The Prom Problem: Fair and Privacy-Enhanced Matchmaking with Identity Linked Wishes

In the Prom Problem (TPP), Alice wishes to attend a school dance with Bob and needs a risk-free, privacy preserving way to find out whether Bob shares that same wish. If not, no one should know that she inquired about it, not even Bob. TPP represents a special class of matchmaking challenges, augmenting the properties of privacy-enhanced matchmaking, further requiring fairness and support for identity linked wishes (ILW) – wishes involving specific identities that are only valid if all involved parties have those same wishes. The Horne-Nair (HN) protocol was proposed as a solution to TPP along with a sample pseudo-code embodiment leveraging an untrusted matchmaker. Neither identities nor pseudo-identities are included in any messages or stored in the matchmaker’s database. Privacy relevant data stay within user control. A security analysis and proof-of-concept implementation validated the approach, fairness was quantified, and a feasibility analysis demonstrated practicality in real-world networks and systems, thereby bounding risk prior to incurring the full costs of development. The SecretMatch™ Prom app leverages one embodiment of the patented HN protocol to achieve privacy-enhanced and fair matchmaking with ILW. The endeavor led to practical lessons learned and recommendations for privacy engineering in an era of rapidly evolving privacy legislation. Next steps include design of SecretMatch™ apps for contexts like voting negotiations in legislative bodies and executive recruiting. The roadmap toward a quantum resistant SecretMatch™ began with design of a Hybrid Post-Quantum Horne-Nair (HPQHN) protocol. Future directions include enhancements to HPQHN, a fully Post Quantum HN protocol, and more

User-centric privacy preservation in Internet of Things Networks

Recent trends show how the Internet of Things (IoT) and its services are becoming more omnipresent and popular. The end-to-end IoT services that are extensively used include everything from neighborhood discovery to smart home security systems, wearable health monitors, and connected appliances and vehicles. IoT leverages different kinds of networks like Location-based social networks, Mobile edge systems, Digital Twin Networks, and many more to realize these services. Many of these services rely on a constant feed of user information. Depending on the network being used, how this data is processed can vary significantly. The key thing to note is that so much data is collected, and users have little to no control over how extensively their data is used and what information is being used. This causes many privacy concerns, especially for a na ̈ıve user who does not know the implications and consequences of severe privacy breaches. When designing privacy policies, we need to understand the different user data types used in these networks. This includes user profile information, information from their queries used to get services (communication privacy), and location information which is much needed in many on-the-go services. Based on the context of the application, and the service being provided, the user data at risk and the risks themselves vary. First, we dive deep into the networks and understand the different aspects of privacy for user data and the issues faced in each such aspect. We then propose different privacy policies for these networks and focus on two main aspects of designing privacy mechanisms: The quality of service the user expects and the private information from the user’s perspective. The novel contribution here is to focus on what the user thinks and needs instead of fixating on designing privacy policies that only satisfy the third-party applications’ requirement of quality of service

Trustworthy Federated Learning: A Survey

Federated Learning (FL) has emerged as a significant advancement in the field of Artificial Intelligence (AI), enabling collaborative model training across distributed devices while maintaining data privacy. As the importance of FL increases, addressing trustworthiness issues in its various aspects becomes crucial. In this survey, we provide an extensive overview of the current state of Trustworthy FL, exploring existing solutions and well-defined pillars relevant to Trustworthy . Despite the growth in literature on trustworthy centralized Machine Learning (ML)/Deep Learning (DL), further efforts are necessary to identify trustworthiness pillars and evaluation metrics specific to FL models, as well as to develop solutions for computing trustworthiness levels. We propose a taxonomy that encompasses three main pillars: Interpretability, Fairness, and Security & Privacy. Each pillar represents a dimension of trust, further broken down into different notions. Our survey covers trustworthiness challenges at every level in FL settings. We present a comprehensive architecture of Trustworthy FL, addressing the fundamental principles underlying the concept, and offer an in-depth analysis of trust assessment mechanisms. In conclusion, we identify key research challenges related to every aspect of Trustworthy FL and suggest future research directions. This comprehensive survey serves as a valuable resource for researchers and practitioners working on the development and implementation of Trustworthy FL systems, contributing to a more secure and reliable AI landscape.Comment: 45 Pages, 8 Figures, 9 Table

Security and Privacy in Online Social Networks

The explosive growth of Online Social Networks (OSNs) over the past few years has redefined the way people interact with existing friends and especially make new friends. OSNs have also become a great new marketplace for trade among the users. However, the associated privacy risks make users vulnerable to severe privacy threats. In this dissertation, we design protocols for private distributed social proximity matching and a private distributed auction based marketplace framework for OSNs. In particular, an OSN user looks for matching profile attributes when trying to broaden his/her social circle. However, revealing private attributes is a potential privacy threat. Distributed private profile matching in OSNs mainly involves using cryptographic tools to compute profile attributes matching privately such that no participating user knows more than the common profile attributes. In this work, we define a new asymmetric distributed social proximity measure between two users in an OSN by taking into account the weighted profile attributes (communities) of the users and that of their friends’. For users with different privacy requirements, we design three private proximity matching protocols with increasing privacy levels. Our protocol with highest privacy level ensures that each user’s proximity threshold is satisfied before revealing any matching information. The use of e-commerce has exploded in the last decade along with the associated security and privacy risks. Frequent security breaches in the e-commerce service providers’ centralized servers compromise consumers’ sensitive private and financial information. Besides, a consumer’s purchase history stored in those servers can be used to reconstruct the consumer’s profile and for a variety of other privacy intrusive purposes like directed marketing. To this end, we propose a secure and private distributed auction framework called SPA, based on decentralized online social networks (DOSNs) for the first time in the literature. The participants in SPA require no trust among each other, trade anonymously, and the security and privacy of the auction is guaranteed. The efficiency, in terms of communication and computation, of proposed private auction protocol is at least an order of magnitude better than existing distributed private auction protocols and is suitable for marketplace with large number of participants

Social Closeness Based Private Coordinating Conventions for Online Informal Organizations

The hazardous development of Online Interpersonal organizations in the course of recent years has re-imagined the way individuals collaborate with existing companions and particularly make new companions. A few works propose to give individuals a chance to wind up companions on the off chance that they have comparative profile attributes. In any case, profile coordinating includes a natural protection danger of uncovering private profile data to outsiders in the internet. The current answers for the issue endeavor to ensure clients' protection by secretly figuring the convergence or crossing point cardinality of the profile quality arrangements of two clients. These plans have a few impediments can in any case uncover clients' protection. In this project, we influence group structures to reclassify the Online Social Networks(OSN) display and propose a practical awry social closeness measure between two clients. At that point, in light of the proposed hilter kilter social nearness, along with AES algorithm we outline three private coordinating conventions, which give diverse security levels and can ensure clients' protection superior to the past works. At long last, we approve our proposed unbalanced closeness measure utilizing genuine interpersonal organization information and lead broad reenactments to assess the execution of the proposed conventions regarding calculation cost, correspondence cost, add up to running time, and vitality utilization

Security and Privacy in Mobile Computing: Challenges and Solutions

abstract: Mobile devices are penetrating everyday life. According to a recent Cisco report [10], the number of mobile connected devices such as smartphones, tablets, laptops, eReaders, and Machine-to-Machine (M2M) modules will hit 11.6 billion by 2021, exceeding the world's projected population at that time (7.8 billion). The rapid development of mobile devices has brought a number of emerging security and privacy issues in mobile computing. This dissertation aims to address a number of challenging security and privacy issues in mobile computing. This dissertation makes fivefold contributions. The first and second parts study the security and privacy issues in Device-to-Device communications. Specifically, the first part develops a novel scheme to enable a new way of trust relationship called spatiotemporal matching in a privacy-preserving and efficient fashion. To enhance the secure communication among mobile users, the second part proposes a game-theoretical framework to stimulate the cooperative shared secret key generation among mobile users. The third and fourth parts investigate the security and privacy issues in mobile crowdsourcing. In particular, the third part presents a secure and privacy-preserving mobile crowdsourcing system which strikes a good balance among object security, user privacy, and system efficiency. The fourth part demonstrates a differentially private distributed stream monitoring system via mobile crowdsourcing. Finally, the fifth part proposes VISIBLE, a novel video-assisted keystroke inference framework that allows an attacker to infer a tablet user's typed inputs on the touchscreen by recording and analyzing the video of the tablet backside during the user's input process. Besides, some potential countermeasures to this attack are also discussed. This dissertation sheds the light on the state-of-the-art security and privacy issues in mobile computing.Dissertation/ThesisDoctoral Dissertation Electrical Engineering 201