Change search
Link to record
Permanent link

Direct link
BETA
Alternative names
Publications (8 of 8) Show all publications
Alaqra, A. (2020). Tinkering the Wicked Problem of Privacy: Design Challenges and Opportunities for Crypto-based Services. (Doctoral dissertation). Karlstads universitet
Open this publication in new window or tab >>Tinkering the Wicked Problem of Privacy: Design Challenges and Opportunities for Crypto-based Services
2020 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Data privacy has been growing in importance in recent years, especially with the constant increase of online activity. Consequently, researchers study, design, and develop solutions aimed at enhancing users' data privacy. The wicked problem of data privacy is a dynamic challenge that defies straightforward solutions. Since there are many factors involved in data privacy, such as technological, legal, and human aspects, we can only aim at mitigating rather than solving this wicked problem.

Our aim was to explore challenges and opportunities with a focus on human aspects for designing usable crypto-based privacy-enhancing technologies (PETs). Mainly, there were three PETs in the cloud context included in our studies: malleable signatures, secret sharing, and homomorphic encryption. Based on the three PETs, services were developed within European research projects that were the scope of our user studies. We followed a user-centered design approach by using empirical qualitative and quantitative means for collecting study data. Our results and tinkering conveyed (i) analysis of different categories of user's perspectives, mental models, and trade-offs, (ii) user requirements for PET services, and (iii) user interface design guidelines for PET services. In our contributions, we highlight considerations and guidelines for supporting the design of future solutions.

Abstract [en]

Data privacy has been growing in importance in recent years, especially with the constant increase of online activity. Consequently, researchers study, design, and develop solutions aimed at enhancing users' data privacy. The wicked problem of data privacy is a dynamic challenge that defies straightforward solutions. Since there are many factors involved in data privacy, such as technological, legal, and human aspects, we can only aim at mitigating rather than solving this wicked problem.

Our aim was to explore challenges and opportunities with a focus on human aspects for designing usable crypto-based privacy-enhancing technologies (PETs). Our results and tinkering conveyed (i) analysis of different categories of user's perspectives, mental models, and trade-offs, (ii) user requirements for PET services, and (iii) user interface design guidelines for PET services. In our contributions, we highlight considerations and guidelines for supporting the design of future solutions.

Place, publisher, year, edition, pages
Karlstads universitet, 2020. p. 22
Series
Karlstad University Studies, ISSN 1403-8099 ; 2020:5
Keywords
Data privacy, wicked problems, user-centered design, privacy enhancing technologies, human factors, malleable signatures, secret sharing, homomorphic encryption
National Category
Computer Sciences Human Computer Interaction
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-75992 (URN)978-91-7867-077-2 (ISBN)978-91-7867-087-1 (ISBN)
Public defence
2020-01-30, 21A342, Eva Eriksson, 10:15 (English)
Opponent
Supervisors
Available from: 2020-01-09 Created: 2019-12-16 Last updated: 2020-01-27Bibliographically approved
Framner, E., Fischer-Hübner, S., Lorünser, T., Alaqra, A. & Pettersson, J. S. (2019). Making secret sharing based cloud storage usable. Information and Computer Security, 27(5), 647-667
Open this publication in new window or tab >>Making secret sharing based cloud storage usable
Show others...
2019 (English)In: Information and Computer Security, E-ISSN 2056-4961, Vol. 27, no 5, p. 647-667Article in journal (Refereed) Published
Abstract [en]

The purpose of this paper is to develop a usable configuration management for Archistar, whichutilizes secret sharing for redundantly storing data over multiple independent storage clouds in a secure andprivacy-friendly manner. Selecting the optimal secret sharing parameters, cloud storage servers and othersettings for securely storing the secret data shares, while meeting all of end user’s requirements and otherrestrictions, is a complex task. In particular, complex trade-offs between different protection goals and legalprivacy requirements need to be made.

Place, publisher, year, edition, pages
Emerald Group Publishing Limited, 2019
Keywords
Privacy, Decision support systems, Usability, Security, Cloud computing, Secret sharing
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-75182 (URN)10.1108/ICS-01-2019-0016 (DOI)
Projects
Prismacloud (4805)
Funder
EU, Horizon 2020
Available from: 2019-10-09 Created: 2019-10-09 Last updated: 2019-12-16Bibliographically approved
Alaqra, A. S. & Wästlund, E. (2019). Reciprocities or Incentives?: Understanding Privacy Intrusion Perspectives and Sharing Behaviors. In: Abbas Moallem (Ed.), HCI for Cybersecurity, Privacy and Trust: First International Conference, HCI-CPT 2019, Held as Part of the 21st HCI International Conference, HCII 2019, Orlando, FL, USA, July 26–31, 2019, Proceedings. Paper presented at 21st HCI International Conference, HCII 2019, July 26–31, 2019, Orlando, FL, USA, (pp. 355-370). Cham, Switzerland: Springer
Open this publication in new window or tab >>Reciprocities or Incentives?: Understanding Privacy Intrusion Perspectives and Sharing Behaviors
2019 (English)In: HCI for Cybersecurity, Privacy and Trust: First International Conference, HCI-CPT 2019, Held as Part of the 21st HCI International Conference, HCII 2019, Orlando, FL, USA, July 26–31, 2019, Proceedings / [ed] Abbas Moallem, Cham, Switzerland: Springer, 2019, p. 355-370Conference paper, Published paper (Refereed)
Abstract [en]

The importance and perception of privacy varies from one context to the other. However, everyone values his or her privacy to a certain extent. The subjectivity of that value, attitudes, and behaviors would depend on different entangling factors. It is important to understand the motivation that influences human behavior, whether to protect or share their information. In this paper, we aim at understanding the boundaries of privacy, factors influencing information sharing behavior including experiences (reciprocities of privacy), and efforts taken to protect one’s data. We collected data using quantitative (survey/quiz) and qualitative means (focus groups). In the survey/quiz, our results showed that intrusion experience and awareness have a significant correlation between sharing of data. Furthermore, our focus groups results yielded details on influencing factors for privacy reciprocities and tradeoffs. We discuss our results in terms of privacy incentives and factors influencing the sharing behavior of their information. Finally, we highlight the complexity of behavior where intrinsic and extrinsic motivations could clash and result in a dilemma such as the privacy paradox phenomenon. © 2019, Springer Nature Switzerland AG.

Place, publisher, year, edition, pages
Cham, Switzerland: Springer, 2019
Series
Lecture Notes in Computer Science, ISSN 0302-9743, E-ISSN 1611-3349 ; 11594
Keywords
Behavior, Incentive, Motivation, Privacy, Privacy paradox, Reciprocity, Behavioral research, Data privacy, Human computer interaction, Information dissemination, Surveys, Extrinsic motivation, Focus groups, Human behaviors, Information sharing, Privacy intrusion, Computer privacy
National Category
Human Computer Interaction
Research subject
Computer Science; Psychology
Identifiers
urn:nbn:se:kau:diva-75636 (URN)10.1007/978-3-030-22351-9_24 (DOI)2-s2.0-85069853461 (Scopus ID)9783030223502 (ISBN)
Conference
21st HCI International Conference, HCII 2019, July 26–31, 2019, Orlando, FL, USA,
Available from: 2019-11-12 Created: 2019-11-12 Last updated: 2019-12-16Bibliographically approved
Alaqra, A., Fischer-Hübner, S. & Framner, E. (2018). Enhancing Privacy Controls for Patients via a Selective Authentic Electronic Health Record Exchange Service: Qualitative Study of Perspectives by Medical Professionals and Patients. Journal of Medical Internet Research, 20(12), Article ID e10954.
Open this publication in new window or tab >>Enhancing Privacy Controls for Patients via a Selective Authentic Electronic Health Record Exchange Service: Qualitative Study of Perspectives by Medical Professionals and Patients
2018 (English)In: Journal of Medical Internet Research, ISSN 1438-8871, E-ISSN 1438-8871, Vol. 20, no 12, article id e10954Article in journal (Refereed) Published
Abstract [en]

Background: Patients' privacy is regarded as essential for the patient-doctor relationship. One example of a privacy-enhancing technology for user-controlled data minimization on content level is a redactable signature. It enables users to redact personal information from signed documents while preserving the validity of the signature, and thus the authenticity of the document. In this study, we present end users' evaluations of a Cloud-based selective authentic electronic health record (EHR) exchange service (SAE-service) in an electronic health use case. In the use case scenario, patients were given control to redact specified information fields in their EHR, which were signed by their doctors with a redactable signature and transferred to them into a Cloud platform. They can then selectively disclose the remaining information in the EHR, which still bears the valid digital signature, to third parties of their choice. Objective: This study aimed to explore the perceptions, attitudes, and mental models concerning the SAE-service of 2 user roles: signers (medical professionals) and redactors (patients with different technical knowledge) in Germany and Sweden. Another objective was to elicit usability requirements for this service based on the analysis of our investigation. Methods: We chose empirical qualitative methods to address our research objective. Designs of mock-ups for the service were used as part of our user-centered design approach in our studies with test participants from Germany and Sweden. A total of 13 individual walk-throughs or interviews were conducted with medical staff to investigate the EHR signers' perspectives. Moreover, 5 group walk-throughs in focus groups sessions with (N=32) prospective patients with different technical knowledge to investigate redactor's perspective of EHR data redaction control were used. Results: We found that our study participants had correct mental models with regard to the redaction process. Users with some technical models lacked trust in the validity of the doctor's signature on the redacted documents. Main results to be considered are the requirements concerning the accountability of the patients' redactions and the design of redaction templates for guidance and control. Conclusions: For the SAE-service to be means for enhancing patient control and privacy, the diverse usability and trust factors of different user groups should be considered.

Place, publisher, year, edition, pages
JMIR Publications, 2018
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-70971 (URN)10.2196/10954 (DOI)000454351700001 ()30578189 (PubMedID)
Note

This paper was included as manuscript in Alaqra's licentiate thesis The Wicked Problem of Privacy: Design Challenge for Crypto-based Solutions

This paper was included as manuscript in Alaqra's licentiate thesis Tinkering the Wicked Problem of Privacy: Design Challenges and Opportunities for Crypto-based Services, with the title: Enhancing Privacy Controls for Patients via a Selective Authentic Electronic Health Record Exchange Service: Perspectives by Medical Professionals and Patients

Available from: 2019-02-07 Created: 2019-02-07 Last updated: 2020-01-09Bibliographically approved
Länger, T., Alaqra, A., Fischer-Hübner, S., Framner, E., Pettersson, J. S. & Reimer, K. (2018). HCI patterns for cryptographically equipped cloud services. In: Kuroso, M (Ed.), Masaaki Kurosu (Ed.), Human-Computer Interaction. Theories, Methods, and Human Issues: . Paper presented at 20th International Conference, HCI International 2018, Las Vegas, NV, USA, July 15–20, 2018. (pp. 567-586). Springer
Open this publication in new window or tab >>HCI patterns for cryptographically equipped cloud services
Show others...
2018 (English)In: Human-Computer Interaction. Theories, Methods, and Human Issues / [ed] Masaaki Kurosu, Springer, 2018, p. 567-586Conference paper, Published paper (Refereed)
Abstract [en]

Recent cryptographic research has devised several new algorithms and protocols with a potential of mitigating several of the most ardent security and privacy threats, existing in currently available public cloud services. Nevertheless, such cryptographic schemes often exhibit counterintuitive functionality to end users, or they work differently to other already established traditional schemes with which users are already familiar. A practical solution to address these problems involves a human centered design approach, deriving Human Computer Interaction (HCI) requirements from consultations and extensive testing with experts, prospective end users, and other stakeholders. The European Horizon 2020 project PRISMACLOUD “Privacy and Security Maintaining Services for the Cloud” uses such an approach and provides HCI patterns as part of its proper cloud service development methodology CryptSDLC to communicate HCI requirements to cloud service designers and user interface implementers. In this article, we present several new cryptographic cloud services, e.g. for redacting digitally signed data, and for redundant storage and sharing of confidential data in a public cloud scenario, together with three example HCI patterns for specific interactions of end users with these services. We show how these patterns were elaborated and validated in practice to prove the suitability for their intended purpose. To summarize, we give an account on our practical experience during the actual prototype development and implementation and show how they constitute an essential element of the CryptSDLC development methodology.

Place, publisher, year, edition, pages
Springer, 2018
Series
Lecture Notes in Computer Science, ISSN 0302-9743, E-ISSN 1611-3349 ; 10901
Keywords
Cloud computing, Cryptography, HCI patterns, End-user security, End-user privacy
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-67347 (URN)10.1007/978-3-319-91238-7_44 (DOI)000450991000044 ()978-3-319-91237-0 (ISBN)978-3-319-91238-7 (ISBN)
Conference
20th International Conference, HCI International 2018, Las Vegas, NV, USA, July 15–20, 2018.
Available from: 2018-05-23 Created: 2018-05-23 Last updated: 2019-12-16Bibliographically approved
Alaqra, A. S. (2018). The Wicked Problem of Privacy: Design Challenge for Crypto-based Solutions. (Licentiate dissertation). Karlstad: Karlstads universitet
Open this publication in new window or tab >>The Wicked Problem of Privacy: Design Challenge for Crypto-based Solutions
2018 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

Data privacy has been growing in importance in recent years, especially with the continuous increase of online activity. Researchers study, design, and develop solutions aimed at enhancing users’ data privacy. The wicked problem of data privacy is a continuous challenge that defies straightforward solutions. Since there are many factors involved in data privacy, such as technological, legal, and human aspects, we can only aim at mitigating rather than solving this wicked problem. Our aim was to focus on human aspects for designing usable crypto-based privacy-enhancing solutions.  In this thesis, we followed a user centered design method by using empirical qualitative means for investigating user’s perceptions and opinions of our solutions. Most of our work has focused on redactable signatures in the cloud context within the eHealth use-case. Redactable signatures are  a privacy enhancing scheme allowing to remove parts of a signed document by a specified party for achieving data minimization without invalidating the respective signature.

We mainly used semi-structures interviews and focus groups in our investigations. Our results yielded key HCI considerations as well as guidelines of different means for supporting the design of future solutions.

Abstract [en]

Data privacy has been growing in importance in recent years, especially with the continuous increase of online activity. Researchers continuously study, design, and develop solutions aimed at enhancing users’ data privacy. The wicked problem of data privacy is the continuous challenge that defies straightforward solutions. Since there are many factors involved in data privacy, such as technological, legal, and human aspects, we can only aim at mitigating rather than solving this wicked problem.

Our aim was to focus on human aspects for designing usable crypto-based privacy-enhancing solutions.  In this thesis, we followed a user centered design method by using empirical qualitative means for investigating user’s perceptions and opinions of our solutions. Most of our work has focused on redactable signatures in the cloud context within an eHealth use-case. Redactable signatures are a privacy-enhancing scheme, which allow the removal of parts of a signed document by a specified party without invalidating the respective signature. Our results yielded key HCI considerations as well as guidelines of different means for supporting the design of future solutions.

Place, publisher, year, edition, pages
Karlstad: Karlstads universitet, 2018. p. 14
Series
Karlstad University Studies, ISSN 1403-8099 ; 2018:23
Keywords
Data privacy, wicked problems, user-centered design, crypto-based solutions, usability, data minimization, redactable signatures
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-67134 (URN)978-91-7063-856-5 (ISBN)978-91-7063-951-7 (ISBN)
Presentation
2018-06-11, 10:15 (English)
Opponent
Supervisors
Note

Paper 3 was included as manuscript in the thesis.

Available from: 2018-05-23 Created: 2018-04-23 Last updated: 2019-02-07Bibliographically approved
Alaqra, A., Fischer-Hübner, S., Pettersson, J. & Wästlund, E. (2016). Stakeholders’ Perspectives on Malleable Signatures in a Cloud-based eHealth Scenario. In: Nathan Clarke & Steven Furnell (Ed.), Proceedings of the International Symposium on Human Aspects of Information Security & Assurance: . Paper presented at HAISA 2016 - the International Symposium on Human Aspects of Information Security & Assurance, Frankfurt Germany, 19th - 21st July 2016 (pp. 220-230).
Open this publication in new window or tab >>Stakeholders’ Perspectives on Malleable Signatures in a Cloud-based eHealth Scenario
2016 (English)In: Proceedings of the International Symposium on Human Aspects of Information Security & Assurance / [ed] Nathan Clarke & Steven Furnell, 2016, p. 220-230Conference paper, Published paper (Refereed)
Abstract [en]

In this paper, we discuss end user requirements that we elicited for the use of malleable signatures in a Cloud-based eHealth scenario. The concept of a malleable signature, which is a privacy enhancing cryptographic scheme that enables the redaction of personal information from signed documents while preserving the validity of the signature, might be counter- intuitive to end users as its functionality does not correspond to the one of a traditional signature scheme. A qualitative study via a series of semi-structured interviews and focus groups has been conducted to understand stakeholders’ opinions and concerns in regards to the possible applications of malleable signatures in the eHealth area, where a medical record is first digitally signed by a doctor and later redacted by the patient in the cloud. Results from this study yielded user requirements such as the need for suitable metaphors and guidelines, usable templates, and clear redaction policies. 

Keywords
HCI Requirements, Malleable Signatures, Usable Privacy, Cloud tools, eHealth
National Category
Computer Sciences Human Computer Interaction
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-43016 (URN)978-1-84102-413-4 (ISBN)
Conference
HAISA 2016 - the International Symposium on Human Aspects of Information Security & Assurance, Frankfurt Germany, 19th - 21st July 2016
Funder
EU, Horizon 2020, 4805
Available from: 2016-06-15 Created: 2016-06-15 Last updated: 2019-12-16Bibliographically approved
Alaqra, A., Fischer-Hübner, S., Groß, T., Lorünser, T. & Slamanig, D. (2015). Signatures for Privacy, Trust and Accountability in the Cloud: Applications and Requirements. In: David Aspinall, Jan Camenisch, Marit Hansen, Simone Fischer-Hübner, Charles Raab (Ed.), Privacy and Identity Management. Time for a Revolution?: 10th IFIP WG 9.2, 9.5, 9.6/11.7, 11.4, 11.6/SIG 9.2.2 International Summer School, Edinburgh, UK, August 16-21, 2015, Revised Selected Papers. Paper presented at IFIP Summer School, Edinburgh, 16.‐21. August 2015 (pp. 79-96). Springer Publishing Company, 476
Open this publication in new window or tab >>Signatures for Privacy, Trust and Accountability in the Cloud: Applications and Requirements
Show others...
2015 (English)In: Privacy and Identity Management. Time for a Revolution?: 10th IFIP WG 9.2, 9.5, 9.6/11.7, 11.4, 11.6/SIG 9.2.2 International Summer School, Edinburgh, UK, August 16-21, 2015, Revised Selected Papers / [ed] David Aspinall, Jan Camenisch, Marit Hansen, Simone Fischer-Hübner, Charles Raab, Springer Publishing Company, 2015, Vol. 476, p. 79-96Conference paper, Published paper (Refereed)
Abstract [en]

This paper summarises the results of a workshop at the IFIP Summer School 2015 introducing the EU Horizon 2020 project PRISMACLOUD, that is, Privacy and Security Maintaining Services in the Cloud. The contributions of this summary are three-fold. Firstly, it provides an overview to the PRISMACLOUD cryptographic tools and use-case scenarios that were presented as part of this workshop. Secondly, it distills the discussion results of parallel focus groups. Thirdly, it summarises a ``Deep Dive on Crypto'' session that offered technical information on the new tools. Overall, the workshop aimed at outlining application scenarios and eliciting end-user requirements for PRISMACLOUD.

Place, publisher, year, edition, pages
Springer Publishing Company, 2015
Series
IFIP Advances in Information and Communication Technology, ISSN 1868-4238 ; 476
Keywords
Privacy, Cloud Computing, Functional Signatures, Malleable Signatures, Graph Signatures, Anonymous Credentials, User Requirements
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-43022 (URN)10.1007/978-3-319-41763-9_6 (DOI)978-3-319-41762-2 (ISBN)
Conference
IFIP Summer School, Edinburgh, 16.‐21. August 2015
Projects
PRISMACLOUD
Funder
EU, Horizon 2020, 4805
Available from: 2016-06-15 Created: 2016-06-15 Last updated: 2019-12-16Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0002-6509-3792

Search in DiVA

Show all publications