04_Handout_1.pdf

Full Transcript

IT2028

Online Privacy Data collectors collect information directly from their customers,
Online Ecosystem (Stallings, 2019) audience, or other types of users of their services.
Online privacy refers to privacy concerns related to user Data brokers compile large amounts of personal data from
interaction with Internet services through web servers and several data collectors and other data brokers without having
mobile apps. direct online contact with the individuals whose information is in
Websites collect personal information explicitly through a variety the collected data. Data brokers repackage and sell the collected
of means, including registration pages, user surveys, and online information to various data users, typically without the
contests, application forms, and order forms permission or input of the individuals involved. Because
It also collects personal information through means that are not consumers generally do not directly interact with data brokers,
obvious to consumers, such as cookies and other tracking they have no means of knowing the extent and nature of the
technologies. Figure 1 illustrates the many players involved in information that data brokers collect about them and share with
the online collection and use of personal data. others for their financial gain. Data brokers can collect
information about consumers from various public and nonpublic
sources, including courthouse records, website cookies, and
loyalty card programs. Typically, brokers create profiles of
individuals for marketing purposes and sell them to data users.
The data users category encompasses a broad range. One type
of data user is a business that wants to target its advertisements
and special offers. Other uses are fraud prevention and credit
risk assessment.

Web Security and Privacy (Stallings, 2019)
The WWW is fundamentally a client/server application running
over the Internet. The use of the Web presents several security
challenges:
o The Web is vulnerable to attacks on web servers over
the Internet.
o Casual and untrained (in security matters) users are
common clients for web-based services. Such users are
not necessarily aware of the security risks that exist and
do not have the tools or knowledge to take effective
countermeasures.
o A web server can be exploited as a launching pad into a
corporation’s or an agency’s entire computer complex.
Once a web server is subverted, an attacker may be
able to gain access to data and systems not part of the
Web itself but connected to the server at the local site.
A useful way of breaking down the issues involved is to consider
Figure 1. Personal Data Ecosystem the following classification of security and privacy issues:

04 Handout 1 *Property of STI
 [email protected] Page 1 of 4
 IT2028

o Web server security and privacy are concerned with Figure 2 shows the following elements in the ecosystem within
the vulnerabilities and threats associated with the which mobile device applications function:
platform that hosts a website, including the operating o Cellular and Wi-Fi infrastructure: Modern mobile
system (OS), file and database systems, and network devices are typically equipped with the capability to use
traffic. cellular and Wi-Fi networks to access the Internet and to
o Web application security and privacy are concerned place telephone calls. Cellular network cores also rely
with web software, including any applications accessible upon authentication servers to use and store customer
via the Web. authentication information.
o Web browser security and privacy are concerned with o Public application stores (public app stores): Public
the browser used from a client system to access a web app stores include native app stores; these are digital
server. distribution services operated and developed by mobile
OS vendors. For Android, the official app store is Google
Mobile Ecosystem Play, and for iOS, it is simply called the App Store. These
The execution of mobile applications on a mobile device may stores invest considerable effort in detecting and
involve communication across several networks and interaction thwarting malware and ensuring that the apps do not
with some systems owned and operated by a variety of parties. cause unwanted behavior on mobile devices. In
addition, there are numerous third-party app stores. The
danger with third-party stores is uncertainty about what
level of trust the user or the enterprise should have that
the apps are free of malware.
o Device and OS vendor infrastructure: Mobile device
and OS vendors host servers to provide updates and
patches to the OS and apps. Other cloud-based services
may be offered, such as storing user data and wiping a
missing device.
o Enterprise mobility management systems:
Enterprise mobility management (EMM) is a general
term that refers to everything involved in managing
mobile devices and related components (e.g., wireless
networks). EMM is much broader than just information
security; it includes mobile application management,
inventory management, and cost management.
Although EMM is not directly classified as a security
technology, it can help in deploying policies to an
enterprise’s device pool and monitoring a device’s state.

Figure 2. Mobile Ecosystem

04 Handout 1 *Property of STI
 [email protected] Page 2 of 4
 IT2028

Mobile Application Vetting evaluates additional criteria to determine if the app violates any
organization-specific security requirements that could not be
ascertained by the analyzers
The auditor then makes a recommendation to someone in the
organization who has the authority to approve or reject an app
for deployment on mobile devices. If the approver approves an
app, the administrator can then deploy the app on the
organization’s mobile devices.

Threats from Application
The first step in developing privacy by design and privacy
engineering solutions for online privacy is to define the threats to
online privacy. These threats are divided into two (2) areas: web
application privacy and mobile app privacy.
Web application privacy: The Open Web Application Security
Project (OWASP) top 10 privacy risks project provides a list of
the top privacy risks in web applications. The goal of the project
is to identify the most important technical and organizational
privacy risks for web applications from the perspectives of both
Figure 3. App Vetting Process the user (data subject) and the provider (data owner). The risks
are:
The process of evaluation and approval or rejection of apps o Web application vulnerabilities: Failing to suitable
within an organization, referred to as app vetting, is illustrated in design and implement an application, detect a problem,
Figure 3. The vetting process begins when an app is acquired or promptly apply a fix (patch), which is likely to result in
from a public or enterprise store or submitted by an in-house or a privacy breach. Vulnerability is a key problem in any
third-party developer. system that guards or operates on sensitive user data.
An administrator is a member of the organization who is o User-side data leakage: Failing to prevent the leakage
responsible for deploying, maintaining, and securing the of any information containing or related to user data, or
organization’s mobile devices as well as ensuring that deployed the data itself, to any unauthorized party resulting in loss
devices and their installed apps conform to the organization’s of data confidentiality. Leakage may be introduced due
security requirements. to either intentional malicious breach or mistake (e.g.,
The administrator submits the app to an app testing facility in caused by insufficient access management controls,
the organization that employs automated and/or human insecure storage, duplication of data, or a lack of
analyzers to evaluate the security characteristics of an app, awareness).
including searching for malware, identifying vulnerabilities, and o Insufficient data breach response: Not informing the
assessing risks. The resulting security report and risk affected persons (data subjects) about a possible
assessment are conveyed to an auditor or auditors. breach or data leak, resulting in either from intentional
The role of an auditor is to inspect reports and risk assessments or unintentional events; failure to remedy the situation
from one or more analyzers to ensure that an app meets the by fixing the cause; not attempting to limit the leaks.
security requirements of the organization. The auditor also
04 Handout 1 *Property of STI
 [email protected] Page 3 of 4
 IT2028

o Insufficient deletion of personal data: Failing to o Insecure network communications: Network traffic
delete personal data effectively and/or in a timely needs to be securely encrypted to prevent an adversary
fashion after the termination of the specified purpose or from eavesdropping. Apps need to properly authenticate
upon request. the remote server when connecting to prevent man-in-
o Non-transparent policies, terms, and conditions: Not the-middle attacks and connection to malicious servers.
providing sufficient information describing how data are o Web browser vulnerabilities: Adversaries can exploit
processed, such as their collection, storage, and vulnerabilities in mobile device web browser
processing. Failure to make this information easily applications as an entry point to gain access to a mobile
accessible and understandable for non-lawyers. device.
o Collection of data not required for the primary o Vulnerabilities in third-party libraries: Third-party
purpose: Collecting descriptive, demographic, or any software libraries are reusable components that may be
other user-related data that are not needed for the distributed freely or offered for a fee to other software
system. Applies also to data for which the user did not vendors. Software development by component or
provide consent. modules may be more efficient, and third-party libraries
o Sharing of data with a third party: Providing user data are routinely used across the industry. However, a
to a third party without obtaining the user’s consent. flawed library can introduce vulnerabilities in any app
Sharing results either due to transfer or exchanging for that includes or makes use of that library. Depending on
monetary compensation or otherwise due to the pervasiveness of the library, its use can potentially
inappropriate use of third-party resources included in affect thousands of apps and millions of users.
websites, such as widgets (e.g., maps, social networking
buttons), analytics, or web bugs.
o Outdated personal data: Using outdated, incorrect, or
bogus user data and failing to update or correct the data.
o Missing or insufficient session expiration: Failing to
effectively enforce session termination. May result in the
collection of additional user data without the user’s
consent or awareness.
o Insecure data transfer: Failing to provide data transfers
over encrypted and secured channels, excluding the
possibility of data leakage. Failing to enforce
mechanisms that limit the leaking surface (e.g., allowing
to infer any user data out of the mechanics of web
application operation).
Mobile app privacy: Legitimate mobile apps may be vulnerable References:
to several privacy and security threats, typically due to poor Kumar, G., Saini, DK., Huy Cuong, NH. (2020). Cyber defense mechanisms: Security,
coding practices used in app development or underlying privacy, and challenges. CRC Press.
vulnerabilities in the mobile device operating system. Consider Stallings, W. (2019). Information privacy engineering and privacy by design:
the following threats against vulnerable applications, Understanding privacy threats, technologies, and regulations. Assison-Wesley
Professional. Torra, V. (2018). Data privacy: Foundations, new developments, and the
encompassing both privacy and security threats: big data challenge. Springer International Publishing.

04 Handout 1 *Property of STI
 [email protected] Page 4 of 4