CYBERSECURITY OF "SMART CITIES": SOCIAL ASPECTS, RISKS OF DEANONYMIZATION AND DOXING
Keywords:smart city, deanonymization, doxing, personal data, cybersecurity, risks
The paper analyzes possible risks and threats posed by the transition from modern cities to smart cities. The concept and scheme of doxing implementation are analyzed. Moreover, the essence of deanonymization is revealed and threats to the privacy and security of smart city residents associated with these processes are identified. Furthermore, the reasons for the growth of doxing practice are clarified. The social aspect of the cybersecurity of a smart city is seen primarily in the increased risks of privacy disclosure, which can lead to deanonymization, which can later be used for doxing, cyberbullying, blackmail or social engineering schemes. This demands that personal data must not only be protected by reliable cryptographic and technical measures but also - where it allows by work tasks - be specifically or partially impersonalised. Also, when planning personal data protection in smart city informational ecosystems, it should be considered that such protection will be existing in the context of an overall eco-information system of the city. Therefore, the one's always set priorities balanced between data protection, identify threats, measures and mechanisms for their implementation and daily routine tasks of system administration. The article analyzes cases and schemes of deanonymization, shows the vulnerability of modern information and communication systems to obtain data that can be used by an attacker. Based on the analysis and taking into account the specifics of the functioning of information ecosystems of smart cities, the main recommendations for protecting data stored in information systems are developed and systematized, which will reduce the risks of hacking such data and minimize harm from deanonymization and doxing. Finally, the authors proved that deanonymization is a sequential hacking process, and doxing is a hacking process and publishing private information. Such information can be obtained by collecting and analyzing open ("white"), stolen ("black") and stolen by third parties, but conditionally freely available ("Gray") sources of information. With the development of the smart city infrastructure, the amount of information collected, stored and processed will grow. This will lead to an increase in the "digital footprint" of every user of information system, that is, almost everyone who lives in the city.
2. Caird S.P., Hallett S.H. (2019). Towards evaluation design for smart city development. Journal of Urban Design. — Routledge, Vol. 24, no. 2. P. 188–209.
3. Yigitcanlar T. (2015). Smart cities: An effective urban development and management model?. Australian Planner. — Routledge, Vol. 52, no. 1. P. 27–34.
4. Bastidas V., Helfert M., Bezbradica M. (2018). A requirements framework for the design of smart city reference architectures. Proceedings of the 51st hawaii international conference on system sciences. Retrieved from https://pdfs.semanticscholar.org/b01d/7901f131540cf7f0d03041a03f5e2f8589a8.pdf
5. Boyko V., Vasilenko N. (2020). Smart city in the context of cybersecurity: Incidents, risks, threats. Municipal economy of cities. Vol. 4, no. 157. 184–191.
6. Cross M. (2013). Social media security: Leveraging social networking while mitigating risk. — Newnes, 346.
7. Pahwa N. Individuals’ rights at risk in the digital age. Digital Debates. — P. 12.
8. Dox | definition of dox by merriam-webster (2020). Retrieved from https://www.merriam-webster.com/dictionary/dox.
9. Boardman M. (2019). Doxing: An increased (and increasing) privacy risk. Retrieved from https://blogs.ischool.berkeley.edu/w231/2019/02/26/doxing-an-increased-and-increasing-privacy-risk/.
10. Peters F., Hanvey S., Veluru S., Mady A. E., Boubekeur M., Nuseibeh B. (2018). Generating privacy zones in smart cities. 2018 ieee international smart cities conference (isc2). 1–8.
11. Chang L. Y., Zhu J. (2020). Taking justice into their own hands: Predictors of netilantism among cyber citizens in hong kong. Frontiers in Psychology. — Frontiers Media SA, Vol. 11. 1–8.
12. Coleman G. (2013). Anonymous in context: The politics and power behind the mask. No 3. Retrieved from https://www.cigionline.org/sites/default/files/no3_8.pdf
13. Kerk I. van de. (2015). Data use versus privacy protection in public safety in smart cities: Master’s thesis.
Retrieved from https://dspace.library.uu.nl/handle/1874/318131
14. Rebollo-Monedero D., Bartoli A., Hernández-Serrano J., Forné J., Soriano M. (2014). Reconciling privacy and efficient utility management in smart cities // Transactions on Emerging Telecommunications Technologies. — Wiley Online Library, Vol. 25, no. 1. 94–108.
15. Popescul D., Genete L.-D. (2016). Data security in smart cities: Challenges and solutions. Informatica Economică. Vol. 20, no. 1. 29–39.
16. Howard P.N., Gulyas O. (2014). Data breaches in europe: Reported breaches of compromised personal records in europe, 2005-2014 // Available at SSRN 2554352. 22.
17. Nicola C. Almost 700 doxxing cases reported since june, majority directed at hong kong police (2020). Retrieved from https://www.scmp.com/yp/discover/news/hong-kong/article/3066122/almost-700-doxxing-cases-reported-june-majority-directed.
18. 32-year-old male technician sentenced to 2 years in prison for doxxing - dimsum daily (2020). Retrieved from https://www.dimsumdaily.hk/32-year-old-male-technician-sentenced-to-2-years-in-prison-for-doxxing/.
19. Wheatley S., Maillart T., Sornette D. (2016). The extreme risk of personal data breaches and the erosion of privacy. The European Physical Journal B. — Springer, Vol. 89, no. 1. 1–12.
20. Eling M., Wirfs J. (2019). What are the actual costs of cyber risk events?. European Journal of Operational Research. Vol. 272, no. 3. 1109–1119.
21. Qian J., Li X.-Y., Zhang C., Chen L. (2016). Deanonymizing social networks and inferring private attributes using knowledge graphs. IEEE infocom 2016-the 35th annual ieee international conference on computer communications. — IEEE, 1–9.
22. Alasdair A., Pete W. (2020). Got an iPhone or 3G iPad? Apple is recording your moves - o’Reilly radar. Retrieved from http://radar.oreilly.com/2011/04/apple-location-tracking.html.
23. Abalenkovs D., Bondarenko P., Pathapati V. K., Nordbø A., Piatkivskyi D., Rekdal J. E., Ruthven P. B. (2012). Mobile forensics: Comparison of extraction and analyzing methods of ios and android // Gjovik University College, Gjovik, Norway. Retrieved from https://www.semanticscholar.org/paper/Mobile-Forensics-%3A-Comparison-of-extraction-and-of-Abalenkovs-Bondarenko/ed402e51fdc47b5459ec804f6bdbeb05cd75d96e.
24. Beltramelli T., Risi S. (2015). Deep-spying: Spying using smartwatch and deep learning // CoRR. Vol. abs/1512.05616. Retrieved from https://www.researchgate.net/publication/287249444_Deep-Spying_Spying_using_Smartwatch_and_Deep_Learning/link/572ceb7008aee02297598033/download
25. Souza A., Pereira J., Batista T., Cavalcante E., Cacho N., Lopes F., Almeida A. (2018). A geographic-layered data middleware for smart cities. Proceedings of the 24th brazilian symposium on multimedia and the web. 411–414.
26. Mazhelis O., Hämäläinen A., Asp T., Tyrväinen P. (2016). Towards enabling privacy preserving smart city apps. 2016 ieee international smart cities conference (isc2). 1–7.
27. Strava data heat maps expose military base locations around the world (2020). Retrieved from https://www.wired.com/story/strava-heat-map-military-bases-fitness-trackers-privacy/.
28. Strava suggests military users ’opt out’ of heatmap as row deepens | technology (2020). — https://www.theguardian.com/technology/2018/jan/29/strava-secret-army-base-locations-heatmap-public-users-military-ban.
29. Why was it so easy for hackers to take down the internet – cnet (2020). — https://www.cnet.com/how-to/ddos-iot-connected-devices-easily-hacked-internet-outage-webcam-dvr/.
30. Lagnese N., Lacey Henning E. B., Kimball T., Reagan B. Lizard squad. — 2018.
31. Peeping into 73,000 unsecured security cameras via default passwords | cso online (2020). Retrieved from https://www.csoonline.com/article/2844283/peeping-into-73-000-unsecured-security-cameras-thanks-to-default-passwords.html.
32. Marketer of internet-connected home security video cameras settles ftc charges it failed to protect consumers’ privacy | federal trade commission (2020). Retrieved from https://www.ftc.gov/news-events/press-releases/2013/09/marketer-internet-connected-home-security-video-cameras-settles.
33. Beckers K. (2012). Comparing privacy requirements engineering approaches. 2012 seventh international conference on availability, reliability and security. 574–581.
34. Spiekermann S., Cranor L.F. (2009). Engineering privacy. IEEE Transactions on Software Engineering. Vol. 35, no. 1. 67–82.
35. Yang M., Yu Y., Bandara A. K., Nuseibeh B. (2014). Adaptive sharing for online social networks: A trade-off between privacy risk and social benefit. 2014 ieee 13th international conference on trust, security and privacy in computing and communications. P. 45–52.
36. Ye X., Zhu Z. (2009). Privacy compliance engineering process. 2009 second international symposium on electronic commerce and security. Vol. 1. 255–259.
37. El Masri A.A., Sousa J.P. (2009). Limiting private data exposure in online transactions: A user-based online privacy assurance model. 2009 international conference on computational science and engineering. Vol. 3. 438–443.
38. American bank systems hit by ransomware attack, full 53 gb data dump leaked - security report (2020). Retrieved from https://securityreport.com/american-bank-systems-hit-by-ransomware-attack-full-53-gb-data-dump-leaked/.
39. McCallister E., Grance T., Scarfone K.A. (2010). Sp 800-122. Guide to protecting the confidentiality of personally identifiable information (pii). — National Institute of Standards & Technology, Retrieved from https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-122.pdf.
40. Jutla D.N., Bodorik P. (2015). PAUSE: A privacy architecture for heterogeneous big data environments. 2015 ieee international conference on big data (big data). 1919–1928.
41. Solomon M.G., Sunderam V., Xiong L., Li M. (2016). Enabling mutually private location proximity services in smart cities: A comparative assessment. 2016 ieee international smart cities conference (isc2). 1–8.
How to Cite
The authors who publish in this collection agree with the following terms:
• The authors reserve the right to authorship of their work and give the magazine the right to first publish this work under the terms of license CC BY-NC-ND 4.0 (with the Designation of Authorship - Non-Commercial - Without Derivatives 4.0 International), which allows others to freely distribute the published work with a mandatory reference to the authors of the original work and the first publication of the work in this magazine.
• Authors have the right to make independent extra-exclusive work agreements in the form in which they were published by this magazine (for example, posting work in an electronic repository of an institution or publishing as part of a monograph), provided that the link to the first publication of the work in this journal is maintained. .
• Journal policy allows and encourages the publication of manuscripts on the Internet (for example, in institutions' repositories or on personal websites), both before the publication of this manuscript and during its editorial work, as it contributes to the emergence of productive scientific discussion and positively affects the efficiency and dynamics of the citation of the published work (see The Effect of Open Access).