Difference between revisions of "AFSecurity Seminar"

From mn/ifi/AFSecurity
Jump to: navigation, search
Line 1: Line 1:
== Transport-level privacy for instant messaging ==
+
== Privacy Usability ==
  
 
{| border="0" cellpadding="1" cellspacing="1" width="100%"
 
{| border="0" cellpadding="1" cellspacing="1" width="100%"
 
|-
 
|-
| '''TIME:'''&nbsp; Friday 4 November 2022, 14:00h<br />'''PLACE:'''&nbsp;  Kristen Nygaards Hall (Room 5370), 5th floor, IFI, UiO, Ole Johan Dahls hus, Gaustadalleen 23b, Oslo. [https://kart.finn.no/?lng=10.71782&lat=59.94342&zoom=17&mapType=normap&markers=10.71782,59.94342,r,Gaustadall%C3%A9en+23B See map].<br />
+
| '''TIME:'''&nbsp; Friday 18 November 2022, 14:00h<br />'''PLACE:'''&nbsp;  Kristen Nygaards Hall (Room 5370), 5th floor, IFI, UiO, Ole Johan Dahls hus, Gaustadalleen 23b, Oslo. [https://kart.finn.no/?lng=10.71782&lat=59.94342&zoom=17&mapType=normap&markers=10.71782,59.94342,r,Gaustadall%C3%A9en+23B See map].<br />
 
Coffee and snaks served.<br />
 
Coffee and snaks served.<br />
 
<br />'''AGENDA:'''<br />
 
<br />'''AGENDA:'''<br />
 
14:00h Welcome at IFI and AF''Security''<br />14:15 Invited talk<br />
 
14:00h Welcome at IFI and AF''Security''<br />14:15 Invited talk<br />
* TITLE: ''Transport-level privacy for instant messaging'' &nbsp;
+
* TITLE: ''Employee-Centered Design of Technical and Organizational Privacy Measures'' &nbsp;
* SPEAKER: Boel Nelson, University of Copenhagen
+
* SPEAKER: Jan Tolsdorf, Bonn-Rhein-Sieg University of Applied Sciences, Germany
| <center>[[File:photo-Boel-Nelson.jpg|150px|link=https://di.ku.dk/english/staff/vip/researchers_ac/?pure=en/persons/760913]]</center>
+
| <center>[[File:photo-Jan-Tolsdorf.jpg|150px|link=https://www.h-brs.de/en/inf/jan-tolsdorf]]</center>
| <center>&nbsp;&nbsp;[[File:logo-University-Copenhagen.png|border|300px|link=https://www.ku.dk/english/]]</center>
+
| <center>&nbsp;&nbsp;[[File:logo-Bonn-Rhein-Sieg.png|300px|link=https://www.h-brs.de/de]]</center>
 
|}
 
|}
* ABSTRACT:<br />Traffic analysis poses an important privacy challenge. In particular, transport-level data can leak unintentional information—such as who communicates with whom. Existing tools for metadata privacy have adoption obstacles, including the risks of being scrutinized for having a particular app installed, and performance overheads incompatible with mobile devices.<br /><br /> In this talk, I will present DenIM (Deniable Instant Messaging), a novel protocol built on the idea of hiding traffic to make it unobservable to an adversary by piggybacking it on observable traffic. We posit that resilience to traffic analysis must be directly supported by major IM services themselves, and must be done in a low-latency manner without breaking existing features. Hence, DenIM is designed both for compatibility and performance; DenIM is a variant of the Signal protocol—commonly used for strong encryption in instant messaging services, and, DenIM’s bandwidth overhead scales with the volume of regular traffic, as opposed to scaling with time or the number of users.<br /><br /> The talk is based on joint research with E. Pagnin and A. Askarov.
+
* ABSTRACT:<br />The European General Data Protection Regulation (GDPR) requires the implementation of Technical and Organizational Measures (TOMs) to reduce the risk of illegitimate processing of personal data. For these measures to be effective, they must be applied correctly by employees who process personal data under the authority of their organization. However, even data processing employees often have limited knowledge of data protection policies and regulations, which increases the likelihood of misconduct and privacy breaches. To lower the likelihood of unintentional privacy breaches, TOMs must be developed with employees’ needs, capabilities, and usability requirements in mind. This talk provides insights into a user-centered design study with employees of two public institutions in Germany, with the aim of designing a solution to support data processing employees in handling personal data in a privacy-compliant manner. The presentation covers details on the development process and the evaluations.<br />
<br />
 
  
 
'''BIO:''' &nbsp;  
 
'''BIO:''' &nbsp;  
<br />Boel Nelson is a postdoc in the Algorithms and Complexity section at University of Copenhagen, and a member of the research center Basic Algorithms Research Copenhagen (BARC). She is an upcoming Marie Skłodowska-Curie postdoctoral fellow—starting her project on Provable Privacy for Metadata (ProPriM) in August 2023 at Aarhus University. Her research interests include data privacy, detection and mitigation of side-channels, and privacy enhancing technologies.
+
<br />Jan Tolsdorf works as a research assistant in the Data and Application Security Group of Prof. Dr.-Ing. Luigi Lo Iacono at Bonn-Rhein-Sieg University of Applied Sciences, Germany. He has recently completed his PhD in Computer Science at the University of Göttingen, Germany. Jan’s research activities are in the area of usable security and privacy. The Talk covers findings from his research focusing on the study of human factors in privacy in the employment context.
 
 
Prior to joining UCPH/BARC, Boel worked as a postdoc in the Logic and Semantics group at Aarhus University, where she conducted research on anonymous communication. Boel earned her PhD from Chalmers University of Technology, Sweden, with a dissertation titled ''Differential Privacy—A Balancing Act''. Additionally, Boel holds a MSc in Computer Systems and Networks with a security specialization, and a BSc in Software Engineering.
 
 
 
  
 
{| border="0" cellpadding="1" cellspacing="1" width="90%"
 
{| border="0" cellpadding="1" cellspacing="1" width="90%"

Revision as of 18:01, 7 November 2022

Privacy Usability

TIME:  Friday 18 November 2022, 14:00h
PLACE:  Kristen Nygaards Hall (Room 5370), 5th floor, IFI, UiO, Ole Johan Dahls hus, Gaustadalleen 23b, Oslo. See map.

Coffee and snaks served.

AGENDA:
14:00h Welcome at IFI and AFSecurity
14:15 Invited talk

  • TITLE: Employee-Centered Design of Technical and Organizational Privacy Measures  
  • SPEAKER: Jan Tolsdorf, Bonn-Rhein-Sieg University of Applied Sciences, Germany
Photo-Jan-Tolsdorf.jpg
  Logo-Bonn-Rhein-Sieg.png
  • ABSTRACT:
    The European General Data Protection Regulation (GDPR) requires the implementation of Technical and Organizational Measures (TOMs) to reduce the risk of illegitimate processing of personal data. For these measures to be effective, they must be applied correctly by employees who process personal data under the authority of their organization. However, even data processing employees often have limited knowledge of data protection policies and regulations, which increases the likelihood of misconduct and privacy breaches. To lower the likelihood of unintentional privacy breaches, TOMs must be developed with employees’ needs, capabilities, and usability requirements in mind. This talk provides insights into a user-centered design study with employees of two public institutions in Germany, with the aim of designing a solution to support data processing employees in handling personal data in a privacy-compliant manner. The presentation covers details on the development process and the evaluations.

BIO:  
Jan Tolsdorf works as a research assistant in the Data and Application Security Group of Prof. Dr.-Ing. Luigi Lo Iacono at Bonn-Rhein-Sieg University of Applied Sciences, Germany. He has recently completed his PhD in Computer Science at the University of Göttingen, Germany. Jan’s research activities are in the area of usable security and privacy. The Talk covers findings from his research focusing on the study of human factors in privacy in the employment context.

AFSecurity-small.png AFSecurity is organised by UiO Digital Security. Logo-uio-english-2022.png Sec-light-360.png
Retrieved from "https://wiki.uio.no/mn/ifi/AFSecurity/index.php?title=AFSecurity_Seminar&oldid=1719"