Saudi Cultural Missions Theses & Dissertations
Permanent URI for this communityhttps://drepo.sdl.edu.sa/handle/20.500.14154/10
Browse
16 results
Search Results
Item Restricted Privacy Regulation of Cellular Network Data: A Comparative Study with Recommendations for the Kingdom of Saudi Arabia(University of Waikato, 2023) Aldubayyan, Ahmed; Rumbles, Associate Wayne; Liao, Leo ZOne of the primary economic objectives of multinational technology corporations is to amass a significant amount of personal data, potentially leading to significant infringements of individuals' privacy rights. The advent of the technology revolution has resulted in a swift evolution of privacy laws in numerous jurisdictions. This can be attributed to the enhanced capacity of governmental and commercial entities to monitor and accumulate extensive data, as well as the economic objectives of global technology corporations to amass copious amounts of personal information. The Kingdom of Saudi Arabia has yet to implement legal provisions that ensure the privacy rights of its citizens and has also not introduced any legislation that safeguards the confidentiality rights of its citizens. The Kingdom of Saudi Arabia is currently contemplating the possibility of implementing a privacy legislation that considers not only its own distinct national culture, but also the role of privacy within the cultures of the surrounding region, as well as on a global scale. Annually, a vast number of international tourists travel to the Kingdom of Saudi Arabia, which has established a comprehensive plan and outlook aimed at luring multinational corporations across diverse sectors. Due to the aforementioned circumstances, it is imperative for the Kingdom of Saudi Arabia to establish a robust legislative framework that can effectively protect personal data. It is noteworthy that the Kingdom of Saudi Arabia operates under the governance of Sharia Law and Islamic Jurisprudence, which serve to safeguard the entitlement to confidentiality and privacy of personal data. The preservation of privacy and confidentiality of personal information is a significant concern for the inhabitants of the Kingdom of Saudi Arabia, and they handle these issues with great sensitivity. In contemporary times, characterised by technological advancements and rapid global and economic development, it is imperative to institute legislation that protects the data and information infrastructure of the Kingdom of Saudi Arabia, in addition to the personal privacy of its populace. The thesis delves into the significance of privacy and examines the measures taken by various jurisdictions to safeguard the personal information of their residents. Additionally, it explores the potential lessons that the Kingdom of Saudi Arabia can draw from these examples.3 0Item Restricted MEASURING AWARENESS AND ABILITY OF STUDENTS IN SECURING PERSONAL SENSITIVE DATA ON MOBILE PHONES(University of North Texas, 2024-12) Bukhari, Ahmed Abdulhakim; Allen, JeffThis study investigates the awareness and ability of students at the University of North Texas (UNT) in securing their personal and sensitive information on mobile phones. In an era marked by increasing digitization, mobile phones play a pivotal role in our daily lives, making it essential to understand the practices and knowledge of individuals when it comes to safeguarding their personal information. To achieve this, the study adopts a multidimensional approach through the integration of three prominent theoretical frameworks, which are the technology acceptance model (TAM), the theory of planned behavior (TPB), and protection motivation theory (PMT). This integrated framework enables a comprehensive understanding of student perceptions, intentions, and motivations concerning mobile phone security. To gather data, a quantitative research method was employed, using a structured survey in the form of a questionnaire. Respondents were asked to rate their agreement with various statements using a 5point Likert scale, ranging from 1 = strongly disagree to 5 = strongly agree. The survey included questions designed to assess student awareness, knowledge, attitudes, and behaviors related to securing personal information on their mobile phones. The findings of this study shed light on the existing gaps in the knowledge and practices of students related to mobile phone security. The outcomes can inform educational institutions and policymakers on the necessity of implementing awareness programs and security measures to protect personal information in the digital age. This research contributes to a deeper understanding of mobile phone security practices and paves the way for potential interventions to empower UNT students and users of mobile technology to protect their sensitive data effectively.37 0Item Restricted AI-Driven Approaches for Privacy Compliance: Enhancing Adherence to Privacy Regulations(Univeristy of Warwick, 2024-02) Alamri, Hamad; Maple, CarstenThis thesis investigates and explores some inherent limitations within the current privacy policy landscape, provides recommendations, and proposes potential solutions to address these issues. The first contribution of this thesis is a comprehensive study that addresses a significant gap in the literature. This study provides a detailed overview of the current landscape of privacy policies, covering both their limitations and proposed solutions, with the aim of identifying the most practical and applicable approaches for researchers in the field. Second, the thesis tackles the challenge of privacy policy accessibility in app stores by introducing the App Privacy Policy Extractor (APPE) system. The APPE pipeline consists of various components, each developed to perform a specific task and provide insightful information about the apps' privacy policies. By analysing over two million apps in the iOS App Store, APPE offers unprecedented and comprehensive store-wide insights into policy distribution and can act as a mechanism for enforcing privacy policy requirements in app stores automatically. Third, the thesis investigates the issue of privacy policy complexity. By establishing generalisability across app categories and drawing attention to associated matters of time and cost, the study demonstrates that the current situation requires immediate and effective solutions. It suggests several recommendations and potential solutions. Finally, to enhance user engagement with privacy policies, a novel framework utilising a cost-effective unsupervised approach, based on the latest AI innovations, has been developed. The comparison of the findings of this study with state-of-the-art methods suggests that this approach can produce outcomes that are on par with those of human experts, or even surpass them, yet in a more efficient and automated manner.21 0Item Restricted The creation and proliferation of deepfake “adult content”(University of Sussex, 2024) AlZahrani, Ahmed; Rizov, VladimirThis study investigates the creation and proliferation of deepfake pornographic content, focusing on its causes, impacts on privacy and security, and the necessary measures to address the ethical and legal challenges it presents. The analysis identifies financial incentives, personal vendettas, and a fascination with technology as key motivations behind the creation of deepfakes. Victims suffer significant consequences, including psychological harm, social exclusion, and job loss. The role of social media and video-sharing platforms is critical in the spread of deepfakes due to insufficient content moderation and algorithmic oversight. Despite advancements in technological solutions and legal frameworks, there are still considerable gaps in preventing deepfakes. The study calls for a comprehensive strategy that includes technological innovations, robust legal measures, and public awareness to mitigate the impact of deepfakes. It also emphasizes the importance of future interdisciplinary research to improve detection, prevention, and support for victims.26 0Item Restricted Saudi Millennials' Privacy Practices in the Age of the Personal Data Protection Law(Royal Holloway, University of London, 2024-08) Almutairi, Abdullah Ayed; Murphy, SeanExecutive summary The project's objective is to assess the impact of Saudi Arabia's implementation of the Personal Data Protection Law (PDPL) on Saudi millennials' data privacy practices. Specifically, the study aims to (1) examine the level of awareness among Saudi millennials regarding the PDPL and the rights they have acquired under it; (2) assess their attitudes towards the effectiveness of the PDPL in protecting their personal data; and (3) investigate any changes in their personal data practices following the implementation of the PDPL. The project utilizes a quantitative methodology, using the Knowledge-AttitudePractice (KAP) model as a framework. We obtained data from a sample group of Saudi millennials by means of a survey. The survey was created with the purpose of assessing the participants' knowledge of the PDPL, their views on its effectiveness, and their individual handling of data practices following its implementation. We tested the research hypotheses and derived significant conclusions from the data through the application of statistical analysis, which encompassed both inferential and descriptive techniques. Key findings reveal that a large percentage of Saudi millennials lack an adequate understanding of the PDPL. Nevertheless, individuals with a sufficient level of awareness regarding the PDPL tended to follow better privacy practices. The findings also indicated that participants who were knowledgeable about the PDPL exhibited favourable attitudes towards its efficacy in enhancing personal data protection measures in Saudi Arabia. The project found that familiarity with the PDPL and appropriate perceptions of its efficacy resulted in an inclination to adhere to better practices. In conclusion, the implementation of the PDPL had an influence on the data privacy practices of Saudi millennials who were knowledgeable about it and its specifics. However, it is imperative to enhance awareness campaigns in order to augment the number of individuals who are knowledgeable about the PDPL and their rights under it. This will ultimately enhance privacy practices among Saudi citizens. The findings overall show that more awareness of the PDPL leads to improved privacy practices.23 0Item Restricted Leveraging Blockchain for Trust Enhancement in Decentralized Marketplaces: A Reputation System Perspective(Old Dominion University, 2024-07) Aljohani, Meshari; Olariu, Stephan; Mukkamala, RaviCentralized marketplaces provide reliable reputation services through a central authority, but this raises concerns about single points of failure, user privacy, and data security. Decentralized marketplaces have emerged to address these issues by enhancing user privacy and transparency and eliminating single points of failure. However, decentralized marketplaces face the challenge of maintaining user trust without a centralized authority. Current blockchain-based marketplaces rely on subjective buyer feedback. Additionally, the transparency in these systems can deter honest reviews due to fear of seller retaliation. To address these issues, we propose a trust and reputation system using blockchain and smart contracts. Our system replaces unreliable buyer feedback with objective transaction assessments. Performance challenges of blockchain-based systems are tackled through three innovative schemes, resulting in a substantial improvement over the baseline approach. Furthermore, we proposed a decentralized marketplace utilizing blockchain-based smart contracts to address privacy concerns in buyer reviews that arise from the transparency of decentralized marketplaces. This enables buyers to use one-time identities for reviews to promote anonymity. This system ensures that buyers provide reviews by requiring a review fee, which is fully refunded after the review is submitted. Moreover, we proposed a trust and reputation service based on Laplace’s Law of Succession, where trust in a seller is defined as the subjective probability that they will fulfill their contractual obligations in the next transaction. This method accommodates multi-segment marketplaces and time-varying seller performance, predicts trust and reputation far into the future, and discounts older reputation scores. In addition, we propose SmartReview, an automated review system utilizing blockchain smart contracts to generate objective, bias-free reviews. The review module is designed as a smart contract that takes the contract terms and the evidence provided by the buyer and seller as inputs. It employs advanced computer vision and machine learning techniques to produce quantitative and qualitative reviews for each transaction, ensuring objectivity and eliminating reviewer bias. Lastly, we introduce a structured blockchain architecture featuring a layered approach. This architecture includes mechanisms for secure transaction recording and efficient query retrieval through auxiliary indexing, demonstrating significant advancements in decentralized data management.24 0Item Restricted CROSS-CULTURAL UNDERSTANDING OF HOW PEOPLE USE SECURE GROUP CHAT TOOLS IN THE UNITED KINGDOM AND SAUDI ARABIA(King’s College London, 2023-08-15) Alrabeah, Ghada; Abu-Salma, RubaGroup communication tools have gained widespread popularity, attracting over a billion users. However, questions arise, how closely are our messages being watched by external parties? Is end-to-end encryption implemented by the application? Many group communication tools either do not offer enough security features to protect their users or make it challenging for them to understand and use these features. This research discusses how users perceive and use secure group communication tools, focusing on users in the United Kingdom and Saudi Arabia. A mixed-methods approach involving interviews with 20 participants and a survey with 204 respondents was conducted. The study reveals key factors driving users' choices, their understanding of security and privacy, their willingness to adopt or not adopt secure group communication tools, and cultural differences. The findings underline the priority factors like popularity, usability, and being free, as influential in tool selection. Users express willingness to use secure tools, yet gaps arise between intention and practice, attributed to misconceptions, motivation, and trust concerns. Privacy practices vary between cultures, with Saudi participants showing more caution. On the other hand, the UK displays higher trust levels in communication tools compared to Saudi Arabia. These cultural influences shape communication priorities, with Saudis leaning toward group communication and the UK prioritizing individual communications. Despite these differences, the study suggests the potential for universally secure applications catering to diverse user needs. The study offers recommendations for tool design that help improve the adoption of secure group communication.5 0Item Restricted A Trust-Based Mechanism to Manage User Privacy in University Smart Buildings(Newcastle University, 2024-06-17) Taher, Rawan; Morisset, CharlesSmart buildings employ a diverse range of technologies, including sensors, to monitor the environment and create a comfortable space for users via data collection. This monitoring reveals data about users' activities that could raise privacy concerns. In recent years, privacy has received increasing attention in smart home environments. Several studies have proposed solutions that allow smart home users to retain control over data collection and manage their privacy. However, little attention has been paid to user privacy in smart buildings that serve as places of work or study. Research on privacy in smart buildings has predominantly focused on technical aspects, with relatively limited public voice engagement in the literature. In order to effectively manage smart building environments, it is necessary to collect data. However, it is equally important to prioritise and respect the privacy principles and regulations. Users in smart buildings typically have limited or no ownership or control over captured data, along with limited awareness and insufficient disclosure from the building management which limits their ability to manage their privacy. This stands in contrast to smart home users who often possess partial ownership and control over their infrastructure. Privacy management in smart buildings poses a significant challenge, consequently, there is a need to identify a privacy design mechanism that can incorporate users' voices into the data practices and find a balanced trade-off between the utility and privacy of smart building data. In this thesis, three studies are conducted to make significant contributions to the management of user privacy in university smart buildings. The first contribution involves analysing the impact of various building technologies on users' privacy. These technologies are then mapped to different facets of privacy harm using the Solove taxonomy. The second contribution involves conducting semi-structured interviews to understand users' privacy perceptions, preferences, and trade-offs, thereby identifying key requirements for privacy mechanisms in smart buildings. The third contribution involves a confirmatory study aimed at designing a privacy mechanism for smart buildings. In light of these contributions, this thesis introduces a trust-based privacy design mechanism called the Privacy Committee. The main goal of the Privacy Committee is to incorporate user voices into the decision-making process concerning data sharing and to establish comprehensive oversight of data practices within smart buildings.22 0Item Restricted Testing Privacy and Security of Voice Interface Applications in the IoT Era(Temple University, 2024-04-04) Shafei, Hassan Ali; Tan, Chiu C.Voice User Interfaces (VUI) are rapidly gaining popularity, revolutionizing user interaction with technology through the widespread adoption in devices such as desktop computers, smartphones, and smart home assistants, thanks to significant advancements in voice recognition and processing technologies. Over a hundred million users now utilize these devices daily, and smart home assistants have been sold in massive numbers, owing to their ease and convenience in controlling a diverse range of smart devices within the home IoT environment through the power of voice, such as controlling lights, heating systems, and setting timers and alarms. VUI enables users to interact with IoT technology and issue a wide range of commands across various services using their voice, bypassing traditional input methods like keyboards or touchscreens. With ease, users can inquire in natural language about the weather, stock market, and online shopping and access various other types of general information. However, as VUI becomes more integrated into our daily lives, it brings to the forefront issues related to security, privacy, and usability. Concerns such as the unauthorized collection of user data, the potential for recording private conversations, and challenges in accurately recognizing and executing commands across diverse accents, leading to misinterpretations and unintended actions, underscore the need for more robust methods to test and evaluate VUI services. In this dissertation, we delve into voice interface testing, evaluation for privacy and security associated with VUI applications, assessment of the proficiency of VUI in handling diverse accents, and investigation into access control in multi-user environments. We first study the privacy violations of the VUI ecosystem. We introduced the definition of the VUI ecosystem, where users must connect the voice apps to corresponding services and mobile apps to function properly. The ecosystem can also involve multiple voice apps developed by the same third-party developers. We explore the prevalence of voice apps with corresponding services in the VUI ecosystem, assessing the landscape of privacy compliance among Alexa voice apps and their companion services. We developed a testing framework for this ecosystem. We present the first study conducted on the Alexa ecosystem, specifically focusing on voice apps with account linking. Our designed framework analyzes both the privacy policies of these voice apps and their companion services or the privacy policies of multiple voice apps published by the same developers. Using machine learning techniques, the framework automatically extracts data types related to data collection and sharing from these privacy policies, allowing for a comprehensive comparison. Next, researchers studied the voice apps' behavior to conduct privacy violation assessments. An interaction approach with voice apps is needed to extract the behavior where pre-defined utterances are input into the simulator to simulate user interaction. The set of pre-defined utterances is extracted from the skill's web page on the skill store. However, the accuracy of the testing analysis depends on the quality of the extracted utterances. An utterance or interaction that was not captured by the extraction process will not be detected, leading to inaccurate privacy assessment. Therefore, we revisited the utterance extraction techniques used by prior works to study the skill's behavior for privacy violations. We focused on analyzing the effectiveness and limitations of existing utterance extraction techniques. We proposed a new technique that improved prior work extraction techniques by utilizing the union of these techniques and human interaction. Our proposed technique makes use of a small set of human interactions to record all missing utterances, then expands that to test a more extensive set of voice apps. We also conducted testing on VUI with various accents to study by designing a testing framework that can evaluate VUI on different accents to assess how well VUI implemented in smart speakers caters to a diverse population. Recruiting individuals with different accents and instructing them to interact with the smart speaker while adhering to specific scripts is difficult. Thus, we proposed a framework known as AudioAcc, which facilitates evaluating VUI performance across diverse accents using YouTube videos. Our framework uses a filtering algorithm to ensure that the extracted spoken words used in constructing these composite commands closely resemble natural speech patterns. Our framework is scalable; we conducted an extensive examination of the VUI performance across a wide range of accents, encompassing both professional and amateur speakers. Additionally, we introduced a new metric called Consistency of Results (COR) to complement the standard Word Error Rate (WER) metric employed for assessing ASR systems. This metric enables developers to investigate and rewrite skill code based on the consistency of results, enhancing overall WER performance. Moreover, we looked into a special case related to the access control of VUI in multi-user environments. We proposed a framework for automated testing to explore the access control weaknesses to determine whether the accessible data is of consequence. We used the framework to assess the effectiveness of voice access control mechanisms within multi-user environments. Thus, we show that the convenience of using voice systems poses privacy risks as the user's sensitive data becomes accessible. We identify two significant flaws within the access control mechanisms proposed by the voice system, which can exploit the user's private data. These findings underscore the need for enhanced privacy safeguards and improved access control systems within online shopping. We also offer recommendations to mitigate risks associated with unauthorized access, shedding light on securing the user's private data within the voice systems.29 0Item Restricted Designing Privacy Aware Internet of Things Applications.(Cardiff University, 2024-03-25) Alhirabi, Nada; Perera, CharithThe Internet of Things (IoT) integrates physical devices with software, enabling extensive data interactions. This combination, often involving diverse specialists, leads to complexity, with privacy often overlooked. Given the sensitive nature of data in many IoT applications and the strict privacy regulations they face, early privacy consideration is essential. Many researchers advocate techno-regulatory methods like privacy-by-design (PbD) principles. Their complexity and lack of clear guidelines make their application in IoT challenging. We present a simplified and visual method for IoT developers to embed privacy into their applications. Unlike traditional methodologies that involve complex and time-consuming steps, our method is straightforward and interactive. Our framework approach is intended for the conceptual design phase of the software development life cycle (SDLC) to support early dialogue between lawyers and developers in the context of IoT app design. The key value is following a user(developer)-centric approach to fulfil their needs in addition to meeting privacy requirements. The thesis contributes in three ways. First, by exploring non-IoT privacy techniques, we discovered the challenges of migrating these strategies to IoT. Second, our subsequent interactions with developers and privacy experts revealed common challenges in privacy design. Accordingly, we proposed PARROT (PrivAcy by design tool foR inteRnet Of Things), a tool engineered to intuitively guide IoT developers. Third, our exploration of less regulated domains illustrated further privacy challenges and underscored the potential of tools like PARROT to amplify awareness of privacy norms in IoT design. Through multiple case studies and experiments, we validated PARROT’s effectiveness in reducing privacy issues while designing IoT applications. Overall, the experimental results demonstrated in this thesis confirm our hypothesis that PARROT reduces privacy mistakes and increases privacy knowledge among developers during the Internet of Things software design phase by offering an interactive design method to augment the design process and provide real-time feedback.39 0