"uuid","repository link","title","author","contributor","publication year","abstract","subject topic","language","publication type","publisher","isbn","issn","patent","patent status","bibliographic note","access restriction","embargo date","faculty","department","research group","programme","project","coordinates"
"uuid:ed146063-59c1-4175-88d4-64b452d617db","http://resolver.tudelft.nl/uuid:ed146063-59c1-4175-88d4-64b452d617db","Evaluating Explanations for different Relationship Strengths","Prasad, Nivedita (TU Delft Electrical Engineering, Mathematics and Computer Science)","Tintarev, N. (mentor); Bozzon, A. (graduation committee); Scharenborg, O.E. (graduation committee); Najafian, S. (mentor); Delft University of Technology (degree granting institution)","2019","People like to travel in groups to visit places. Group recommendation systems can be used to recommend an itinerary of ""places of interests"" (POIs) in an ordered sequence. The order of POIs in the sequence can be explained to group members to increase acceptance of the recommended items. There is a possibility that explanations which reveal names and rating preferences could create a threat to privacy. The main study in this work uses two group types - a primary group consisting of closely-related members, and a secondary group consisting of loosely-related members. Explanations with either complete information or privacy-preserving information are offered alternatively to these groups. The purpose of this study is to evaluate whether different group types need different types of explanations to improve their satisfaction. These explanations explain the entire recommended sequence of POIs with regard to possible conflicting situations that could occur due to disagreement with the order of the sequence. A total of 25 participants took part in the evaluation. There was no significant difference identified between the explanation types preferred by each group type. To understand the underlying reason for this result, a post-hoc analysis was done. We identified a participant's most frequently used conflict-handling modes using the Thomas-Kilmann personality assessment test. We then analyzed the user comments provided during the questionnaire. The analysis potentially suggests that different conflict-handling modes could be a factor affecting which explanation type was preferred by a person when they are in a particular group (e.g. primary vs secondary).","Explanations; Group Recommendation; Relationship Strength; Privacy; Sequences; User Satisfaction","en","master thesis","","","","","","","","","","","","Computer Science | Data Science and Technology","",""
"uuid:d512b49d-665d-461c-8317-db7da3ed8eec","http://resolver.tudelft.nl/uuid:d512b49d-665d-461c-8317-db7da3ed8eec","Privacy-Preserving Data Aggregation in Peer-to-Peer Network: A Multiparty Computation Approach","Prahesa Kusuma Setia, Prahesa (TU Delft Electrical Engineering, Mathematics and Computer Science)","Erkin, Zekeriya (mentor); Epema, Dick (graduation committee); Hildebrandt, Klaus (graduation committee); Delft University of Technology (degree granting institution)","2017","Current interconnected society provides us with numerous devices communicating with one another. Exchange of data thus become an integral part in our live. Data become valuable commodity in today's setting because of their usage by individual and other interested parties. Several parties may be interested in computing a function over their data while still want to keep the information on their own data private.
Prior research on computing function in privacy preserving way in the domain of smart power-grid, e-metering system, wireless sensor network, and smart phone sensing generally focus on their own application and assume a total control and the static structure of the network. Moreover, a new paradigm in the field of decentralized power-grid requires privacy preserving solution to be applicable without existence of central authority. We propose two privacy preserving data aggregation protocols in peer-to-peer network scenario where there is such central authority involved. The first protocol utilizes additive homomorphism properties of Pailier scheme and the second protocol utilizes secret sharing. Both of the protocol achieve privacy-preserving requirement of some nodes in the network, as opposed to all nodes, that are included in the aggregation set by a hop count parameter from the initiating node. This way, both of the protocols require no information of overall network structure and privacy-preserving data aggregation is achieved by being able to communicate with direct neighbors of each node in the network only.","cryptography; Privacy; Network","en","master thesis","","","","","","","","","","","","Computer Science","",""
"uuid:50d04f83-222d-479e-8ddd-661d2243857a","http://resolver.tudelft.nl/uuid:50d04f83-222d-479e-8ddd-661d2243857a","Tracking Cookies in the European Union, an Empirical Analysis of the Current Situation","Turcios Rodriguez, Elsa (TU Delft Technology, Policy and Management)","van Eeten, M.J.G. (mentor); Asghari, H. (mentor); Storm, S.T.H. (mentor); van Eijk, Rob (mentor); Delft University of Technology (degree granting institution)","2018","Tracking is a pervasive mechanism across the web which is capable to trace and collect users’ online data. One of the most widely used mechanisms for tracking are cookies, and they are used to deliver online behavioral advertisement. Since these mechanisms pose a threat to privacy, the E-Privacy Directive was created as the regional legal instrument to pay special attention to this issue in the European Union. Now, we are at a crucial moment, there is a discussion to replace the E-Privacy Directive for the called E-Privacy Regulation. However, the nature of privacy policies is complex, and there is an ongoing debate about how the E-Privacy Regulation needs to be implemented or what elements should entail. This master thesis project sought to provide empirical evidence for this debate. Our findings emphasize the need to promote harmonization of the provisions of the E-Privacy Directive in member states, especially on consent and guidance. Also, our work revealed that businesses’ incentives play an important role in explaining the variability of tracking presence. Hence, this suggests that understanding the “parsimonious” factor of businesses’ incentives can be considered by policy-makers to commence an important debate and re-solve the privacy problem.","Privacy; Cookies; E-Privacy Directive; E-Privacy Regulation; Governance; Economics of Privacy; Tracking; Incentives; Transparency and Accountability; Online Behavioral Advertisement","en","master thesis","","","","","","","","","","","","Management of Technology (MoT)","",""
"uuid:5c6cffa9-7a27-4d3a-a8c6-e5bd621a47dc","http://resolver.tudelft.nl/uuid:5c6cffa9-7a27-4d3a-a8c6-e5bd621a47dc","Measuring Polkadot: The Impact of Tor and a VPN on Polkadot's Performance and Security","van Stam, Just (TU Delft Electrical Engineering, Mathematics and Computer Science)","Roos, S. (mentor); Delft University of Technology (degree granting institution)","2022","Begun in 2020, Polkadot is one of the largest blockchains in market capitalization and development. However, privacy on the Polkadot network has yet to be one of the key focus points. Especially unlinkability between the user’s IP address and Polkadot address is essential. Without this unlinkability, users are vulnerable to targeted ads, manipulation, blackmail, reputational damage, financial loss, physical harm, discrimination, and more. This thesis investigates the viability of Tor or a VPN with Polkadot as external privacy-enhancing tools to hide the user’s IP address, as users aiming to achieve unlinkability cannot easily change the Polkadot code.
To analyze the viability, we set up a measurement study to examine the performance of a Polkadot full node behind Tor or a VPN. We investigated, among other things, the latency, throughput, and the number of discovered and connected peers to determine the performance of three Polkadot full nodes located in London, Seoul, and North California. Furthermore, we did a security analysis to determine any vulnerabilities that could emerge from using Polkadot with either of the network environments. And we investigated in-depth the susceptibility of the Polkadot node to an Eclipse attack, as previous research has shown that Bitcoin with Tor was vulnerable to an Eclipse attack.
Our results show that a Polkadot node with Tor has considerably high latency and cannot maintain long-lasting connections. The short connection time decreases the time to perform an Eclipse attack on a Polkadot node from a couple of months and weeks for the normal and VPN environment to potentially six days or less for the Tor environment. We calculated the cost of running an Eclipse attack to be approximately €482 per week. The Polkadot node behind the VPN does perform considerably better. The Polkadot node in London, behind the VPN located in Frankfurt, performed similarly in terms of latency to the Polkadot node in a normal network environment. However, the Polkadot nodes in both
the Tor and VPN environment have only outgoing connections. If too many nodes ran behind one of these environments, fewer peers would be able to establish connections with one another, resulting in network partitions or network failure.
This study emphasizes the importance of unlinkability between a Polkadot user’s address and IP. However, using Tor or a VPN as privacy-enhancing tools could impact the security of the Polkadot node and the whole Polkadot network. So users should avoid using Tor with Polkadot and carefully consider the tradeoff between privacy and security when using a VPN. The security issues mentioned in this thesis should be further investigated and tested. Furthermore, a default solution built into the Polkadot source code should be investigated.","Blockchain; Polkadot; Privacy; Unlinkability; Tor; VPN; Measurement; Eclipse Attack","en","master thesis","","","","","","","","","","","","Computer Science","",""
"uuid:8089d4d3-8e36-4b11-a9fc-17b43ebceb9a","http://resolver.tudelft.nl/uuid:8089d4d3-8e36-4b11-a9fc-17b43ebceb9a","Reverse Engineering of Web Cookies: When is too late for your private data?","Taneva, Aleksandra (TU Delft Electrical Engineering, Mathematics and Computer Science)","Smaragdakis, G. (mentor); Picek, S. (graduation committee); Delft University of Technology (degree granting institution)","2023","Nowadays, the online industry contributes to a multi-billion dollar business, facilitates most of the population's everyday activities, and processes vast amounts of data, including personal data. Current work aims to explore the inconsistency or consistency of the content obtained by the websites to generate cookies based on various data that the user provides when visiting a web page, being by explicit consent or not. Some websites integrate with third-party companies that track users and collect their data. For this research, a custom-made Selenium-based web application (crawler) visits the Top 50 Alexa most visited websites and observes the cookies that are collected before the user's consent. After a brief data set analysis, a significant inconsistency in the cookies' count that deviates per location, device type, and operating system is detected. The results show that some websites collect private data, even though users are not informed about the collected data, and the consent for using cookies is not retrieved. These results imply that tracking persists as a serious concern. Tracking raises ethical and legal matters due to its potential adverse effect on users' data. That is why it is essential to analyse the content these trackers obtain, e.g., location, internet protocol address, and browsing history. Subsequently, to suggest possible techniques to avoid tracking.","Computer Science; HTTP Cookies; Privacy; Chrome Driver; Selenium","en","master thesis","","","","","","","","","","","","Computer Science | Cyber Security","",""
"uuid:b053623d-b471-40fc-9cae-a8a49b892177","http://resolver.tudelft.nl/uuid:b053623d-b471-40fc-9cae-a8a49b892177","Mitigating Inference Attacks in Collaborative Credit Card Fraud Detection using Secure Multi-Party Selection","van Tetering, Daphne (TU Delft Electrical Engineering, Mathematics and Computer Science; TU Delft Cyber Security)","Erkin, Z. (mentor); Li, T. (mentor); Lagendijk, R.L. (graduation committee); Aniche, Maurício (graduation committee); Delft University of Technology (degree granting institution)","2021","The convenient service offered by credit cards and the technological advances in e-commerce have caused the number of online payment transactions to increase daily. With this rising number, the opportunity for fraudsters to obtain cardholder details via online credit card fraud has also increased. As a result, according to the European Central Bank, billions of Euros are lost due to credit card fraud every year. Since verifying all transactions by hand is infeasible, automated Fraud Detection Systems (FDSs) are needed. Currently, financial institutions create such systems by training machine learning algorithms on transaction data. However, the performance of these systems is obstructed due to a lack of positive (fraud) samples in the collected transaction data. To improve performance, an ideal solution would be to merge data of all institutions and to train an FDS on the resulting data set. However, privacy reasons concerning the sensitive customer information in this data, and security risks associated with transferring data, render this solution unrealistic. Therefore, the need rises for novel protocols that allow financial institutions to collaboratively train FDSs without sharing private data. Previous research in the field of collaborative learning attempts to solve such problems by requiring participants to train local models, which are aggregated into a global model by a trusted central entity. Unfortunately, the vulnerability of these settings to inference attacks restricts their applicability. Inference attacks aim to extract additional secret knowledge from a model. These are especially powerful when performed by participants in a sequential setting, where participants train the same model one after the other following a given order. This is because in this setting participants have white-box access to the model itself and to the data used to train it. Naturally, these attacks are considered a breach of privacy and hinder collaboration. In this work, we propose a novel protocol leveraging secure multi-party computation techniques to prevent inference attacks in a sequential setting. To achieve this, we require participants to jointly determine a training order. While doing so, we ensure participants only receive information on whom to send their data to. This means participants are unaware of whose data they are receiving. With this work, we contribute a practical protocol that is robust against inference and timing attacks to facilitate privacy-preserving sequential collaborative learning. To the best of our knowledge, our work is the first to prevent inference attacks using a secure multi-party selection protocol with overhead of only a few seconds.","Secure Multi-Party Computation; Collaborative Learning; Privacy; Applied Cryptography; Inference Attacks","en","master thesis","","","","","","","","","","","","Computer Science | Cyber Security","",""
"uuid:30846529-9080-4945-8502-dc962ec00bf3","http://resolver.tudelft.nl/uuid:30846529-9080-4945-8502-dc962ec00bf3","A Human-Machine Approach to Preserve Privacy in Image Analysis Crowdsourcing Tasks","Shriram, Sharad (TU Delft Electrical Engineering, Mathematics and Computer Science)","Bozzon, Alessandro (mentor); Mauri, Andrea (mentor); Houben, Geert-Jan (graduation committee); Finavaro Aniche, Mauricio (graduation committee); Delft University of Technology (degree granting institution)","2019","Modern web information systems use machine learning models to provide personalized user services and experiences. However, machine learning models require annotated data for training, and creating annotated data is done through crowdsourcing tasks. The content used in annotation crowdsourcing tasks like medical records and images might contain some private information which can directly or indirectly identify an individual. The name, age, ethnicity, gender, contact details are examples of private information that directly identifies an individual. Indirect private information relates to the cultural, economic, and social factors of an individual. For instance, the visual cues of religious objects or symbols relate to the religious beliefs of an individual. In this thesis, we study how to minimize the amount of private information extracted from images using a hybrid algorithm which combines machine learning models and crowdsourcing. We also demonstrate that the proposed hybrid algorithm reduces the amount of private information exposed from the image and the cost of using the crowd for detecting private information in the image.","Privacy-preserving; Crowdsourcing; Machine Learning; Hybrid Human-AI Algorithm; Hybrid Intelligence; Privacy","en","master thesis","","","","","","","","","","","","Computer Science","",""
"uuid:c95be56f-0d97-44fc-bfe5-d595a7fa6ccb","http://resolver.tudelft.nl/uuid:c95be56f-0d97-44fc-bfe5-d595a7fa6ccb","Practical Privacy Preserving k-Nearest Neighbour in Outsourced Environments","Kroskinski, Ivo (TU Delft Electrical Engineering, Mathematics and Computer Science)","Erkin, Z. (mentor); Panichella, A. (graduation committee); Koehoorn, Joost (graduation committee); Delft University of Technology (degree granting institution)","2023","Organizations use cloud service providers for outsourcing their data, since this includes advantages such as: scalability, security and no need for in house experts. Therefore, outsourcing data to cloud providers results in reduced costs.
The disadvantage of outsourcing data to a cloud provider, is that organizations are not in control of their own data.
When organizations are not in control of their data, they are subject to privacy risks.
Privacy risks should be avoided, especially when sensitive data such as medical or financial records are involved.
Therefore, organizations protect their data by only outsourcing encrypted data to cloud providers.
However, data analysis on encrypted data is significantly reduced due to computational and communicational overhead.
A commonly used data analysis method, such as k-Nearest Neighbour Search (k-
NNS), is useful when for finding similar records in a database for a given query.
Previous research shows success using k-NNS methods while preserving privacy, by using fully homomorphic encryption.
However, previous solutions required the client to be online and help in the protocol, or make use of non-colluding servers.
Therefore, we introduce our k-NNS protocol, which outsources all the work to the cloud server and the client is not involved in the computation.
Our k-NNS protocol shows success on data sets used to test k-NNS applications, however is significantly slower than solutions which involve the client or non-colluding servers.","Privacy; k-NNS; outsource; cloud","en","master thesis","","","","","","","","","","","","Computer Science","",""
"uuid:e425d47d-ff7c-4503-8478-ed1458569ff4","http://resolver.tudelft.nl/uuid:e425d47d-ff7c-4503-8478-ed1458569ff4","PRECLUDE: PRivacy-prEserving Collaborative Learning Using a Decentralised Ensemble approach","van de Kamp, Lars (TU Delft Electrical Engineering, Mathematics and Computer Science)","Erkin, Z. (mentor); Ugwuoke, C.I. (mentor); Delft University of Technology (degree granting institution)","2018","Machine learning techniques receive significant responsibilities, despite growing privacy concerns. Early-stage autonomous vehicles are increasingly appearing on the streets, carrying the burden of transporting human-lives to their destination. Meanwhile, doctors are involving Artificial Intelligence (AI) in their medical diagnoses, basing treatment of patients on the analyses AI provides. For these services to reach their full potential, a vast amount of training data is required, often gathered from a variety of sources. In many cases, the required data is considered to be privacy-sensitive (e.g., medical data). Due to the sensitivity of the underlying information, many individuals and organizations are not willing to entrust its protection to another party.
A field that attempts to limit the need to transfer training data openly is called collaborative learning, where multiple data generators cooperate to jointly train a classifier. In the proposed techniques the participants aim to limit the privacy loss of their collected training data to other collaborators. We contribute a clear overview of the current state-of-the-art and identify its limitations. Based on these limitations, we present two innovative protocol designs that pave the way towards private collaborative learning.
The ECONoMy protocol is developed to suit the needs of a high participant use case (i.e., Internet of Things (IoT)), under an assumed semi-honest adversarial model. The experimental results show that ECONoMy offers the desired privacy properties while remaining competitive to the non-privacy preserving alternative with which it is compared. However, in certain environments the incentives can grow exceedingly large rendering the ’semi-honest’ adversary assumption impractical.
We, therefore, created the PRECLUDE protocol which uses traceable ring signatures to protect against adversaries in the covert adversarial model. The tracing capability allows to detect malpractice and leak the identity of the deviant while preserving the anonymity of honest participants. These additional privacy-preservation properties came at a high cost to the overall efficiency, which is what we aimed to reduce by designing our extended protocol called PRECLUDE+.
PRECLUDE+ manages to drastically improve efficiency by reducing the number of participants included in a single signature. Further, we created a batch-verification phase that allows us to omit several exponentiations in each execution. We provide a detailed statistical analysis showing how to balance the efficiency improvements, with the required privacy parameters. The protocols presented in this thesis significantly improve upon the privacy guarantees offered by current alternatives, and provide a clear direction in which future work can continue to build.","collaborative learning; Privacy; Cryptography; Adversarial Machine Learning","en","master thesis","","","","","","","","","","","","Computer Science | Cyber Security","",""
"uuid:e04147cc-eff3-4044-b6b8-b98183f62645","http://resolver.tudelft.nl/uuid:e04147cc-eff3-4044-b6b8-b98183f62645","Do they really value your privacy?: An exploratory analysis of what can be learned about companies from their privacy statements","Rovers, Tim (TU Delft Technology, Policy and Management)","Asghari, Hadi (mentor); Warnier, Martijn (mentor); Ernst, Wouter (graduation committee); Delft University of Technology (degree granting institution)","2019","This master thesis explores to what degree information about a company's commitment to privacy can be extracted from a privacy statement. To do this, firstly a new database of more than 1500 privacy statements is created using Amazon Mechanical Turk. Next, 72 different aspects related to privacy of the statements are enumerated by using natural language processing. Multiple analyses are run on this data to look for signals which can indicate commitment to privacy. Ultimately, the analyses result in a number of ways which the quality and completeness can be assessed, and a method to find out the degree to which a privacy statement has likely copied other statements. This can be useful for privacy regulators in identifying companies which are less likely to comply with existing privacy regulations.","Privacy; Natural Language Processing; Privacy Statements; Exploratory Analysis","en","master thesis","","","","","","","","","","","","Engineering and Policy Analysis","",""
"uuid:115210e6-f2bd-491c-a4f8-19e350824c73","http://resolver.tudelft.nl/uuid:115210e6-f2bd-491c-a4f8-19e350824c73","A distributed approach to improve inland water transportation addressing privacy and incremental improvements","Geboers, Sven (TU Delft Mechanical, Maritime and Materials Engineering)","De Schutter, B.H.K. (mentor); Reppa, V. (graduation committee); van den Boom, A.J.J. (graduation committee); Delft University of Technology (degree granting institution)","2022","Currently, inland waterway shipping mainly includes barges and bulk transportation with little to no variation in volume, product, and route. Since transport over water emits less CO2 per tonne-km than road transport, a potential way to reduce CO2 emissions is to transport more containers via inland waterways. Large delays cause unreliability, which in their turn cause an opportunity cost and increased operational costs. These increased costs have a negative impact on the competitiveness of inland water transport with regards to road transport.
An alternative to the way planning is handled currently is by solving a Vehicle Rotaton Planning Problem (VRPP). The problem is solved by minimizing a cost function. For example, the total time spent in a port area (called the sojourn time) can be minimized.
Solving the VRPP results in a rotation plan that dictates the order in which vessels visit terminals and how many containers they should transport from one terminal to another. There are multiple ways to solve the VRPP, one of which is through the use of the Distributed Pseudotree Optimization Protocol (DPOP), where the vessel operators reach an optimal solution together by sharing only information about those variables that share the same constraints with other variables from other agents. An attractive property of DPOP is that it is possible to include privacy constraints in the algorithm, such that vessel operators only have to share minimal information about their journey and not lose a competitive advantage to one another. For example, the operators might only want to share variables like the arrival time, and only want to share it with operators that have the approximately same arrival time.
To ensure the problem can be solved and that the message size does not run out of memory bounds, the memory-bounded version of DPOP is implemented. Because Memory-Bounded Distributed Pseudotree Optimization Protocol (MB-DPOP) requires an exponential number of messages when the inference width is above a certain threshold, an alternative way of formulating and solving the problem is considered using the Maximum Gain Messaging (MGM) algorithm and a formulation that includes how much vessel operators are willing to change their current rotation plan for a lower overall cost. With this formulation, when something changes in the problem definition, the entire calculation does not have to be done again because starting from the previous solution is possible.
Two simulated case studies in the port area of Rotterdam are done to performed the performance of the algorithms. The results show while MB-DPOP can guarantee some level of privacy, it does not scale very well and is thus not really useful in real life. While the algorithm yields a global solution and can guarantee a certain level of privacy, its execution time is in the order of hours, even for relatively small problem sizes. Conversely, the MGM algorithm with reformulation scales quite well and can possibly guarantee some level of privacy as well with extension. While the algorithm does not come up with a global solution, it can be a decent trade off between a level of privacy, and scalable algorithms that are centralized, such as a genetic algorithm.","DPOP; Privacy; VRPP; DCOP; MGM","en","master thesis","","","","","","","","","","","","Mechanical Engineering | Systems and Control","",""
"uuid:2b736629-4e3c-40f2-b64d-c65e79847cb9","http://resolver.tudelft.nl/uuid:2b736629-4e3c-40f2-b64d-c65e79847cb9","Hierarchical Query Mechanisms for Searchable Encrypted Databases","Nasrullah, I.H.","Erkin, Z. (mentor); Lagendijk, R.L. (mentor)","2009","Detecting and tracking of objects by a tracking device can be considered a breach of privacy when an unauthorised party can associate certain tracking information outputted by the tracker to the identity of an individual. Therefore, when this privacy-sensitive information is stored in a database, it is desired that this is done in a secure manner. A commonly used approach to achieve secure database storage is the application of access control mechanisms. Access control mechanisms prevent unauthorised parties from accessing the database in a conventional manner. In this work it is argued that, while helpful, access control mechanisms alone are not sufficient and that the use of encryption is a helpful next step in achieving secure storage of privacy-sensitive data. In this work, secure database storage of the combination of an identity and its associated tracking information is investigated. In particular, this work introduces and explores Hierarchical Query Mechanisms (HQMs). HQMs allow an authorised party to perform hierarchical queries over an encrypted database, without leaking any information related to the contents of the encrypted database to an unauthorised party. Several cryptographic protocols that support a HQM are designed and their relative merits and flaws are discussed. The protocols discussed in this work support HQMs through the use of key extraction and searchable encryption mechanisms. The protocols are implemented to examine their practical performance. Finally some recommendations for future work are proposed and discussed.","Hierarchical Query Mechanisms; Searchable Encrypted Databases; Information Security; Privacy","en","master thesis","","","","","","","","2009-07-01","Electrical Engineering, Mathematics and Computer Science","ICT Group","","","",""
"uuid:c32d3e79-bd3a-449b-8514-81fee12e467a","http://resolver.tudelft.nl/uuid:c32d3e79-bd3a-449b-8514-81fee12e467a","Surveillance/Intimacy: Shifts in spaces - transformations of realities","Kitkauskas, Mantas (TU Delft Architecture and the Built Environment)","Schoonderbeek, Marc (mentor); Rommens, Oscar (mentor); Jennen, Pierre (mentor); Delft University of Technology (degree granting institution)","2018","Armenia faces international conflicts especially with Azerbaijan and Turkey. There is always a chance of a sudden intensification of conflicts what results in extreme militarization of country as well as strengthened social control. Social control gains new level as the relation between government and society is also complicated. As a consequence the country and Yerevan city is highly surveilled. The presence of surveillance surely guarantees a certain level of security, but it also affect the privacy and even intimacy of society. This problem escalates when cultural aspect of Armenians is taken into a count. Armenians give a great value for family cult and fellowship. Expressions of intimate relationship often appear in Yerevan city especially in the places where their relatives stay. Such relationship always occur under the gaze of surveillers what becomes problematic as they are not even capable to escape it.
Research findings led to a design of reality show studio which in a form of scenography demonstrates the condition of repressive surveillance and lack of privacy commonly seen the city of Yerevan. Such program was also chosen as the participants are always under the gaze. Reality show fulfills the mental satisfaction of the one who watches it since it delivers voyeuristic elements or cultivates unusual behavior of the participants.","Surveillance; intimacy; Privacy; Monitoring; Control; Armenia; Yerevan","en","master thesis","","","","","","","","","","","","Architecture, Urbanism and Building Sciences","",""
"uuid:4f2ded74-2f47-48ae-9496-b2c816e3ccc3","http://resolver.tudelft.nl/uuid:4f2ded74-2f47-48ae-9496-b2c816e3ccc3","HUMAN WASTE, WHAT A DRAG!: Redesign transporting and the handling of Thetford’s waste-holding tank","Van Bergen, A.T.M.","Molenbroek, J.F.M. (mentor); Van Boeijen, A.G.C. (mentor); Van Beek, J. (mentor); Dirven, J. (mentor)","2015","While travelling with their RV, campers want to have the same comfort as their home. That includes the use of toilets. European RVs use a system where the human-wastes are contained in a waste-holding tank until those wastes are dumped. The dumping needs to be done manually, the RV user has to remove the tank from the RV, bring the tank to a dumping area, drain the tank and put the tank back into the RV. After interviewing a few RV owners and exploring different sources of information, the consensus is the same: “the waste-holding tank is a part of the camping experience, but not a pleasant one”. The overall experience is unpleasant due to three main issues: the disgust, the awkwardness and the physical strain. The experience is disgusting due to the odours of poop and pee mixed in with chemicals. The awkwardness comes from the fact that the subject of poop and pee has a taboo. And the tank can become quite heavy and therefore strenuous to handle. The usual campers that are found on a camping ground are a couple and both over 50 years old. The campers have different rituals and routine concerning the waste-holding tank but they have a few habits in common. The use of the RV’s toilet is avoided and it is better to use the sanitary building. The man in the couple is the one that empties the tank, and when he does, he tries to avoid encountering other people, by going to the dumping area in the morning or late in the afternoon. The dumping area is the most unpleasant part of the overall experience. While eliminating bodily products, people need to feel safe. Public toilets manage to give a certain amount of safety to its users, unlike the dumping spot (see Picture 1). At the worst moment, when the sludge inside the tank is drained, a really strong and overwhelming smell spreads in the area. Those dumping areas are often next to the sanitary building, so the person draining the tank as well as the people brushing their teeth or doing the dishes get to smell those odours. People feel uncomfortable, the person draining his tank feels exposed and like a bother for the others, while the others try to avoid looking and to ignore the offensive smell. Finally, the dumping area often is a simple metal sink at about waist height, which makes holding the tank upside-down over the sink quite difficult. The user lacks control and support at that point. To resolve these issues, the design needs to give the user more control over the draining of the tank, reduce the smells and reduce his presence when other people are doing their daily routine. The different concepts have a different focus, their strong point vary. One of them is better suited for the user because it puts distance between him and the tank, thus reducing the odours that break free. Another concept encloses the whole system, giving the odours less time to spread and bother the user or other campers. Thirdly, the last one hides the tank which makes it less embarrassing for the user because he is not directly seen with the tank in his hands. After combining two concepts and building a prototype, a few test sessions were performed. The sessions proved that the design is easy and simple to understand. The test subjects were all enthusiastic and gave positive feedback about the prototype. Finally, the final product (Picture 2 and 3) is a dumping station, shown on the right hand side, that resolves these issues. The tank is hidden within the dumping station and the user does not need to hold the tank while it is draining itself, making it easier to put some distance between the user and the tank. The system is enclosed, therefore the odours are more contained, making it the experience less unpleasant for the user as well as the people in the neighbourhood.","Human Waste; Dumping; Camping; Disgust; Privacy","en","master thesis","","","","","","","Campus only","","Industrial Design Engineering","Industrial Design","","Master of Science Design for Interaction","",""
"uuid:ca63c864-761b-4be3-ae34-06378e1941ff","http://resolver.tudelft.nl/uuid:ca63c864-761b-4be3-ae34-06378e1941ff","Road-user participation in vehicle-data sharing systems: for the purpose of dynamic traffic management","de Jong, Alex (TU Delft Technology, Policy and Management)","Molin, E.J.E. (mentor); Asghari, H. (graduation committee); van Erp, P.B.C. (graduation committee); Chorus, C.G. (graduation committee); Delft University of Technology (degree granting institution)","2019","This study aims to provide insight into how factors relating to privacy and incentives influence people's willingness to participate in sharing their vehicle based sensing data with governmental parties for the purposes of improved dynamic traffic management in the Netherlands. Through the use of a stated preference experiment data is gathered in order to estimate a discrete choice model using binary logistic regression. Respondents are most likely willing to share their data when trip registration is not personally identifiable and this data is not shared with third parties. Sharing of data with emergency services and for research purposes actually increases the odds of participation. Furthermore, potential users who have not been exposed alternatives which offer monetary reward are more likely to participate for free. Clear communication of the purpose and the social benefits of participation is important for obtaining sufficient levels of participation without offering monetary reward. Being parsimonious in data collection will result in the least amount of privacy harm and avoid the perception of a system as unfair and inefficient.","Dynamic Traffic Management; Privacy; Discrete Choice Modelling; Logistic regression; stated choice experiment","en","master thesis","","","","","","","","","","","","Complex Systems Engineering and Management (CoSEM)","",""
"uuid:099ad44b-294e-4661-87dd-9e570301daca","http://resolver.tudelft.nl/uuid:099ad44b-294e-4661-87dd-9e570301daca","Towards a New Prison: Facilitating the cyber crime threat","van der Meulen, Sietske (TU Delft Architecture and the Built Environment)","Smidihen, Hrvoje (mentor); van der Meel, Hubert (graduation committee); Delft University of Technology (degree granting institution)","2019","Digitalization and automation brings many amazing things; games, social media, navigation. However, it also makes us more vulnerable. The facelessness of cyber space and the emancipation of place makes it hard to grasp. Additionally, our personal data becomes more valuable and thereby more lucrative to criminalize. The combination of these factors make for an increasing criminalization of data. There are already several facilities to track and judge international and cyber criminals, however there is no specialized facility for punishing the perpetrators of the cyber realm. That lead me to the question: what role can Schiphol (and it’s no-man’s land) play in facilitating the increasing threat of cybercrime in the future? Schiphol’s no man’s land, and the emphasize we put on it in our group strategy, creates the perfect conditions for a cybercrime (a no-man’s land crime) prison. Architecturally the typology of the traditional prison and the principle of punishment and translated it into the appropriate measures for a cyber prison. Dealing with security, surveillance, privacy, punishment and rehabilitation.","Prison; Surveillance; Privacy; Punishment; Security; Cybercrime; Schiphol; 2050","en","master thesis","","","","","","","","","","","","Architecture, Urbanism and Building Sciences","","52.297480, 4.746534"
"uuid:f28d8d32-d7ab-4008-bb61-6ddb2158bf4c","http://resolver.tudelft.nl/uuid:f28d8d32-d7ab-4008-bb61-6ddb2158bf4c","Characterising AI Weakness in Detecting Personal Data from Images By Crowds","Somai, Ashay (TU Delft Electrical Engineering, Mathematics and Computer Science; TU Delft Web Information Systems)","Yang, J. (mentor); Balayn, A.M.A. (mentor); Wang, Q. (graduation committee); Houben, G.J.P.M. (graduation committee); Delft University of Technology (degree granting institution)","2021","This thesis looks at how to characterize weaknesses in machine learning models that are used for detecting privacy-sensitive data in images with the help of crowdsourcing. Before we can come up with a method to achieve a goal, we first need to make clear what we consider privacy-sensitive data. We took the General Data Protection Regulation (GDPR) as a starting point, and performed a crowdsourcing task to see how workers interpret this regulation. Interpreting legal texts can be difficult, there is room for interpretation and the perception of a legal text can change over time. Therefore, we need to take the input of the crowd, next to our own input, to operationalize this regulation to use in this context. Next, we took a machine learning model for detecting privacy-sensitive data in images in order to retrieve saliency maps, which helps us with explaining the inner-working of the model. Subsequently, the saliency maps are inspected through a crowdsourcing task, with the established privacy definition, to find out the strengths and weaknesses. From the results, we see that crowd workers can be efficiently used to find the strengths and weaknesses of a machine learning model, while keeping the privacy definition in mind. Workers are able to consistently apply their views about privacy across different images, whilst also increasing the trust people have in the machine learning model. This shows us that we can use crowdsourcing efficiently in a fairly difficult context of privacy, and paves the way for a more sophisticated approach to privacy-sensitive elements in images, and even for contexts other than privacy.","Privacy; Privacy Detection; Machine Learning; Crowdsourcing","en","master thesis","","","","","","","","","","","","","",""
"uuid:9c898ec1-2850-425b-8501-888f0535c5a8","http://resolver.tudelft.nl/uuid:9c898ec1-2850-425b-8501-888f0535c5a8","From Points to Faces: An automotive lidar-based face recognition system","Humblet Vertongen, Marie (TU Delft Mechanical, Maritime and Materials Engineering)","Caesar, H.C. (mentor); Peternel, L. (graduation committee); Zhang, X. (graduation committee); Delft University of Technology (degree granting institution)","2023","Face recognition using lidar presents challenges arising from high dimensionality and data sparsity, especially at longer distances. This paper proposes a novel approach for face recognition via automotive lidar. The approach leverages a combination of deep learning and point cloud processing techniques. After identification of the facial point clouds, an alpha-shaped convex hull is employed for regional linearization, resulting in the creation of a depth image. This depth image is then fed to a convolutional neural network architecture, BasicNet, specifically trained for face recognition. The approach is evaluated on a dataset comprising 52 individuals acquired using two lidar sensors with different point densities. The individuals walked at distances ranging from 5 to 18 meters from the sensors. The approach achieves interesting results on this challenging dataset, thereby challenging the notion that lidar sensors are privacy-preserving.","Face Recognition; Automotive lidar; Privacy","en","master thesis","","","","","","","","","","","","Mechanical Engineering | Vehicle Engineering | Cognitive Robotics","","52.00096, 4.37142"
"uuid:5d769bad-a615-41b1-908e-2b52dd10e268","http://resolver.tudelft.nl/uuid:5d769bad-a615-41b1-908e-2b52dd10e268","Privacy-Preserving Data Aggregation with Probabilistic Range Validation","Dekker, Florine (TU Delft Electrical Engineering, Mathematics and Computer Science)","Erkin, Z. (mentor); Picek, S. (graduation committee); Aniche, Maurício (graduation committee); Delft University of Technology (degree granting institution)","2020","Privacy-preserving data aggregation protocols have been researched widely, but usually cannot guarantee correctness of the aggregate if users are malicious. These protocols can be extended with zero-knowledge proofs and commitments to work in the malicious model, but this incurs a significant computational cost on the end users, making adoption of such protocols less likely.
We propose a privacy-preserving data aggregation protocol for calculating the sum of user inputs. Our protocol gives the aggregator confidence that all inputs are within a desired range. Instead of zero-knowledge proofs, our protocol relies on an asynchronous probabilistic hypergraph-based detection algorithm with which the aggregator can quickly pinpoint malicious users. Our protocol is robust to user dropouts and is non-interactive apart from the registration phase. We describe several optional extensions to our protocol for temporal aggregation, dynamic user joins and leaves, and differential privacy. We analyse our protocol in terms of security, privacy, and detection rate. Finally, we compare the runtime complexity of our protocol with a selection of related protocols.","Privacy; Data aggregation; Applied cryptography; Hypergraphs","en","master thesis","","","","","","","","","","","","","",""
"uuid:46c267d3-3383-459b-8aba-0d24d6306ee7","http://resolver.tudelft.nl/uuid:46c267d3-3383-459b-8aba-0d24d6306ee7","Privacy Analysis of Decentralized Federated Learning","Yu, Wenrui (TU Delft Electrical Engineering, Mathematics and Computer Science)","Heusdens, R. (mentor); Liang, K. (graduation committee); Li, Qiongxiu (graduation committee); Delft University of Technology (degree granting institution)","2023","Privacy concerns in federated learning have attracted considerable attention recently. In centralized networks, it has been observed that even without directly exchanging raw training data, the exchange of other so-called intermediate parameters such as weights/gradients can still potentially reveal private information. However, there has been relatively less research conducted on privacy concerns in decentralized networks.
In this report, we analyze privacy leakage in optimization-based decentralized federated learning, which adopts generally distributed optimization schemes such as ADMM or PDMM in federated learning. By combining local updates with global aggregations, it was proved that optimization-based approaches are more advantageous compared to the traditional average consensus-based approaches, especially in scenarios where the data at the nodes are not independent and identically distributed (non-IID).
We further extend the privacy bound in distributed optimization to the decentralized learning framework. Different from the fact in the centralized learning framework the leaked information is the local gradients of each individual participant at all rounds, we find that in decentralized cases the leaked information is the difference of the local gradients within a certain time interval. Motivated by the gradient inversion in centralized networks, we then design a homogeneous attack to iteratively optimize dummy data whose gradient differences are close to the true revealed gradient differences. Though the gradient difference information still brings privacy concerns, we show that it is more challenging for adversaries to reconstruct private data using the difference of gradients than using the gradients themselves in the centralized case.
To deal with the privacy attack, we propose several potential defense strategies such as early stopping, inexact update and quantization etc. The main advantage of these approaches is that they introduce error/noise/distortion into decentralized federated learning for protecting private information from being revealed to others without affecting the training accuracy. In addition, we also show that the larger the batchsize is, the more difficult for the adversary to reconstruct the private information.","Federated learning; Privacy; Distributed optimization","en","master thesis","","","","","","","","","","","","Electrical Engineering | Signals and Systems","",""
"uuid:c12d7822-2597-4ea9-9d6e-fa253eb46e8a","http://resolver.tudelft.nl/uuid:c12d7822-2597-4ea9-9d6e-fa253eb46e8a","Enhancing the Cybersecurity and Privacy of Medical Wearables: A User-Centred Approach","Spanninga, Paulien (TU Delft Technology, Policy and Management; TU Delft Engineering, Systems and Services)","Zuiderwijk, AMG (mentor); Hinrichs-Krapels, S. (graduation committee); Figueroa, C.A. (graduation committee); Delft University of Technology (degree granting institution)","2023","In recent years, the medical world has seen rapid digitalisation. Digitalisation of healthcare and the opportunities of remote monitoring can help to keep the healthcare system affordable and accessible. A promising application of remote monitoring is the use of consumer-grade wearables for clinical care. However, vulnerabilities leave consumer-grade wearables susceptible to cybersecurity and privacy risks. When the wearables gain clinical care functionality, increased risks are problematic for the success of the technology. This research examined this problem by analysing the role of users in the cybersecurity and privacy environment and the impact of human factors on the cybersecurity and privacy system of medical wearables. Vulnerabilities and associated risks were identified with the help of notions from human-centric cybersecurity. To establish a user-centred approach to tackle these risks, the user needs and limitations were examined by performing a quantitative survey research. Based on the results of the survey and the human-centric components of user, usage, and usability, guidelines for the user-centred approach were formulated. These guidelines were subsequently linked with the challenges and attacker-oriented and user-oriented risks to establish recommendations for medical wearable providers. Providers can use these to steer the design of the cybersecurity and privacy system and the structuring of the system environment. The research showed that by taking into account the needs and limitations of users, the cybersecurity and privacy system design can be more effective in tackling user-oriented risks. The research concludes that a user-centred approach to cybersecurity and privacy can contribute to the successful use of consumer-grade wearables for clinical care purposes.","Cybersecurity; Human Factors; User-centered; Wearables; Healthcare; Privacy","en","master thesis","","","","","","","","2026-01-01","","","","Management of Technology (MoT)","",""
"uuid:198943dd-99d3-4bea-92f2-168aa1849a5a","http://resolver.tudelft.nl/uuid:198943dd-99d3-4bea-92f2-168aa1849a5a","A day and night train interior design for improved passenger comfort and improved train usage","Out, Annabelle (TU Delft Industrial Design Engineering)","Vink, P. (graduation committee); Vledder, G. (mentor); Donners, Barth (graduation committee); Delft University of Technology (degree granting institution)","2024","This project explores the prospects for interior design in a dual purpose train that can run both day and night for improved utilization and comfort.
Contemporary trains are categorized as either exclusively for daytime or nighttime use. Their interiors limit them to specific temporal contexts. For instance, in daytime trains, passengers are confined to sitting positions and cannot lie flat, resulting in suboptimal sleeping comfort. Thereby the appeal of such trains for night (long distance) travel is reduced. Conversely, in existing night trains, while passengers can lie flat, the fixed layout featuring compartments and beds makes the capacity of the train too low for daytime use. Moreover, night trains face strong competition from aviation, rendering their utilization challenging.
A solution to this problem involves designing a train interior that serves the dual purpose of accommodating both daytime and nighttime travel. Drawing insights from research, and the existing coach geometry, four distinct design directions were developed. Emphasis was placed on striking a balance between coach capacity and passenger comfort, recognizing the inherent tension between these two factors in this context. One of these directions was further refined into the final concept. In refining the final concept, the emphasis was on creating a passenger experience characterised by privacy, safety and comfort. Two Virtual Reality tests were conducted among other efforts to achieve this goal.
The final concept features a symmetrical coach with a centrally positioned entrance. The entrance aligns with the platform's height, facilitating easy boarding for passengers
with reduced mobility. The central hall houses a self-service bar for acquiring food and beverages. Adjacent to the central hall are seats on both sides. During the day, passengers can occupy these seats, which are configured in sets of two facing each other. No ticket reservation is necessary for daytime travel, and the coach accommodates 72 passengers during this period. Capacity is thereby 10% lower than in daytime-only trains. At night, the seats transform into beds, offering passengers the option to lie flat.
Privacy screens can be easily placed around the bed, and overhead lockers are available for secure luggage storage. The nighttime capacity is 36 passengers, which is the same capacity as the sleeper accommodation in night trains. Ticket reservation is obligatory for overnight travel. The coach incorporates two toilets and two washrooms. Distinct zones within the coach, such as a quiet zone, a socializing zone, and a women only zone for nighttime travel, contribute to a tailored and comfortable passenger experience.","Privacy; Security; Capacity; Night train","en","master thesis","","","","","","","","","","","","Integrated Product Design","",""
"uuid:0304a61b-14df-44a5-8a72-84b5ea5d1eb6","http://resolver.tudelft.nl/uuid:0304a61b-14df-44a5-8a72-84b5ea5d1eb6","Optimised Private Set Intersection for Vertical Federated Tree Models","Li, Martin (TU Delft Electrical Engineering, Mathematics and Computer Science)","Hai, R. (mentor); Zhan, D. (mentor); Lofi, C. (mentor); Decouchant, Jérémie (graduation committee); Delft University of Technology (degree granting institution)","2024","In recent years, the rapid advancements in big data, machine learning, and artificial intelligence have led to a corresponding rise in privacy concerns. One of the solutions to address these concerns is federated learning. In this thesis, we will look at the setting of vertical federated learning based on tree models. We have built a system that can do both entity resolution through private set intersection (PSI) and vertical federated learning (VFL). In this system, we have implemented an optimisation to pre-sort the data per feature before the start of VFL. We have also created a privacy framework, where we define four levels of privacy. This optimisation did not affect the privacy level of the system. In our results, we have seen that pre-sorting the data lowers the overall training time. How much depends on the number of entities and features of the passive party. We observe from our results that we estimate the speed-up to be 0.3654 seconds per feature and 0.2093 seconds per 1000 entities.","Vertical Federated Learning; Private Set Intersection; Privacy","en","master thesis","","","","","","","","","","","","Computer Science","",""
"uuid:10645ab7-581f-4b38-88aa-5b3c767fb2c9","http://resolver.tudelft.nl/uuid:10645ab7-581f-4b38-88aa-5b3c767fb2c9","Health data sharing for clinical research : Designing a patient-centric approach","Ghasia, Zahra (TU Delft Industrial Design Engineering)","van Heur, R.J.H.G. (mentor); Bourgeois, Jacky (graduation committee); Salami, Nima (graduation committee); Delft University of Technology (degree granting institution)","2024","The use of Electronic Health Records (EHRs) has seen a breakthrough in clinical research for personalized treatments (Hamburg & Collins, 2010.) Despite the potential advantages of vast EHR data available, constraints of privacy and legislation hinder its use (Rieke et al., 2020.) Health data exists in an interconnected healthcare system (Harris et al., 2009), comprising of stakeholders responsible for health data management within the constraints of GDPR. Data sharing platforms, through the use of secure data sharing practices and encrypted technology, can potentially change the landscape of health data in clinical research (Obermeyer & Emanuel, 2016.)
This project examines the privacy and stakeholder landscape of health data sharing through an evaluation of interaction with patients. It uses a Value-Sensitive design approach (Friedman et al., 2002) to contextualize the privacy values in clinical research for patients, doctors, patient organizations, clinical researchers, pharmaceutical industries and data sharing platforms. Through this examination, it identifies lack of transparent data use and research practices as a hindrance to the use of health data on a data sharing platform. Transparency is examined through a patient-centric lens, wherein information and control over preferences of participation are found to be crucial. This evaluation further identifies roles of researchers and data sharing platforms for a transparent approach.
The project results in a concept termed ‘Negotiated Consent‘, which examines the use of data sharing platforms in offering individuals transparency. This is contextualized within patient consent for recruitment in clinical research, wherein data sharing platforms are responsible for data processing through the use of Federated Learning and Natural Language Processing. The stakeholder landscape for the same is defined in 3 functions for the platform- Access to Health Data, Patient Consent and Recruitment, and Data-Driven Insights. The results are tested through a study of the prototyped user experience of ‘Negotiated Consent‘, wherein participants emphasized ‘feeling more informed and in control’ in comparison to the current informed consent.
Whilst the study examines a patient-centric approach towards health data sharing for clinical research, it has limitations in addressing the multi-faceted reality of patient’s lives that informs their choices to enrol in clinical research. The further development of patient-centricity in the domain requires examination of motivations through a lens of disease-specific patient groups, demographics, and personal history with diseases (Hong et al., 2020) will lead to richer insights. Furthermore, Negotiated Consent is a proof-of-concept for dynamic consent (Mascalzoni et al., 2022), that demonstrates revision over participation choices within one moment of patient consent.
This project contributes to an understanding of the privacy and stakeholder dynamics for health data sharing. It illuminates a transparent approach to recruitment for clinical research through a collaborative effort that emphasizes on patient-centric approaches. Using a mutually responsible approach, data sharing platforms can lead the way for use of data in clinical research that simultaneously empowers patients to control their data through a negotiated lens.","Health Data; Privacy; Informed Consent; Data sharing; Machine Learning; Ethics of Technology; Health Tech; GDPR; Data donation; Value-Sensitive Design; Systemic Design; Design for healthcare","en","master thesis","","","","","","","","","","","","Integrated Product Design","",""