TY - BOOK A1 - Neuhaus, Christian A1 - Polze, Andreas A1 - Chowdhuryy, Mohammad M. R. T1 - Survey on healthcare IT systems : standards, regulations and security N2 - IT systems for healthcare are a complex and exciting field. One the one hand, there is a vast number of improvements and work alleviations that computers can bring to everyday healthcare. Some ways of treatment, diagnoses and organisational tasks were even made possible by computer usage in the first place. On the other hand, there are many factors that encumber computer usage and make development of IT systems for healthcare a challenging, sometimes even frustrating task. These factors are not solely technology-related, but just as well social or economical conditions. This report describes some of the idiosyncrasies of IT systems in the healthcare domain, with a special focus on legal regulations, standards and security. N2 - IT Systeme für Medizin und Gesundheitswesen sind ein komplexes und spannendes Feld. Auf der einen Seite stehen eine Vielzahl an Verbesserungen und Arbeitserleichterungen, die Computer zum medizinischen Alltag beitragen können. Einige Behandlungen, Diagnoseverfahren und organisatorische Aufgaben wurden durch Computer überhaupt erst möglich. Auf der anderen Seite gibt es eine Vielzahl an Fakturen, die Computerbenutzung im Gesundheitswesen erschweren und ihre Entwicklung zu einer herausfordernden, sogar frustrierenden Aufgabe machen können. Diese Faktoren sind nicht ausschließlich technischer Natur, sondern auch auf soziale und ökonomische Gegebenheiten zurückzuführen. Dieser Report beschreibt einige Besondenderheiten von IT Systemen im Gesundheitswesen, mit speziellem Fokus auf gesetzliche Rahmenbedingungen, Standards und Sicherheit. T3 - Technische Berichte des Hasso-Plattner-Instituts für Digital Engineering an der Universität Potsdam - 45 KW - EPA KW - Elektronische Patientenakte KW - Sicherheit KW - Privacy KW - Standards KW - Gesetze KW - EHR KW - electronic health record KW - security KW - privacy KW - standards KW - law Y1 - 2011 U6 - http://nbn-resolving.de/urn/resolver.pl?urn:nbn:de:kobv:517-opus-51463 SN - 978-3-86956-128-8 PB - Universitätsverlag Potsdam CY - Potsdam ER - TY - BOOK A1 - Meinel, Christoph A1 - Thomas, Ivonne A1 - Warschofsky, Robert A1 - Menzel, Michael A1 - Junker, Holger A1 - Schwenk, Jörg A1 - Roth, Volker A1 - Peters, Jan A1 - Raepple, Martin A1 - Störtkuhl, Thomas A1 - Quint, Bruno A1 - Kleinhenz, Michael A1 - Wagner, Daniel T1 - SOA Security 2010 : Symposium für Sicherheit in Service-orientierten Architekturen ; 28. / 29. Oktober 2010 am Hasso-Plattner-Institut N2 - "Forschung meets Business" - diese Kombination hat in den vergangenen Jahren immer wieder zu zahlreichen interessanten und fruchtbaren Diskussionen geführt. Mit dem Symposium "Sicherheit in Service-orientierten Architekturen" führt das Hasso-Plattner-Institut diese Tradition fort und lud alle Interessenten zu einem zweitägigen Symposium nach Potsdam ein, um gemeinsam mit Fachvertretern aus der Forschung und Industrie über die aktuellen Entwicklungen im Bereich Sicherheit von SOA zu diskutieren. Die im Rahmen dieses Symposiums vorgestellten Beiträge fokussieren sich auf die Sicherheitsthemen "Sichere Digitale Identitäten und Identitätsmanagement", "Trust Management", "Modell-getriebene SOA-Sicherheit", "Datenschutz und Privatsphäre", "Sichere Enterprise SOA", und "Sichere IT-Infrastrukturen". N2 - 'Research meets Business' is the successful concept of the SOA Security Symposia held at the Hasso-Plattner-Institute that has lead to interesting discussions in the community. The SOA Security Symposium 2010 continued this tradition and invited researchers and representatives from the industry to discuss concepts, issues, and solution in the field of SOA Security. The topics presented in the scope of this symposium focused on the security related topics 'Secure Digital Identities and Identity Management', 'Trust Management', 'Model-driven SOA Security', 'Privacy',' Secure Enterprise SOA', and 'Secure IT-Infrastructures'. T3 - Technische Berichte des Hasso-Plattner-Instituts für Digital Engineering an der Universität Potsdam - 43 KW - SOA Security KW - SOA Sicherheit KW - Sichere Digitale Identitäten KW - Identitätsmanagement KW - Modell-getriebene SOA-Sicherheit KW - Datenschutz KW - SOA Security KW - Secure Digital Identities KW - Identity Management KW - Trust Management KW - Model-driven SOA Security KW - Privacy KW - Secure Enterprise SOA Y1 - 2011 U6 - http://nbn-resolving.de/urn/resolver.pl?urn:nbn:de:kobv:517-opus-49696 SN - 978-3-86956-110-3 PB - Universitätsverlag Potsdam CY - Potsdam ER - TY - JOUR A1 - Krasnova, Hanna A1 - Veltri, Natasha F. A1 - Günther, Oliver T1 - Self-disclosure and privacy calculus on social networking sites the role of culture intercultural dynamics of privacy calculus JF - Business & information systems engineering : the international journal of Wirtschaftsinformatik N2 - Social Network Sites (SNSs) rely exclusively on user-generated content to offer engaging and rewarding experience to its members. As a result, stimulating user communication and self-disclosure is vital for the sustainability of SNSs. However, considering that the SNS users are increasingly culturally diverse, motivating this audience to self-disclose requires understanding of their cultural intricacies. Yet existing research offers only limited insights into the role of culture behind the motivation of SNS users to self-disclose. Building on the privacy calculus framework, this study explores the role of two cultural dimensions - individualism and uncertainty avoidance - in self-disclosure decisions of SNS users. Survey responses of US and German Facebook members are used as the basis for our analysis. Structural equation modeling and multi-group analysis results reveal the distinct role of culture in the cognitive patterns of SNS users. The authors find that trusting beliefs play a key role in the self-disclosure decisions of users from individualistic cultures. At the same time, uncertainty avoidance determines the impact of privacy concerns. This paper contributes to the theory by rejecting the universal nature of privacy calculus processes. The findings provide for an array of managerial implications for SNS providers as they strive to encourage content creation and sharing by their heterogeneous members. KW - Social networking sites KW - Self-disclosure KW - Privacy KW - Trust KW - Culture Y1 - 2012 U6 - https://doi.org/10.1007/s12599-012-0216-6 SN - 1867-0202 VL - 4 IS - 3 SP - 127 EP - 135 PB - Springer CY - Heidelberg ER - TY - JOUR A1 - Kayem, Anne Voluntas dei Massah A1 - Wolthusen, Stephen D. A1 - Meinel, Christoph T1 - Power Systems BT - a matter of security and privacy JF - Smart Micro-Grid Systems Security and Privacy N2 - Studies indicate that reliable access to power is an important enabler for economic growth. To this end, modern energy management systems have seen a shift from reliance on time-consuming manual procedures, to highly automated management, with current energy provisioning systems being run as cyber-physical systems. Operating energy grids as a cyber-physical system offers the advantage of increased reliability and dependability, but also raises issues of security and privacy. In this chapter, we provide an overview of the contents of this book showing the interrelation between the topics of the chapters in terms of smart energy provisioning. We begin by discussing the concept of smart-grids in general, proceeding to narrow our focus to smart micro-grids in particular. Lossy networks also provide an interesting framework for enabling the implementation of smart micro-grids in remote/rural areas, where deploying standard smart grids is economically and structurally infeasible. To this end, we consider an architectural design for a smart micro-grid suited to low-processing capable devices. We model malicious behaviour, and propose mitigation measures based properties to distinguish normal from malicious behaviour. KW - Lossy networks KW - Low-processing capable devices KW - Smart micro-grids KW - Security KW - Privacy KW - Energy Y1 - 2018 SN - 978-3-319-91427-5 SN - 978-3-319-91426-8 U6 - https://doi.org/10.1007/978-3-319-91427-5_1 VL - 71 SP - 1 EP - 8 PB - Springer CY - Dordrecht ER - TY - JOUR A1 - Junghanns, Philipp A1 - Fabian, Benjamin A1 - Ermakova, Tatiana T1 - Engineering of secure multi-cloud storage JF - Computers in industry : an international, application oriented research journal N2 - This article addresses security and privacy issues associated with storing data in public cloud services. It presents an architecture based on a novel secure cloud gateway that allows client systems to store sensitive data in a semi-trusted multi-cloud environment while providing confidentiality, integrity, and availability of data. This proxy system implements a space-efficient, computationally-secure threshold secret sharing scheme to store shares of a secret in several distinct cloud datastores. Moreover, the system integrates a comprehensive set of security measures and cryptographic protocols to mitigate threats induced by cloud computing. Performance in practice and code quality of the implementation are analyzed in extensive experiments and measurements. (C) 2016 Elsevier B.V. All rights reserved. KW - Cloud computing KW - Data exchange KW - Security KW - Privacy Y1 - 2016 U6 - https://doi.org/10.1016/j.compind.2016.09.001 SN - 0166-3615 SN - 1872-6194 VL - 83 SP - 108 EP - 120 PB - Elsevier CY - Amsterdam ER - TY - JOUR A1 - Grüner, Andreas A1 - Mühle, Alexander A1 - Meinel, Christoph T1 - ATIB BT - Design and evaluation of an architecture for brokered self-sovereign identity integration and trust-enhancing attribute aggregation for service provider JF - IEEE access : practical research, open solutions / Institute of Electrical and Electronics Engineers N2 - Identity management is a principle component of securing online services. In the advancement of traditional identity management patterns, the identity provider remained a Trusted Third Party (TTP). The service provider and the user need to trust a particular identity provider for correct attributes amongst other demands. This paradigm changed with the invention of blockchain-based Self-Sovereign Identity (SSI) solutions that primarily focus on the users. SSI reduces the functional scope of the identity provider to an attribute provider while enabling attribute aggregation. Besides that, the development of new protocols, disregarding established protocols and a significantly fragmented landscape of SSI solutions pose considerable challenges for an adoption by service providers. We propose an Attribute Trust-enhancing Identity Broker (ATIB) to leverage the potential of SSI for trust-enhancing attribute aggregation. Furthermore, ATIB abstracts from a dedicated SSI solution and offers standard protocols. Therefore, it facilitates the adoption by service providers. Despite the brokered integration approach, we show that ATIB provides a high security posture. Additionally, ATIB does not compromise the ten foundational SSI principles for the users. KW - Blockchains KW - Protocols KW - Authentication KW - Licenses KW - Security KW - Privacy KW - Identity management systems KW - Attribute aggregation KW - attribute assurance KW - digital identity KW - identity broker KW - self-sovereign identity KW - trust model Y1 - 2021 U6 - https://doi.org/10.1109/ACCESS.2021.3116095 SN - 2169-3536 VL - 9 SP - 138553 EP - 138570 PB - Institute of Electrical and Electronics Engineers CY - New York, NY ER - TY - CHAP A1 - Fabian, Benjamin A1 - Bender, Benedict A1 - Weimann, Lars T1 - E-Mail tracking in online marketing BT - Methods, Detection, and Usage T2 - Proceedings of the 12th International Conference on Wirtschaftsinformatik N2 - E-Mail tracking uses personalized links and pictures for gathering information on user behavior, for example, where, when, on what kind of device, and how often an e-mail has been read. This information can be very useful for marketing purposes. On the other hand, privacy and security requirements of customers could be violated by tracking. This paper examines how e-mail tracking works, how it can be detected automatically, and to what extent it is used in German e-commerce. We develop a detection model and software tool in order to collect and analyze more than 600 newsletter e-mails from companies of several different industries. The results show that the usage of e-mail tracking in Germany is prevalent but also varies depending on the industry. KW - E-Mail Tracking KW - Online Marketing KW - Privacy Y1 - 2015 UR - https://aisel.aisnet.org/wi2015/74 SN - 978-3-00-049184-9 IS - 74 PB - Associations for Information Systems AIS CY - Atlanta ER - TY - CHAP A1 - Bender, Benedict A1 - Fabian, Benjamin A1 - Lessmann, Stefan A1 - Haupt, Johannes T1 - E-Mail Tracking BT - status quo and novel countermeasures T2 - Proceedings of the 37th International Conference on Information Systems (ICIS) N2 - E-mail advertisement, as one instrument in the marketing mix, allows companies to collect fine-grained behavioural data about individual users’ e-mail reading habits realised through sophisticated tracking mechanisms. Such tracking can be harmful for user privacy and security. This problem is especially severe since e-mail tracking techniques gather data without user consent. Striving to increase privacy and security in e-mail communication, the paper makes three contributions. First, a large database of newsletter e-mails is developed. This data facilitates investigating the prevalence of e- mail tracking among 300 global enterprises from Germany, the United Kingdom and the United States. Second, countermeasures are developed for automatically identifying and blocking e-mail tracking mechanisms without impeding the user experience. The approach consists of identifying important tracking descriptors and creating a neural network-based detection model. Last, the effectiveness of the proposed approach is established by means of empirical experimentation. The results suggest a classification accuracy of 99.99%. KW - E-Mail Tracking KW - Countermeasures KW - Privacy KW - Security KW - Machine Learning Y1 - 2016 UR - https://aisel.aisnet.org/icis2016/ISSecurity/Presentations/13/ ER - TY - CHAP A1 - Bender, Benedict A1 - Fabian, Benjamin A1 - Haupt, Johannes A1 - Neumann, Tom T1 - Track and Treat BT - usage of e-mail tracking for newsletter individualization T2 - Twenty-Sixth European Conference on Information Systems (ECIS 2018) N2 - E-Mail tracking mechanisms gather information on individual recipients’ reading behavior. Previous studies show that e-mail newsletters commonly include tracking elements. However, prior work does not examine the degree to which e-mail senders actually employ gathered user information. The paper closes this research gap by means of an experimental study to clarify the use of tracking-based infor- mation. To that end, twelve mail accounts are created, each of which subscribes to a pre-defined set of newsletters from companies based in Germany, the UK, and the USA. Systematically varying e-mail reading patterns across accounts, each account simulates a different type of user with individual read- ing behavior. Assuming senders to track e-mail reading habits, we expect changes in mailer behavior. The analysis confirms the prominence of tracking in that over 92% of the newsletter e-mails contain tracking images. For 13 out of 44 senders an adjustment of communication policy in response to user reading behavior is observed. Observed effects include sending newsletters at different times, adapting advertised products to match the users’ IT environment, increased or decreased mailing frequency, and mobile-specific adjustments. Regarding legal issues, not all companies that adapt the mail-sending behavior state the usage of such mechanisms in their privacy policy. KW - E-Mail Tracking KW - Newsletter KW - Individualization KW - Personalization KW - Privacy Y1 - 2018 UR - https://aisel.aisnet.org/ecis2018_rp/59 ER - TY - BOOK ED - Neuhaus, Christian ED - Polze, Andreas T1 - Cloud security mechanisms N2 - Cloud computing has brought great benefits in cost and flexibility for provisioning services. The greatest challenge of cloud computing remains however the question of security. The current standard tools in access control mechanisms and cryptography can only partly solve the security challenges of cloud infrastructures. In the recent years of research in security and cryptography, novel mechanisms, protocols and algorithms have emerged that offer new ways to create secure services atop cloud infrastructures. This report provides introductions to a selection of security mechanisms that were part of the "Cloud Security Mechanisms" seminar in summer term 2013 at HPI. N2 - Cloud Computing hat deutliche Kostenersparnisse und verbesserte Flexibilität bei der Bereitstellung von Computer-Diensten ermöglicht. Allerdings bleiben Sicherheitsbedenken die größte Herausforderung bei der Nutzung von Cloud-Diensten. Die etablierten Mechanismen für Zugriffskontrolle und Verschlüsselungstechnik können die Herausforderungen und Probleme der Sicherheit von Cloud-Infrastrukturen nur teilweise lösen. In den letzten Jahren hat die Forschung jedoch neue Mechanismen, Protokolle und Algorithmen hervorgebracht, welche neue Möglichkeiten eröffnen die Sicherheit von Cloud-Anwendungen zu erhöhen. Dieser technische Bericht bietet Einführungen zu einigen dieser Mechanismen, welche im Seminar "Cloud Security Mechanisms" im Sommersemester 2013 am HPI behandelt wurden. T3 - Technische Berichte des Hasso-Plattner-Instituts für Digital Engineering an der Universität Potsdam - 87 KW - Cloud KW - Sicherheit KW - Privacy KW - Datenvertraulichkeit KW - Threshold Cryptography KW - Bitcoin KW - Homomorphe Verschlüsselung KW - Differential Privacy KW - cloud KW - security KW - privacy KW - confidentiality KW - threshold cryptography KW - bitcoin KW - homomorphic encryption KW - differential privacy Y1 - 2014 U6 - http://nbn-resolving.de/urn/resolver.pl?urn:nbn:de:kobv:517-opus-68168 SN - 978-3-86956-281-0 SN - 1613-5652 SN - 2191-1665 IS - 87 PB - Universitätsverlag Potsdam CY - Potsdam ER -