Endre søk
Begrens søket
12 1 - 50 of 57
RefereraExporteraLink til resultatlisten
Permanent link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Treff pr side
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sortering
  • Standard (Relevans)
  • Forfatter A-Ø
  • Forfatter Ø-A
  • Tittel A-Ø
  • Tittel Ø-A
  • Type publikasjon A-Ø
  • Type publikasjon Ø-A
  • Eldste først
  • Nyeste først
  • Skapad (Eldste først)
  • Skapad (Nyeste først)
  • Senast uppdaterad (Eldste først)
  • Senast uppdaterad (Nyeste først)
  • Disputationsdatum (tidligste først)
  • Disputationsdatum (siste først)
  • Standard (Relevans)
  • Forfatter A-Ø
  • Forfatter Ø-A
  • Tittel A-Ø
  • Tittel Ø-A
  • Type publikasjon A-Ø
  • Type publikasjon Ø-A
  • Eldste først
  • Nyeste først
  • Skapad (Eldste først)
  • Skapad (Nyeste først)
  • Senast uppdaterad (Eldste først)
  • Senast uppdaterad (Nyeste først)
  • Disputationsdatum (tidligste først)
  • Disputationsdatum (siste først)
Merk
Maxantalet träffar du kan exportera från sökgränssnittet är 250. Vid större uttag använd dig av utsökningar.
  • 1.
    Bisztray, Tamas
    et al.
    University of Oslo, Norway.
    Gruschka, Nils
    University of Oslo, Norway.
    Mavroeidis, Vasileios
    University of Oslo, Norway.
    Fritsch, Lothar
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Data Protection Impact Assessment in Identity Control Management with a Focus on Biometrics2020Inngår i: Open Identity Summit 2020 / [ed] Heiko Roßnagel, Christian Schunck, Sebastian Mödersheim, Detlef Hühnlein, Bonn: Gesellschaft für Informatik e.V. , 2020, Vol. P-305, s. 185-192Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Privacy issues concerning biometric identification are becoming increasingly relevant due to their proliferation in various fields, including identity and access control management (IAM). The General Data Protection Regulation (GDPR) requires the implementation of a data protection impact assessment for privacy critical systems. In this paper, we analyse the usefulness of two different privacy impact assessment frameworks in the context of biometric data protection. We use experiences from the SWAN project that processes four different biometric characteristics for authentication purposes. The results of this comparison elucidate how useful these frameworks are in identifying sector-specific privacy risks related to IAM and biometric identification.

    Fulltekst (pdf)
    fulltext
  • 2.
    Colesky, Michael
    et al.
    Radboud University, NLD.
    Demetzou, Katerina
    Radboud University, NLD.
    Fritsch, Lothar
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Herold, Sebastian
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Helping Software Architects Familiarize with the General Data Protection Regulation2019Inngår i: 2019 IEEE International Conference on Software Architecture Companion (ICSA-C), IEEE , 2019, s. 226-229Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Abstract—The General Data Protection Regulation (GDPR)impacts any information systems that process personal datain or from the European Union. Yet its enforcement is stillrecent. Organizations under its effect are slow to adopt itsprinciples. One particular difficulty is the low familiarity withthe regulation among software architects and designers. Thedifficulty to interpret the content of the legal regulation ata technical level adds to that. This results in problems inunderstanding the impact and consequences that the regulationmay have in detail for a particular system or project context.In this paper we present some early work and emergingresults related to supporting software architects in this situation.Specifically, we target those who need to understand how theGDPR might impact their design decisions. In the spirit ofarchitectural tactics and patterns, we systematically identifiedand categorized 155 forces in the regulation. These results formthe conceptual base for a first prototypical tool. It enablessoftware architects to identify the relevant forces by guidingthem through an online questionnaire. This leads them to relevantfragments of the GDPR and potentially relevant privacy patterns.We argue that this approach may help software professionals,in particular architects, familiarize with the GDPR and outlinepotential paths for evaluation.

    Fulltekst (pdf)
    fulltext
  • 3. Deng, Ming
    et al.
    Fritsch, Lothar
    Johann Wolfgang Goethe-University, Frankfurt, Germany.
    Kursawe, Klaus
    Personal rights management: Taming camera-phones for individual privacy enforcement2006Inngår i: Privacy Enhancing Technologies, Springer, 2006, s. 172-189Konferansepaper (Fagfellevurdert)
    Abstract [en]

    With ubiquitous use of digital camera devices, especially in mobile phones, privacy is no longer threatened by governments and companies only. The new technology creates a new threat by ordinary people, who could take and distribute pictures of an individual with no risk and little cost in any situation in public or private spaces. Fast distribution via web based photo albums, online communities and web pages expose an individual's private life to the public. Social and legal measures are increasingly taken to deal with this problem, but they are hard to enforce in practice. In this paper, we proposed a model for privacy infrastructures aiming for the distribution channel such that as soon as the picture is publicly available, the exposed individual has a chance to find it and take proper action in the first place. The implementation issues of the proposed protocol are discussed. Digital rights management techniques are applied in our proposed infrastructure, and data identification techniques such as digital watermarking and robust perceptual hashing are proposed to enhance the distributed content identification.

  • 4.
    Fischer-Hübner, Simone
    et al.
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Martucci, Leonardo
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Fritsch, Lothar
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Pulls, Tobias
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Herold, Sebastian
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Iwaya, Leonardo H
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Alfredsson, Stefan
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Albin, Zuccato
    ATEA Sverige AB, Stockholm, Sweden.
    A MOOC on Privacy by Design and the GDPR2018Inngår i: Information Security Education: Towards a Cybersecure Society / [ed] Lynette Drevin, Marianthi Theocharidou, Cham, Switzerland: Springer, 2018, s. 95-107Konferansepaper (Fagfellevurdert)
    Abstract [en]

    In this paper we describe how we designed a massive open online course (mooc) on Privacy by Design with a focus on how to achieve compliance with the eu gdpr principles and requirements in it engineering and management. This mooc aims at educating both professionals and undergraduate students, i.e., target groups with distinct educational needs and requirements, within a single course structure. We discuss why developing and publishing such a course is a timely decision and fulfills the current needs of the professional and undergraduate education. The mooc is organized in five modules, each of them with its own learning outcomes and activities. The modules focus on different aspects of the gdpr that data protection officers have to be knowledgeable about, ranging from the legal basics, to data protection impact assessment methods, and privacy-enhancing technologies. The modules were delivered using hypertext, digital content and three video production styles: slides with voice-over, talking heads and interviews. The main contribution of this work is the roadmap on how to design a highly relevant mooc on privacy by design and the gdpr aimed at an heterogeneous audience.

  • 5.
    Fritsch, Lothar
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap.
    Comments on ”The grant life cycle – a researcher’s handbook”2017Rapport (Annet vitenskapelig)
    Abstract [en]

    The grant proposing introduction tutorial for young researchers is undergoing revision at Karlstad University. The Grants and Innovation Office (GIO) has requested suggestions for improvements from researchers. This document is a review of the existing document, including suggestions, critique and recommendations for complementary information in support of the GIO presentation at the Computer Science Department on March 29, 2017.

    Fulltekst (pdf)
    reviewgrantguide2017
  • 6.
    Fritsch, Lothar
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    How Big Data Helps SDN with data Protection and Privacy2018Inngår i: Big Data and Software Defined Networks / [ed] Javid Taheri, London, UK: Institution of Engineering and Technology, 2018, s. 339-351Kapittel i bok, del av antologi (Fagfellevurdert)
  • 7.
    Fritsch, Lothar
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Identification collapse - contingency in Identity Management2020Inngår i: Open Identity Summit 2020 / [ed] Heiko Roßnagel; Christian Schunck; Sebastian Mödersheim; Detlev Hühnlein, Bonn: Gesellschaft für Informatik e.V. , 2020, Vol. P-305, s. 15-26Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Identity management (IdM) facilitates identification, authentication and authorization inmost digital processes that involve humans. Digital services as well as work processes, customerrelationship management, telecommunications and payment systems rely on forms of IdM. IdMis a business-critical infrastructure. Organizations rely on one specific IdM technology chosen tofit a certain context. Registration, credential issuance and deployment of digital identities are thenbound to the chosen technology. What happens if that technology is disrupted? This article discussesconsequences and mitigation strategies for identification collapse based on case studies and literaturesearch. The result is a surprising shortage of available documented mitigation and recovery strategiesfor identification collapse.

    Fulltekst (pdf)
    fulltext
  • 8.
    Fritsch, Lothar
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Identity Management as a target in cyberwar2020Inngår i: Open Identity Summit 2020 / [ed] Heiko Roßnagel, Christian Schunck, Sebastian Mödersheim, Detlef Hühnlein, Bonn: Gesellschaft für Informatik e.V. , 2020, Vol. P-305, s. 61-70Konferansepaper (Fagfellevurdert)
    Abstract [en]

    This article will discuss Identity Management (IdM) and digital identities in the context ofcyberwar. Cyberattacks that target or exploit digital identities in this context gain leverage throughthe central position of IdM digital infrastructures. Such attacks will compromize service operations,reduce the security of citizens and will expose personal data - those of military personell included. Thearticle defines the issue, summarizes its background and then discusses the implications of cyberwarfor vendors and applicants digital identity management infrastructures where IdM is positioned as acritical infrastructure in society.

    Fulltekst (pdf)
    fulltext
  • 9.
    Fritsch, Lothar
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Partial commitment – "Try before you buy" and "Buyer’s remorse" for personal data in Big Data & Machine learning2017Inngår i: Trust Management XI: 11th IFIP WG 11.11 International Conference, IFIPTM 2017, Gothenburg, Sweden, June 12-16, 2017, Proceedings / [ed] Jan-Phillip Steghöfer, Babak Esfandiari, Cham, Switzerland: Springer, 2017, Vol. 505, s. 3-11Konferansepaper (Fagfellevurdert)
    Abstract [en]

    The concept of partialcommitment is discussed in the context of personal privacy management in datascience. Uncommitted, promiscuous or partially committed user’s data may eitherhave a negative impact on model or data quality, or it may impose higherprivacy compliance cost on data service providers. Many Big Data (BD) andMachine Learning (ML) scenarios involve the collection and processing of largevolumes of person-related data. Data is gathered about many individuals as wellas about many parameters in individuals. ML and BD both spend considerable resourceson model building, learning, and data handling. It is therefore important toany BD/ML system that the input data trained and processed is of high quality,represents the use case, and is legally processes in the system. Additionalcost is imposed by data protection regulation with transparency, revocation andcorrection rights for data subjects. Data subjects may, for several reasons, only partially accept a privacypolicy, and chose to opt out, request data deletion or revoke their consent fordata processing. This article discusses the concept of partial commitment andits possible applications from both the data subject and the data controllerperspective in Big Data and Machine Learning.

    Fulltekst (pdf)
    Fulltext
  • 10.
    Fritsch, Lothar
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Privacy dark patterns in identity management2017Inngår i: Open Identity Summit 2017: Proceedings / [ed] Lothar Fritsch, Heiko Roßnagel, Detlef Hühnlein, Bonn: Gesellschaft für Informatik, 2017, s. 93-104Konferansepaper (Fagfellevurdert)
    Abstract [en]

    This article presents three privacy dark patterns observed in identity management. Dark patterns are software design patterns that intentionally violate requirements, in the given case privacy requirements for identity management. First, the theoretical background is presented, and then next, the observed patterns are documented, described and formalized. The resulting dark patterns show how security is used as obfuscation of data collection, how the seemingly harmless collection of additional data is advertised to end users, and how the use of anonymization technology is actively discouraged by service providers.

    Fulltekst (pdf)
    fulltext
  • 11.
    Fritsch, Lothar
    Norwegian Computing Center, Oslo.
    Security and privacy engineering for corporate use of social community platforms2011Inngår i: INFORMATIK 2011 - Informatik schafft Communities - 41. Jahrestagung der Gesellschaft für Informatik e.V. / [ed] H.-U. Heiß, P. Pepper, S. Holger et al.,, Gesellschaft für Informatik , 2011Konferansepaper (Fagfellevurdert)
  • 12.
    Fritsch, Lothar
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap.
    Summary of the 2nd 7DAV008 Peer Review PhD course deployment, 28-September-2017: Technical report LOF2017-3.2017Rapport (Annet (populærvitenskap, debatt, mm))
    Abstract [en]

    The course is intended to teach 1st-year doctoral students about peer reviewing as part of the scientific production cycle. As preparation for the course, the students receive a reading list with articles covering various aspects of peer review. Students then have to select one article they will summarize in a 10-minute presentation for the seminar group. Another student will complement as a respondent with a 5-minute slot for presentation.

     A half-day seminar is then held where the students will present and discuss their reviewed articles. This is followed up with a session on various professional and ethical issues to consider when acting as a reviewer. A following session shows and discusses examples of review reports, with possible contributions of student-received reviews. Finally, the course introduces Easychair, a platform for managing peer reviews.  Following the seminar course, the students have to perform five peer reviews in collaboration with and instruction from their supervisors. The course will be completed when the seminar and five reviews are completed.

  • 13.
    Fritsch, Lothar
    Norsk Regnesentral.
    The Clean Privacy Ecosystem of the Future Internet2013Inngår i: Future Internet, E-ISSN 1999-5903, Vol. 5, nr 1, s. 34-45Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    This article speculates on the future of privacy and electronic identities on the Internet. Based on a short review of security models and the development of privacy-enhancing technology, privacy and electronic identities will be discussed as parts of a larger context—an ecosystem of personal information and electronic identities. The article argues for an ecosystem view of personal information and electronic identities, as both personal information and identity information are basic required input for many applications. Therefore, for both application owners and users, a functioning ecosystem of personal information and electronic identification is important. For the future of the Internet, high-quality information and controlled circulation of such information is therefore argued as decisive for the value of future Internet applications.

    Fulltekst (pdf)
    fulltext
  • 14.
    Fritsch, Lothar
    Norsk Regnesentral.
    Trust and Privacy in the Internet of Things in the User’s View - Keynote talk on "Future Trends and Challenges" track2012Inngår i: Chip-to-Cloud Security Forum 2012, Nice, France, 2012Konferansepaper (Fagfellevurdert)
  • 15.
    Fritsch, Lothar
    et al.
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Fischer-Hübner, Simone
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Applications of Privacy and Security Research in the Upcoming Battlefield of Things2018Inngår i: Proceedings of the 17th European Conference on Cyber Warfare and Security / [ed] Audun Jøsang, Reading: Academic Conferences and Publishing International Limited, 2018Konferansepaper (Fagfellevurdert)
    Abstract [en]

    This article presents the results of a trend scouting study on the applicability of contemporary information privacy and information security research in future defence scenarios in a 25-year-horizon. We sketch the expected digital warfare and defence environment as a “battlefield of things” where connected objects, connected soldiers and automated and autonomous sensing and acting systems are core elements. Based on this scenario, we discuss current research in information security and information privacy and their relevance and applicability for the future scenario.

  • 16.
    Fritsch, Lothar
    et al.
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Fischer-Hübner, Simone
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Implications of Privacy & Security Research for the Upcoming Battlefield of Things2019Inngår i: Journal of Information Warfare, ISSN 1445-3312, Vol. 17, nr 4, s. 72-87Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    This article presents the results of a trend-scouting study on the applicability of contemporary information privacy and information security research in future defence scenarios in a 25-year-horizon. The authors sketch the expected digital warfare and defence environment as a‘Battlefield of Things’ in which connected objects, connected soldiers, and automated and autonomous sensing and acting systems are core elements. Based on this scenario, the authors discuss current research in information security and information privacy and their relevance and applicability for the future scenario.

    Fulltekst (pdf)
    Fritsch_Fischer-Hübner_2019
  • 17.
    Fritsch, Lothar
    et al.
    Norsk Regnesentral.
    Fuglerud, Kristin Skeide
    Norsk Regnesentral.
    Solheim, Ivar
    Norsk Regnesentral.
    Towards Inclusive Identity Management: 1st IDIS workshop 20082010Inngår i: Identity in the Information Society, E-ISSN 1876-0678, Vol. 3, nr 3, s. 515-538Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    The article argues for a shift of perspective in identity management (IDM) research and development. Accessibility and usability issues affect identity management to such an extent that they demand a reframing and reformulation of basic designs and requirements of modern identity management systems. The rationale for the traditional design of identity management systems and mechanisms has been security concerns as defined in the field of security engineering. By default the highest security level has been recommended and implemented, often without taking end-user needs and accessibility issues into serious consideration. The article provides a conceptual framework for inclusive IDM, a brief overview of the regulatory status of inclusive IDM and a taxonomy of inclusive identity management methods. Several widespread IDM approaches, methods and techniques are analyzed and discussed from the perspective of inclusive design. Several important challenges are identified and some ideas for solutions addressing the challenges are proposed and discussed.

    Fulltekst (pdf)
    fulltext
  • 18.
    Fritsch, Lothar
    et al.
    Norsk Regnesentral Norwegian Comp Ctr, NO-0373 Oslo, Norway..
    Groven, Arne-Kristian
    Norsk Regnesentral Norwegian Comp Ctr, NO-0373 Oslo, Norway..
    Schulz, Trenton
    Norsk Regnesentral Norwegian Comp Ctr, NO-0373 Oslo, Norway..
    On the Internet of Things, Trust is Relative2012Inngår i: CONSTRUCTURING AMBIENT INTELLIGENCE, Springer Berlin/Heidelberg, 2012, s. 267-273Konferansepaper (Fagfellevurdert)
    Abstract [en]

    End-users on the Internet of Things (IoT) will encounter many different devices and services; they will need to decide whether or not they can trust these devices and services with their information. We identify three items of trust information that end-users will need to determine if they should trust something on the IoT. We create a taxonomy of the likely scenarios end-users will encounter on the IoT and present five trust strategies for obtaining this trust information. Upon applying these strategies to our scenarios, we find that there is no strategy that can work efficiently and effectively in every situations; end-users will need to apply the strategy that best fits their current situation. Offering multiple trust strategies in parallel and having this information transparent to end-users will ensure a sustainable IoT.

  • 19.
    Fritsch, Lothar
    et al.
    Norwegian Computing Center, Oslo.
    Groven, Arne-Kristian
    Norwegian Comp Ctr, Oslo, Norway..
    Strand, Lars
    Norwegian Comp Ctr, Oslo, Norway..
    A holistic approach to Open-Source VoIP security: Preliminary results from the EUX2010sec project2009Inngår i: Networks, 2009. ICN '09. Eighth International Conference on / [ed] Robert Bestak, Laurent George, Vladimir S. Zaborovsky, Cosmin Dini, IEEE , 2009, s. 275-280Konferansepaper (Fagfellevurdert)
    Abstract [en]

    This paper describes the approach and preliminary results from the research project EUX2010sec. The project works closely with Voice-over-IP (VoIP) companies and users. It aims at providing better security of opera source VoIP installations. The work towards this goal is organized by gathering researchers and practitioners around several scientific activities that range from security modeling and verification up to testbed testing. The expected outcomes of the project are a solid scientific and practical understanding of the security options for setting tip VoIP infrastructures, particular guidance on secure, typical setups of such infrastructures, The project's special focus is on producing results relevant to the practitioners in the project, aiming at the stimulation of innovation and the provision of highest quality in open-source based VoIP products and services.

  • 20.
    Fritsch, Lothar
    et al.
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Momen, Nurul
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Derived Partial Identities Generated from App Permissions2017Inngår i: Open Identity Summit 2017: Proceedings / [ed] Lothar Fritsch, Heiko Roßnagel, Detlef Hühnlein, Bonn: Gesellschaft für Informatik, 2017, s. 117-130Konferansepaper (Fagfellevurdert)
    Abstract [en]

    This article presents a model of partial identities derived from app permissions that is based on Pfitzmann and Hansen’s terminology for privacy [PH10]. The article first shows how app permissions accommodate the accumulation of identity attributes for partial digital identities by building a model for identity attribute retrieval through permissions. Then, it presents an experimental survey of partial identity access for selected app groups. By applying the identity attribute retrieval model on the permission access log from the experiment, we show how apps’ permission usage is providing to identity profiling.

    Fulltekst (pdf)
    fulltext
  • 21.
    Fritsch, Lothar
    et al.
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Roßnagel, HeikoFraunhofer IAO, Fraunhofer Gesellschaft, Stuttgart.Hühnlein, DetlefECSEC GmbH.
    Open Identity Summit 2017: Proceedings2017Konferanseproceedings (Fagfellevurdert)
    Download (pdf)
    cover
  • 22.
    Fritsch, Lothar
    et al.
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Tjostheim, Ingvar
    Nork Regnesentral.
    Kitkowska, Agnieszka
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    I’m Not That Old Yet! The Elderly and Us in HCI and Assistive Technology2018Inngår i: Proceedings of the Mobile Privacy and Security for an Ageing Population workshop at the 20th International Conference on Human-Computer Interaction with Mobile Devices and Services (MobileHCI) 2018, Barcelona: University of Bath; Cranfield university; Northumbria university, Newcastle; University of Portsmouth , 2018Konferansepaper (Annet vitenskapelig)
    Abstract [en]

    Recent HCI research in information security and privacy focuses on the Elderly. It aims at the provision of inclu-sive, Elderly-friendly interfaces for security and data protection features. Much attention is put on care situa-tions where the image of the Elderly is that of sick or disabled persons not mastering contemporary infor-mation technology. That population is however a frac-tion of the group called the Elderly. In this position pa-per, we argue that the Elderly are a very diverse popu-lation. We discuss issues rising from researchers and software architects’ misconception of the Elderly as technology-illiterate and unable. We suggest a more nuanced approach that includes changing personal abil-ities over the course of life.

    Fulltekst (pdf)
    fulltext
  • 23.
    Hatamian, Majid
    et al.
    Goethe University Frankfurt, Germany.
    Momen, Nurul
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Fritsch, Lothar
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Rannenberg, Kai
    Goethe University Frankfurt, Germany.
    A Multilateral Privacy Impact Analysis Method for Android Apps2019Inngår i: Privacy Technologies and Policy / [ed] M. Naldi, G. F. Italiano, K. Rannenberg, M. Medina & A. Bourka, Cham: Springer, 2019, Vol. 11498, s. 87-106Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Smartphone apps have the power to monitor most of people’s private lives. Apps can permeate private spaces, access and map social relationships, monitor whereabouts and chart people’s activities in digital and/or real world. We are therefore interested in how much information a particular app can and intends to retrieve in a smartphone. Privacy-friendliness of smartphone apps is typically measured based on single-source analyses, which in turn, does not provide a comprehensive measurement regarding the actual privacy risks of apps. This paper presents a multi-source method for privacy analysis and data extraction transparency of Android apps. We describe how we generate several data sets derived from privacy policies, app manifestos, user reviews and actual app profiling at run time. To evaluate our method, we present results from a case study carried out on ten popular fitness and exercise apps. Our results revealed interesting differences concerning the potential privacy impact of apps, with some of the apps in the test set violating critical privacy principles. The result of the case study shows large differences that can help make relevant app choices.

  • 24.
    Hatamian, Majid
    et al.
    Northumbria University, Newcastle upon Tyne, UK.
    Wairimu, Samuel
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Momen, Nurul
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Fritsch, Lothar
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    A privacy and security analysis of early-deployed COVID-19 contact tracing Android apps2021Inngår i: Empirical Software Engineering, ISSN 1382-3256, E-ISSN 1573-7616, Vol. 26, nr 3, artikkel-id 36Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    As this article is being drafted, the SARS-CoV-2/COVID-19 pandemic is causing harm and disruption across the world. Many countries aimed at supporting their contact tracers with the use of digital contact tracing apps in order to manage and control the spread of the virus. Their idea is the automatic registration of meetings between smartphone owners for the quicker processing of infection chains. To date, there are many contact tracing apps that have already been launched and used in 2020. There has been a lot of speculations about the privacy and security aspects of these apps and their potential violation of data protection principles. Therefore, the developers of these apps are constantly criticized because of undermining users’ privacy, neglecting essential privacy and security requirements, and developing apps under time pressure without considering privacy- and security-by-design. In this study, we analyze the privacy and security performance of 28 contact tracing apps available on Android platform from various perspectives, including their code’s privileges, promises made in their privacy policies, and static and dynamic performances. Our methodology is based on the collection of various types of data concerning these 28 apps, namely permission requests, privacy policy texts, run-time resource accesses, and existing security vulnerabilities. Based on the analysis of these data, we quantify and assess the impact of these apps on users’ privacy. We aimed at providing a quick and systematic inspection of the earliest contact tracing apps that have been deployed on multiple continents. Our findings have revealed that the developers of these apps need to take more cautionary steps to ensure code quality and to address security and privacy vulnerabilities. They should more consciously follow legal requirements with respect to apps’ permission declarations, privacy principles, and privacy policy contents.

    Fulltekst (pdf)
    fulltext
  • 25.
    Iwaya, Leonardo H
    et al.
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Nordin, Anna
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för hälsovetenskaper (from 2013). Karlstads universitet, Fakulteten för samhälls- och livsvetenskaper, Avdelningen för omvårdnad.
    Fritsch, Lothar
    Oslo Metropolitan University, Norway.
    Børøsund, Elin
    Oslo University Hospital, Norway.
    Johansson, Margareta
    Uppsala University, Sweden.
    Varsi, Cecilie
    Oslo University Hospital, Norway.
    Ängeby, Karin
    Region Värmland, Sweden.
    Early Labour App: Developing a practice-based mobile health application for digital early labour support2023Inngår i: International Journal of Medical Informatics, ISSN 1386-5056, E-ISSN 1872-8243, Vol. 177, s. 105139-105139, artikkel-id 105139Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    Background: Pregnant women in early labour have felt excluded from professional care, and their partners have been restricted from being involved in the birthing process. Expectant parents must be better prepared to deal with fear and stress during early labour. There is a need for evidence-based information and digital applications that can empower couples during childbirth. Objective: To develop and identify requirements for a practice-based mobile health (mHealth) application for Digital Early Labour Support. Methods: This research started with creating an expert group composed of a multidisciplinary team capable of informing the app development process on evidence-based practices. In consultation with the expert group, the app was built using an agile development approach (i.e., Scrum) within a continuous software engineering setting (i.e., CI/CD, DevOps), also including user and security tests. Results: During the development of the Early Labour App, two main types of challenges emerged: (1) user challenges, related to understanding the users’ needs and experience with the app, and (2) team challenges, related to the software development team in particular, and the necessary skills for translating an early labour intervention into a digital solution. This study reaffirms the importance of midwife support via blended care and the opportunity of complementing it with an app. The Early Labour App was easy to use, the women needed little to no help, and the partner’s preparation was facilitated. The combination of the app together with blended care opens up awareness, thoughts and feelings about the method and provides good preparation for the birth. Conclusion: We propose the creation of the Early Labour App, a mHealth app for early labour support. The preliminary tests conducted for the Early Labour App show that the app is mature, allowing it to be used in the project’s Randomised Control Trial, which is already ongoing.

    Fulltekst (pdf)
    fulltext
  • 26. Iwaya, Leonardo Horn
    et al.
    Nordin, Anna
    Fritsch, Lothar
    Børøsund, Elin
    Johansson, Margareta
    Varsi, Cecilie
    Ängeby, Karin
    Early Labour App: Developing a practice-based mobile health application for digital early labour support2023Inngår i: International Journal of Medical Informatics, ISSN 1386-5056, E-ISSN 1872-8243, Vol. 177, s. 105139-105139, artikkel-id 105139Artikkel i tidsskrift (Fagfellevurdert)
  • 27.
    Josang, Audun
    et al.
    Univ Oslo, UNIK Univ Grad Ctr, N-0316 Oslo, Norway.
    Fritsch, Lothar
    Norwegian Computing CenterNorway.
    Mahler, Tobias
    Privacy Policy Referencing2010Inngår i: Trust, Privacy and Security in Digital Business: 7th International Conference, TrustBus 2010, Bilbao, Spain, August 30-31, 2010. Proceedings / [ed] Katsikas, S., Lopez, J. & Soriano, M., Springer, 2010, s. 129-140Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Data protection legislation was originally defined for a context where personal information is mostly stored on centralized servers with limited connectivity and openness to 3rd party access. Currently, servers are connected to the Internet, where a large amount of personal information is continuously being exchanged as part of application transactions. This is very different from the original context of data protection regulation. Even though there are rather strict data protection laws in an increasing number of countries, it is in practice rather challenging to ensure an adequate protection for personal data that is communicated on-line. The enforcement of privacy legislation and policies therefore might require a technological basis, which is integrated with adequate amendments to the legal framework. This article describes a new approach called Privacy Policy Referencing, and outlines the technical and the complementary legal framework that needs to be established to support it.

  • 28.
    Keller, Joerg
    et al.
    FernUniversitat, Germany.
    Mazurczyk, Wojciech
    Warsaw Univ Technol, Warsaw, Poland.
    Genge, Bela
    Univ Med Pharm Sci & Technol Targu Mures, Romania.
    Fritsch, Lothar
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Vrhovec, Simon
    Univ Maribor, Slovenia.
    Cyberattack Detection and Response J.UCS Special Issue2019Inngår i: Journal of universal computer science (Online), ISSN 0948-695X, E-ISSN 0948-6968, Vol. 25, nr 11, s. 1394-1395Artikkel i tidsskrift (Annet vitenskapelig)
  • 29. Kohlweiss, Markulf
    et al.
    Faust, Sebastian
    Fritsch, Lothar
    Norsk Regnesentral.
    Gedrojc, Bartek
    Preneel, Bart
    Efficient oblivious augmented maps: Location-based services with a payment broker2007Inngår i: PRIVACY ENHANCING TECHNOLOGIES, Katholieke Univ Leuven, ESAT, COSIC, B-3001 Louvain, Belgium., 2007, s. 77-94Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Secure processing of location data in location-based services (LBS) can be implemented with cryptographic protocols. We propose a protocol based on oblivious transfer and homomorphic encryption. Its properties are the avoidance of personal information on the services side, and a fair revenue distribution scheme. We discuss this in contrast to other LBS solutions that seek to anonymize information as well as possible towards the services. For this purpose, we introduce a proxy party. The proxy interacts with multiple services and collects money from subscribing users. Later on, the proxy distributes the collected payment to the services based on the number of subscriptions to each service. Neither the proxy nor the services learn the exact relation between users and the services they are subscribed to.

  • 30. Kohlweiss, Markulf
    et al.
    Fritsch, Lothar
    Norsk Regnesentral.
    Privatsphäre trotz intelligenter Zähler2012Inngår i: digma - Zeitschrift für Datenrecht und Informationssicherheit, ISSN 1424-9944, Vol. 12, nr 1, s. 22-26Artikkel i tidsskrift (Fagfellevurdert)
  • 31. Konig, Wolfgang
    et al.
    Fritsch, Lothar
    Goethe University.
    Innovation promotion in the public environment through Public private partnerships -: The example of satellite navigation2007Inngår i: Wirtschaftsinformatik, ISSN 0937-6429, E-ISSN 1861-8936, Vol. 49, nr 2, s. 77-79Artikkel i tidsskrift (Annet vitenskapelig)
  • 32.
    Lehmann, Anja
    et al.
    IBM Research, Zurich.
    Whitehouse, DianeFischer-Hübner, SimoneKarlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).Fritsch, LotharKarlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).Raab, CharlesUniversity of Edinburgh.
    Privacy and Identity Management. Facing up to Next Steps: 11th IFIP WG 9.2, 9.5, 9.6/11.7, 11.4, 11.6/SIG 9.2.2 International Summer School, Karlstad, Sweden, August 21-26, 2016, Revised Selected Papers2017Konferanseproceedings (Fagfellevurdert)
  • 33.
    Lenhard, Jörg
    et al.
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Fritsch, Lothar
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Herold, Sebastian
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    A Literature Study on Privacy Patterns Research2017Inngår i: SEAA 2017 - 43rd Euromicro Conference Series on Software Engineering and Advanced Applications, IEEE, 2017, s. 194-200Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Context: Facing the implementation of the EU General Data Protection Regulation in May 2018, many commercial software providers will soon need to adapt their products to new privacy-related constraints. Privacy patterns defined for different aspects of the software engineering process promise to be a useful concept for this task. In this situation, it seems valuable to characterize the state of the research related to privacy patterns.Objective: To identify, characterize and classify the contributions made by published research results related to patterns in the context of considering privacy concerns in engineering software. Method: A literature review in form of a mapping study of scientific articles was performed. The resulting map structures the relevant body of work into multiple dimensions, illustrating research focuses and gaps.Results: Results show that empirical evidence in this field is scarce and that holistic approaches to engineering privacy into software based on patterns are lacking. This potentially hinders industrial adoption.Conclusion: Based on these results, we recommend to empirically validate existing privacy patterns, to consolidate them in pattern catalogues and languages, and to move towards seamless approaches from engineering privacy requirements to implementation.

  • 34.
    Momen, Nurul
    et al.
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Bock, Sven
    Technische Universität Berlin, DEU.
    Fritsch, Lothar
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Accept - Maybe - Decline: Introducing Partial Consent for the Permission-based Access Control Model of Android2020Inngår i: SACMAT '20: Proceedings of the 25th ACM Symposium on Access Control Models and Technologies, ACM Digital Library, 2020, s. 71-80Konferansepaper (Fagfellevurdert)
    Abstract [en]

    The consent to personal data sharing is an integral part of modern access control models on smart devices. This paper examines the possibility of registering conditional consent which could potentially increase trust in data sharing. We introduce an indecisive state of consenting to policies that will enable consumers to evaluate data services before fully committing to their data sharing policies. We address technical, regulatory, social, individual and economic perspectives for inclusion of partial consent within an access control mechanism. Then, we look into the possibilities to integrate it within the access control model of Android by introducing an additional button in the interface---\emph{Maybe}. This article also presents a design for such implementation and demonstrates feasibility by showcasing a prototype built on Android platform. Our effort is exploratory and aims to shed light on the probable research direction.

  • 35.
    Momen, Nurul
    et al.
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Fritsch, Lothar
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    App-generated digital identities extracted through Androidpermission-based data access - a survey of app privacy2020Inngår i: Sicherheit 2020 / [ed] Reinhardt, D.; Langweg, H.; Witt, B. C; Fischer, M, Gesellschaft für Informatik, 2020, s. 15-28Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Smartphone apps that run on Android devices can access many types of personal information. Such information can be used to identify, profile and track the device users when mapped into digital identity attributes. This article presents a model of identifiability through access to personal data protected by the Android access control mechanism called permissions. We present an abstraction of partial identity attributes related to such personal data, and then show how apps accumulate such attributes in a longitudinal study that was carried out over several months. We found that apps' successive access to permissions accumulates such identity attributes, where different apps show different interest in such attributes.

    Fulltekst (pdf)
    fulltext
  • 36.
    Momen, Nurul
    et al.
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Fritsch, Lothar
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Smartphone-Apps unter Beobachtung2020Inngår i: digma - Zeitschrift für Datenrecht und Informationssicherheit, ISSN 1424-9944, Vol. 20, nr 3, s. 152-155Artikkel i tidsskrift (Annet vitenskapelig)
    Abstract [de]

    Smartphones mit Android-Betriebssystem haben ein Zugriffskontrollsystem, welches auf Zugriffsrechten – zugeteilt per App – basiert. Damit werden Zugriffe von Android-Anwendungen Dritter auf kritische Ressourcen einschränkt. Einige dieser Rechte – von Google als sogenannte «dangerous permissions» definiert – bedürfen vor ihrer Aktivierung der Zustimmung des Nutzers. Dies geschieht durch ein Anklicken einer Zustimmung nach Start der App. Danach kann die App nach Belieben auf die jeweilige Datenquelle, beispielsweise Standortdaten (GPS), Kamera, Telefonstatus oder Adressbuch, zugreifen. Verlangt eine App Zugriff beispielsweise auf das Adressbuch, so muss vom Nutzer der Adressbuch-Zugriff beim ersten Versuch genehmigt werden. Diese Genehmigung wird dann ohne zeitliche Einschränkung in der App für zukünftige Zugriffe hinterlegt.

    Eine Verweigerung der Rechte in den Einstellungen führt oft zu Fehlfunktionen der Apps.

    Laufzeitberechtigungen werden auf Gruppenbasis erteilt. Um zum Beispiel Bluetooth verwenden zu können, wie es die Covid App benötigt, muss der Nutzer die Zustimmung zur Gruppe «Standort» geben. Wenn eine Anwendung erneut Laufzeitberechtigungen anfordert, die sich auf dieselbe Berechtigungsgruppe beziehen, werden, sobald eine davon erteilt ist, auch alle anderen erteilt. 

    In unserer Forschung stellten wir uns die Aufgabe, die Zugriffsfrequenzen auf datenschutzrelevante Datenquellen zu messen. Ziel war die Quantifizierung des Risikos für den Nutzer und die Schaffung von Transparenz über Datensammlungen sowohl in wissenschaftlicher Perspektive also auch zur Information von Endnutzern. Im Folgenden beschreiben wir Ergebnisse und Vorgehensweise unserer Studien.

     

  • 37.
    Momen, Nurul
    et al.
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Hatamian, Majid
    Goethe-Universität Frankfurt am Main, Germany.
    Fritsch, Lothar
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Did App Privacy Improve After the GDPR?2019Inngår i: IEEE Security and Privacy, ISSN 1540-7993, E-ISSN 1558-4046, Vol. 17, nr 6, s. 10-20Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    In this article, we present an analysis of app behavior before and after the regulatory change in dataprotection in Europe. Our data shows that app privacy has moderately improved after the implementationof the General Data Protection Regulation.

    In May 2018, stronger regulation of the processingof personal data became law in the EuropeanUnion, known as the General Data Protection Regulation(GDPR).1 The expected effect of the regulation was betterprotection of personal data, increased transparencyof collection and processing, and stronger interventionrights of data subjects, with some authors claiming thatthe GDPR would change the world, or at least that ofdata protection regulation.2 The GDPR had a two-year(2016–2018) implementation period that followedfour years of preparation. At the time of this writing,in November 2019, one and one-half years have passedsince the implementation of GDPR.Has the GDPR had an effect on consumer software?Has the world of code changed too? Did theGDPR have a measurable effect on mobile apps’behavior? How should such a change in behavior bemeasured?In our study, we decided to use two indicators for measurement:Android dangerous permission16 privileges anduser feedback from the Google Play app market. We collecteddata from smartphones with an installed app set formonths before GDPR implementation on 25 May 2018and months after that date.

    Fulltekst (pdf)
    fulltext
  • 38.
    Momen, Nurul
    et al.
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Pulls, Tobias
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Fritsch, Lothar
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Lindskog, Stefan
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    How much Privilege does an App Need? Investigating Resource Usage of Android Apps2017Inngår i: Proceedings of the Fifteenth International Conference on Privacy, Security and Trust – PST 2017 (IEEE proceedings pendings), IEEE, 2017Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Arguably, one of the default solutions to many of today’s everyday errands is to install an app. In order to deliver a variety of convenient and user-centric services, apps need to access different types of information stored in mobile devices, much of which is personal information. In principle, access to such privacy sensitive data should be kept to a minimum. In this study, we focus on privilege utilization patterns by apps installed on Android devices. Though explicit consent is required prior to first time access to the resource, the unavailability of usage information makes it unclear when trying to reassess the users initial decision. On the other hand, if granted privilege with little or no usage, it would suggest the likely violation of the principle of least privilege. Our findings illustrate a plausible requirement for visualising resource usage to aid the user in their decision- making and finer access control mechanisms. 

  • 39.
    Nordin, Anna
    et al.
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för hälsovetenskaper (from 2013).
    Ängeby, Karin
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för hälsovetenskaper (from 2013). Region Värmland.
    Fritsch, Lothar
    Oslo Metropolitan University, NOR.
    Body-Area Sensing in Maternity Care: Evaluation of Commercial Wristbands for Pre-birth Stress Management2022Inngår i: Lecture Notes of the Institute for Computer Sciences Social Informatics and Telecommunications Engineering, Springer, 2022, Vol. 420, s. 168-175Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Many women use digital tools during pregnancy and birth. There are many existing mobile applications to measure quantity and length of contractions during early labour, but there is a need to offer evidence-based, credible electronic and digital solutions to parents-to-be. This article presents ongoing research work in a research project regarding mobile telemetric supported maternity care. It summarizes an approach for stress management in late maternity and under birth preparation that is based on body area sensing, our investigation of the properties of commercially available wearable wristbands for body sensing, and the insights gained from testing the wristbands from the project's perspective. We found that sensing precision is very variable depending on the wristband model, while the flows of medical personal data exclusively are routed through vendor cloud platforms outside the EU. The impact of our findings for the use of commercial wristbands in European medical research and practice is discussed in the conclusion.

  • 40. Paintsil, Ebenezer
    et al.
    Fritsch, Lothar
    Norsk Regnesentral.
    A Taxonomy of Privacy and Security Risks Contributing Factors2011Inngår i: IFIP Advances in Information and Communication Technology, ISSN 1868-4238, Vol. 352, s. 52-63Artikkel i tidsskrift (Fagfellevurdert)
  • 41.
    Paintsil, Ebenezer
    et al.
    Norwegian Comp Ctr, Dept Appl Res, ICT, Oslo, Norway..
    Fritsch, Lothar
    Norwegian Comp Ctr, Dept Appl Res, ICT, Oslo, Norway..
    A Taxonomy of Privacy and Security Risks Contributing Factors2011Inngår i: PRIVACY AND IDENTITY MANAGEMENT FOR LIFE, Springer, 2011, s. 52-63Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Identity management system(s) (IDMS) do rely on tokens in order to function. Tokens can contribute to privacy or security risk in IDMS. Specifically, the characteristics of tokens contribute greatly to security and privacy risks in IDMS. Our understanding of how the characteristics of token contribute to privacy and security risks will help us manage the privacy and security risks in IDMS. In this article, we introduce a taxonomy of privacy and security risks contributing factors to improve our understanding of how tokens affect privacy and security in ID MS. The taxonomy is based on a survey of IDMS articles. We observed that our taxonomy can form the basis for a risk assessment model.

  • 42. Paintsil, Ebenezer
    et al.
    Fritsch, Lothar
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Executable Model-Based Risk Analysis Method for Identity Management Systems: Using Hierarchical Colored Petri Nets Executable Model-Based Risk Assessment Method for Identity Management Systems2013Inngår i: Trust, Privacy, and Security in Digital Business: 10th International Conference, TrustBus 2013, Prague, Czech Republic, August 28-29, 2013. Proceedings / [ed] Furnell, S., Lambrinoudakis, C. & Lopez, J., Springer , 2013, s. 48-61Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Model-based risk analysis methods use graphical models to facilitate participation, risk communication and documentation and thereby improve the risk analysis process. Currently, risk analysis methods for identity management systems (IDMSs) mainly rely on time consuming and expensive manual inspections and lack graphical models. This article introduces the executable model-based risk analysis method (EM-BRAM) with the aim of addressing these challenges. The EM-BRAM employs graphical models to enhance risk analysis in IDMSs. It identifies risk contributing factors for IDMSs and uses them as inputs to a colored petri nets (CPNs) model of a targeted IDMS. It then verifies the system’s risk using CPNs’ state space analysis and queries. Currently, risk assessment methods for identity management systems (IDMSs) are lacking. This makes it difficult to compare IDMSs based on how they enhance privacy and security of system stakeholders. This article proposes the executable model-based risk assessment method (EM-BRAM) with the aim of addressing this challenge. The EM-BRAM identifies risk factors inherent in IDMSs and uses them as inputs to a colored petri nets (CPNs) model of a targeted IDMS. It then estimates or verifies the system’s security and privacy risks using CPNs’ state space analysis and queries.

  • 43. Paintsil, Ebenezer
    et al.
    Fritsch, Lothar
    Norsk Regnesentral.
    Taxonomy of Privacy and Security Risks Contributing Factors2011Inngår i: Privacy and Identity Management for Life. 6th IFIP WG 9.2, 9.6/11.7, 11.4, 11.6/PrimeLife International Summer School, Helsingborg, Sweden, August 2-6, 2010, Revised Selected Papers, Springer , 2011Konferansepaper (Fagfellevurdert)
  • 44. Paintsil, Ebenezer
    et al.
    Fritsch, Lothar
    Karlstads universitet, Fakulteten för hälsa, natur- och teknikvetenskap (from 2013), Institutionen för matematik och datavetenskap (from 2013).
    Towards Legal Privacy Risk Assessment Automation in Social Media2011Inngår i: INFORMATIK 2011 - Informatik schafft Communities / [ed] Heiß, H.,Pepper, P., Schlingloff, H. & Schneider, J., Gesellschaft für Informatik , 2011Konferansepaper (Fagfellevurdert)
  • 45.
    Røssvoll, Till Halbach
    et al.
    Norsk Regnesentral.
    Fritsch, Lothar
    Norwegian Computing Center, Oslo.
    Reducing the User Burden of Identity Management: A Prototype Based Case Study for a Social-Media Payment Application Trustworthy and Inclusive Identity Management for Applications in Social Media2013Inngår i: ACHI 2013, The Sixth International Conference on Advances in Computer-Human Interactions, International Academy, Research and Industry Association (IARIA), 2013Konferansepaper (Fagfellevurdert)
    Abstract [en]

    We describe a prototype for inclusive and secure identity management regarding a bill sharing application in social media. Beginning with the principals of universal design, and involving groups of users with impairments, we designed a set of alternative authentication methods based on OpenID. This work explains the scenario and the particularities of designing a trust, security, and privacy infrastructure with a high degree of usability for diverse user groups, and which is aligned with the requirements from regulatory frameworks. The user trials show that several authentication alternatives in multiple modalities are welcomed by impaired users, but many have restrictions when it comes to payments in the context of social media.

  • 46.
    Scherner, Tobias
    et al.
    Goethe University.
    Fritsch, Lothar
    Goethe University.
    Technology Assurance2011Inngår i: Digital Privacy: Final report of the PRIME project / [ed] Camenisch, Jan; Leenes, Ronald; Sommer, Dieter, Heidelberg: Springer Berlin/Heidelberg, 2011Kapittel i bok, del av antologi (Fagfellevurdert)
    Abstract [en]

    This chapter documents the experiences of assurance evaluation during the early stage of a large software development project. The PRIME project researches, contracts and integrates privacy-respecting software to business environments. There exist several approaches to ensure the quality of secure software. Some of these approaches have the focus of quality assurance at a very early stage of the development process and have weaknesses to ensure the quality of this process until the product is ready to enter the market. Other approaches, like the CC, focus on inspection, or more concrete evaluation, of ready-to-market products.

  • 47. Schulz, Trenton
    et al.
    Fritsch, Lothar
    Norsk Regnesentral.
    Accessibility and Inclusion Requirements for Future e-Identity Solutions2014Inngår i: Computers Helping People with Special Needs: Proceedings of the 14th International Conference, ICCHP 2014, Paris, France, July 9-11, 2014, Springer, 2014, s. 316-323Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Future e-identity services will need to be accessible for people with different types of abilities. We review current sets of accessibility guidelines and standards, current assistive technology, and current e-identity technology to determine accessibility and inclusion requirements for a future e-identity solution. For our project, we found that the area we could influence the most was the development of user interface for the client for e-identity and focused on these areas with the assumption that users would have access to inclusive cards and card readers. The requirements are divided into content and presentation, control and operation, legal requirements, testing, and help and support. We also provide possible areas for future research.

  • 48. Schulz, Trenton
    et al.
    Fritsch, Lothar
    Norsk Regnesentral.
    Identifying Trust Strategies in the Internet of Things2013Inngår i: Proceedings of the User-Centered Trust in Interactive Systems Workshop: a Workshop from NordiCHI 2012: TRUST, Norsk Regnesentral , 2013, Vol. 1028, s. 19-25Konferansepaper (Fagfellevurdert)
  • 49. Schulz, Trenton
    et al.
    Fritsch, Lothar
    Norsk Regnesentral.
    Schlehahn, Eva
    Hansen, Marit
    Zwingelberg, Harald
    Identifying Trust Strategies in the Internet of Things FutureID Deliverable D22.7 Accessibility and Inclusion Requirements2013Rapport (Fagfellevurdert)
    Abstract [en]

    Users in the Internet of Things (IoT) use strategies to determine if they should trust a system or service. These strategies are not actively declared, but it can be useful to know which strategy is being used. We provide possible actions that users may perform when using different trust strategies and possible ways these can be captured for user studies. This document defines the accessibility and inclusion requirements to be taken into account when developing the different prototypes in the FutureID project. It also serves as a back- ground document in informing project partners about different aspects of accessibility when dealing with ICT. This includes looking at definitions, different types of users, assistive tech- nology, and other existing work in the field. Legal requirements, including storing of personal information for making systems accessible, are also covered. The document includes the accessibility and inclusion requirements for both developing and testing the client.

  • 50.
    Schulz, Trenton
    et al.
    Norsk Regnesentral.
    Fritsch, Lothar
    Norsk Regnesentral.
    Solheim, Ivar
    Norsk Regnesentral.
    Tjøstheim, Ingvar
    Norsk Regnesentral.
    Petró, Dániel
    Arfwedson, Henrik
    Back, Niklas
    uTRUSTit: Deliverable D2.2 Definition of User Scenarios2011Rapport (Fagfellevurdert)
    Abstract [en]

    We present scenarios in the three domains of smart home, smart office, and e-voting. The smart home consists of five scenarios; the smart office includes nine scenarios; e-voting has five scenarios. These scenarios cover a variety of situations that people may encounter in their everyday life and help to illustrate the trust issues that can show up when working with the Internet of Things (IoT). The scenarios form a foundation for many of the tasks and activities in the other work packages since the scenarios capture the functionality that we will work on. We also include a list of potential devices that may be used to realize these scenarios.

12 1 - 50 of 57
RefereraExporteraLink til resultatlisten
Permanent link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • apa.csl
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf