Lime: Data Lineage in the Malicious Environment

Intentional or unintentional leakage of confidential data is undoubtedly one of the most severe security threats that organizations face in the digital era. The threat now extends to our personal lives: a plethora of personal information is available to social networks and smartphone providers and is indirectly transferred to untrustworthy third party and fourth party applications. In this work, we present a generic data lineage framework LIME for data flow across multiple entities that take two characteristic, principal roles (i.e., owner and consumer). We define the exact security guarantees required by such a data lineage mechanism toward identification of a guilty entity, and identify the simplifying non repudiation and honesty assumptions. We then develop and analyze a novel accountable data transfer protocol between two entities within a malicious environment by building upon oblivious transfer, robust watermarking, and signature primitives. Finally, we perform an experimental evaluation to demonstrate the practicality of our protocol

Personal rights management (PRM) : enabling privacy rights in digital online media content

With ubiquitous use of digital camera devices, especially in mobile phones, privacy is no longer threatened by governments and companies only. The new technology creates a new threat by ordinary people, who now have the means to take and distribute pictures of one’s face at no risk and little cost in any situation in public and private spaces. Fast distribution via web based photo albums, online communities and web pages expose an individual’s private life to the public in unpreceeded ways. Social and legal measures are increasingly taken to deal with this problem. In practice however, they lack efficiency, as they are hard to enforce in practice. In this paper, we discuss a supportive infrastructure aiming for the distribution channel; as soon as the picture is publicly available, the exposed individual has a chance to find it and take proper action.Wir stellen ein System zur Wahrnehmung des Rechts am eigenen Bild bei der Veröffentlichung digitaler Fotos, zum Beispiel von Handykameras, im Internet vor. Zur Entdeckung der Veröffentlichung schlagen wir ein Watermarking-Verfahren vor, welches das Auffinden der Bilder durch die potentiell abgebildeten Personen ermöglicht, ohne die Rechte des Fotografen einzuschränken

On the Reliability of Watermarks for Large Language Models

As LLMs become commonplace, machine-generated text has the potential to flood the internet with spam, social media bots, and valueless content. Watermarking is a simple and effective strategy for mitigating such harms by enabling the detection and documentation of LLM-generated text. Yet a crucial question remains: How reliable is watermarking in realistic settings in the wild? There, watermarked text may be modified to suit a user's needs, or entirely rewritten to avoid detection. We study the robustness of watermarked text after it is re-written by humans, paraphrased by a non-watermarked LLM, or mixed into a longer hand-written document. We find that watermarks remain detectable even after human and machine paraphrasing. While these attacks dilute the strength of the watermark, paraphrases are statistically likely to leak n-grams or even longer fragments of the original text, resulting in high-confidence detections when enough tokens are observed. For example, after strong human paraphrasing the watermark is detectable after observing 800 tokens on average, when setting a 1e-5 false positive rate. We also consider a range of new detection schemes that are sensitive to short spans of watermarked text embedded inside a large document, and we compare the robustness of watermarking to other kinds of detectors.Comment: 14 pages in the main body. Code is available at https://github.com/jwkirchenbauer/lm-watermarkin

A Property Rights Enforcement and Pricing Model for IIoT Data Marketplaces

학위논문(석사)--서울대학교 대학원 :공과대학 협동과정 기술경영·경제·정책전공,2019. 8. Jörn Altmann.The Industrial Internet of Things (IIoT) has become a valuable data source for products and services based on advanced data analytics. However, evidence suggests that industries are suffering a significant loss of value creation from insufficient IIoT data sharing. We argue that the limited utilization of the Sensing as a Service business model is caused by the economic and technological characteristics of sensor data, and the corresponding absence of applicable digital rights management models. Therefore, we propose a combined property rights enforcement and pricing model to solve the IIoT data sharing incentive problem.산업용 사물 인터넷 (IIoT) 데이터가 제품과 서비스를 위한 중요한 고급 데이터 소스로 여겨지고 있지만, 여전히 수 많은 기업들은 불충분한 산업용 사물 인터넷 데이터 공유 시스템으로 인하여 고충을 겪고 있다. 방대한 분량의 산업용 데이터가 제대로 거래되지 못하고 있으며, 이는 데이터의 커다란 가치 손실로 이어지고 있다. 본 연구에서는 서비스로서의 센싱 (Sensing as a Service) 비지니스 모델이 한정적으로 적용되고 있는 원인이 해당 정보의 경제적, 기술적 특징들을 반영하는 디지털 권리 시스템의 부재에 기인한다고 보고 있다. 따라서 본 연구에서는 산업용 사물 인터넷 데이터에 대한 지적재산권 집행 시스템과 데이터 가격산정 모델을 제안하여 산업용 사물 인터넷 데이터 공유 인센티브 문제를 해결하고자 한다.1 Introduction 1 1.1 Background 1 1.2 Problem Description 6 1.3 Research Objective and Question 8 1.4 Methodology 8 1.5 Contributions 9 1.6 Structure 10 2 Literature Review 11 2.1 Sensing as a Service 11 2.2 Economic Characteristics of IIoT Data 14 2.2.1 Property Rights of Data 18 2.2.2 Licensing of IIoT Data 23 2.3 IIoT Data Marketplaces 25 2.3.1 Use-cases and Value Propositions 30 2.3.2 Market Structures and Pricing Models 34 2.4 Digital Rights Management for IIoT 36 3 Model 44 3.1 Assumptions 45 3.2 Watermarking Technique 47 3.2.1 Function 48 3.2.2 Example 50 3.2.3 Robustness 51 3.3 Economic Reasoning 54 3.3.1 The Quality Gap 55 3.3.2 Cost of Watermarking (CoW) 57 3.3.3 Cost of Attacking (CoA) 58 4 Analytical Analysis 60 4.1 Equilibrium Between CoW and CoA 60 4.2 Determining the Optimal Quality Gap 62 4.3 Applicability of the Quality Gap Function 64 5 Conclusion 66 5.1 Summary 66 5.2 Discussion 66 6 Limitations and Future Research 68 References 70 Abstract (Korean) 79Maste

Secure digital documents using Steganography and QR Code

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University LondonWith the increasing use of the Internet several problems have arisen regarding the processing of electronic documents. These include content filtering, content retrieval/search. Moreover, document security has taken a centre stage including copyright protection, broadcast monitoring etc. There is an acute need of an effective tool which can find the identity, location and the time when the document was created so that it can be determined whether or not the contents of the document were tampered with after creation. Owing the sensitivity of the large amounts of data which is processed on a daily basis, verifying the authenticity and integrity of a document is more important now than it ever was. Unsurprisingly document authenticity verification has become the centre of attention in the world of research. Consequently, this research is concerned with creating a tool which deals with the above problem. This research proposes the use of a Quick Response Code as a message carrier for Text Key-print. The Text Key-print is a novel method which employs the basic element of the language (i.e. Characters of the alphabet) in order to achieve authenticity of electronic documents through the transformation of its physical structure into a logical structured relationship. The resultant dimensional matrix is then converted into a binary stream and encapsulated with a serial number or URL inside a Quick response Code (QR code) to form a digital fingerprint mark. For hiding a QR code, two image steganography techniques were developed based upon the spatial and the transform domains. In the spatial domain, three methods were proposed and implemented based on the least significant bit insertion technique and the use of pseudorandom number generator to scatter the message into a set of arbitrary pixels. These methods utilise the three colour channels in the images based on the RGB model based in order to embed one, two or three bits per the eight bit channel which results in three different hiding capacities. The second technique is an adaptive approach in transforming domain where a threshold value is calculated under a predefined location for embedding in order to identify the embedding strength of the embedding technique. The quality of the generated stego images was evaluated using both objective (PSNR) and Subjective (DSCQS) methods to ensure the reliability of our proposed methods. The experimental results revealed that PSNR is not a strong indicator of the perceived stego image quality, but not a bad interpreter also of the actual quality of stego images. Since the visual difference between the cover and the stego image must be absolutely imperceptible to the human visual system, it was logically convenient to ask human observers with different qualifications and experience in the field of image processing to evaluate the perceived quality of the cover and the stego image. Thus, the subjective responses were analysed using statistical measurements to describe the distribution of the scores given by the assessors. Thus, the proposed scheme presents an alternative approach to protect digital documents rather than the traditional techniques of digital signature and watermarking

Wireless body area network revisited

Rapid growth of wireless body area networks (WBANs) technology allowed the fast and secured acquisition as well as exchange of vast amount of data information in diversified fields. WBANs intend to simplify and improve the speed, accuracy, and reliability of communica-tions from sensors (interior motors) placed on and/or close to the human body, reducing the healthcare cost remarkably. However, the secu-rity of sensitive data transfer using WBANs and subsequent protection from adversaries attack is a major issue. Depending on the types of applications, small and high sensitive sensors having several nodes obtained from invasive/non-invasive micro- and nano- technology can be installed on the human body to capture useful information. Lately, the use of micro-electro-mechanical systems (MEMS) and integrated circuits in wireless communications (WCs) became widespread because of their low-power operation, intelligence, accuracy, and miniaturi-zation. IEEE 802.15.6 and 802.15.4j standards have already been set to specifically regulate the medical networks and WBANs. In this view, present communication provides an all-inclusive overview of the past development, recent progress, challenges and future trends of security technology related to WBANs

Cyber Security

This open access book constitutes the refereed proceedings of the 17th International Annual Conference on Cyber Security, CNCERT 2021, held in Beijing, China, in AJuly 2021. The 14 papers presented were carefully reviewed and selected from 51 submissions. The papers are organized according to the following topical sections: ​data security; privacy protection; anomaly detection; traffic analysis; social network security; vulnerability detection; text classification

Analysis of Security Mechanisms Based on Clusters IoT Environments

Internet of things is based on sensors, communication networks and intelligence that manages the entire process and the generated data. Sensors are the senses of systems, because of this, they can be used in large quantities. Sensors must have low power consumption and cost, small size and great flexibility for its use in all circumstances. Therefore, the security of these network devices, data sensors and other devices, is a major concern as it grows rapidly in terms of nodes interconnected via sensor data. This paper presents an analysis from a systematic review point of view of articles on Internet of Things (IoT), security aspects specifically at privacy level and control access in this type of environment. Finally, it presents an analysis of security issues that must be addressed, from different clusters and identified areas within the fields of application of this technology