3,420 research outputs found
Recommended from our members
Privacy-Preserving iVector-Based Speaker Verification
This paper introduces an efficient algorithm to develop a privacy-preserving voice verification based on iVector and linear discriminant analysis techniques. This research considers a scenario in which users enrol their voice biometric to access different services (i.e., banking). Once enrolment is completed, users can verify themselves using their voice print instead of alphanumeric passwords. Since a voice print is unique for everyone, storing it with a third-party server raises several privacy concerns. To address this challenge, this paper proposes a novel technique based on randomization to carry out voice authentication, which allows the user to enrol and verify their voice in the randomized domain. To achieve this, the iVector-based voice verification technique has been redesigned to work on the randomized domain. The proposed algorithm is validated using a well-known speech dataset. The proposed algorithm neither compromises the authentication accuracy nor adds additional complexity due to the randomization operations
Enabling Privacy-preserving Auctions in Big Data
We study how to enable auctions in the big data context to solve many
upcoming data-based decision problems in the near future. We consider the
characteristics of the big data including, but not limited to, velocity,
volume, variety, and veracity, and we believe any auction mechanism design in
the future should take the following factors into consideration: 1) generality
(variety); 2) efficiency and scalability (velocity and volume); 3) truthfulness
and verifiability (veracity). In this paper, we propose a privacy-preserving
construction for auction mechanism design in the big data, which prevents
adversaries from learning unnecessary information except those implied in the
valid output of the auction. More specifically, we considered one of the most
general form of the auction (to deal with the variety), and greatly improved
the the efficiency and scalability by approximating the NP-hard problems and
avoiding the design based on garbled circuits (to deal with velocity and
volume), and finally prevented stakeholders from lying to each other for their
own benefit (to deal with the veracity). We achieve these by introducing a
novel privacy-preserving winner determination algorithm and a novel payment
mechanism. Additionally, we further employ a blind signature scheme as a
building block to let bidders verify the authenticity of their payment reported
by the auctioneer. The comparison with peer work shows that we improve the
asymptotic performance of peer works' overhead from the exponential growth to a
linear growth and from linear growth to a logarithmic growth, which greatly
improves the scalability
Private Multi-party Matrix Multiplication and Trust Computations
This paper deals with distributed matrix multiplication. Each player owns
only one row of both matrices and wishes to learn about one distinct row of the
product matrix, without revealing its input to the other players. We first
improve on a weighted average protocol, in order to securely compute a
dot-product with a quadratic volume of communications and linear number of
rounds. We also propose a protocol with five communication rounds, using a
Paillier-like underlying homomorphic public key cryptosystem, which is secure
in the semi-honest model or secure with high probability in the malicious
adversary model. Using ProVerif, a cryptographic protocol verification tool, we
are able to check the security of the protocol and provide a countermeasure for
each attack found by the tool. We also give a randomization method to avoid
collusion attacks. As an application, we show that this protocol enables a
distributed and secure evaluation of trust relationships in a network, for a
large class of trust evaluation schemes.Comment: Pierangela Samarati. SECRYPT 2016 : 13th International Conference on
Security and Cryptography, Lisbonne, Portugal, 26--28 Juillet 2016. 201
Flexible and Robust Privacy-Preserving Implicit Authentication
Implicit authentication consists of a server authenticating a user based on
the user's usage profile, instead of/in addition to relying on something the
user explicitly knows (passwords, private keys, etc.). While implicit
authentication makes identity theft by third parties more difficult, it
requires the server to learn and store the user's usage profile. Recently, the
first privacy-preserving implicit authentication system was presented, in which
the server does not learn the user's profile. It uses an ad hoc two-party
computation protocol to compare the user's fresh sampled features against an
encrypted stored user's profile. The protocol requires storing the usage
profile and comparing against it using two different cryptosystems, one of them
order-preserving; furthermore, features must be numerical. We present here a
simpler protocol based on set intersection that has the advantages of: i)
requiring only one cryptosystem; ii) not leaking the relative order of fresh
feature samples; iii) being able to deal with any type of features (numerical
or non-numerical).
Keywords: Privacy-preserving implicit authentication, privacy-preserving set
intersection, implicit authentication, active authentication, transparent
authentication, risk mitigation, data brokers.Comment: IFIP SEC 2015-Intl. Information Security and Privacy Conference, May
26-28, 2015, IFIP AICT, Springer, to appea
Protecting privacy of users in brain-computer interface applications
Machine learning (ML) is revolutionizing research and industry. Many ML applications rely on the use of large amounts of personal data for training and inference. Among the most intimate exploited data sources is electroencephalogram (EEG) data, a kind of data that is so rich with information that application developers can easily gain knowledge beyond the professed scope from unprotected EEG signals, including passwords, ATM PINs, and other intimate data. The challenge we address is how to engage in meaningful ML with EEG data while protecting the privacy of users. Hence, we propose cryptographic protocols based on secure multiparty computation (SMC) to perform linear regression over EEG signals from many users in a fully privacy-preserving(PP) fashion, i.e., such that each individual's EEG signals are not revealed to anyone else. To illustrate the potential of our secure framework, we show how it allows estimating the drowsiness of drivers from their EEG signals as would be possible in the unencrypted case, and at a very reasonable computational cost. Our solution is the first application of commodity-based SMC to EEG data, as well as the largest documented experiment of secret sharing-based SMC in general, namely, with 15 players involved in all the computations
Privately Connecting Mobility to Infectious Diseases via Applied Cryptography
Human mobility is undisputedly one of the critical factors in infectious
disease dynamics. Until a few years ago, researchers had to rely on static data
to model human mobility, which was then combined with a transmission model of a
particular disease resulting in an epidemiological model. Recent works have
consistently been showing that substituting the static mobility data with
mobile phone data leads to significantly more accurate models. While prior
studies have exclusively relied on a mobile network operator's subscribers'
aggregated data, it may be preferable to contemplate aggregated mobility data
of infected individuals only. Clearly, naively linking mobile phone data with
infected individuals would massively intrude privacy. This research aims to
develop a solution that reports the aggregated mobile phone location data of
infected individuals while still maintaining compliance with privacy
expectations. To achieve privacy, we use homomorphic encryption, zero-knowledge
proof techniques, and differential privacy. Our protocol's open-source
implementation can process eight million subscribers in one and a half hours.
Additionally, we provide a legal analysis of our solution with regards to the
EU General Data Protection Regulation.Comment: Added differentlial privacy experiments and new benchmark
- …