A Framework for Data Privacy and Security in sub- Saharan Africa - TAPIA 2011 Kato Mivule Doctoral Student Computer Science Department Bowie State University

A Framework for Data Privacy and Security in sub-Saharan Africa - TAPIA 2011

Kato MivuleDoctoral Student

Computer Science DepartmentBowie State University

[email protected]

Advisor: Dr. Claude [email protected]

www.cs.bowiestate.edu/~cturner/


The Problem The growth of Information Technology usage in Africa has led to an increasing utilization of communication networks for the transaction of data across Africa.

As of August 2010, according to Statistics by International Telecommunications Union, 2010( ITU) Africa has 110 million Internet users17 million Facebook accounts A penetration rate of 10 percent for Internet1.7 percent penetration rate for Facebook in Africa

The data gets more interesting when it comes to Wireless Connectivity...According to a U.K. based telecoms research group, Informa Telecoms & Media

500 million mobile subscriptions were recorded as of November 2010 in AfricaCurrent population in Africa is estimated at 1 Billion

The Mobile Phone has rightly been described by Erik Hersman as “Africa's PC”


The Problem: Privacy For “Africa's PC”


The Problem: Privacy For “Africa's PC”


The Problem: “Africa's PC”

Marine time fiber optic data cables are being laid around Africa, providing high speed data connectivity with the developed word. Companies like SEACOM have already completed laying their fiber optic cable to East Africa.


The Problem

There is an increasing availability of both wireless and broadband connectivity in Africa.

A growing number of entities in the private sector, academia, and government, deploy the internet as a tool to routinely post and retrieving data online.

Thus many individuals and entities in Africa increasingly dependent on the internet for data transactions.

A new challenge is now presented in Africa: How to Implement and Ensure Data Privacy and Security, given the infrastructural developments in the telecommunications sector.


Make-a-difference Concept

In this challenge, we take a look at:

1 - Current Data Privacy Laws:Current Data Privacy laws in sub-Saharan Africa where Personally Identifiable

Information (PII) is largely undefined for example. We focus on the ten top internet user nations in Africa.

Yet still, we propose a technological framework that would provide data privacy

and security. We take a look at three data privacy and security challenges:

2 - Database Security: We take a look at access control, security issues with SQL, inference control, and

present a framework on enhancing database security.

3- Data Privacy:We take a comparative look at algorithms that provide data privacy. We then

present a hybrid framework for data de-identification and inference control in context with live streams of internet data such as PII on Online Social Networks.



4 - Privacy Preserving in Data Mining(PPDM)We take a look at PPDM algorithms and present a framework that takes privacy

concerns into consideration while analyzing data in a distributed environment

5 - Anonymity and Privacy in Wireless NetworksWe then look at anonymity and data privacy in Wireless Networks, since Wireless

Networks are the largest medium of connectivity in Africa.

6 - Data Privacy in Delay Tolerant Networks (DTN)On the Wireless connectivity side, we address some of the data privacy and

anonymity issues in Delay Tolerant Networks (DTN), a technology provides mechanisms for continual communication even when disruptions occur, and very suited for the African terrain.




What We Have Accomplished So Far

Uganda: A Case StudyUganda is among the top ten internet user nations in Africa.

In Uganda's case, higher education institutions routinely post student admission and graduation data online and grant access to student records online.

The Ugandan Electoral Commission posted the National Voter's Register Online.

The Uganda Bureau of Statistics publishes statistical databases routinely, and removes Personal Identifiable Information (PII).

Other published data sets from educational institutions and the Electoral Commission of Uganda, show PII was included in published data sets.

At the same time a growing number of young Ugandans are fans of large Online Social Networks (OSN) like Facebook, resulting in large amounts of PII leaked online.


What We Have Accomplished So FarUganda: A Case StudyUgandan Bureau of Statistics Act of 1998 describes Ugandan government policy

on data collected by the Ugandan Bureau of Statistics.

Absent from that description is how non governmental entities collect and disseminate data.

The Ugandan Bureau of Statistics Act of 1998 does not discuss what PII is in the Ugandan context for example.

The only close reference is the “removal of identifiers” before data is granted to researchers.

In this case “identifiers” is ambiguous and could perhaps reference 'names' but not 'geographical location'.

A look at documents from the Uganda Communications Commission (UCC) and the Ministry of Information and Communications Technology (ICT) show that policies on Data Privacy and Security have not been clearly formulated


What We Have Accomplished So FarUganda: A Case StudyIn the USA for instance, PII could include an individual's social security number yet

in Uganda, social security numbers are non existent, thus the set of PII in the USA differs from that in Uganda.

Therefore, there is a need to expand Uganda's policy on how government and non government entities collect and disseminate data.

Despite the absence of a clear formulated policy on data privacy, we suggest a technological framework of data privacy and security that could be utilized in Uganda to provide basic data privacy protection.


What We Have Accomplished So FarUganda: A Case Study – State of The Art

While research on computer security in Ugandan exists, most of the work centers on Network Accessibility Control Methodologies [Nakyeyune 2009; Mutebi and Rai 2010; Makori and Oenga 2010; Kizza et al 2010; Mirembe and Muyeba 2009].

Mutyaba [2009] and Makori [2009] do an excellent presentation on Cryptographic Methodologies for Computer Security.

Okwangale and Ogao [2006] discuss Data Mining Techniques, however, Privacy Preserving Data Mining (PPDM) methodologies are not covered.

Bakibinga [2004] does an brilliant job at articulating the need for Electronic Privacy Policy in Uganda from a policy view point.


What We Have Accomplished So FarUganda: A Case Study – State of The Art

Frameworks for Secure Management of Electronic Records have been proposed by Luyombya [2010], Ssekibule and Mirembe [2007], and Kayondo [2009], however, the works focus on Data Security and Access Control.

Yet still Data Privacy differs from from Data Security in that data privacy has to do with the confidentiality while data security focuses on the accessibility.

Even when a database system is physically secured, an inference attack could occur on published data sets [Sweeney, 2002].

Therefore, it is in this light that we make the case for data privacy in Uganda and the need for more research on data privacy and PPDM methodologies tailored to the Ugandan context.


What We Have Accomplished So FarData De-identification of a Ugandan data set

We utilized a real data set from Uganda and employed k-anonymity, a data privacy algorithm that utilizes generalization, and suppression as outlined by Samarati [2001] and Sweeney [2002].

k-anonymity requires that for a data set with quasi-identifier attributes in database to be published, values in the quasi-identifier attributes be repeated at least k times to ensure privacy; that is, k >1 [Sweeney, 2002].


What We Have Accomplished So FarDe-identification Steps

Input: Data from relation or schemaOutput: De-identified data set Identify PII Attributes Remove PII Attributes Identify quasi-identifier attributes Generalize or Suppress quasi-identifier attributes Sort or Order data Check that k>1 in tuples Check for single values in attributes that cannot be grouped together to achieve

k>1 If single values that cannot be grouped together still exist in attributes, Then Continue to Generalize or Suppress quasi-identifier attribute values until k-anonymity is achieved at k>1 Check for utility



After suppressing the 'Complex' value that appears once, we achieve k-anonymity at k>1k!>1 for Hall attribute were the value 'Complex' only appears once, we therefore suppress

the value 'complex'. Admission List with PII – Names are fictitious, BirthDate, IndexNo, and RegNo are generalized



Data Perturbation Methods - Noise AdditionWe focused on noise addition perturbation methods that seek to transform

confidential attributes by adding noise to provide confidentiality.

Noise addition works by adding or multiplying a stochastic or randomized number to confidential quantitative attributes.

The stochastic value is chosen from a normal distribution with zero mean and a diminutive standard deviation.


What We Have Accomplished So FarData Perturbation Methods - Noise Addition

Work on additive noise was first publicized by Jay Kim [1986 ] with the general expression that Z = X + ɛ

Where Z is the transformed data point

X is the original data point

ɛ is the random variable (noise) with a distribution ε N(0, σ∼ 2 ), that is added to X.

The X is then replaced with the Z for the data set to be published.

With stochastic noise, random data is added to confidential attributes to conceal the distinguishing values.



Steps for De-identification and Noise Addition 1. For all values of the data set to be published,2. Do data de-identification 2.1. Find PII 2.2 Remove PII3. For remaining data void of PII to be published, 3.1. Apply k-anonymity 3.2. Ensure that there are at least k>1 data values to be published 3.3. If not, then Generalize or Suppress data values until k>1 is achieved.4. For the data set after applying k-anonymity, 4.1. Find quantitative attributes in the k-anonymized data set 4.2. Apply additive noise to the quantitative data values5. Publish data set



Original Data Set (All data is not real, for illustrative purposes), After de-identification and k-anonymity on original data set, single values suppressed.



Random noise between 1000 and 9000 added to Scholarship attribute; Results of the Normal Distribution of Original and Perturbed Scholarship Amount.


Data Perturbation Methods - Noise AdditionRandom noise between 1000 and 9000 added to Scholarship attribute; Results of the Normal Distribution of Original

and Perturbed Scholarship Amount;Results of the Normal Distribution Original and Perturbed Scholarship



Data Perturbation Methods - Noise Addition



Delay Tolerant Networks (DTN)We worked on an overview on DTN networks and with the goal of finding out how

we employ privacy algorithms such as k-anonymity to enhance privacy.

DTN is a methodology in computer networking that grants network connectivity in situations or areas where networking communication is prone to disruption or failure.

However, nodes in DTNs are extremely versatile and characterized by sporadic connectivity.

Examples of DTNs include internet connectivity in remote villages in Africa and other parts the developing world, mobile networks in airplanes, underwater, and network connectivity in space.

DTNs are not bound by the traditional End to End path, but rather the end to end path is established over a period of time as nodes relocate and pass on messages to each other and are characterized by intense message delays



Privacy and Security Issues in DTNsDue to their highly versatile and sporadic connectivity nature, DTNs suffer from extreme delay attacks and or destruction of data being delivered.

Other attacks include dropping data, overflowing the network with superfluous data, degrading routing tables, and pseudo network acknowledgments.

Basic components of DTNs as noted by Wright and Brown [ 2010] include Uplink is a connection point to the internet; Relay Base Station connects to other base stations serves as wireless point Local Clients are the machines participate in the local mesh network around a given base station; Mobile Device, are low powered devices that roam between various base stations.

Uplink component posses a serious security and privacy threat if untrusted. Protocols used in DTNs should be as non-interactive as possible to reduce the additional delays that result when a reply is requested.



Privacy and Security Issues in DTNsRelay Stations are one of the weakest links when it comes to security and privacy as the relay operators can view all users who access their antenna

The problem becomes more severe when the antenna is in a remote area.

Anonymization becomes a problem as messages cannot be rerouted through other clients that don't share the same network.

PKI-certified public keys are geared towards traditional networks but do not work in DTNs due to the sporadic connectivity trait of DTNs.

Kate et al [2007] propose an anonymization architecture for DTNs that employs identity-based cryptography (IBC).



Privacy and Security Issues in DTNs

On security for disconnected nodes, Seth et al [2005] note problems involved with DTN communication that include: Creation of a secure channel by a disconnected user in a DTN, Reciprocal authentication in DTNs Security of users from attacks cascaded by exposed entities.

Seth et al [2005] propose a security architecture for DTNs based on hierarchical identity-based cryptography(HIBC), that utilizes identity based cryptography (IBC) by establishing a cooperative hierarchy of private key generators(PKG).



Privacy and Security Issues in DTNsOn Detecting Wormhole attacks in DTNs, Ren et al [2010] describe wormhole

attacks as malicious node that register packets at one position and sends them to another conspiring node, which in turn echos them locally into the network, seriously interrupting normal network operations in DTNs.

Ren et al [2010] propose a methodology that detects wormhole attacks by employing the existence of a forbidden network topology in the DTN.

The detection algorithm determines the existence of a forbidden network under normal conditions by reducing the transmission range of nodes for a short time to check for the presence of any forbidden topology to determine the presence of a wormhole attack.

However, DTNs are certainly going to play a vital role in bridging the digital divide in places like Africa and much of the developing world. Therefore with millions expected to utilize DTNs, Privacy and Security are paramount in the DTN environment.


Contributions:

Find out how efficiently to employ a hybrid of current privacy preserving data publishing and mining algorithms to grant data privacy

Find out how to efficiently apply data privacy preserving and anonymity algorithms to aid in privacy in and anonymity in wireless, sensor, and delay tolerant networks to Empower the African people.

Find out how data privacy and anonymity algorithms could be translated into applications that could be deployed on wireless networks to enhance security and confidentiality on individuals in Africa.

Find out how efficiently to utilize data privacy and anonymity algorithms to bridge the digital divide in Africa and enhance the computing infrastructure in Africa.


Plan for Accomplishment

Review Data Privacy and Security Policies in sub-Saharan Africa

Study how data is published by government entities, academia, banks etc

Study existing data privacy and security frameworks in sub-Saharan Africa

Run data privacy experiments of raw data sets from Africa

Run on wireless networks and DTNs simulations with focus on Privacy and Security

Make a visit to Africa (Uganda) and find out more about data privacy implementation

Collaborate with those ahead in Data Privacy and Security Research


Plan for Accomplishment

Review Data Privacy and Security Policies in sub-Saharan Africa

Study how data is published by government entities, academia, banks etc

Study existing data privacy and security frameworks in sub-Saharan Africa

Run data privacy experiments of raw data sets from Africa

Run on wireless networks and DTNs simulations with focus on Privacy and Security

Make a visit to Africa (Uganda) and find out more about data privacy implementation

Collaborate with those ahead in Data Privacy and Security Research


Uganda Case Study ReferencesInforma, "Africa crosses 500 million mobile subscriptions mark.”[Online]. Available:

http://www.informatm.com/itmgcontent/icoms/whats-new/20017824672.html;jsessionid=F953A9766116075633DF00B0740933CA.99bca588987beecd7897fbeafca2dc7da5b1421d. [Accessed: 28-Mar-2011].

WhiteAfrican, “Again, Mobile Phones are Africa’s PC.”[Online]. Available: http://whiteafrican.com/2007/06/25/again-mobile-phones-are-africas-pc/. [Accessed: 31-Mar-2011].

ADAM, N.R. AND WORTMANN, J.C., 1989. A Comparative Methods Study for Statistical Databases : Adam and Wortmann, ACM Computing Surveys, vol. 21, 1989.

BAKIBINGA, E.M., 2004. Managing Electronic Privacy in the Telecommunications Sub-sector: The Ugandan Perspective. Africa Electronic Privacy and Public Voice Symposium 2004. [Online]. Available at: http://thepublicvoice.org/events/capetown04/bakibinga.doc.

BAYARDO, R.J., AND AGRAWAL, R., 2005. Data Privacy through Optimal k-Anonymization, 21st International Conference on Data Engineering (ICDE’05), pp. 217-228.

BREWSTER, K.F., 1996. The National Computer Security Center (NCSC) Technical Report - 005 Volume 1/5 Library No. S-243,039, 1996.

CIRIANI, V., et al, 2007. Secure Data Management in Decentralized System, Springer, ISBN 0387276947, 2007, pp 291-321.

DENNING, D. E. AND DENNING, P. J., 1979. Data Security, ACM Computing Surveys, Vpl. II, No. 3, September 1, 1979.

GANTA, S.R., et al, 2008. Composition attacks and auxiliary information in data privacy, Proceeding of the 14th ACM SIGKDD international conference on Knowledge discovery and data mining - SIGKDD ’08, 2008, p. 265.

INTERNATIONAL TELECOMMUNICATIONS UNION, 2009. ITU Free statistics. [Online].Available at: http://www.itu.int/ITU-D/ict/statistics/.

NTERNET WORLD STATS, 2010. Africa InternetInternet Facebook Usage Population Statistics.[Online]. Available at: http://www.Internetworldstats.com/africa.htm.

KAYONDO, L.F., 2009. A Framework for Security Management of Electronic Health Records By, Makerere University Research Repository.” [Online]. Available: http://dspace.mak.ac.ug/handle/123456789/570.

KIZZA, J.M., et al., 2010. Using Subgraph Isomorphism as a Zero Knowledge Proof Authentication in Timed Wireless Mobile Networks. 6th Annual International Journal of Computing and ICT Research ICCIR 2010. pp. 334-351

LUYOMBYA, D., 2010. Framework for effective public digital records management in Uganda. Doctoral thesis, UCL (University College London). [Online]. Available at: http://discovery.ucl.ac.uk/19354/1/19354.pdf


Uganda Case Study ReferencesMAKERERE UNIVERSITY ADMISSION LIST, 2010. Academic Registrar's Department [Online]. Available at: http://ar.mak.ac.ug/ar/admlist_lnk.php?act=list.

MAKORI, A.C. AND OENGA, L., 2010. A Survey of Information Security Incident Reporting for Enhanced Digital Forensic Investigations. 6th Annual International Journal of Computing and ICT Research ICCIR 2010. pp. 19-31

MAKORI, A.C., 2009. Integration of Biometrics with Cryptographic Techniques for Secure Authentication of Networked Data Access. 5th Annual International Journal of Computing and ICT Research ICCIR 2009. pp. 1-13

MINISTRY OF INFORMATION AND COMMUNICATIONS TECHNOLOGY, 2006 Ministerial Policy Statement for Ministry of ICT 2007/2008 Presented to Paliament June 2006. [Online].Available at: http://www.ict.go.ug/index.php?option=com_docman&task=doc_download&gid=3&Itemid=61.

MINISTRY OF INFORMATION AND COMMUNICATIONS TECHNOLOGY, 2009. Ministerial Policy Statement for Ministry of ICT 2009/2010 Presented to Paliament June 2009. [Online]. Available at: http://www.ict.go.ug/index.php? option=com_docman&task=doc_download&gid=16&Itemid=61

MINISTRY OF WORKS HOUSING AND COMMUNICATION UGANDA, 2003. National Information and Communication Technology Policy October 2003. [Online]. Available at: www.ucc.co.ug/nationalIctPolicyFramework.doc

MIREMBE, D.P. AND MUYEBA, M., 2009. Security Issues in Ambulatory Wireless Sensor Networks (AWSN): Security Vs Mobility. 5th Annual International Journal of Computing and ICT Research ICCIR 2009. pp. 289-301

MUTEBI, R.M., AND RAI, I.A., 2010. An Integrated Victim-based Approach Against IP Packet Flooding Denial of Service. 6th Annual International Journal of Computing and ICT Research ICCIR 2010. pp. 295-311

MUTYABA R.B., 2009. Improving the RSA cryptographic algorithm using double encryption, Makerere University Research Repository. [Online]. Available at: http://dspace.mak.ac.ug/handle/123456789/512.

NAKYEYUNE, F., 2009. An Internal Intrusion Prevention Model, Makerere University Research Repository: ” [Online]. Available at: http://dspace.mak.ac.ug/handle/123456789/530.

OKWANGALE, F.R., AND OGAO, P., 2006. Survey of Data Mining Methods for Crime Analysis and Visualisation.2nd Annual International Journal of Computing and ICT Research SREC 2006. pp. 322-327

PARLIAMENT OF UGANDA, 2010. The Abridged And Simplified Version of The Constitution of The Republic of Uganda, Kampala Uganda, September 1995. [Online] Available at: http://www.parliament.go.ug/images/abridged_constitution_2006.pdf

PRIVACY INTERNATIONAL, 2007. PHR2006 - Republic of Uganda, Constitutional Privacy Framework. [Online]. Available at: http://www.privacyinternational.org/article.shtml?cmd%5B347%5D=x-347-559482

SAMARATI, P. AND SWEENEY, L., 1998. Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression, Proceedings of the IEEE Symposium on Research in Security and Privacy, 1998, pp. 384–393.

SAMARATI, P., 2001. Protecting Respondent’s Privacy in Microdata Release. IEEE Transactions on Knowledge and Data Engineering 13, 6 (Nov./Dec. 2001): pp. 1010-1027.


Uganda Case Study ReferencesSSEKIBULE, R., AND MIREMBE, D.P., 2007, Security Analysis of Remote E-Voting,” Makerere University Research Repository. [Online]. Available:

http://dspace.mak.ac.ug/handle/123456789/682

SSEKIBUULE, R. AND QUENUM, J.G., 2009. Security Analysis of an Agent-Mediated Book Trading Application. 5th Annual International Journal of Computing and ICT Research ICCIR 2009 pp. 347

SWEENEY, L., 2002. k-anonymity: A Model for Protecting Privacy. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems 10, 5 (Oct. 2002): pp. 557-570.

THE ELECTORAL COMMISSION OF UGANDA, 2010. The Electoral Commission of Uganda,Online Voter's Register [Online]. Available at: http://www.ec.or.ug/

UGANDA BUREAU OF STATISTICS, 1998. The Bureau Of Statistics Act 12 1998, Acts Supplement No. 7, The Uganda Gazette No.36 Volume XCI, 11th June, 1998.

UGANDA COMMUNICATIONS COMMISSION, 2000. The Uganda Communication Act, September 2000. [Online]. Available at: http://www.ucc.co.ug/ucaCap106LawsOfUganda.pdf

UGANDA COMMUNICATIONS COMMISSION, 2010. Uganda Communications Commission Regulations. [Online]. Available at: http://www.ucc.co.ug/regulate.php.

Noise Addition References[1] V. Ciriani, et al, 2007. Secure Data Management in Decentralized System, Springer, ISBN 0387276947, 2007, pp 291-321.

[2] D.E Denning and P.J Denning, 1979. Data Security, ACM Computing Surveys, Vpl. II, No. 3, September 1, 1979.

[3] US Department of Homeland Security, 2008. Handbook for Safeguarding Sensitive Personally Identifiable Information at The Department of Homeland Security, October 2008. [Online]. Available at: http://www.dhs.gov/xlibrary/assets/privacy/privacy_guide_spii_handbook.pdf

[4] E. Mccallister and K. Scarfone, 2010. Guide to Protecting the Confidentiality of Personally Identifiable Information ( PII ) Recommendations of the National Institute of Standards and Technology, NIST Special Publication 800-122, 2010.

[5] S.R. Ganta, et al, 2008. Composition attacks and auxiliary information in data privacy, Proceeding of the 14th ACM SIGKDD international conference on Knowledge discovery and data mining - SIGKDD ’08, 2008, p. 265.

[6] A. Oganian, and J. Domingo-Ferrer, 2001. On the complexity of optimal microaggregation for statistical disclosure control, Statistical Journal of the United Nations Economic Commission for Europe, Vol. 18, No. 4. (2001), pp. 345-353.

[7] K.F. Brewster, 1996. The National Computer Security Center (NCSC) Technical Report - 005V olume 1/5 Library No. S-243,039, 1996.

[8] P. Samarati, 2001. Protecting Respondent’s Privacy in Microdata Release. IEEE Transactions on Knowledge and Data Engineering 13, 6 (Nov./Dec. 2001): pp. 1010-1027.

[9] L. Sweeney, 2002. k-anonymity: A Model for Protecting Privacy. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems 10, 5 (Oct. 2002): pp. 557-570.

[10] Md Zahidul Islam, Privacy Preservation in Data Mining Through Noise Addition, PhD Thesis, School of Electrical Engineering and Computer Science, University of Newcastle, Callaghan, New South Wales 2308, Australia, November 2007


Noise Addition References[11] Mohammad Ali Kadampur, Somayajulu D.V.L.N., A Noise Addition Scheme in Decision Tree for, Privacy Preserving Data Mining, JOURNAL OF COMPUTING, VOLUME 2, ISSUE 1,

JANUARY 2010, ISSN 2151-9617

[12] Jay Kim, A Method For Limiting Disclosure in Microdata Based Random Noise and Transformation, Proceedings of the Survey Research Methods, American Statistical Association, Pages 370-374, 1986.

[13] J. Domingo-Ferrer, F. Sebé, and J. Castellà-Roca, “On the Security of Noise Addition for Privacy in Statistical Databases,” in Privacy in Statistical Databases, vol. 3050, Springer Berlin / Heidelberg, 2004, p. 519.

[14] Huang et al, Deriving Private Information from Randomized Data, Special Interest Group on Management of Data - SIGMOD 2005 June 2005.

[15] Lyman Ott and Michael Longnecker, An introduction to statistical methods and data analysis, Cengage Learning, 2010, ISBN 0495017582, 9780495017585, Pages 171-173

[16] Martin Sternstein, Barron's AP Statistics, Barron's Educational Series, 2010, ISBN 0764140892, Pages 49-51.

[17] Chris Spatz, Basic Statistics: Tales of Distributions, Cengage Learning, 2010, ISBN 0495808911, Page 68.

[18] David Ray Anderson, Dennis J. Sweeney, Thomas Arthur Williams, Statistics for Business and Economics, Cengage Learning, 2008, ISBN 0324365055, Pages 95.

[19] Michael J. Crawley, Statistics: an introduction using R, John Wiley and Sons, 2005, ISBN 0470022973, Pages 93-95.

[20] J. Domingo-Ferrer and V. Torra (Eds.), On the Security of Noise Addition for Privacy in Statistical Databases, LNCS 3050, pp. 149–161, 2004.# Springer-Verlag Berlin Heidelberg 2004.

[21] Ruth Brand, Microdata Protection Through Noise Addition, LNCS 2316, pp. 97–116, 2002. Springer-Verlag Berlin Heidelberg 2002.

[22] Ciriani et al, Microdata Protection,Secure Data Management in Decentralized System, pages 291-321, Springer, 2007.

[23] Jay J. Kim and William E. Winkler, Multiplicative Noise for Masking Continuous Data, Research Report Series, Statistics #2003-01, Statistical Research Division, U.S. Bureau of the Census.


DTN References [1] Cert et al, Delay Tolerant Network Architecture, DTN Research Group, IETF RFC 4838, informational, April 2007, Avialable online: http://www.ietf.org/rfc/rfc4838.txt [2] “Delay-tolerant networking - Wikipedia, the free encyclopedia.” [Online]. Available: http://en.wikipedia.org/wiki/Delay-tolerant_networking. [Accessed: 14-Mar-2011].

[3] “Delay and Disruption Tolerant Network (DTN) Security.” [Online]. Available: http://sprout.ics.uci.edu/projects/dtn/. [Accessed: 14-Mar-2011].

[4] “Home - Delay Tolerant Networking Research Group.” [Online]. Available: http://www.dtnrg.org/wiki. [Accessed: 14-Mar-2011].

[5] Burgess et al, “Surviving Attacks on Disruption-Tolerant Networks without Authentication Categories and Subject Descriptors,” MobiHoc '07: Proceedings of the 8th ACM international symposium on Mobile ad hoc networking and computing, 2007

[6] J. Wright and I. Brown, “Privacy Challenges in Delay-Tolerant and Restricted-Route Networks,” Proceedings of the 2nd Extreme Workshop on Communication, Dharamsala, India. 4-10 September, 2010.

[7] A. Kate, G.M. Zaverucha, and U. Hengartner, “Anonymity and security in delay tolerant networks,” 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007, 2007, pp. 504-513.

[8] Seth et al, “Practical security for disconnected nodes,” 1st IEEE ICNP Workshop on Secure Network Protocols, 2005. (NPSec)., pp. 31-36.

[9] Ren et al, “Detecting Wormhole Attacks in Delay Tolerant Networks”, IEEE Wireless Communications, Volume 17 Issue 5, 2010.

Documents

A Framework for Data Privacy and Security in sub- Saharan Africa - TAPIA 2011 Kato Mivule Doctoral Student Computer Science Department Bowie State University