730 research outputs found
Privacy Preserving Multi-Server k-means Computation over Horizontally Partitioned Data
The k-means clustering is one of the most popular clustering algorithms in
data mining. Recently a lot of research has been concentrated on the algorithm
when the dataset is divided into multiple parties or when the dataset is too
large to be handled by the data owner. In the latter case, usually some servers
are hired to perform the task of clustering. The dataset is divided by the data
owner among the servers who together perform the k-means and return the cluster
labels to the owner. The major challenge in this method is to prevent the
servers from gaining substantial information about the actual data of the
owner. Several algorithms have been designed in the past that provide
cryptographic solutions to perform privacy preserving k-means. We provide a new
method to perform k-means over a large set using multiple servers. Our
technique avoids heavy cryptographic computations and instead we use a simple
randomization technique to preserve the privacy of the data. The k-means
computed has exactly the same efficiency and accuracy as the k-means computed
over the original dataset without any randomization. We argue that our
algorithm is secure against honest but curious and passive adversary.Comment: 19 pages, 4 tables. International Conference on Information Systems
Security. Springer, Cham, 201
Quantification of De-anonymization Risks in Social Networks
The risks of publishing privacy-sensitive data have received considerable
attention recently. Several de-anonymization attacks have been proposed to
re-identify individuals even if data anonymization techniques were applied.
However, there is no theoretical quantification for relating the data utility
that is preserved by the anonymization techniques and the data vulnerability
against de-anonymization attacks.
In this paper, we theoretically analyze the de-anonymization attacks and
provide conditions on the utility of the anonymized data (denoted by anonymized
utility) to achieve successful de-anonymization. To the best of our knowledge,
this is the first work on quantifying the relationships between anonymized
utility and de-anonymization capability. Unlike previous work, our
quantification analysis requires no assumptions about the graph model, thus
providing a general theoretical guide for developing practical
de-anonymization/anonymization techniques.
Furthermore, we evaluate state-of-the-art de-anonymization attacks on a
real-world Facebook dataset to show the limitations of previous work. By
comparing these experimental results and the theoretically achievable
de-anonymization capability derived in our analysis, we further demonstrate the
ineffectiveness of previous de-anonymization attacks and the potential of more
powerful de-anonymization attacks in the future.Comment: Published in International Conference on Information Systems Security
and Privacy, 201
Identifying Personal Data Processing for Code Review
Code review is a critical step in the software development life cycle, which
assesses and boosts the code's effectiveness and correctness, pinpoints
security issues, and raises its quality by adhering to best practices. Due to
the increased need for personal data protection motivated by legislation, code
reviewers need to understand where personal data is located in software systems
and how it is handled. Although most recent work on code review focuses on
security vulnerabilities, privacy-related techniques are not easy for code
reviewers to implement, making their inclusion in the code review process
challenging. In this paper, we present ongoing work on a new approach to
identifying personal data processing, enabling developers and code reviewers in
drafting privacy analyses and complying with regulations such as the General
Data Protection Regulation (GDPR).Comment: Accepted by The 9th International Conference on Information Systems
Security and Privacy (ICISSP 2023
An Overview of Cryptographic Accumulators
This paper is a primer on cryptographic accumulators and how to apply them
practically. A cryptographic accumulator is a space- and time-efficient data
structure used for set-membership tests. Since it is possible to represent any
computational problem where the answer is yes or no as a set-membership
problem, cryptographic accumulators are invaluable data structures in computer
science and engineering. But, to the best of our knowledge, there is neither a
concise survey comparing and contrasting various types of accumulators nor a
guide for how to apply the most appropriate one for a given application.
Therefore, we address that gap by describing cryptographic accumulators while
presenting their fundamental and so-called optional properties. We discuss the
effects of each property on the given accumulator's performance in terms of
space and time complexity, as well as communication overhead.Comment: Note: This is an extended version of a paper published In Proceedings
of the 7th International Conference on Information Systems Security and
Privacy (ICISSP 2021), pages 661-66
Conceptualising an Anti-Digital Forensics Kill Chain for Smart Homes
The widespread integration of Internet of Things (IoT) devices in households
generates extensive digital footprints, notably within Smart Home ecosystems.
These IoT devices, brimming with data about residents, inadvertently offer
insights into human activities, potentially embodying even criminal acts, such
as a murder. As technology advances, so does the concern for criminals seeking
to exploit various techniques to conceal evidence and evade investigations.
This paper delineates the application of Anti-Digital Forensics (ADF) in Smart
Home scenarios and recognises its potential to disrupt (digital)
investigations. It does so by elucidating the current challenges and gaps and
by arguing, in response, the conceptualisation of an ADF Kill Chain tailored to
Smart Home ecosystems. While seemingly arming criminals, the Kill Chain will
allow a better understanding of the distinctive peculiarities of Anti-Digital
Forensics in Smart Home scenario. This understanding is essential for
fortifying the Digital Forensics process and, in turn, developing robust
countermeasures against malicious activities.Comment: Accepted in 10th International Conference on Information Systems
Security and Privacy (ICISSP 2024
- …