Conducting a privacy impact analysis for the analysis of communication records

Lecture Notes in Business Information Processing

Volumn 128 LNBIP, Issue , 2012, Pages 148-161

  Hofbauer, Stefan ^a   Beckers, Kristian ^b   Quirchmayr, Gerald ^a,c  

^a UNIVERSITY OF VIENNA   (Austria)

^b UNIVERSITY OF DUISBURG ESSEN   (Germany)

^c UNIVERSITY OF SOUTH AUSTRALIA   (Australia)

Author keywords

CDRs; Communication Records; PETs; PIA; Privacy; VoIP

Indexed keywords

COMMUNICATION; DATA PRIVACY; INFORMATION SCIENCE; INTERNET TELEPHONY; TELECOMMUNICATION SYSTEMS; VOICE/DATA COMMUNICATION SYSTEMS;

ATTACK PATTERNS; ATTACK STATE; CDRS; FORENSIC ANALYSIS; IMPACT ANALYSIS; LAWS AND REGULATIONS; PATTERNS OF COMMUNICATION; PETS; PIA; PRIVACY CONCERNS; PRIVACY REQUIREMENTS; VOICE OVER IP; VOIP;

LAWS AND LEGISLATION;

EID: 84867705167     PISSN: 18651348     EISSN: None     Source Type: Book Series    
DOI: 10.1007/978-3-642-33281-4_12     Document Type: Conference Paper

References (24)

1. Australian Government - Office of the Privacy Commissioner: Privacy Impact Assessment Guide. Australian Government (2010), http://www.privacy.gov. au/materials/types/download/9509/6590
2. Gartner Inc.: Gartner Magic Quadrant for Unified Communications 2010. Gartner Inc. (2010), http://msunified.net/2010/08/09/gartner-magic-quadrant-for- unified-communications-2010/
3. Nissenbaum, H.: Privacy as contextual integrity. Washington Law Review 79(1), 101-139 (2004)
4. Hofbauer, S., Quirchmayr, G., Wills, C.C.: CDRAS: An approach to dealing with Man-in-the- Middle attacks in the context of Voice over IP. In: International Conference on Availability, Reliability and Security, ARES 2011, pp. 353-358 (August 2011)
5. Cisco Systems Inc.: Cisco Call Detail Records Field Descriptions. Cisco Systems Inc. (2010), http://www.cisco.com/en/US/docs/ voice-ip-comm/cucm/ service/8-5-1/cdrdef/cdrfdes.html
6. Deng, M., Wuyts, K., Scandariato, R., Preneel, B., Joosen, W.: A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requir. Eng. 16, 3-32 (2011)
7. Wuyts, K., Scandariato, R., De Decker, B., Joosen, W.: Linking privacy solutions to developer goals. In: International Conference on Availability, Reliability and Security, ARES 2009, pp. 847-852 (2009)
8. Kalloniatis, C., Kavakli, E., Gritzalis, S.: Addressing privacy requirements in systems design: the pris method. Requir. Eng. 13, 241-255 (2008)
9. Spiekermann, S., Cranor, L.F.: Engineering Privacy. IEEE Transactions on Software Engineering 35(1), 67-82 (2009)
10. Pfleeger, C.P., Pfleeger, S.L.: Security in Computing, 4th edn. Prentice Hall PTR (2007)
11. Zhang, J., Zulkernine, M., Haque, A.: Random-forest-based network intrusion detection systems. IEEE Trans. Syst. Man Cybernet. C Appl. Rev., 84-93 (2008)
12. Pfitzmann, A., Hansen, M.: A terminology for talking about privacy by data minimization: Anonymity, unlinkability, unobservability, pseudonymity, and identity management - version v0.34, TU Dresden and ULD Kiel, Tech. Rep. (2011), http://dud.inf.tudresden. de/literatur/Anon-Terminology-v0.34.pdf
13. Danezis, G., Gürses, S.: A critical review of 10 years of privacy technology. In: Proceedings of Surveillance Cultures: A Global Surveillance Society?, UK (2011), http://homes.esat.kuleuven.be/~sguerses/papers/ DanezisGuerse sSurveillancePets2010.pdf
14. Clauß, S., Kesdogan, D., Kölsch, T.: Privacy enhancing identity management. Protection against re-identification and profiling. In: Proceedings of the 2005 Workshop on Digital Identity Management, DIM 2005, pp. 84-93. ACM (2005)
15. American National Standards Institute (ANSI), American national standard for information technology - role based access control, ANSI, ANSI INCITS 359-2004 (2004)
16. Beckers, K., Hofbauer, S., Quirchmayr, G., Sorge, C.: A process for the automatic generation of white-, grey-, and black-lists from Call Detail Records to prevent VoIP attacks while preserving privacy. In: International Conference on Availability, Reliability and Security, ARES 2012 (August 2012)
17. Patil, S., Kobsa, A.: Privacy considerations in awareness systems. Designing with privacy in mind. In: Markopoulos, P., De Ruyter, B., Mackay, W. (eds.) Awareness Systems. Human-Computer Interaction Series, pp. 187-206. Springer, London (2009)
18. Platform for privacy preferences project, W3C (2002), http://www.w3.or/TR/P3P/
19. OASIS, eXtensible Access Control Markup Language TC v2.0 (XACML), OASIS (2005), http://docs.oasis-open.org/xacml/2.0/ access-control-xacml-2.0-core- spec-os.pdf
20. IETF, Hmac: Keyed-hashing for message authentication, Internet Engineering Task Force (IETF), IETF RFC 2104 (1997), http://tools.ietf.org/rfc/ rfc2104.txt
21. Jorns, Jung, O., Quirchmayr, G.: Transaction pseudonyms in mobile environments. In: EICAR 2007 Best Academic Paper, pp. 49-58 (2007)
22. Sorge, C., Niccolini, S., Seedorf, J.: The legal ramifications of call-filtering solutions. IEEE Security and Privacy 8, 45-50 (2010)
23. Tartarelli, S., d'Heureuse, N., Niccolini, S.: Lessons learned on the usage of call logs for security and management in IP telephony. IEEE Communications Magazine 48(12), 76-82 (2010)
24. Fernandez, E.B., Pelaez, J.C., Larrondo-Petrie, M.M.: Security patterns for voice over IP networks. In: Proceedings of the International Multi-Conference on Computing in the Global Information Technology, pp. 19-29. IEEE Computer Society, Washington, DC (2007)