Data Leak Detection As a Service: Challenges and Solutions

We describe a network-based data-leak detection (DLD) technique, the main feature of which is that the detection does not require the data owner to reveal the content of the sensitive data. Instead, only a small amount of specialized digests are needed. Our technique – referred to as the fuzzy fingerprint – can be used to detect accidental data leaks due to human errors or application flaws. The privacy-preserving feature of our algorithms minimizes the exposure of sensitive data and enables the data owner to safely delegate the detection to others.We describe how cloud providers can offer their customers data-leak detection as an add-on service with strong privacy guarantees. We perform extensive experimental evaluation on the privacy, efficiency, accuracy and noise tolerance of our techniques. Our evaluation results under various data-leak scenarios and setups show that our method can support accurate detection with very small number of false alarms, even when the presentation of the data has been transformed. It also indicates that the detection accuracy does not degrade when partial digests are used. We further provide a quantifiable method to measure the privacy guarantee offered by our fuzzy fingerprint framework

Security for 5G Mobile Wireless Networks

The advanced features of 5G mobile wireless network systems yield new security requirements and challenges. This paper presents a comprehensive survey on security of 5G wireless network systems compared to the traditional cellular networks. The paper starts with a review on 5G wireless networks particularities as well as on the new requirements and motivations of 5G wireless security. The potential attacks and security services with the consideration of new service requirements and new use cases in 5G wireless networks are then summarized. The recent development and the existing schemes for the 5G wireless security are presented based on the corresponding security services including authentication, availability, data confidentiality, key management and privacy. The paper further discusses the new security features involving different technologies applied to 5G such as heterogeneous networks, device-to-device communications, massive multiple-input multiple-output, software defined networks and Internet of Things. Motivated by these security research and development activities, we propose a new 5G wireless security architecture, based on which the analysis of identity management and flexible authentication is provided. As a case study, we explore a handover procedure as well as a signaling load scheme to show the advantage of the proposed security architecture. The challenges and future directions of 5G wireless security are finally summarized

PA-iMFL: Communication-Efficient Privacy Amplification Method against Data Reconstruction Attack in Improved Multi-Layer Federated Learning

Recently, big data has seen explosive growth in the Internet of Things (IoT). Multi-layer FL (MFL) based on cloud-edge-end architecture can promote model training efficiency and model accuracy while preserving IoT data privacy. This paper considers an improved MFL, where edge layer devices own private data and can join the training process. iMFL can improve edge resource utilization and also alleviate the strict requirement of end devices, but suffers from the issues of Data Reconstruction Attack (DRA) and unacceptable communication overhead. This paper aims to address these issues with iMFL. We propose a Privacy Amplification scheme on iMFL (PA-iMFL). Differing from standard MFL, we design privacy operations in end and edge devices after local training, including three sequential components, local differential privacy with Laplace mechanism, privacy amplification subsample, and gradient sign reset. Benefitting from privacy operations, PA-iMFL reduces communication overhead and achieves privacy-preserving. Extensive results demonstrate that against State-Of-The-Art (SOTA) DRAs, PA-iMFL can effectively mitigate private data leakage and reach the same level of protection capability as the SOTA defense model. Moreover, due to adopting privacy operations in edge devices, PA-iMFL promotes up to 2.8 times communication efficiency than the SOTA compression method without compromising model accuracy.Comment: 12 pages, 11 figure

Smart Metering System: Developing New Designs to Improve Privacy and Functionality

This PhD project aims to develop a novel smart metering system that plays a dual role: Fulfil basic functions (metering, billing, management of demand for energy in grids) and protect households from privacy intrusions whilst enabling them a degree of freedom. The first two chapters of the thesis will introduce the research background and a detailed literature review on state-of-the-art works for protecting smart meter data. Chapter 3 discusses theory foundations for smart meter data analytics, including machine learning, deep learning, and information theory foundations. The rest of the thesis is split into two parts, ‘Privacy’ and ‘Functionality’, respectively. In the ‘Privacy’ part, the overall smart metering system, as well as privacy configurations, are presented. A threat/adversary model is developed at first. Then a multi-channel smart metering system is designed to reduce the privacy risks of the adversary. Each channel of the system is responsible for one functionality by transmitting different granular smart meter data. In addition, the privacy boundary of the smart meter data in the proposed system is also discovered by introducing a data mining algorithm. By employing the algorithm, a three-level privacy boundary is concluded. Furthermore, a differentially private federated learning-based value-added service platform is designed to provide flexible privacy guarantees to consumers and balance the trade-off between privacy loss and service accuracy. In the ‘Functionality’ part, three feeder-level functionalities: load forecasting, solar energy separation, and energy disaggregation are evaluated. These functionalities will increase thepredictability, visibility, and controllability of the distributed network without utilizing household smart meter data. Finally, the thesis will conclude and summarize the overall system and highlight the contributions and novelties of this project