当前位置:
X-MOL 学术
›
arXiv.cs.CR
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Are PETs (Privacy Enhancing Technologies) Giving Protection for Smartphones? -- A Case Study
arXiv - CS - Cryptography and Security Pub Date : 2020-07-08 , DOI: arxiv-2007.04444 Tanusree Sharma and Masooda Bashir
arXiv - CS - Cryptography and Security Pub Date : 2020-07-08 , DOI: arxiv-2007.04444 Tanusree Sharma and Masooda Bashir
With smartphone technologies enhanced way of interacting with the world
around us, it has also been paving the way for easier access to our private and
personal information. This has been amplified by the existence of numerous
embedded sensors utilized by millions of apps to users. While mobile apps have
positively transformed many aspects of our lives with new functionalities, many
of these applications are taking advantage of vast amounts of data, privacy
apps, a form of Privacy Enhancing Technology can be an effective privacy
management tool for smartphones. To protect against vulnerabilities related to
the collection, storage, and sharing of sensitive data, developers are building
numerous privacy apps. However, there has been a lack of discretion in this
particular area which calls for a proper assessment to understand the
far-reaching utilization of these apps among users. During this process we have
conducted an evaluation of the most popular privacy apps from our total
collection of five hundred and twelve to demonstrate their functionality
specific data protections they are claiming to offer, both technologically and
conventionally, measuring up to standards. Taking their offered security
functionalities as a scale, we conducted forensic experiments to indicate where
they are failing to be consistent in maintaining protection. For legitimate
validation of security gaps in assessed privacy apps, we have also utilized
NIST and OWASP guidelines. We believe this study will be efficacious for
continuous improvement and can be considered as a foundation towards a common
standard for privacy and security measures for an app's development stage.
中文翻译:
PET(隐私增强技术)是否为智能手机提供保护? - 案例研究
随着智能手机技术增强了与我们周围世界互动的方式,它还为更轻松地访问我们的私人和个人信息铺平了道路。数以百万计的应用程序向用户使用的众多嵌入式传感器的存在进一步放大了这一点。虽然移动应用程序通过新功能积极改变了我们生活的许多方面,但其中许多应用程序正在利用大量数据,隐私应用程序,一种隐私增强技术可以成为智能手机的有效隐私管理工具。为了防止与敏感数据的收集、存储和共享相关的漏洞,开发人员正在构建大量隐私应用程序。然而,在这个特定领域缺乏自由裁量权,需要进行适当的评估,以了解用户对这些应用程序的广泛使用。在此过程中,我们对总共 512 个最流行的隐私应用程序进行了评估,以证明它们声称提供的功能特定数据保护,无论是技术上还是传统上,都符合标准。以他们提供的安全功能为尺度,我们进行了取证实验,以表明他们在维护保护方面未能保持一致的地方。为了合法验证评估隐私应用程序中的安全漏洞,我们还使用了 NIST 和 OWASP 指南。
更新日期:2020-07-10
中文翻译:
PET(隐私增强技术)是否为智能手机提供保护? - 案例研究
随着智能手机技术增强了与我们周围世界互动的方式,它还为更轻松地访问我们的私人和个人信息铺平了道路。数以百万计的应用程序向用户使用的众多嵌入式传感器的存在进一步放大了这一点。虽然移动应用程序通过新功能积极改变了我们生活的许多方面,但其中许多应用程序正在利用大量数据,隐私应用程序,一种隐私增强技术可以成为智能手机的有效隐私管理工具。为了防止与敏感数据的收集、存储和共享相关的漏洞,开发人员正在构建大量隐私应用程序。然而,在这个特定领域缺乏自由裁量权,需要进行适当的评估,以了解用户对这些应用程序的广泛使用。在此过程中,我们对总共 512 个最流行的隐私应用程序进行了评估,以证明它们声称提供的功能特定数据保护,无论是技术上还是传统上,都符合标准。以他们提供的安全功能为尺度,我们进行了取证实验,以表明他们在维护保护方面未能保持一致的地方。为了合法验证评估隐私应用程序中的安全漏洞,我们还使用了 NIST 和 OWASP 指南。