Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
The Wicked Problem of Privacy: Design Challenge for Crypto-based Solutions
Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013). (PriSec)ORCID-id: 0000-0002-6509-3792
2018 (Engelska)Licentiatavhandling, sammanläggning (Övrigt vetenskapligt)
Abstract [en]

Data privacy has been growing in importance in recent years, especially with the continuous increase of online activity. Researchers study, design, and develop solutions aimed at enhancing users’ data privacy. The wicked problem of data privacy is a continuous challenge that defies straightforward solutions. Since there are many factors involved in data privacy, such as technological, legal, and human aspects, we can only aim at mitigating rather than solving this wicked problem. Our aim was to focus on human aspects for designing usable crypto-based privacy-enhancing solutions.  In this thesis, we followed a user centered design method by using empirical qualitative means for investigating user’s perceptions and opinions of our solutions. Most of our work has focused on redactable signatures in the cloud context within the eHealth use-case. Redactable signatures are  a privacy enhancing scheme allowing to remove parts of a signed document by a specified party for achieving data minimization without invalidating the respective signature.

We mainly used semi-structures interviews and focus groups in our investigations. Our results yielded key HCI considerations as well as guidelines of different means for supporting the design of future solutions.

Abstract [en]

Data privacy has been growing in importance in recent years, especially with the continuous increase of online activity. Researchers continuously study, design, and develop solutions aimed at enhancing users’ data privacy. The wicked problem of data privacy is the continuous challenge that defies straightforward solutions. Since there are many factors involved in data privacy, such as technological, legal, and human aspects, we can only aim at mitigating rather than solving this wicked problem.

Our aim was to focus on human aspects for designing usable crypto-based privacy-enhancing solutions.  In this thesis, we followed a user centered design method by using empirical qualitative means for investigating user’s perceptions and opinions of our solutions. Most of our work has focused on redactable signatures in the cloud context within an eHealth use-case. Redactable signatures are a privacy-enhancing scheme, which allow the removal of parts of a signed document by a specified party without invalidating the respective signature. Our results yielded key HCI considerations as well as guidelines of different means for supporting the design of future solutions.

Ort, förlag, år, upplaga, sidor
Karlstad: Karlstads universitet, 2018. , s. 14
Serie
Karlstad University Studies, ISSN 1403-8099 ; 2018:23
Nyckelord [en]
Data privacy, wicked problems, user-centered design, crypto-based solutions, usability, data minimization, redactable signatures
Nationell ämneskategori
Datavetenskap (datalogi)
Forskningsämne
Datavetenskap
Identifikatorer
URN: urn:nbn:se:kau:diva-67134ISBN: 978-91-7063-856-5 (tryckt)ISBN: 978-91-7063-951-7 (digital)OAI: oai:DiVA.org:kau-67134DiVA, id: diva2:1200286
Presentation
2018-06-11, 10:15 (Engelska)
Opponent
Handledare
Anmärkning

Paper 3 was included as manuscript in the thesis.

Tillgänglig från: 2018-05-23 Skapad: 2018-04-23 Senast uppdaterad: 2019-02-07Bibliografiskt granskad
Delarbeten
1. Signatures for Privacy, Trust and Accountability in the Cloud: Applications and Requirements
Öppna denna publikation i ny flik eller fönster >>Signatures for Privacy, Trust and Accountability in the Cloud: Applications and Requirements
Visa övriga...
2015 (Engelska)Ingår i: Privacy and Identity Management. Time for a Revolution?: 10th IFIP WG 9.2, 9.5, 9.6/11.7, 11.4, 11.6/SIG 9.2.2 International Summer School, Edinburgh, UK, August 16-21, 2015, Revised Selected Papers / [ed] David Aspinall, Jan Camenisch, Marit Hansen, Simone Fischer-Hübner, Charles Raab, Springer Publishing Company, 2015, Vol. 476, s. 79-96Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

This paper summarises the results of a workshop at the IFIP Summer School 2015 introducing the EU Horizon 2020 project PRISMACLOUD, that is, Privacy and Security Maintaining Services in the Cloud. The contributions of this summary are three-fold. Firstly, it provides an overview to the PRISMACLOUD cryptographic tools and use-case scenarios that were presented as part of this workshop. Secondly, it distills the discussion results of parallel focus groups. Thirdly, it summarises a ``Deep Dive on Crypto'' session that offered technical information on the new tools. Overall, the workshop aimed at outlining application scenarios and eliciting end-user requirements for PRISMACLOUD.

Ort, förlag, år, upplaga, sidor
Springer Publishing Company, 2015
Serie
IFIP Advances in Information and Communication Technology, ISSN 1868-4238 ; 476
Nyckelord
Privacy, Cloud Computing, Functional Signatures, Malleable Signatures, Graph Signatures, Anonymous Credentials, User Requirements
Nationell ämneskategori
Datavetenskap (datalogi)
Forskningsämne
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-43022 (URN)10.1007/978-3-319-41763-9_6 (DOI)978-3-319-41762-2 (ISBN)
Konferens
IFIP Summer School, Edinburgh, 16.‐21. August 2015
Projekt
PRISMACLOUD
Forskningsfinansiär
EU, Horisont 2020, 4805
Tillgänglig från: 2016-06-15 Skapad: 2016-06-15 Senast uppdaterad: 2019-12-05Bibliografiskt granskad
2. Stakeholders’ Perspectives on Malleable Signatures in a Cloud-based eHealth Scenario
Öppna denna publikation i ny flik eller fönster >>Stakeholders’ Perspectives on Malleable Signatures in a Cloud-based eHealth Scenario
2016 (Engelska)Ingår i: Proceedings of the International Symposium on Human Aspects of Information Security & Assurance / [ed] Nathan Clarke & Steven Furnell, 2016, s. 220-230Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

In this paper, we discuss end user requirements that we elicited for the use of malleable signatures in a Cloud-based eHealth scenario. The concept of a malleable signature, which is a privacy enhancing cryptographic scheme that enables the redaction of personal information from signed documents while preserving the validity of the signature, might be counter- intuitive to end users as its functionality does not correspond to the one of a traditional signature scheme. A qualitative study via a series of semi-structured interviews and focus groups has been conducted to understand stakeholders’ opinions and concerns in regards to the possible applications of malleable signatures in the eHealth area, where a medical record is first digitally signed by a doctor and later redacted by the patient in the cloud. Results from this study yielded user requirements such as the need for suitable metaphors and guidelines, usable templates, and clear redaction policies. 

Nyckelord
HCI Requirements, Malleable Signatures, Usable Privacy, Cloud tools, eHealth
Nationell ämneskategori
Datavetenskap (datalogi) Människa-datorinteraktion (interaktionsdesign)
Forskningsämne
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-43016 (URN)978-1-84102-413-4 (ISBN)
Konferens
HAISA 2016 - the International Symposium on Human Aspects of Information Security & Assurance, Frankfurt Germany, 19th - 21st July 2016
Forskningsfinansiär
EU, Horisont 2020, 4805
Tillgänglig från: 2016-06-15 Skapad: 2016-06-15 Senast uppdaterad: 2019-12-05Bibliografiskt granskad
3. Enhancing Privacy Controls for Patients via a Selective Authentic Electronic Health Record Exchange Service: Qualitative Study of Perspectives by Medical Professionals and Patients
Öppna denna publikation i ny flik eller fönster >>Enhancing Privacy Controls for Patients via a Selective Authentic Electronic Health Record Exchange Service: Qualitative Study of Perspectives by Medical Professionals and Patients
2018 (Engelska)Ingår i: Journal of Medical Internet Research, ISSN 1438-8871, E-ISSN 1438-8871, Vol. 20, nr 12, artikel-id e10954Artikel i tidskrift (Refereegranskat) Published
Abstract [en]

Background: Patients' privacy is regarded as essential for the patient-doctor relationship. One example of a privacy-enhancing technology for user-controlled data minimization on content level is a redactable signature. It enables users to redact personal information from signed documents while preserving the validity of the signature, and thus the authenticity of the document. In this study, we present end users' evaluations of a Cloud-based selective authentic electronic health record (EHR) exchange service (SAE-service) in an electronic health use case. In the use case scenario, patients were given control to redact specified information fields in their EHR, which were signed by their doctors with a redactable signature and transferred to them into a Cloud platform. They can then selectively disclose the remaining information in the EHR, which still bears the valid digital signature, to third parties of their choice. Objective: This study aimed to explore the perceptions, attitudes, and mental models concerning the SAE-service of 2 user roles: signers (medical professionals) and redactors (patients with different technical knowledge) in Germany and Sweden. Another objective was to elicit usability requirements for this service based on the analysis of our investigation. Methods: We chose empirical qualitative methods to address our research objective. Designs of mock-ups for the service were used as part of our user-centered design approach in our studies with test participants from Germany and Sweden. A total of 13 individual walk-throughs or interviews were conducted with medical staff to investigate the EHR signers' perspectives. Moreover, 5 group walk-throughs in focus groups sessions with (N=32) prospective patients with different technical knowledge to investigate redactor's perspective of EHR data redaction control were used. Results: We found that our study participants had correct mental models with regard to the redaction process. Users with some technical models lacked trust in the validity of the doctor's signature on the redacted documents. Main results to be considered are the requirements concerning the accountability of the patients' redactions and the design of redaction templates for guidance and control. Conclusions: For the SAE-service to be means for enhancing patient control and privacy, the diverse usability and trust factors of different user groups should be considered.

Ort, förlag, år, upplaga, sidor
JMIR Publications, 2018
Nationell ämneskategori
Datavetenskap (datalogi)
Forskningsämne
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-70971 (URN)10.2196/10954 (DOI)000454351700001 ()30578189 (PubMedID)
Anmärkning

This paper was included as manuscript in Alaqra's licentiate thesis The Wicked Problem of Privacy: Design Challenge for Crypto-based Solutions

Tillgänglig från: 2019-02-07 Skapad: 2019-02-07 Senast uppdaterad: 2019-04-26Bibliografiskt granskad
4. HCI patterns for cryptographically equipped cloud services
Öppna denna publikation i ny flik eller fönster >>HCI patterns for cryptographically equipped cloud services
Visa övriga...
2018 (Engelska)Konferensbidrag (Refereegranskat)
Ort, förlag, år, upplaga, sidor
Springer, 2018
Nationell ämneskategori
Datavetenskap (datalogi)
Forskningsämne
Datavetenskap
Identifikatorer
urn:nbn:se:kau:diva-67347 (URN)10.1007/978-3-319-91238-7_44 (DOI)000450991000044 ()978-3-319-91237-0 (ISBN)978-3-319-91238-7 (ISBN)
Tillgänglig från: 2018-05-23 Skapad: 2018-05-23 Senast uppdaterad: 2019-02-25Bibliografiskt granskad

Open Access i DiVA

fulltext(362 kB)103 nedladdningar
Filinformation
Filnamn FULLTEXT02.pdfFilstorlek 362 kBChecksumma SHA-512
e6d607bcee4a6f48c7c08e130247f0035b6ce9e2e6d5098ee846ae1ab87d6130a57c73f0606c0f66953a428ed8a9d6b62491ef2f2e5db9e026bff7dc44aed4c9
Typ fulltextMimetyp application/pdf
Forskningspodden with Ala Sarah Alaqra(28121 kB)33 nedladdningar
Filinformation
Filnamn AUDIO01.mp3Filstorlek 28121 kBChecksumma SHA-512
356e620cd5543ab480588a44ecec925f9ac48bcc3a1e6640c26f8d466f1ac5d9013b62f25f1986daf2105ea1e282ae181ea16856e4a875245512dd523d4fe59a
Typ audioMimetyp audio/mpeg

Personposter BETA

Alaqra, Ala Sarah

Sök vidare i DiVA

Av författaren/redaktören
Alaqra, Ala Sarah
Av organisationen
Institutionen för matematik och datavetenskap (from 2013)
Datavetenskap (datalogi)

Sök vidare utanför DiVA

GoogleGoogle Scholar
Totalt: 103 nedladdningar
Antalet nedladdningar är summan av nedladdningar för alla fulltexter. Det kan inkludera t.ex tidigare versioner som nu inte längre är tillgängliga.

isbn
urn-nbn

Altmetricpoäng

isbn
urn-nbn
Totalt: 513 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf