining a WO with a WF attack—which we refer to as a WF+WO attack—significantly reduces false positives for about half of all website visits and for the vast majority of websites visited over Tor. The measured false positive rate is on the order one false positive per million classified website trace for websites around Alexa rank 10,000. Less popular monitored websites show orders of magnitude lower false positive rates.

We argue that WOs are inherent to the setting of anonymity networks and should be an assumed capability of attackers when assessing WF attacks and defenses. Sources of WOs are abundant and available to a wide range of realistic attackers, e.g., due to the use of DNS, OCSP, and real-time bidding for online advertisement on the Internet, as well as the abundance of middleboxes and access logs. Access to a WO indicates that the evaluation of WF defenses in the open world should focus on the highest possible recall an attacker can achieve. Our simulations show that augmenting the Deep Fingerprinting WF attack by Sirinam et al. [60] with access to a WO significantly improves the attack against five state-of-the-art WF defenses, rendering some of them largely ineffective in this new WF+WO setting.

Place, publisher, year, edition, pages
De Gruyter Open, 2020
Keywords
Website fingerprinting; website oracles; traffic analysis; security model; design
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-77048 (URN)10.2478/popets-2020-0013 (DOI)
Projects
HITS, 4707 (Rasmus D) KATT OCH PAF5G (Tobias P)
Funder
Knowledge Foundation
Note

KATT OCH PAF5G är projekt finansierade av Internetstiftelsen

Available from: 2020-02-25 Created: 2020-02-25 Last updated: 2023-04-18Bibliographically approved
Dahlberg, R., Pulls, T., Vestin, J., Høiland-Jørgensen, T. & Kassler, A. (2019). Aggregation-Based Certificate Transparency Gossip. In: Stefan Rass; George Yee (Ed.), Proceedings of the The Thirteenth International Conference on Emerging Security Information, Systems and Technologies - SECURWARE 2019, October 27, 2019 to October 31, 2019 - Nice, France: . Paper presented at The Thirteenth International Conference on Emerging Security Information, Systems and Technologies - SECURWARE 2019, October 27, 2019 to October 31, 2019 - Nice, France. International Academy, Research and Industry Association (IARIA)
Open this publication in new window or tab >>Aggregation-Based Certificate Transparency Gossip
Show others...
2019 (English)In: Proceedings of the The Thirteenth International Conference on Emerging Security Information, Systems and Technologies - SECURWARE 2019, October 27, 2019 to October 31, 2019 - Nice, France / [ed] Stefan Rass; George Yee, International Academy, Research and Industry Association (IARIA), 2019Conference paper, Published paper (Refereed)
Abstract [en]

Certificate Transparency (CT) requires that every certificate which is issued by a certificate authority must be publicly logged. While a CT log can be untrusted in theory, it relies on the assumption that every client observes and cryptographically verifies the same log. As such, some form of gossip mechanism is needed in practice. Despite CT being adopted by several major browser vendors, no gossip mechanism is widely deployed. We suggest an aggregation-based gossip mechanism that passively observes cryptographic material that CT logs emit in plain text, aggregating at packet processors (such as routers and switches) to periodically verify log consistency off-path. In other words, gossip is provided as-a-service by the network. Our proposal can be implemented for a variety of programmable packet processors at line-speed without aggregation distinguishers (throughput), and, based on 20 days of RIPE Atlas measurements that represent clients from 3500 autonomous systems, we show that significant protection against split-viewing CT logs can be achieved with a realistic threat model and an incremental deployment scenario.

Place, publisher, year, edition, pages
International Academy, Research and Industry Association (IARIA), 2019
Keywords
Certificate Transparency, Gossip, P4, XDP
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-77388 (URN)9781713800521 (ISBN)
Conference
The Thirteenth International Conference on Emerging Security Information, Systems and Technologies - SECURWARE 2019, October 27, 2019 to October 31, 2019 - Nice, France
Projects
HITS
Funder
Knowledge Foundation, 4707
Available from: 2020-03-31 Created: 2020-03-31 Last updated: 2023-05-02Bibliographically approved
Veseli, F., Olvera, J. S., Pulls, T. & Rannenberg, K. (2019). Engineering privacy by design: Lessons from the design and implementation of an identity wallet platform. In: Proceedings of the ACM Symposium on Applied Computing: . Paper presented at 34th Annual ACM Symposium on Applied Computing, SAC 2019, 8 April 2019 through 12 April 2019 (pp. 1475-1483). Association for Computing Machinery (ACM)
Open this publication in new window or tab >>Engineering privacy by design: Lessons from the design and implementation of an identity wallet platform
2019 (English)In: Proceedings of the ACM Symposium on Applied Computing, Association for Computing Machinery (ACM), 2019, p. 1475-1483Conference paper, Published paper (Refereed)
Abstract [en]

Applying PbD principles to the design of a system is challenging. We provided our experience and lessons learnt from applying the LINDDUN as a privacy assessment framework in the design of the architecture for a cloud-based identity wallet platform. In this effort, we identified a need to improve LINDDUN in a number of cases, for which we proposed and documented concrete enhancements. We transform LINDDUN from a linear to an iterative process that requires adaptation, introduce the concept of “Constraints” and add a new step in the mitigation of threats. Further, we consider the mitigation strategies of LINDDUN too narrow, and propose other, more practicable ones. Finally, we not only identify further PETs for mitigating privacy threats, but also acknowledge the fact that some threats cannot be effectively mitigated with PETs alone. Thus, we introduce additional mitigation mechanisms besides PETs, introducing especially development guidelines and organizational measures. We demonstrate our enhancements with concrete examples, which could serve also other engineering projects following the PbD paradigm.

Place, publisher, year, edition, pages
Association for Computing Machinery (ACM), 2019
Keywords
Data flow diagram, Identity wallet, LINDDUN, Mitigation of risks, PbD, Privacy by design, Privacy risks, Privacy threat modelling, Concretes, Data flow analysis, Data flow graphs, Mathematical transformations, Data flow diagrams, Privacy threats, Risk assessment
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-72516 (URN)10.1145/3297280.3297429 (DOI)000474685800206 ()2-s2.0-85065644021 (Scopus ID)978-1-4503-5933-7 (ISBN)
Conference
34th Annual ACM Symposium on Applied Computing, SAC 2019, 8 April 2019 through 12 April 2019
Available from: 2019-06-13 Created: 2019-06-13 Last updated: 2020-12-10Bibliographically approved
Fischer-Hübner, S., Martucci, L., Fritsch, L., Pulls, T., Herold, S., Iwaya, L. H., . . . Albin, Z. (2018). A MOOC on Privacy by Design and the GDPR. In: Lynette Drevin, Marianthi Theocharidou (Ed.), Information Security Education: Towards a Cybersecure Society. Paper presented at 11th IFIP World Conference on Information Security Education (WISE 11), Held at the 24th IFIP World Computer Congress, WCC 2018, Poznan, Poland, September 18–20, 2018, Proceedings (pp. 95-107). Cham, Switzerland: Springer
Open this publication in new window or tab >>A MOOC on Privacy by Design and the GDPR
Show others...
2018 (English)In: Information Security Education: Towards a Cybersecure Society / [ed] Lynette Drevin, Marianthi Theocharidou, Cham, Switzerland: Springer, 2018, p. 95-107Conference paper, Published paper (Refereed)
Abstract [en]

In this paper we describe how we designed a massive open online course (mooc) on Privacy by Design with a focus on how to achieve compliance with the eu gdpr principles and requirements in it engineering and management. This mooc aims at educating both professionals and undergraduate students, i.e., target groups with distinct educational needs and requirements, within a single course structure. We discuss why developing and publishing such a course is a timely decision and fulfills the current needs of the professional and undergraduate education. The mooc is organized in five modules, each of them with its own learning outcomes and activities. The modules focus on different aspects of the gdpr that data protection officers have to be knowledgeable about, ranging from the legal basics, to data protection impact assessment methods, and privacy-enhancing technologies. The modules were delivered using hypertext, digital content and three video production styles: slides with voice-over, talking heads and interviews. The main contribution of this work is the roadmap on how to design a highly relevant mooc on privacy by design and the gdpr aimed at an heterogeneous audience.

Place, publisher, year, edition, pages
Cham, Switzerland: Springer, 2018
Series
IFIP Advances in Information Technology (AICT) ; 531
Keywords
privacy, teaching, mooc, course design
National Category
Computer and Information Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-69413 (URN)10.1007/978-3-319-99734-6_8 (DOI)978-3-319-99734-6 (ISBN)
Conference
11th IFIP World Conference on Information Security Education (WISE 11), Held at the 24th IFIP World Computer Congress, WCC 2018, Poznan, Poland, September 18–20, 2018, Proceedings
Projects
WISR
Funder
Knowledge Foundation, NU16
Available from: 2018-09-27 Created: 2018-09-27 Last updated: 2019-12-04Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0001-6459-8409

Search in DiVA

Show all publications