Systematizing Genome Privacy Research: A Privacy-Enhancing Technologies Perspective

Rapid advances in human genomics are enabling researchers to gain a better understanding of the role of the genome in our health and well-being, stimulating hope for more effective and cost efficient healthcare. However, this also prompts a number of security and privacy concerns stemming from the distinctive characteristics of genomic data. To address them, a new research community has emerged and produced a large number of publications and initiatives. In this paper, we rely on a structured methodology to contextualize and provide a critical analysis of the current knowledge on privacy-enhancing technologies used for testing, storing, and sharing genomic data, using a representative sample of the work published in the past decade. We identify and discuss limitations, technical challenges, and issues faced by the community, focusing in particular on those that are inherently tied to the nature of the problem and are harder for the community alone to address. Finally, we report on the importance and difficulty of the identified challenges based on an online survey of genome data privacy expertsComment: To appear in the Proceedings on Privacy Enhancing Technologies (PoPETs), Vol. 2019, Issue

Classifying confidential data using SVM for efficient cloud query processing

Nowadays, organizations are widely using a cloud database engine from the cloud service providers. Privacy still is the main concern for these organizations where every organization is strictly looking forward more secure environment for their own data. Several studies have proposed different types of encryption methods to protect the data over the cloud. However, the daily transactions represented by queries for such databases makes encryption is inefficient solution. Therefore, recent studies presented a mechanism for classifying the data prior to migrate into the cloud. This would reduce the need of encryption which enhances the efficiency. Yet, most of the classification methods used in the literature were based on string-based matching approach. Such approach suffers of the exact match of terms where the partial matching would not be considered. This paper aims to take the advantage of N-gram representation along with Support Vector Machine classification. A real-time data will used in the experiment. After conducting the classification, the Advanced Encryption Standard algorithm will be used to encrypt the confidential data. Results showed that the proposed method outperformed the baseline encryption method. This emphasizes the usefulness of using the machine learning techniques for the process of classifying the data based on confidentiality

Cyber Security

This open access book constitutes the refereed proceedings of the 16th International Annual Conference on Cyber Security, CNCERT 2020, held in Beijing, China, in August 2020. The 17 papers presented were carefully reviewed and selected from 58 submissions. The papers are organized according to the following topical sections: access control; cryptography; denial-of-service attacks; hardware security implementation; intrusion/anomaly detection and malware mitigation; social network security and privacy; systems security

VPT: Privacy Preserving Energy Trading and Block Mining Mechanism for Blockchain based Virtual Power Plants

The desire to overcome reliability issues of distributed energy resources (DERs) lead researchers to development of a novel concept named as virtual power plant (VPP). VPPs are supposed to carry out intelligent, secure, and smart energy trading among prosumers, buyers, and generating stations along with providing efficient energy management. Therefore, integrating blockchain in decentralized VPP network emerged out as a new paradigm, and recent experiments over this integration have shown fruitful results. However, this decentralization also suffers with energy management, trust, reliability, and efficiency issues due to the dynamic nature of DERs. In order to overcome this, in this paper, we first work over providing efficient energy management strategy for VPP to enhance demand response, then we propose an energy oriented trading and block mining protocol and named it as proof of energy market (PoEM). To enhance it further, we integrate differential privacy in PoEM and propose a Private PoEM (PPoEM) model. Collectively, we propose a private decentralized VPP trading model and named it as Virtual Private Trading (VPT) model. We further carry out extensive theoretical analysis and derive step-by-step valuations for market race probability, market stability probability, energy trading expectation, winning state probability, and prospective leading time profit values. Afterwards, we carry out simulation-based experiment of our proposed model. The performance evaluation and theoretical analysis of our VPT model make it one of the most viable model for blockchain based VPP network as compared to other state-of-the-art works.Comment: Article Submitted for Revie

Privacy-aware Security Applications in the Era of Internet of Things

In this dissertation, we introduce several novel privacy-aware security applications. We split these contributions into three main categories: First, to strengthen the current authentication mechanisms, we designed two novel privacy-aware alternative complementary authentication mechanisms, Continuous Authentication (CA) and Multi-factor Authentication (MFA). Our first system is Wearable-assisted Continuous Authentication (WACA), where we used the sensor data collected from a wrist-worn device to authenticate users continuously. Then, we improved WACA by integrating a noise-tolerant template matching technique called NTT-Sec to make it privacy-aware as the collected data can be sensitive. We also designed a novel, lightweight, Privacy-aware Continuous Authentication (PACA) protocol. PACA is easily applicable to other biometric authentication mechanisms when feature vectors are represented as fixed-length real-valued vectors. In addition to CA, we also introduced a privacy-aware multi-factor authentication method, called PINTA. In PINTA, we used fuzzy hashing and homomorphic encryption mechanisms to protect the users\u27 sensitive profiles while providing privacy-preserving authentication. For the second privacy-aware contribution, we designed a multi-stage privacy attack to smart home users using the wireless network traffic generated during the communication of the devices. The attack works even on the encrypted data as it is only using the metadata of the network traffic. Moreover, we also designed a novel solution based on the generation of spoofed traffic. Finally, we introduced two privacy-aware secure data exchange mechanisms, which allow sharing the data between multiple parties (e.g., companies, hospitals) while preserving the privacy of the individual in the dataset. These mechanisms were realized with the combination of Secure Multiparty Computation (SMC) and Differential Privacy (DP) techniques. In addition, we designed a policy language, called Curie Policy Language (CPL), to handle the conflicting relationships among parties. The novel methods, attacks, and countermeasures in this dissertation were verified with theoretical analysis and extensive experiments with real devices and users. We believe that the research in this dissertation has far-reaching implications on privacy-aware alternative complementary authentication methods, smart home user privacy research, as well as the privacy-aware and secure data exchange methods