Tommi Meskanen,Jian Liu,Sara Ramezanian,Valtteri Niemi

DOI: https://doi.org/10.1109/trustcom.2015.414

2015-01-01

Abstract:We study the problem of running a set membership test in private manner. We require that a client wants to have the option of not revealing the item for which the membership test is done. Respectively, the server does not wants to reveal the contents of the whole set. A Bloom filter is applied in the membership test. We present two protocols based on prior work as well as a new protocol. Each of these is having a slightly different privacy and complexity properties. We motivate the problem in the context of an anti-malware client checking application fingerprints against a cloud-based malware signature database.

Yan Leng,Yijun Chen,Xiaowen Dong,Junfeng Wu,Guodong Shi

DOI: https://doi.org/10.2139/ssrn.3875878

2021-01-01

SSRN Electronic Journal

Abstract:There exists a growing concern about the privacy threats inherently encoded in the increasingly available behavioral data. In this paper, we focus on online service providers over which users reveal preferences (e.g., ratings or reviews) as publicly available behavioral data. We model users' strategic interactions in making these decisions as quadratic games on networks, where a user's payoff depends not only on their actions but also on their neighbors in a social interaction network. Based on the assumption that the observed preferences correspond to the Nash equilibrium of the game, we investigate whether eavesdroppers or competitors having access to such behavioral data could potentially infer or even thoroughly learn the hidden social interaction network from the observed user actions, leading to privacy risks at a system level for the platform. We introduce three notions of privacy risks on networks: fundamental privacy, conditional privacy, and practical privacy. We establish necessary and sufficient conditions for fundamental and conditional privacy of the social interaction structure, suggesting that at the system level, such interaction structure is not facing a critical risk of being fully exposed regardless of the amount of data available. To study practical privacy, we further propose and analyze a novel learning framework by solving a joint optimization problem for the network structure and the individual marginal benefits in the game. Extensive experiments on synthetic and real-world data demonstrate the effectiveness of the proposed framework, hence illustrating that behavioral data indeed present substantial privacy risks in practice. Broadly, this study enriches the network privacy literature and provides implications for online platforms by revealing the unexpected consequence of leaking network connections due to public consumer revealed preferences.

Narges Kazempour,Mahtab Mirmohseni,Mohammad Reza Aref

DOI: https://doi.org/10.1007/s10207-024-00917-w

2024-11-13

International Journal of Information Security

Abstract:Most of the security services in the connected world of cyber-physical systems necessitate authenticating a large number of nodes privately. In this paper, the private authentication problem is considered which consists of a certificate authority, a verifier (or some verifiers), many legitimate users (provers), and an arbitrary number of attackers. Each legitimate user wants to be authenticated (using his personal key) by the verifier(s), while simultaneously staying completely anonymous (even to the verifier). On the other hand, an attacker must fail to be authenticated. We analyze this problem from an information-theoretic perspective and propose a general interactive information-theoretic model for the problem. As a metric to measure the reliability, we consider the normalized total key rate whose maximization has a trade-off with establishing privacy. The problem is considered in two different scenarios: single-server scenario (only one verifier is considered, to which all the provers are connected) and multi-server scenario ( N verifiers are assumed, where each verifier is connected to a subset of users). For both scenarios, two regimes are considered: finite size regime (i.e., the variables are elements of a finite field) and asymptotic regime (i.e., the variables are considered to have large enough length). We propose achievable schemes that satisfy the completeness, soundness, and privacy properties in both single-server and multi-server scenarios. In the finite size regime, the main idea is to generate the authentication keys according to a secret sharing scheme. We show that the proposed scheme in the special case of multi-server authentication in the finite size regime is optimal. In the asymptotic regime, we use a random binning-based scheme that relies on the joint typicality to generate the authentication keys. Moreover, providing the converse proof, we show that our scheme achieves capacity in the asymptotic regime both in the single-server and multi-server scenarios.

computer science, information systems, theory & methods, software engineering

Roie Reshef,Anan Kabaha,Olga Seleznova,Dana Drachsler-Cohen

2023-10-31

Abstract:Neural networks are susceptible to privacy attacks. To date, no verifier can reason about the privacy of individuals participating in the training set. We propose a new privacy property, called local differential classification privacy (LDCP), extending local robustness to a differential privacy setting suitable for black-box classifiers. Given a neighborhood of inputs, a classifier is LDCP if it classifies all inputs the same regardless of whether it is trained with the full dataset or whether any single entry is omitted. A naive algorithm is highly impractical because it involves training a very large number of networks and verifying local robustness of the given neighborhood separately for every network. We propose Sphynx, an algorithm that computes an abstraction of all networks, with a high probability, from a small set of networks, and verifies LDCP directly on the abstract network. The challenge is twofold: network parameters do not adhere to a known distribution probability, making it difficult to predict an abstraction, and predicting too large abstraction harms the verification. Our key idea is to transform the parameters into a distribution given by KDE, allowing to keep the over-approximation error small. To verify LDCP, we extend a MILP verifier to analyze an abstract network. Experimental results show that by training only 7% of the networks, Sphynx predicts an abstract network obtaining 93% verification accuracy and reducing the analysis time by $1.7\cdot10^4$x.

Machine Learning,Cryptography and Security,Logic in Computer Science

Kennedy Edemacu,Beakcheol Jang,Jong Wook Kim

DOI: https://doi.org/10.1016/j.ins.2021.05.071

IF: 8.1

2021-10-01

Information Sciences

Abstract:<p>Multi-party machine learning is a paradigm in which multiple participants collaboratively train a machine learning model to achieve a common learning objective without sharing their privately owned data. The paradigm has recently received a lot of attention from the research community aimed at addressing its associated privacy concerns. In this work, we focus on addressing the concerns of data privacy, model privacy, and data quality associated with privacy-preserving multi-party machine learning, i.e., we present a scheme for privacy-preserving collaborative learning that checks the participants' data quality while guaranteeing data and model privacy. In particular, we propose a novel metric called <em>weight similarity</em> that is securely computed and used to check whether a participant can be categorized as a reliable participant (holds good quality data) or not. The problems of model and data privacy are tackled by integrating homomorphic encryption in our scheme and uploading encrypted weights, which prevent leakages to the server and malicious participants, respectively. The analytical and experimental evaluations of our scheme demonstrate that it is accurate and ensures data and model privacy.</p>

computer science, information systems

Helger Lipmaa,Bingsheng Zhang

DOI: https://doi.org/10.1007/978-3-642-16342-5_12

2010-01-01

Abstract:In a selective private function evaluation (SPFE) protocol, the client privately computes some predefined function on his own input and on m out of server's n database elements. We propose two new generalized SPFE protocols that are based on the new cryptocomputing protocol by Ishai and Paskin and an efficient CPIR. The first protocol works only for constant values of m,, but has 2 messages, and is most efficient when m = 1. The second SPFE protocol works for any m, has 4 messages, and is efficient for a large class of functionalities. We then propose an efficient protocol for private similarity test, where one can compute how similar client's input is to a specific element in server's database, without revealing any information to the server. The latter protocol has applications in biometric authentication.

Mohammad Reza Nosouhi,Shui Yu,Marthie Grobler,Yong Xiang,Zuqing Zhu

DOI: https://doi.org/10.1109/GLOCOM.2018.8647933

2018-01-01

Abstract:Recently, there has been an increase in the number of location-based services and applications. It is common for these applications to provide facilities or rewards for users who visit specific venues frequently. This creates the incentive for dishonest users to lie about their location and submit fake check-ins by changing their GPS data. To solve this issue, different distributed location proof schemes have been proposed to generate location proofs for mobile users. However, these schemes have some drawbacks: (1) they are vulnerable to either Prover-Prover or Prover-Witness collusions, (2) the location proof generation process is slow when users adopt a long private key, and (3) their implementation requires some hardware changes on mobile devices. To address these issues, we propose the Secure, Privacy-Aware and collusion Resistant poSition vErification (SPARSE) scheme to generate private location proofs for mobile users. SPARSE has a distributed architecture designed for ad-hoc scenarios in which mobile users generate location proofs for each other. Since we do not integrate any distance bounding protocol into SPARSE, it becomes an easy-to-implement scheme in which the location proof generation process is independent of the length of the users' private key. We provide a comprehensive security analysis and simulation which show that SPARSE provides privacy protection as well as security properties for users including integrity, unforgeability and non-transferability of the location proofs. Moreover, it achieves a highly reliable performance against collusions.

Abhinav Chakraborty,Sayak Chatterjee,Sagnik Nandy

2024-06-05

Abstract:This paper presents a novel approach to estimating community membership probabilities for network vertices generated by the Degree Corrected Mixed Membership Stochastic Block Model while preserving individual edge privacy. Operating within the $\varepsilon$-edge local differential privacy framework, we introduce an optimal private algorithm based on a symmetric edge flip mechanism and spectral clustering for accurate estimation of vertex community memberships. We conduct a comprehensive analysis of the estimation risk and establish the optimality of our procedure by providing matching lower bounds to the minimax risk under privacy constraints. To validate our approach, we demonstrate its performance through numerical simulations and its practical application to real-world data. This work represents a significant step forward in balancing accurate community membership estimation with stringent privacy preservation in network data analysis.

Methodology,Social and Information Networks,Statistics Theory

Rishi Phatak,Dylan A. Shell

2023-08-01

Abstract:A useful capability is that of classifying some agent's behavior using data from a sequence, or trace, of sensor measurements. The sensor selection problem involves choosing a subset of available sensors to ensure that, when generated, observation traces will contain enough information to determine whether the agent's activities match some pattern. In generalizing prior work, this paper studies a formulation in which multiple behavioral itineraries may be supplied, with sensors selected to distinguish between behaviors. This allows one to pose fine-grained questions, e.g., to position the agent's activity on a spectrum. In addition, with multiple itineraries, one can also ask about choices of sensors where some behavior is always plausibly concealed by (or mistaken for) another. Using sensor ambiguity to limit the acquisition of knowledge is a strong privacy guarantee, a form of guarantee which some earlier work examined under formulations distinct from our inter-itinerary conflation approach. By concretely formulating privacy requirements for sensor selection, this paper connects both lines of work in a novel fashion: privacy-where there is a bound from above, and behavior verification-where sensors choices are bounded from below. We examine the worst-case computational complexity that results from both types of bounds, proving that upper bounds are more challenging under standard computational complexity assumptions. The problem is intractable in general, but we introduce an approach to solving this problem that can exploit interrelationships between constraints, and identify opportunities for optimizations. Case studies are presented to demonstrate the usefulness and scalability of our proposed solution, and to assess the impact of the optimizations.

Robotics,Cryptography and Security,Multiagent Systems

Sarthak Jain,Martina Cardone,Soheil Mohajer

2024-03-19

Abstract:In this work, we consider the sparsity-constrained community-based group testing problem, where the population follows a community structure. In particular, the community consists of $F$ families, each with $M$ members. A number $k_f$ out of the $F$ families are infected, and a family is said to be infected if $k_m$ out of its $M$ members are infected. Furthermore, the sparsity constraint allows at most $\rho_T$ individuals to be grouped in each test. For this sparsity-constrained community model, we propose a probabilistic group testing algorithm that can identify the infected population with a vanishing probability of error and we provide an upper-bound on the number of tests. When $k_m = \Theta(M)$ and $M \gg \log(FM)$, our bound outperforms the existing sparsity-constrained group testing results trivially applied to the community model. If the sparsity constraint is relaxed, our achievable bound reduces to existing bounds for community-based group testing. Moreover, our scheme can also be applied to the classical dilution model, where it outperforms existing noise-level-independent schemes in the literature.

Information Theory

M. Xhemrishi,Rawad Bitar,A. Wachter-Zeh

DOI: https://doi.org/10.48550/arXiv.2203.01728

2022-03-03

Abstract:We consider the problem of designing a coding scheme that allows both sparsity and privacy for distributed matrix-vector multiplication. Perfect information-theoretic privacy requires encoding the input sparse matrices into matrices distributed uniformly at random from the considered alphabet; thus destroying the sparsity. Computing matrix-vector multiplication for sparse matrices is known to be fast. Distributing the computation over the non-sparse encoded matrices maintains privacy, but introduces artificial computing delays. In this work, we relax the privacy constraint and show that a certain level of sparsity can be maintained in the encoded matrices. We consider the chief/worker setting while assuming the presence of two clusters of workers: one is completely untrusted in which all workers collude to eavesdrop on the input matrix and in which perfect privacy must be satisfied; the other is partly trusted, only up to z workers may collude and to which revealing small amount of information about the input matrix is allowed. We design a scheme that trades sparsity for privacy while achieving the desired constraints. We use cyclic task assignments of the encoded matrices to tolerate partial and full stragglers.

Computer Science,Mathematics

Jianli Bai,Xiaowu Zhang,Xiangfu Song,Hang Shao,Qifan Wang,Shujie Cui,Giovanni Russello

2023-07-22

Abstract:Face recognition is a widely-used technique for identification or verification, where a verifier checks whether a face image matches anyone stored in a database. However, in scenarios where the database is held by a third party, such as a cloud server, both parties are concerned about data privacy. To address this concern, we propose CryptoMask, a privacy-preserving face recognition system that employs homomorphic encryption (HE) and secure multi-party computation (MPC). We design a new encoding strategy that leverages HE properties to reduce communication costs and enable efficient similarity checks between face images, without expensive homomorphic rotation. Additionally, CryptoMask leaks less information than existing state-of-the-art approaches. CryptoMask only reveals whether there is an image matching the query or not, whereas existing approaches additionally leak sensitive intermediate distance information. We conduct extensive experiments that demonstrate CryptoMask's superior performance in terms of computation and communication. For a database with 100 million 512-dimensional face vectors, CryptoMask offers ${\thicksim}5 \times$ and ${\thicksim}144 \times$ speed-ups in terms of computation and communication, respectively.

Cryptography and Security

Shahbaz Rezaei,Zubair Shafiq,Xin Liu

DOI: https://doi.org/10.1109/SP46215.2023.00109

2022-12-06

Abstract:Deep ensemble learning has been shown to improve accuracy by training multiple neural networks and averaging their outputs. Ensemble learning has also been suggested to defend against membership inference attacks that undermine privacy. In this paper, we empirically demonstrate a trade-off between these two goals, namely accuracy and privacy (in terms of membership inference attacks), in deep ensembles. Using a wide range of datasets and model architectures, we show that the effectiveness of membership inference attacks increases when ensembling improves accuracy. We analyze the impact of various factors in deep ensembles and demonstrate the root cause of the trade-off. Then, we evaluate common defenses against membership inference attacks based on regularization and differential privacy. We show that while these defenses can mitigate the effectiveness of membership inference attacks, they simultaneously degrade ensemble accuracy. We illustrate similar trade-off in more advanced and state-of-the-art ensembling techniques, such as snapshot ensembles and diversified ensemble networks. Finally, we propose a simple yet effective defense for deep ensembles to break the trade-off and, consequently, improve the accuracy and privacy, simultaneously.

Machine Learning,Artificial Intelligence,Cryptography and Security

Rajagopal Venkatesaramani,Zhiyu Wan,Bradley A. Malin,Yevgeniy Vorobeychik

DOI: https://doi.org/10.48550/arXiv.2112.13301

2021-12-26

Abstract:Large genomic datasets are now created through numerous activities, including recreational genealogical investigations, biomedical research, and clinical care. At the same time, genomic data has become valuable for reuse beyond their initial point of collection, but privacy concerns often hinder access. Over the past several years, Beacon services have emerged to broaden accessibility to such data. These services enable users to query for the presence of a particular minor allele in a private dataset, information that can help care providers determine if genomic variation is spurious or has some known clinical indication. However, various studies have shown that even this limited access model can leak if individuals are members in the underlying dataset. Several approaches for mitigating this vulnerability have been proposed, but they are limited in that they 1) typically rely on heuristics and 2) offer probabilistic privacy guarantees, but neglect utility. In this paper, we present a novel algorithmic framework to ensure privacy in a Beacon service setting with a minimal number of query response flips (e.g., changing a positive response to a negative). Specifically, we represent this problem as combinatorial optimization in both the batch setting (where queries arrive all at once), as well as the online setting (where queries arrive sequentially). The former setting has been the primary focus in prior literature, whereas real Beacons allow sequential queries, motivating the latter investigation. We present principled algorithms in this framework with both privacy and, in some cases, worst-case utility guarantees. Moreover, through an extensive experimental evaluation, we show that the proposed approaches significantly outperform the state of the art in terms of privacy and utility.

Cryptography and Security,Genomics

Mahshad Shariatnasab,Farhad Shirani,Elza Erkip

DOI: https://doi.org/10.48550/arXiv.2106.04766

2021-06-09

Abstract:This work considers active deanonymization of bipartite networks. The scenario arises naturally in evaluating privacy in various applications such as social networks, mobility networks, and medical databases. For instance, in active deanonymization of social networks, an anonymous victim is targeted by an attacker (e.g. the victim visits the attacker's website), and the attacker queries her group memberships (e.g. by querying the browser history) to deanonymize her. In this work, the fundamental limits of privacy, in terms of the minimum number of queries necessary for deanonymization, is investigated. A stochastic model is considered, where i) the bipartite network of group memberships is generated randomly, ii) the attacker has partial prior knowledge of the group memberships, and iii) it receives noisy responses to its real-time queries. The bipartite network is generated based on linear and sublinear preferential attachment, and the stochastic block model. The victim's identity is chosen randomly based on a distribution modeling the users' risk of being the victim (e.g. probability of visiting the website). An attack algorithm is proposed which builds upon techniques from communication with feedback, and its performance, in terms of expected number of queries, is analyzed. Simulation results are provided to verify the theoretical derivations.

Social and Information Networks,Information Theory

Luoyang Fang,Haonan Wang,Xiang Cheng,Liuqing Yang,Shuguang Cui

DOI: https://doi.org/10.1109/access.2020.2995152

IF: 3.9

2020-01-01

IEEE Access

Abstract:Mobile privacy is broadly concerning in the mobile big data era, as user mobility behaviors are privacy-sensitive and unique. User identification attacks consist of one of the most critical privacy concerns on mobile big data. In this paper, we study mobile privacy in terms of user identifiability from the perspective of privacy adversaries. User identification in two datasets from the same data source or two different data sources is generally formulated as a linear assignment problem (LAP), in which the cost matrix of users is generated by a single distance measure. However, user identification via one single distance measure may lead to a large portion of false matches, especially when only a few users coexist across these two datasets. In addition, the cubic computational complexity of LAP limits the scale of user identification analysis. In this paper, we propose a multi-feature ensemble matching framework to improve the user identification precision based on a majority voting rule, by integrating multiple distance measures. The computational complexity of the proposed ensemble matching algorithm is an order of magnitude less than that of the single-distance based approach, which results from solving an LAP on a highly sparse matrix rather than a dense matrix. Experiments demonstrate the superior performance of our proposed scalable ensemble matching framework with respect to matching precision as well as the vulnerability of mobile network subscribers' privacy.

Changsong Jiang,Chunxiang Xu,Yuan Zhang

DOI: https://doi.org/10.1016/j.ins.2021.05.077

IF: 8.1

2021-10-01

Information Sciences

Abstract:<p>Privacy-preserving federated learning is distributed machine learning where multiple collaborators train a model through protected gradients. To achieve robustness to users dropping out, existing practical privacy-preserving federated learning schemes are based on (t, N)-threshold secret sharing. Such schemes rely on a strong assumption to guarantee security: the threshold (t) mut be greater than half of the number of users. The assumption is so rigorous that in some scenarios the schemes may not be appropriate. Motivated by the issue, we first introduce membership proof for federated learning, which leverages cryptographic accumulators to generate membership proofs by accumulating users IDs. The proofs are issued in a public blockchain for users to verify. With membership proof, we propose a privacy-preserving federated learning scheme called PFLM. PFLM releases the assumption of threshold while maintaining the security guarantees. Additionally, we design a result verification algorithm based on a variant of ElGamal encryption to verify the correctness of aggregated results from the cloud server. The verification algorithm is integrated into PFLM as a part. Security analysis in a random oracle model shows that PFLM guarantees privacy against active adversaries. The implementation of PFLM and experiments demonstrate the performance of PFLM in terms of computation and communication.</p>

computer science, information systems

Rawad Bitar,Maximilian Egger,Antonia Wachter-Zeh,Marvin Xhemrishi

DOI: https://doi.org/10.1109/tifs.2024.3394256

IF: 7.231

2024-05-10

IEEE Transactions on Information Forensics and Security

Abstract:This work investigates the design of sparse secret sharing schemes that encode a sparse private matrix into sparse shares. This investigation is motivated by distributed computing, where the multiplication of sparse and private matrices is moved from a computationally weak main node to untrusted worker machines. Classical secret-sharing schemes produce dense shares. However, sparsity can help speed up the computation. We show that, for matrices with i.i.d. entries, sparsity in the shares comes at a fundamental cost of weaker privacy. We derive a fundamental tradeoff between sparsity and privacy and construct optimal sparse secret sharing schemes that produce shares that leak the minimum amount of information for a desired sparsity of the shares. We apply our schemes to distributed sparse and private matrix multiplication schemes with no colluding workers while tolerating stragglers. For the setting of two non-communicating clusters of workers, we design a sparse one-time pad so that no private information is leaked to a cluster of untrusted and colluding workers, and the shares with bounded but non-zero leakage are assigned to a cluster of partially trusted workers. We conclude by discussing the necessity of using permutations for matrices with correlated entries.

computer science, theory & methods,engineering, electrical & electronic

Chaochen Qian,Xiaochun Xiao,Siming Chen,Xueping Wang

DOI: https://doi.org/10.1109/anthology.2013.6784955

2013-01-01

Abstract:Social Networking Sites (SNS) such as Facebook and MySpace have attracted millions of users because of their ability to combine individuals by social graphs. Nonetheless, considerable amount of users are suffering from their poor privacy settings. It is partly due to their lack of the awareness of privacy. To most normal users, the too exhausting privacy settings on SNS is another important reason. Moreover, even friends cannot be trusted all the time, and the privacy issues involving friends have actually been serious. In this paper1, we propose a novel approach of grouping friends to improve the privacy policy. We introduce a closeness degree model to quantify relationship between one user and his friends, based on which all the friends can be categorized automatically and dynamically. With some further statistical inference and analysis, our approach reflects the users' tendency of disclosing personal data as well as their original privacy preferences.

Mark Bun,Jelani Nelson,Uri Stemmer

DOI: https://doi.org/10.48550/arXiv.1711.04740

2017-11-14

Abstract:We present a new locally differentially private algorithm for the heavy hitters problem which achieves optimal worst-case error as a function of all standardly considered parameters. Prior work obtained error rates which depend optimally on the number of users, the size of the domain, and the privacy parameter, but depend sub-optimally on the failure probability. We strengthen existing lower bounds on the error to incorporate the failure probability, and show that our new upper bound is tight with respect to this parameter as well. Our lower bound is based on a new understanding of the structure of locally private protocols. We further develop these ideas to obtain the following general results beyond heavy hitters. $\bullet$ Advanced Grouposition: In the local model, group privacy for $k$ users degrades proportionally to $\approx \sqrt{k}$, instead of linearly in $k$ as in the central model. Stronger group privacy yields improved max-information guarantees, as well as stronger lower bounds (via "packing arguments"), over the central model. $\bullet$ Building on a transformation of Bassily and Smith (STOC 2015), we give a generic transformation from any non-interactive approximate-private local protocol into a pure-private local protocol. Again in contrast with the central model, this shows that we cannot obtain more accurate algorithms by moving from pure to approximate local privacy.

Data Structures and Algorithms