Cloud Security Engineering: Theory, Practice and Future Research

The eleven papers in this special issue address security and privacy concerns associated with cloud computing. This special issue is dedicated to the identification of techniques that enable security mechanisms to be engineered and implemented in cloud services and cloud systems. A key focus is on the integration of theoretical foundations with practical deployment of security strategies that make cloud systems more secure for both end users and providers – enabling end users to increase the level of trust they have in cloud service providers – and conversely for cloud service providers to provide greater guarantees to end users about the security of their services and data

Secure JPEG Scrambling enabling Privacy in Photo Sharing

With the popularization of online social networks (OSNs) and smart mobile devices, photo sharing is becoming a part of people’ daily life. An unprecedented number of photos are being uploaded and shared everyday through online social networks or photo hosting services, such as Facebook, Twitter, Instagram, and Flickr. However, such unrestrained online photo or multimedia sharing has raised serious privacy concerns, especially after reports of citizens surveillance by governmental agencies and scandalous leakage of private photos from prominent photo sharing sites or online cloud services. Popular OSNs typically offer privacy protection solutions only in response to the public demand and therefore are often rudimental, complex to use, and provide limited degree of control and protection. Most solutions allow users to control either who can access the shared photos or for how long they can be accessed. In contrast, in this paper, we take a structured privacy by design approach to the problem of online photo privacy protection. We propose a privacy-preserving photo sharing architecture based on a secure JPEG scrambling algorithm capable of protecting the privacy of multiple users involved in a photo. We demonstrate the proposed photo sharing architecture with a prototype application called ProShare that offers JPEG scrambling as the privacy protection tool for selected regions in a photo, secure access to the protected images, and secure photo sharing on Facebook

An Efficient Privacy-Preserving Framework for Video Analytics

With the proliferation of video content from surveillance cameras, social media, and live streaming services, the need for efficient video analytics has grown immensely. In recent years, machine learning based computer vision algorithms have shown great success in various video analytic tasks. Specifically, neural network models have dominated in visual tasks such as image and video classification, object recognition, object detection, and object tracking. However, compared with classic computer vision algorithms, machine learning based methods are usually much more compute-intensive. Powerful servers are required by many state-of-the-art machine learning models. With the development of cloud computing infrastructures, people are able to use machine learning techniques everywhere through the Internet. An end user just needs to upload its data to a cloud server and enjoy technical advances in machine learning without owning a power device to perform the corresponding computation. The huge workload is offloaded to cloud servers. There are two major challenges in cloud-based video analytics. First, video analytics requires a huge amount of compute resources, which can be very slow even on powerful servers. It limits the application of neural network based solutions on real-time video analytics. Second, uploading user videos to the cloud reveals private information about users. Existing privacy-preserving inference methods rely heavily on cryptographic operations which are compute (and communication) intensive. In this dissertation, we first address the workload problem of video analytics. Compared with analytic tasks on individual images, nearby frames in a video are usually highly correlated. In other words, there is some information redundancy across video frames. We utilize the redundancy and design a system, PFad, for live video analytics. It adaptively adjusts the video configuration for neural network processing, such as the frame rate and resolution. In this work, we propose to perform configuration adaptation without offline profiling and design a corresponding configuration prediction mechanism. We select configurations with a prediction model based on object movement features. In addition, we reduce the latency through resource orchestration on video analytics servers. The key idea of resource orchestration is to batch inference tasks that use the same CNN model and schedule tasks based on a priority value that estimates their impact on the total latency. We evaluate our system with two video analytic applications, road traffic monitoring and pose detection. The experimental results show that our profiling-free adaptation reduces the workload by 80\% of the state-of-the-art adaptation without lowering the accuracy. The average serving latency is reduced by up to 95\% compared with the profiling-based adaptation. This dissertation addresses the privacy issue in two steps. First, we propose PIPO which protects the privacy of frame-level information. The key idea of PIPO is to accelerate the operations in neural network models by avoiding expensive cryptographic operations as much as possible. In particular, the client preprocesses the inference by performing convolution on a secret share of the input through homomorphic encryption. The user only needs to provide the rest secret shares of the input to the server to perform convolution during the online inference. And it can be done with plaintext operations. In addition, PIPO performs non-linear layers on the client side to protect users\u27 data. To prevent model parameters from being revealed to the client directly, the server performs two reversible operations: multiplying each entry of the convolution results with scale factors and shuffling them. We proved that PIPO ensuring the privacy of users\u27 data with a simulation-based argument. Further, we show that the resources to steal the server\u27s model parameters in PIPO is within the same order of magnitude as the prediction API attack, which is an attack that the client can perform on any inference service where both input and inference results are known to the client. Our experiments on well-known neural network architectures show that PIPO improves the inference latency and communication volume by up to 78x and 26x respectively compared to Delphi. Based on PIPO, this dissertation proposes Pevas, which supports efficient privacy-preserving video analytics. Pevas exploits the causality among consecutive frames for both performance and privacy. We propose a privacy-preserving Differential CNN inference protocol based on PIPO. It only transmits and computes on the change part of each frame. Pevas is not only applying privacy-preserving protocol on the changed parts, but also removes the position of the changed parts. In addition, we design a privacy parameter mechanism for privacy-preserving video analytics. Our experiments of Pevas using ResNet-50 on real-world videos show that it improves the inference latency and communication volume by three to four orders of magnitude than protocols based on Delphi, CrypTFlow, LLAMA, and Cheetah

Multi-Level Reversible Data Anonymization via Compressive Sensing and Data Hiding

Recent advances in intelligent surveillance systems have enabled a new era of smart monitoring in a wide range of applications from health monitoring to homeland security. However, this boom in data gathering, analyzing and sharing brings in also significant privacy concerns. We propose a Compressive Sensing (CS) based data encryption that is capable of both obfuscating selected sensitive parts of documents and compressively sampling, hence encrypting both sensitive and non-sensitive parts of the document. The scheme uses a data hiding technique on CS-encrypted signal to preserve the one-time use obfuscation matrix. The proposed privacy-preserving approach offers a low-cost multi-tier encryption system that provides different levels of reconstruction quality for different classes of users, e.g., semi-authorized, full-authorized. As a case study, we develop a secure video surveillance system and analyze its performance.publishedVersionPeer reviewe

Visual Content Privacy Protection: A Survey

Vision is the most important sense for people, and it is also one of the main ways of cognition. As a result, people tend to utilize visual content to capture and share their life experiences, which greatly facilitates the transfer of information. Meanwhile, it also increases the risk of privacy violations, e.g., an image or video can reveal different kinds of privacy-sensitive information. Researchers have been working continuously to develop targeted privacy protection solutions, and there are several surveys to summarize them from certain perspectives. However, these surveys are either problem-driven, scenario-specific, or technology-specific, making it difficult for them to summarize the existing solutions in a macroscopic way. In this survey, a framework that encompasses various concerns and solutions for visual privacy is proposed, which allows for a macro understanding of privacy concerns from a comprehensive level. It is based on the fact that privacy concerns have corresponding adversaries, and divides privacy protection into three categories, based on computer vision (CV) adversary, based on human vision (HV) adversary, and based on CV \& HV adversary. For each category, we analyze the characteristics of the main approaches to privacy protection, and then systematically review representative solutions. Open challenges and future directions for visual privacy protection are also discussed.Comment: 24 pages, 13 figure

MuLViS: Multi-Level Encryption Based Security System for Surveillance Videos

Video Surveillance (VS) systems are commonly deployed for real-time abnormal event detection and autonomous video analytics. Video captured by surveillance cameras in real-time often contains identifiable personal information, which must be privacy protected, sometimes along with the locations of the surveillance and other sensitive information. Within the Surveillance System, these videos are processed and stored on a variety of devices. The processing and storage heterogeneity of those devices, together with their network requirements, make real-time surveillance systems complex and challenging. This paper proposes a surveillance system, named as Multi-Level Video Security (MuLViS) for privacy-protected cameras. Firstly, a Smart Surveillance Security Ontology (SSSO) is integrated within the MuLViS, with the aim of autonomously selecting the privacy level matching the operating device's hardware specifications and network capabilities. Overall, along with its device-specific security, the system leads to relatively fast indexing and retrieval of surveillance video. Secondly, information within the videos are protected at the times of capturing, streaming, and storage by means of differing encryption levels. An extensive evaluation of the system, through visual inspection and statistical analysis of experimental video results, such as by the Encryption Space Ratio (ESR), has demonstrated the aptness of the security level assignments. The system is suitable for surveillance footage protection, which can be made General Data Protection Regulation (GDPR) compliant, ensuring that lawful data access respects individuals' privacy rights

Security and blockchain convergence with internet of multimedia things : current trends, research challenges and future directions

The Internet of Multimedia Things (IoMT) orchestration enables the integration of systems, software, cloud, and smart sensors into a single platform. The IoMT deals with scalar as well as multimedia data. In these networks, sensor-embedded devices and their data face numerous challenges when it comes to security. In this paper, a comprehensive review of the existing literature for IoMT is presented in the context of security and blockchain. The latest literature on all three aspects of security, i.e., authentication, privacy, and trust is provided to explore the challenges experienced by multimedia data. The convergence of blockchain and IoMT along with multimedia-enabled blockchain platforms are discussed for emerging applications. To highlight the significance of this survey, large-scale commercial projects focused on security and blockchain for multimedia applications are reviewed. The shortcomings of these projects are explored and suggestions for further improvement are provided. Based on the aforementioned discussion, we present our own case study for healthcare industry: a theoretical framework having security and blockchain as key enablers. The case study reflects the importance of security and blockchain in multimedia applications of healthcare sector. Finally, we discuss the convergence of emerging technologies with security, blockchain and IoMT to visualize the future of tomorrow's applications. © 2020 Elsevier Lt

A review on visual privacy preservation techniques for active and assisted living

This paper reviews the state of the art in visual privacy protection techniques, with particular attention paid to techniques applicable to the field of Active and Assisted Living (AAL). A novel taxonomy with which state-of-the-art visual privacy protection methods can be classified is introduced. Perceptual obfuscation methods, a category in this taxonomy, is highlighted. These are a category of visual privacy preservation techniques, particularly relevant when considering scenarios that come under video-based AAL monitoring. Obfuscation against machine learning models is also explored. A high-level classification scheme of privacy by design, as defined by experts in privacy and data protection law, is connected to the proposed taxonomy of visual privacy preservation techniques. Finally, we note open questions that exist in the field and introduce the reader to some exciting avenues for future research in the area of visual privacy.Open Access funding provided thanks to the CRUE-CSIC agreement with Springer Nature. This work is part of the visuAAL project on Privacy-Aware and Acceptable Video-Based Technologies and Services for Active and Assisted Living (https://www.visuaal-itn.eu/). This project has received funding from the European Union’s Horizon 2020 research and innovation programme under the Marie Skłodowska-Curie grant agreement No 861091. The authors would also like to acknowledge the contribution of COST Action CA19121 - GoodBrother, Network on Privacy-Aware Audio- and Video-Based Applications for Active and Assisted Living (https://goodbrother.eu/), supported by COST (European Cooperation in Science and Technology) (https://www.cost.eu/)