The world has seen a quick transition from hard devices for local storage to massive virtual data centers, all possible because of cloud storage technology. Businesses have grown to be scalable, meeting consumer demands on every turn. Cloud computing has transforming the way we do business making IT more efficient and cost effective that leads to new types of cybercrimes. Securing the data in cloud is a challenging task. Cloud security is a mixture of art and science. Art is to create your own technique and technologies in such a way that the user should be authenticated. Science is because you have to come up with ways of securing your application. Data security refers to a broad set of policies, technologies and controls deployed to protect data application and the associated infrastructure of cloud computing. It ensures that the data has not been accessed by any unauthorized person. Cloud storage systems are considered to be a network of distributed data centers which typically uses cloud computing technologies like virtualization and offers some kind of interface for storing data. Virtualization is the process of grouping the physical storage from multiple network storage devices so that it looks like a single storage device.Storing the important data in the cloud has become an essential argument in the computer territory. The cloud enables the user to store the data efficiently and access the data securely. It avoids the basic expenditure on hardware, software and maintenance. Protecting the cloud data has become one of the burdensome tasks in today’s environment. Our proposed scheme "Certificateless Compressed Data Sharing in Cloud through Partial Decryption" (CCDSPD) makes use of Shared Secret Session (3S) key for encryption and double decryption process to secure the information in the cloud. CC does not use pairing concept to solve the key escrow problem. Our scheme provides an efficient secure way of sharing data to the cloud and reduces the time consumption nearly by 50 percent as compared to the existing mCL-PKE scheme in encryption and decryption process.Distributed Cloud Environment (DCE) has the ability to store the da-ta and share it with others. One of the main issues arises during this is, how safe the data in the cloud while storing and sharing. Therefore, the communication media should be safe from any intruders residing between the two entities. What if the key generator compromises with intruders and shares the keys used for both communication and data? Therefore, the proposed system makes use of the Station-to-Station (STS) protocol to make the channel safer. The concept of encrypting the secret key confuses the intruders. Duplicate File Detector (DFD) checks for any existence of the same file before uploading. The scheduler as-signs the work of generating keys to the key manager who has less task to complete or free of any task. By these techniques, the proposed system makes time-efficient, cost-efficient, and resource efficient compared to the existing system. The performance is analysed in terms of time, cost and resources. It is necessary to safeguard the communication channel between the entities before sharing the data. In this process of sharing, what if the key manager’s compromises with intruders and reveal the information of the user’s key that is used for encryption. The process of securing the key by using the user’s phrase is the key concept used in the proposed system "Secure Storing and Sharing of Data in Cloud Environment using User Phrase" (S3DCE). It does not rely on any key managers to generate the key instead the user himself generates the key. In order to provide double security, the encryption key is also encrypted by the public key derived from the user’s phrase. S3DCE guarantees privacy, confidentiality and integrity of the user data while storing and sharing. The proposed method S3DCE is more efficient in terms of time, cost and resource utilization compared to the existing algorithm DaSCE (Data Security for Cloud Environment with Semi Trusted Third Party) and DACESM (Data Security for Cloud Environment with Scheduled Key Managers).For a cloud to be secure, all of the participating entities must be secure. The security of the assets does not solely depend on an individual s security measures. The neighbouring entities may provide an opportunity to an attacker to bypass the user s defences. The data may compromise due to attacks by other users and nodes within the cloud. Therefore, high security measures are required to protect data within the cloud. Cloudsim allows to create a network that contains a set of Intelligent Sense Point (ISP) spread across an area. Each ISPs will have its own unique position and will be different from other ISPs. Cloud is a cost-efficient solution for the distribution of data but has the challenge of a data breach. The data can be compromised of attacks of ISPs. Therefore, in OSNQSC (Optimized Selection of Nodes for Enhanced in Cloud Environment), an optimized method is proposed to find the best ISPs to place the data fragments that considers the channel quality, distance and the remaining energy of the ISPs. The fragments are encrypted before storing. OSNQSC is more efficient in terms of total upload time, total download time, throughput, storage and memory consumption of the node with the existing Betweenness centrality, Eccentricity and Closeness centrality methods of DROPS (Division and Replication of Data in the Cloud for Optimal Performance and Security).

The world has seen a quick transition from hard devices for local storage to massive virtual data centers, all possible because of cloud storage technology. Businesses have grown to be scalable, meeting consumer demands on every turn. Cloud computing has transforming the way we do business making IT more efficient and cost effective that leads to new types of cybercrimes. Securing the data in cloud is a challenging task. Cloud security is a mixture of art and science. Art is to create your own technique and technologies in such a way that the user should be authenticated. Science is because you have to come up with ways of securing your application. Data security refers to a broad set of policies, technologies and controls deployed to protect data application and the associated infrastructure of cloud computing. It ensures that the data has not been accessed by any unauthorized person. Cloud storage systems are considered to be a network of distributed data centers which typically uses cloud computing technologies like virtualization and offers some kind of interface for storing data. Virtualization is the process of grouping the physical storage from multiple network storage devices so that it looks like a single storage device.

Science of Security 2022 - As a new industry integrated by computing, communication, networking, electronics, and automation technology, the Internet of Vehicles (IoV) has been widely concerned and highly valued at home and abroad. With the rapid growth of the number of intelligent connected vehicles, the data security risks of the IoV have become increasingly prominent, and various attacks on data security emerge in an endless stream. This paper firstly introduces the latest progress on the data security policies, regulations, standards, technical routes in major countries and regions, and international standardization organizations. Secondly, the characteristics of the IoV data are comprehensively analyzed in terms of quantity, standard, timeliness, type, and cross-border transmission. Based on the characteristics, this paper elaborates the security risks such as privacy data disclosure, inadequate access control, lack of identity authentication, transmission design defects, cross-border flow security risks, excessive collection and abuse, source identification, and blame determination. And finally, we put forward the measures and suggestions for the security development of IoV data in China.

Provenance 2022 - Connected vehicles (CVs) have facilitated the development of intelligent transportation system that supports critical safety information sharing with minimum latency. However, CVs are vulnerable to different external and internal attacks. Though cryptographic techniques can mitigate external attacks, preventing internal attacks imposes challenges due to authorized but malicious entities. Thwarting internal attacks require identifying the trustworthiness of the participating vehicles. This paper proposes a trust management framework for CVs using interaction provenance that ensures privacy, considers both in-vehicle and vehicular network security incidents, and supports flexible security policies. For this purpose, we present an interaction provenance recording and trust management protocol. Different events are extracted from interaction provenance, and trustworthiness is calculated using fuzzy policies based on the events.

Privacy Policies and Measurement - The fundamental target of tone mapping is to duplicate the given scene or an image close to the 64000 world brilliance coordinating the human read inside the show gadgets. Therapeutic imaging utilizes that is procedures to downsize commotion and sharpness subtleties to upgrade the visual delineation of the picture. Because details play such an important role in determining proof and treating disease, it s critical to concentrate on the most important options when displaying medical images. It could be a method for reducing the unpredictability of high-dimensional data. You ll be able to use essential part analysis to rough out high- dimensional data with fewer measurements. Each measurement is regarded as the most important component and refers to a direct blend of the underlying components, as well as the amount of data. This data can be used to solve a wide range of problems that happen on a regular basis. It also highlighted how Big Data may be used to analyse Internet and image data sources effectively. concerns of privacy, methods for securing the components of pattern environments and systems, Edges, on the other hand, which nearly always square measure fascinating options of associate degree image) are also characterized by sharp transitions in grey levels, therefore averaging filters have the undesirable facet result that they blur edges. Another application of this kind of method includes the smoothing of false contours that result from victimization associate degree meagerly range of grey levels.

Privacy Policies and Measurement - The Function-as-a-Service cloud computing paradigm has made large-scale application development convenient and efficient as developers no longer need to deploy or manage the necessary infrastructure themselves. However, as a consequence of this abstraction, developers lose insight into how their code is executed and data is processed. Cloud providers currently offer little to no assurance of the integrity of customer data. One approach to robust data integrity verification is the analysis of data provenance—logs that describe the causal history of data, applications, users, and non-person entities. This paper introduces ProProv, a new domain-specific language and graphical user interface for specifying policies over provenance metadata to automate provenance analyses.

Privacy Policies and Measurement - The emergence of mobile edge computing (MEC) imposes an unprecedented pressure on privacy protection, although it helps the improvement of computation performance including energy consumption and computation delay by computation offloading. To this end, we propose a deep reinforcement learning (DRL)-based computation offloading scheme to optimize jointly privacy protection and computation performance. The privacy exposure risk caused by offloading history is investigated, and an analysis metric is defined to evaluate the privacy level. To find the optimal offloading strategy, an algorithm combining actor-critic, off-policy, and maximum entropy is proposed to accelerate the learning rate. Simulation results show that the proposed scheme has better performance compared with other benchmarks.

Privacy Policies and Measurement - Email is one of the oldest and most popular applications on today’s Internet and is used for business and private communication. However, most emails are still susceptible to being intercepted or even manipulated by the servers transmitting the messages. Users with S/MIME certificates can protect their email messages. In this paper, we investigate the market for S/MIME certificates and analyse the impact of the ordering and revocation processes on the users’ privacy. We complete those processes for each vendor and investigate the number of requests, the size of the data transfer, and the number of trackers on the vendor’s Web site. We further collect all relevant documents, including privacy policies, and report on their number of words, readability, and quality. Our results show that users must make at least 86 HTTP requests and transfer at least 1.35 MB to obtain a certificate and 178 requests and 2.03 MB to revoke a certificate. All but one vendor employ third-party tracking during these processes, which causes between 43 and 354 third-party requests. Our results further show that the vendors’ privacy policies are at least 1701 words long which requires a user approximately 7 minutes to read. The longest policy requires approximately half an hour to be read. Measurements of the readability of all vendors’ privacy policies indicate that users need a level of education that is nearly equivalent to a bachelor’s degree to comprehend the texts. We also report on the quality of the policies and find that the vendors achieve compliance scores between 45 \% and 90 \%. With our method, vendors can measure their impact on the users’ privacy and create better products. On the other hand, users benefit from an analysis of all S/MIME certificate vendors in that they can make an informed choice of their vendor based on the objective metrics obtained by our study. Ultimately, the results help to increase the prevalence of encrypted emails and render society less susceptible to surveillance.

Privacy Policies and Measurement - With increased reliance of digital storage for personal, financial, medical, and policy information, a greater demand for robust digital authentication and cybersecurity protection measures results. Current security options include alpha-numeric passwords, two factor authentication, and bio-metric options such as fingerprint or facial recognition. However, all of these methods are not without their drawbacks. This projects leverages the fact that the use of physical handwritten signatures is still prevalent in society, and the thoroughly trained process and motions of handwritten signatures is unique for every individual. Thus, a writing stylus that can authenticate its user via inertial signature detection is proposed, which classifies inertial measurement features for user identification. The current prototype consists of two triaxial accelerometers, one mounted at each of the stylus’ terminal ends. Features extracted from how the pen is held, stroke styles, and writing speed can affect the stylus tip accelerations which leads to a unique signature detection and to deter forgery attacks. Novel, manual spatiotemporal features relating to such metrics were proposed and a multi-layer perceptron was utilized for binary classification. Results of a preliminary user study are promising with overall accuracy of 95.7\%, sensitivity of 100\%, and recall rate of 90\%.

Privacy Policies and Measurement - Although the number of smart Internet of Things (IoT) devices has grown in recent years, the public s perception of how effectively these devices secure IoT data has been questioned. Many IoT users do not have a good level of confidence in the security or privacy procedures implemented within IoT smart devices for protecting personal IoT data. Moreover, determining the level of confidence end users have in their smart devices is becoming a major challenge. In this paper, we present a study that focuses on identifying privacy concerns IoT end users have when using IoT smart devices. We investigated multiple smart devices and conducted a survey to identify users privacy concerns. Furthermore, we identify five IoT privacy-preserving (IoTPP) control policies that we define and employ in comparing the privacy measures implemented by various popular smart devices. Results from our study show that the over 86\% of participants are very or extremely concerned about the security and privacy of their personal data when using smart IoT devices such as Google Nest Hub or Amazon Alexa. In addition, our study shows that a significant number of IoT users may not be aware that their personal data is collected, stored or shared by IoT devices.

Privacy Policies and Measurement - We report on the ideas and experiences of adapting Brane, a workflow execution framework, for use cases involving medical data exchange and processing. These use cases impose new requirements on the system to enforce policies encoding safety properties, ranging from access control to legal regulations pertaining to data privacy. Our approach emphasizes users’ control over the extent to which they cooperate in distributed execution, at the cost of revealing information about their policies.

Privacy Policies and Measurement - It is estimated that over 1 billion Closed-Circuit Television (CCTV) cameras are operational worldwide. The advertised main benefits of CCTV cameras have always been the same; physical security, safety, and crime deterrence. The current scale and rate of deployment of CCTV cameras bring additional research and technical challenges for CCTV forensics as well, as for privacy enhancements.

Privacy Policies and Measurement - Modelling and analyzing the massive policy discourse networks are of great importance in critical policy studies and have recently attracted increasing research interests. Yet, the effective representation scheme, quantitative policymaking metrics and the proper analysis methods remain largely unexplored. To address above challenges, with the Latent Dirichlet Allocation embedding, we proposed a government policy network, which models multiple entity types and complex relationships in between. Specifically, we have constructed the government policy network based on approximately 700 rural innovation and entrepreneurship policies released by the Chinese central government and eight provinces’ governments in the past eight years. We verified that the entity degree in the policy network is subject to the power-law distribution. Moreover, we propose a metric to evaluate the coordination between the central and local departments, namely coordination strength. And we find that this metric effectively reflects the coordination relationship between central and local departments. This study could be considered as a theoretical basis for applications such as policy discourse relationship prediction and departmental collaborative analysis.

Privacy Policies and Measurement - First introduced as a way of recording client-side state, third-party vendors have proliferated widely on the Web, and have become a fundamental part of the Web ecosystem. However, there is widespread concern that third-party vendors are being abused to track and profile individuals online for commercial, analytical and various other purposes. This paper builds the platform called “PRIVIS”, aiming at providing unique insights on how the privacy ecosystem is structured and affected through the analysis of data that stems from real users. First, to showcase what can be learned from this ecosystem through a datadriven analysis across the country, time and first-party categories, PRIVIS visualises data gathered from over 10K Chrome installers. It also equips participants with the means to collect and analyze their own data so that they could assess how their browsing habits are shared with third parties from their perspectives. Based on real-user datasets, the third-party quantity is not the only measure of web privacy risks. The measure proposed in this paper is how well thirdparty providers know their users. Second, PRIVIS studies the interplay between user location, special periods (after epidemic outbreak) and the overall number of third parties observed. The visualisation suggests that lockdown policies facilitate the growth in the number of third parties. Collectively, there are more active third-party activities, compared with both before the lockdowns and the corresponding periods in the previous year. And throughout the lockdown stages, the first lockdown performs the most aggressive.

Privacy Policies - Authentication, authorization, and trust verification are central parts of an access control system. The conditions for granting access in such a system are collected in access policies. Since access conditions are often complex, dedicated languages – policy languages – for defining policies are in use.

Privacy Policies - Companies and organizations inform users of how they handle personal data through privacy policies on their websites. Particular information, such as the purposes of collecting personal data and what data are provided to third parties is required to be disclosed by laws and regulations. An example of such a law is the Act on the Protection of Personal Information in Japan. In addition to privacy policies, an increasing number of companies are publishing security policies to express compliance and transparency of corporate behavior. However, it is challenging to update these policies against legal requirements due to the periodic law revisions and rapid business changes. In this study, we developed a method for analyzing privacy policies to check whether companies comply with legal requirements. In particular, the proposed method classifies policy contents using a convolutional neural network and evaluates privacy compliance by comparing the classification results with legal requirements. In addition, we analyzed security policies using the proposed method, to confirm whether the combination of privacy and security policies contributes to privacy compliance. In this study, we collected and evaluated 1,304 privacy policies and 140 security policies for Japanese companies. The results revealed that over 90\% of privacy policies sufficiently describe the handling of personal information by first parties, user rights, and security measures, and over 90\% insufficiently describe the data retention and specific audience. These differences in the number of descriptions are dependent on industry guidelines and business characteristics. Moreover, security policies were found to improve the compliance rates of 46 out of 140 companies by describing security practices not included in privacy policies.

Privacy Policies - Privacy policy is a legal document in which the users are informed about the data practices used by the organizations. Past research indicates that the privacy policies are long, include incomplete information, and are hard to read. Research also shows that users are not inclined to read these long and verbose policies. The solution that we are proposing in this paper is to build tools that can assist users with finding relevant content in the privacy policies for their queries using semantic approach. This paper presents the development of domain ontology for privacy policies so that the relevant sentences related to privacy question can be automatically identified. For this study, we built an ontology and also validated and evaluated the ontology using qualitative and quantitative methods including competency questions, data driven, and user evaluation. Results from the evaluation of ontology depicted that the amount of text to read was significantly reduced as the users had to only read selected text that ranged from 1\% to 30\% of a privacy policy. The amount of content selected for reading depended on the query and its associated keywords. This finding shows that the time required to read a policy was significantly reduced as the ontology directed the user to the content related to a given user query. This finding was also confirmed by the results of the user study session. The results from the user study session indicated that the users found ontology helpful in finding relevant sentences as compared to reading the entire policy.

Privacy Policies - In the era of the Internet of things (IoT), smart logistics is quietly rising, but user privacy security has become an important factor hindering its development. Because privacy policy plays a positive role in protecting user privacy and improving corporate reputation, it has become an important part of smart logistics and the focus of express companies. In this paper, through the construction of the privacy policy evaluation index system of express companies, aiming at qualitative indicators that are difficult to evaluate, we introduce the cloud model evaluation method that can combine the qualitative and quantitative together, and comprehensively evaluate the privacy policy of five express companies in China from four indicators: general situation, user informed consent, information security control and personal rights protection. The results show that: Overall, the privacy policies of the five express companies have not reached the "good" level, and there is a certain gap between the privacy policies of different express companies. From the comparison of indicators, the five express companies generally score relatively good; However, the overall score of information security control index is relatively poor, and the other two indexes are quite different. Cloud model evaluation method has strong applicability for the evaluation of express company privacy policy, which provides a reference for improving the privacy policy formulation and improving the privacy protection level of China’s express delivery industry in the era of IoT.

Privacy Policies - Data privacy laws like the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) provide guidelines for collecting personal information from individuals and processing it. These frameworks also require service providers to inform their customers on how clients data is gathered, used, protected, and shared with other parties. A privacy policy is a legal document used by service providers to inform users about how their personal information is collected, stored, and shared with other parties. It is expected that the privacy policies adhere to the data privacy regulations. However, it has been observed that some policies may deviate from the practices recommended by data protection regulations. Detecting instances where a policy may violate a certain regulation is quite challenging because the privacy policy text is long and complex, and there are numerous regulations. To address this problem, we have designed an approach to automatically detect whether a policy violates the articles of GDPR. This paper demonstrates how we have used Natural Language Inference (NLI) tasks to compare privacy content against the GDPR to detect privacy policies text in violation of GDPR. We provide two designs using the Stanford Natural Language Inference (SNLI) and the Multi-Genre Natural Language Inference (MultiNLI) datasets. The results from both designs are promising as our approach detected the deviations with 76\% accuracy.

Privacy Policies - Privacy policies, despite the important information they provide about the collection and use of one’s data, tend to be skipped over by most Internet users. In this paper, we seek to make privacy policies more accessible by automatically classifying text samples into web privacy categories. We use natural language processing techniques and multiple machine learning models to determine the effectiveness of each method in the classification method. We also explore the effectiveness of these methods to classify privacy policies of Internet of Things (IoT) devices.

Privacy Policies - Smart contracts running on blockchain potentially disclose all data to the participants of the chain. Therefore, because privacy is important in many areas, smart contracts may not be considered a good option. To overcome this limitation, this paper introduces Stone, a privacy preservation system for smart contracts. With Stone, an arbitrary Solidity smart contract can be combined with a separate privacy policy in JSON, which prevents the storage data in the contract from being publicised. Because this approach is convenient for policy developers as well as smart contract programmers, we envision that this approach will be practically acceptable for real-world applications.

Privacy Policies - The motive behind this research paper is to outline recently introduced social media encryption policies and the impact that they will have on user privacy. With close to no Data Protection Laws in the country, all social media platforms pose a threat to one’s privacy. The various new privacy policies that have been put in place across different social media platforms, tend to take away the user’s choice on whether they want their data shared with other social media apps or no. Seeing how WhatsApp, Facebook and Instagram are all Facebook owned, any data shared across one platform crosses over with the database of another, regardless of whether you have an account or not, completely taking away from the concept of consensual sharing of data. This paper will further discuss how the nature of encryption in India will significantly affect India’s newly recognised fundamental right, the Right to Privacy. Various policy developments bring in various user violation concerns and that will be the focus of this research paper.

Privacy Policies - Privacy policies inform users of the data practices and access protocols employed by organizations and their digital counterparts. Research has shown that users often feel that these privacy policies are lengthy and complex to read and comprehend. However, it is critical for people to be aware of the data access practices employed by the organizations. Hence, much research has focused on automatically extracting privacy-specific artifacts from the policies, predominantly by using natural language classification tools. However, these classification tools are designed primarily for the classification of paragraphs or segments of the policies. In this paper, we report on our research where we identify the gap in classifying policies at a segment level, and provide an alternate definition of segment classification using sentence classification. To this aid, we train and evaluate sentence classifiers for privacy policies using BERT and XLNet. Our approach demonstrates improvements in prediction quality of existing models and hence, surpasses the current baselines for classification models, without requiring additional parameter and model tuning. Using our sentence classifiers, we also study topical structures in Alexa top 5000 website policies, in order to identify and quantify the diffusion of information pertaining to privacy-specific topics in a policy.

Privacy Policies - Privacy policy statements are an essential approach to self-regulation by website operators in the area of personal privacy protection. However, these policies are often lengthy and difficult to understand, with users appearing to actually read the privacy policy in only a few cases. To address these obstacles, we propose a framework, Privacy Policy Analysis Framework for Automatic Annotation and User Interaction (PPAI) that stores, classifies, and categorizes queries on natural language privacy policies. At the core of PPAI is a privacy-centric language model that consists of a smaller fine-grained dataset of privacy policies and a new hierarchy of neural network classifiers that take into account privacy practices with high-level aspects and finegrained details. Our experimental results show that the eight readability metrics of the dataset exhibit a strong correlation. Furthermore, PPAI’s neural network classifier achieves an accuracy of 0.78 in the multi-classification task. The robustness experiments reached higher accuracy than the baseline and remained robust even with a small amount of labeled data.

Microelectronics Security - The need for safe large data storage services is at an all-time high and confidentiality is a fundamental need of any service. Consideration must also be given to service customer anonymity, one of the most important privacy considerations. As a result, the service should offer realistic and fine-grained [11] encrypted data sharing, which allows a data owner to share a cipher text of data with others under certain situations. In order to accomplish the aforesaid characteristics, our system offers a novel privacy- preserving cipher text multi-sharing technique. In this way, proxy re-encryption and anonymity are combined to allow many receivers to safely and conditionally receive a cipher text while maintaining the confidentiality of the underlying message and the identities of the senders and recipients. In this paper, a logical cloud security scheme is introduced called Modified Data Cipher Policies (MDCP), in which it is a new primitive also protects against known cipher text attacks, as demonstrated by the system.