Server-Aided Privacy-Preserving Proximity Testing

Proximity testing is at the core of many Location-Based online Services (LBS) which we use in our daily lives to order taxis, find places of interest nearby, connect with people. Currently, most such services expect a user to submit his location to them and trust the LBS not to abuse this information, and use it only to provide the service. Existing cases of such information being misused (e.g., by the LBS employees or criminals who breached its security) motivates the search for better solutions that would ensure the privacy of user data, and give users control of how their data is being used.In this thesis, we address this problem using cryptographic techniques. We propose three cryptographic protocols that allow two users to perform proximity testing (check if they are close enough to each other) with the help of two servers.In the papers 1 and 2, the servers are introduced in order to allow users not to be online at the same time: one user may submit their location to the servers and go offline, the other user coming online later and finishing proximity testing. The drastically improves the practicality of such protocols, since the mobile devices that users usually run may not always be online. We stress that the servers in these protocols merely aid the users in performing the proximity testing, and none of the servers can independently extract the user data.In the paper 3, we use the servers to offload the users\u27 computation and communication to. The servers here pre-generate correlated random data and send it to users, who can use it to perform a secure proximity testing protocol faster. Paper 3, together with the paper 2, are highly practical: they provide strong security guarantees and are suitable to be executed on resource-constrained mobile devices. In fact, the work of clients in these protocols is close to negligible as most of the work is done by servers

Efficient Learning in Heterogeneous Internet of Things Ecosystems

The Internet of Things (IoT) is a growing network of heterogeneous devices, combining various sensing and computing nodes at different scales, which creates a large volume of data. Many IoT applications use machine learning (ML) algorithms to analyze the data. The high computational complexity of ML workloads poses significant computational challenges to IoT computing platforms, which tend to be less-powerful and resource-constrained devices. Transmitting such large volumes of data to the cloud also have various issues such as scalability, security and privacy. In this dissertation, we propose efficient solutions to perform the ML tasks while decreasing power consumption and improving performance. We first leverage the heterogeneous and interconnected nature of the IoT systems, where IoT applications run on many different architectures (e.g., X86 server or ARM-based edge device) while communicating with each other. We present a cross-platform power and performance prediction technique for intelligent task allocation. The proposed technique estimates the time-variant energy consumption with only 7% error across completely different architectures, enabling the intelligent task allocation that saves the energy consumption of 16.5% for state-of-the-art ML workloads.We next show how to further advance the learning procedures towards real-time and online processing by distributing such learning tasks onto the hierarchy of IoT devices. Our solution leverages brain-inspired high-dimensional (HD) computing to derive a new class oflearning algorithms that can easily run on IoT devices, while providing high accuracy comparable to the state-of-the-arts. We present that the HD-based learning algorithms can cover various real-world problems from conventional classification to other cognitive tasks beyond classical MLs such as DNA pattern matching. We demonstrate that the HD-based learning can enable secure, collaborative learning by efficiently distributing a large volume of learning tasks into heterogeneous computing nodes. We have implemented the proposed learning solution on various platforms while offering superior computing efficiency. For example, our solution achieves 486×and 7× performance improvements for each of the training and inference phases on a low-power ARM processor, as compared to state-of-the-art deep learning

A Survey on Wireless Security: Technical Challenges, Recent Advances and Future Trends

This paper examines the security vulnerabilities and threats imposed by the inherent open nature of wireless communications and to devise efficient defense mechanisms for improving the wireless network security. We first summarize the security requirements of wireless networks, including their authenticity, confidentiality, integrity and availability issues. Next, a comprehensive overview of security attacks encountered in wireless networks is presented in view of the network protocol architecture, where the potential security threats are discussed at each protocol layer. We also provide a survey of the existing security protocols and algorithms that are adopted in the existing wireless network standards, such as the Bluetooth, Wi-Fi, WiMAX, and the long-term evolution (LTE) systems. Then, we discuss the state-of-the-art in physical-layer security, which is an emerging technique of securing the open communications environment against eavesdropping attacks at the physical layer. We also introduce the family of various jamming attacks and their counter-measures, including the constant jammer, intermittent jammer, reactive jammer, adaptive jammer and intelligent jammer. Additionally, we discuss the integration of physical-layer security into existing authentication and cryptography mechanisms for further securing wireless networks. Finally, some technical challenges which remain unresolved at the time of writing are summarized and the future trends in wireless security are discussed.Comment: 36 pages. Accepted to Appear in Proceedings of the IEEE, 201

BUILDING TRUST FOR SERVICE ASSESSMENT IN INTERNET-ENABLED COLLABORATIVE PRODUCT DESIGN & REALIZATION ENVIRONMENTS

Reducing costs, increasing speed and leveraging the intelligence of partners involved during product design processes are important benefits of Internet-enabled collaborative product design and realization environments. The options for cost-effective product design, re-design or improvement are at their peak during the early stages of the design process and designers can collaborate with suppliers, manufacturers and other relevant contributors to acquire a better understanding of associated costs and product viability. Collaboration is by no means a new paradigm. However, companies have found distrust of collaborative partners to be the most intractable obstacle to collaborative commerce and Internet-enabled business especially in intellectual property environments, which handle propriety data on a constant basis. This problem is also reinforced in collaborative environments that are distributed in nature. Thus trust is the main driver or enabler of successful collaborative efforts or transactions in Internet-enabled product design environments. Focus is on analyzing the problem of ¡®trust for services¡¯ in distributed collaborative service provider assessment and selection, concentrating on characteristics specific to electronic product design (e-Design) environments. Current tools for such collaborative partner/provider assessment are inadequate or non-existent and researching network, user, communication and service trust problems, which hinder the growth and acceptance of true collaboration in product design, can foster new frontiers in manufacturing, business and technology. Trust and its associated issues within the context of a secure Internet-enabled product design & realization platform is a multifaceted and complex problem, which demands a strategic approach crossing disciplinary boundaries. A Design Environment Trust Service (DETS) framework is proposed to incorporate trust for services in product design environments based on client specified (or default) criteria. This involves the analysis of validated network (objective) data and non-network (subjective) data and the use of Multi Criteria Decision Making (MCDM) methodology for the selection of the most efficient service provision alternative through the minimization of distance from a specified ideal point and interpreted as a Dynamic (Design) Trust Index (DTI) or rank. Hence, the service requestor is provided with a quantifiable degree of belief to mitigate information asymmetry and enable knowledgeable decision-making regarding trustworthy service provision in a distributed environment

Dual channel-based network traffic authentication

In a local network or the Internet in general, data that is transmitted between two computers (also known as network traffic or simply, traffic) in that network is usually classified as being of a malicious or of a benign nature by a traffic authentication system employing databases of previously observed malicious or benign traffic signatures, i.e., blacklists or whitelists, respectively. These lists typically consist of either the destinations (i.e., IP addresses or domain names) to which traffic is being sent or the statistical properties of the traffic, e.g., packet size, rate of connection establishment, etc. The drawback with the list-based approach is its inability to offer a fully comprehensive solution since the population of the list is likely to go on indefinitely. This implies that at any given time, there is a likelihood of some traffic signatures not being present in the list, leading to false classification of traffic. From a security standpoint, whitelists are a safer bet than blacklists since their underlying philosophy is to block anything that is unknown hence in the worst case, are likely to result in high false rejects with no false accepts. On the other hand, blacklists block only what is known and therefore are likely to result in high false accepts since unknown malicious traffic will be accepted, e.g., in the case of zero-day attacks (i.e., new attacks whose signatures have not yet been analyzed by the security community). Despite this knowledge, the most commonly used traffic authentication solutions, e.g., antivirus or antimalware solutions, have predominantly employed blacklists rather than whitelists in their solutions. This can perhaps be attributed to the fact that the population of a blacklist typically requires less user involvement than that of a whitelist. For instance, malicious traffic signatures (i.e., behavior or destinations) are usually the same across a population of users; hence, by observing malicious activity from a few users, a global blacklist that is applicable to all users can be created. Whitelist generation, on the other hand, tends to be more user-specific as what may be considered acceptable or benign traffic to one user may not be considered the same to a different user. As a result, users are likely to find whitelist-based solutions that require their participation to be both cumbersome and inconveniencing. This dissertation offers a whitelist-based traffic authentication solution that reduces the active participation of users in whitelist population. By relying on activity that users regularly engage in while interacting with their computers (i.e., typing), we are able to identify legitimate destinations to which users direct their traffic and use these to populate the whitelist, without requiring the users to deviate from their normal behavior. Our solution requires users to type the destinations of their outgoing traffic requests only once, after which any subsequent requests to that destination are authenticated without the need for them to be typed again. Empirical results from testing our solution in a real time traffic analysis scenario showed that relatively low false reject rates for legitimate traffic with no false accepts for illegitimate traffic are achievable. Additionally, an investigation into the level of inconvenience that the typing requirement imposes on the users revealed that, since users are likely to engage in this (typing) activity during the course of utilizing their computer\u27s resources, this requirement did not pose a significant deterrent to them from using the system

MP2ML: A Mixed-Protocol Machine Learning Framework for Private Inference

Privacy-preserving machine learning (PPML) has many applications, from medical image classification and anomaly detection to financial analysis. nGraph-HE enables data scientists to perform private inference of deep learning (DL) models trained using popular frameworks such as TensorFlow. nGraph-HE computes linear layers using the CKKS homomorphic encryption (HE) scheme. The non-polynomial activation functions, such as MaxPool and ReLU, are evaluated in the clear by the data owner who obtains the intermediate feature maps. This leaks the feature maps to the data owner from which it may be possible to deduce the DL model weights. As a result, such protocols may not be suitable for deployment, especially when the DL model is intellectual property. In this work, we present MP2ML, a machine learning framework which integrates nGraph-HE and the secure two-party computation framework ABY, to overcome the limitations of leaking the intermediate feature maps to the data owner. We introduce a novel scheme for the conversion between CKKS and secure multi-party computation to execute DL inference while maintaining the privacy of both the input data and model weights. MP2ML is compatible with popular DL frameworks such as TensorFlow that can infer pre-trained neural networks with native ReLU activations. We benchmark MP2ML on the CryptoNets network with ReLU activations, on which it achieves a throughput of 33.3 images/s and an accuracy of 98.6%. This throughput matches the previous state-of-the-art work, even though our protocol is more accurate and scalable

LAAP: Lightweight anonymous authentication protocol for D2D-Aided fog computing paradigm

Fog computing is a new paradigm that extends cloud computing and services to the edge of the network. Although it has several distinct characteristics, however, the conventional fog computing model does not support some of the imperative features such as D2D communications, which can be useful for several critical IoT applications and services. Besides, fog computing faces numerous new security and privacy challenges apart from those inherited from cloud computing, however, security issues in fog computing have not been addressed properly. In this article, first we introduce a new privacy-preserving security architecture for fog computing model with the cooperative D2D communication support, which can be useful for various IoT applications. Subsequently, based on the underlying foundation of our proposed security architecture we design three lightweight anonymous authentication protocols (LAAPs) to support three distinct circumstances in D2D-Aided fog computing. In this regard, we utilize the lightweight cryptographic primitives like one-way function and EXCLUSIVE-OR operations, which will cause limited computational overhead for the resource limited edge devices