Julio Angulo

Exploring Touch-Screen Biometrics for User Identification on Smart Phones

The use of mobile smart devices for storing sensitive information and accessing online services is increasing. At the same time, methods for authenticating users into their devices and online services that are not only secure, but also privacy and user-friendly are needed. In this paper, we present our initial explorations of the use of lock pattern dynamics as a secure and user-friendly two-factor authentication method. We developed an application for the Android mobile platform to collect data on the way individuals draw lock patterns on a touchscreen. Using a Random Forest machine learning classifier this method achieves an average Equal Error Rate (EER) of approximately 10.39%, meaning that lock patterns biometrics can be used for identifying users towards their device, but could also pose a threat to privacy if the users’ biometric information is handled outside their control.

Towards Usable Privacy Policy Display a Management

This paper discusses the approach taken within the PrimeLife project for providing user-friendly privacy policy interfaces for the PrimeLife Policy Language (PPL).We present the requirements, desig ...

How can Cloud Users be Supported in Deciding on, Tracking and Controlling How their Data are Used?

Transparency is a basic privacy principle and factor of social trust. However, the processing of personal data along a cloud chain is often rather intransparent to the data subjects concerned. Transparency Enhancing Tools (TETs) can help users in deciding on, tracking and controlling their data in the cloud. However, TETs for enhancing privacy also have to be designed to be both privacy-preserving and usable. In this paper, we provide requirements for usable TETs for the cloud. The requirements presented in this paper were derived in two ways; at a stakeholder workshop and through a legal analysis. Here we discuss design principles for usable privacy policies and give examples of TETs which enable end users to track their personal data. We are developing them using both privacy and usability as design criteria.

HCI for Policy Display and Administration

The PrimeLife Policy Language (PPL) has the objective of helping end users make the data handling practices of data controllers more transparent, allowing them to make well-informed decisions about the release of personal data in exchange for services. In this chapter, we present our work on user interfaces for the PPL policy engine, which aims at displaying the core elements of a data controller’s privacy policy in an easily understandable way as well as displaying how far it corresponds with the user’s privacy preferences. We also show how privacy preference management can be simplified for end users.

Transparency, Privacy and Trust – Technology for Tracking and Controlling My Data Disclosures: Does This Work?

Transparency is a basic privacy principle and social trust factor. However, in the age of cloud computing and big data, providing transparency becomes increasingly a challenge.

HCI requirements for Transparency and Accountability Tools for Cloud Service Chains

Cloud computing represents a major shift in the way Information and Communication Technology (ICT) is deployed and utilised across industries. Alongside the technological developments, organisations need to adapt to emerging operational needs associated with data governance, policy and responsibility, as well as compliance with regulatory regimes that may be multi-jurisdictional in nature. This paper is concerned with data governance in cloud ecosystems. It characterises the problem of data governance due to emerging challenges (and threats) in the cloud. It advocates an accountability-based approach for data stewardship. It defines accountability and introduces a model consisting of attributes, practices and mechanisms. The accountability model underpins an accountability framework supporting data governance. This paper also discusses emerging relationships between accountability, risk and trust. The overall objective of the proposed accountability-based approach to data governance is to support a transparent and trustworthy cloud.

What Would It Take for You to Tell Your Secrets to a Cloud

We investigate the end users’ behaviours and attitudes with regards to the control they place in the personal information that they disclose to cloud storage services. Three controlled experiments were carried out to study the influence in users’ decisions to retain or surrender control over their personal information depending on different factors. The results of these experiments reveal, among other things, the users’ willingness to surrender control over personal information that is perceived as non-sensitive in exchange for valuable rewards, and that users would value the possibility of knowing and controlling the parties who are granted access to their data in the cloud. Based on the results from the experiments we provide implications for the design of end-user tools that can promote transparency and accountability in cloud computing environments.

Identity Management through Profiles: Prototyping an Online Information Segregation Service

Whereas in real everyday life individuals have an intuitive approach at deciding which information to disseminate to others, in the digital world it becomes difficult to keep control over the information that is distributed to different online services. In this paper we present the design of a user interface for a system that can help users decide which pieces of information to distribute to which type of service providers by allowing them to segregate their information attributes into various personalized profiles. Iterative usability evaluations showed that users understand and appreciate the possibility to segregate information, and revealed possible improvements, implications and limitations of such an interface.

Accountability Through Transparency for Cloud Customers

Public cloud providers process data on behalf of their customers in data centres that typically are physically remote from their users. This context creates a number of challenges related to data privacy and security, and may hinder the adoption of cloud technology. One of these challenges is how to maintain transparency of the processes and procedures while at the same time providing services that are secure and cost effective. This chapter presents results from an empirical study in which the cloud customers identified a number of transparency requirements to the adoption of cloud providers. We have compared our results with previous studies, and have found that in general, customers are in synchrony with research criteria for cloud service provider transparency, but there are also some extra pieces of information that customers are looking for. We further explain how A4Cloud tools contribute to addressing the customers’ requirements.

Tools for Cloud Accountability: A4Cloud Tutorial

Cloud computing is becoming a key IT infrastructure technology being adopted progressively by companies and users. Still, there are issues and uncertainties surrounding its adoption, such as security and how users data is dealt with that require attention from developers, researchers, providers and users. The A4Cloud project tries to help solving the problem of accountability in the cloud by providing tools that support the process of achieving accountability. This paper presents the contents of the first A4Cloud tutorial. These contents include basic concepts and tools developed within the project. In particular, we will review how metrics can aid the accountability process and some of the tools that the A4Cloud project will produce such as the Data Track Tool (DTT) and the Cloud Offering Advisory Tool (COAT).