References of "Preneel, Bart"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailSC2Share: Smart Contract for Secure Car Sharing
Akash, Madhusudan; Symeonidis, Iraklis UL; A. Mustafa, Mustafa et al

in International Conference on Information Systems Security and Privacy (ICISSP) (2019, January 24)

This paper presents an efficient solution for the booking and payments functionality of a car sharing system that allows individuals to share their personal, underused cars in a completely decentralized ... [more ▼]

This paper presents an efficient solution for the booking and payments functionality of a car sharing system that allows individuals to share their personal, underused cars in a completely decentralized manner, annulling the need of an intermediary. Our solution, named SC2Share, leverages smart contracts and uses them to carry out secure and private car booking and payments. Our experiments on SC2Share on the Ethereum testnet guarantee high security and privacy to its users and confirm that our system is cost-efficient and ready for practical use. [less ▲]

Detailed reference viewed: 109 (3 UL)
Full Text
Peer Reviewed
See detailCollateral damage of Facebook third-party applications: a comprehensive study
Symeonidis, Iraklis UL; Biczók, Gergely; Shirazi, Fatemeh et al

in Computers & Security (2018), 77

Third-party applications on Facebook can collect personal data of the users who install them, but also of their friends. This raises serious privacy issues as these friends are not notified by the ... [more ▼]

Third-party applications on Facebook can collect personal data of the users who install them, but also of their friends. This raises serious privacy issues as these friends are not notified by the applications nor by Facebook and they have not given consent. This paper presents a detailed multi-faceted study on the collateral information collection of the applications on Facebook. To investigate the views of the users, we designed a questionnaire and collected the responses of 114 participants. The results show that participants are concerned about the collateral information collection and in particular about the lack of notification and of mechanisms to control the data collection. Based on real data, we compute the likelihood of collateral information collection affecting users: we show that the probability is significant and greater than 80% for popular applications such as TripAdvisor. We also demonstrate that a substantial amount of profile data can be collected by applications, which enables application providers to profile users. To investigate whether collateral information collection is an issue to users’ privacy we analysed the legal framework in light of the General Data Protection Regulation. We provide a detailed analysis of the entities involved and investigate which entity is accountable for the collateral information collection. To provide countermeasures, we propose a privacy dashboard extension that implements privacy scoring computations to enhance transparency toward collateral information collection. Furthermore, we discuss alternative solutions highlighting other countermeasures such as notification and access control mechanisms, cryptographic solutions and application auditing. To the best of our knowledge this is the first work that provides a detailed multi-faceted study of this problem and that analyses the threat of user profiling by application providers. [less ▲]

Detailed reference viewed: 55 (7 UL)
Full Text
Peer Reviewed
See detailSePCAR: A Secure and Privacy-Enhancing Protocol for Car Access Provision
Symeonidis, Iraklis UL; Aly, Abdelrahaman; Mustafa, Mustafa Asan et al

in Symeonidis, Iraklis (Ed.) Computer Security -- ESORICS 2017 (2017)

We present an efficient secure and privacy-enhancing protocol for car access provision, named SePCAR. The protocol is fully decentralised and allows users to share their cars conveniently without ... [more ▼]

We present an efficient secure and privacy-enhancing protocol for car access provision, named SePCAR. The protocol is fully decentralised and allows users to share their cars conveniently without sacrifising their security and privacy. It provides generation, update, revocation, and distribution mechanisms for access tokens to shared cars, as well as procedures to solve disputes and to deal with law enforcement requests, for instance in the case of car incidents. We prove that SePCAR meets its appropriate security and privacy requirements and that it is efficient: our practical efficiency analysis through a proof-of-concept implementation shows that SePCAR takes only 1.55 s for a car access provision. [less ▲]

Detailed reference viewed: 29 (4 UL)
Full Text
Peer Reviewed
See detailPrivate Mobile Pay-TV From Priced Oblivious Transfer
Biesmans, Wouter; Balasch, Josep; Rial Duran, Alfredo UL et al

in IEEE Transactions on Information Forensics & Security (2017)

In pay-TV, a service provider offers TV programs and channels to users. To ensure that only authorized users gain access, conditional access systems (CAS) have been proposed. In existing CAS, users ... [more ▼]

In pay-TV, a service provider offers TV programs and channels to users. To ensure that only authorized users gain access, conditional access systems (CAS) have been proposed. In existing CAS, users disclose to the service provider the TV programs and channels they purchase. We propose a pay-per-view and a pay-per-channel CAS that protect users' privacy. Our pay-per-view CAS employs priced oblivious transfer (POT) to allow a user to purchase TV programs without disclosing which programs were bought to the service provider. In our pay-per-channel CAS, POT is employed together with broadcast attribute-based encryption (BABE) to achieve low storage overhead, collusion resistance, efficient revocation and broadcast efficiency. We propose a new POT scheme and show its feasibility by implementing and testing our CAS on a representative mobile platform. [less ▲]

Detailed reference viewed: 66 (4 UL)
Full Text
Peer Reviewed
See detailCollateral Damage of Online Social Network Applications
Symeonidis, Iraklis UL; Tsormpatzoudi, Pagona; Preneel, Bart

in Symeonidis, Iraklis (Ed.) Proceedings of the 2nd International Conference on Information Systems Security and Privacy, ICISSP 2016, Rome, Italy, February 19-21 2016. (2016)

Third-party apps enable a personalized experience on social networking platforms; however, they give rise to privacy interdependence issues. Apps installed by a user’s friends can collect and potentially ... [more ▼]

Third-party apps enable a personalized experience on social networking platforms; however, they give rise to privacy interdependence issues. Apps installed by a user’s friends can collect and potentially misuse her personal data inflicting collateral damage on the user while leaving her without proper means of control. In this paper, we present a multi-faceted study on the collateral information collection of apps in social networks. We conduct a user survey and show that Facebook users are concerned about this issue and the lack of mechanisms to control it. Based on real data, we compute the likelihood of collateral information collection affecting users; we show that the probability is significant and depends on both the friendship network and the popularity of the app. We also show its significance by computing the proportion of exposed user attributes including the case of profiling, when several apps are offered by the same provider. Finally, we propose a privacy dashboard concept enabling users to control the collateral damage. [less ▲]

Detailed reference viewed: 43 (0 UL)
Full Text
Peer Reviewed
See detailCollateral Damage of Facebook Apps: Friends, Providers, and Privacy Interdependence
Symeonidis, Iraklis UL; Shirazi, Fatemeh; Biczók, Gergely et al

in Symeonidis, Iraklis (Ed.) ICT Systems Security and Privacy Protection (2016)

Third-party apps enable a personalized experience on social networking platforms; however, they give rise to privacy interdependence issues. Apps installed by a user's friends can collect and potentially ... [more ▼]

Third-party apps enable a personalized experience on social networking platforms; however, they give rise to privacy interdependence issues. Apps installed by a user's friends can collect and potentially misuse her personal data inflicting collateral damage on the user while leaving her without proper means of control. In this paper, we present a multi-faceted study on the collateral information collection of apps in social networks. We conduct a user survey and show that Facebook users are concerned about this issue and the lack of mechanisms to control it. Based on real data, we compute the likelihood of collateral information collection affecting users; we show that the probability is significant and depends on both the friendship network and the popularity of the app. We also show its significance by computing the proportion of exposed user attributes including the case of profiling, when several apps are offered by the same provider. Finally, we propose a privacy dashboard concept enabling users to control the collateral damage. [less ▲]

Detailed reference viewed: 47 (1 UL)
Full Text
Peer Reviewed
See detailKeyless car sharing system: A security and privacy analysis
Symeonidis, Iraklis UL; Mustafa, Mustafa A.; Preneel, Bart

in Symeonidis, Iraklis (Ed.) IEEE International Smart Cities Conference, ISC2 2016, Trento Italy, September 12-15, 2016 (2016)

This paper proposes a novel physical keyless car sharing system where users can use and share their cars without the need of physical keys. It also provides a comprehensive security and privacy analysis ... [more ▼]

This paper proposes a novel physical keyless car sharing system where users can use and share their cars without the need of physical keys. It also provides a comprehensive security and privacy analysis of such a system. It first presents a high-level model for a keyless car sharing system, describing its main entities and specifying the necessary functional requirements to allow users to share their cars (with other users) without exchanging physical keys. Based on this model and functional requirements, the paper presents a comprehensive threat analysis of the system. It focuses on the threats affecting the system's security and the users' privacy. This analysis results in a specification of an extensive set of security and privacy requirements for the system. This work can be used as a guide for a future keyless car sharing system design and as a mean to assess the security and privacy risks imposed on users by such systems. [less ▲]

Detailed reference viewed: 43 (3 UL)
Full Text
See detailPrivacy and Security in an Age of Surveillance
Ryan, Peter UL; Preneel, Bart; Rogaway, Phillip et al

Report (2015)

The Snowden revelations have demonstrated that the US and other nations are amassing data about people's lives at an unprecedented scale. Furthermore, these revelations have shown that intelligence ... [more ▼]

The Snowden revelations have demonstrated that the US and other nations are amassing data about people's lives at an unprecedented scale. Furthermore, these revelations have shown that intelligence agencies are not only pursuing passive surveillance over the world's communication systems, but are also seeking to facilitate such surveillance by undermining the security of the internet and communications technologies. Thus the activities of these agencies threatens not only the rights of individual citizens but also the fabric of democratic society. Intelligence services do have a useful role to play in protecting society and for this need the capabilities and authority to perform targeted surveillance. But the scope of such surveillance must be strictly limited by an understanding of its costs as well as benefits, and it should not impinge on the privacy rights of citizens any more than necessary. Here we report on a recent Dagstuhl Perspectives Workshop addressing these issues - a four-day gathering of experts from multiple disciplines connected with privacy and security. The meeting explored the scope of mass-surveillance and the deliberate undermining of the security of the internet, defined basic principles that should underlie needed reforms, and discussed the potential for technical, legal and regulatory means to help restore the security of the internet and stem infringement of human-rights by ubiquitous electronic surveillance. [less ▲]

Detailed reference viewed: 185 (2 UL)
Full Text
Peer Reviewed
See detailPrivacy and Security in an Age of Surveillance
Preneel, Bart; Rogaway, Phillip; Ryan, Mark D. et al

in Dagstuhl Reports (2014), 4(9), 106-123

The Snowden revelations have demonstrated that the US and other nations are amassing data about people's lives at an unprecedented scale. Furthermore, these revelations have shown that intelligence ... [more ▼]

The Snowden revelations have demonstrated that the US and other nations are amassing data about people's lives at an unprecedented scale. Furthermore, these revelations have shown that intelligence agencies are not only pursuing passive surveillance over the world's communication systems, but are also seeking to facilitate such surveillance by undermining the security of the internet and communications technologies. Thus the activities of these agencies threatens not only the rights of individual citizens but also the fabric of democratic society. Intelligence services do have a useful role to play in protecting society and for this need the capabilities and authority to perform targeted surveillance. But the scope of such surveillance must be strictly limited by an understanding of its costs as well as benefits, and it should not impinge on the privacy rights of citizens any more than necessary. Here we report on a recent Dagstuhl Perspectives Workshop addressing these issues - a four-day gathering of experts from multiple disciplines connected with privacy and security. The meeting explored the scope of mass-surveillance and the deliberate undermining of the security of the internet, defined basic principles that should underlie needed reforms, and discussed the potential for technical, legal and regulatory means to help restore the security of the internet and stem infringement of human-rights by ubiquitous electronic surveillance. [less ▲]

Detailed reference viewed: 364 (3 UL)
See detailInformaticaonderwijs aan Nederlandse Universiteiten in 2013 - State of the Art
Paredaens, Jan; Bijlsma, Lex; Boot, Peter et al

Report (2014)

Detailed reference viewed: 19 (0 UL)