Privacy-Protecting Techniques for Behavioral Data: A Survey

Our behavior (the way we talk, walk, or think) is unique and can be used as a biometric trait. It also correlates with sensitive attributes like emotions. Hence, techniques to protect individuals privacy against unwanted inferences are required. To consolidate knowledge in this area, we systematically reviewed applicable anonymization techniques. We taxonomize and compare existing solutions regarding privacy goals, conceptual operation, advantages, and limitations. Our analysis shows that some behavioral traits (e.g., voice) have received much attention, while others (e.g., eye-gaze, brainwaves) are mostly neglected. We also find that the evaluation methodology of behavioral anonymization techniques can be further improved

Continuous User Authentication Using Multi-Modal Biometrics

It is commonly acknowledged that mobile devices now form an integral part of an individual’s everyday life. The modern mobile handheld devices are capable to provide a wide range of services and applications over multiple networks. With the increasing capability and accessibility, they introduce additional demands in term of security. This thesis explores the need for authentication on mobile devices and proposes a novel mechanism to improve the current techniques. The research begins with an intensive review of mobile technologies and the current security challenges that mobile devices experience to illustrate the imperative of authentication on mobile devices. The research then highlights the existing authentication mechanism and a wide range of weakness. To this end, biometric approaches are identified as an appropriate solution an opportunity for security to be maintained beyond point-of-entry. Indeed, by utilising behaviour biometric techniques, the authentication mechanism can be performed in a continuous and transparent fashion. This research investigated three behavioural biometric techniques based on SMS texting activities and messages, looking to apply these techniques as a multi-modal biometric authentication method for mobile devices. The results showed that linguistic profiling; keystroke dynamics and behaviour profiling can be used to discriminate users with overall Equal Error Rates (EER) 12.8%, 20.8% and 9.2% respectively. By using a combination of biometrics, the results showed clearly that the classification performance is better than using single biometric technique achieving EER 3.3%. Based on these findings, a novel architecture of multi-modal biometric authentication on mobile devices is proposed. The framework is able to provide a robust, continuous and transparent authentication in standalone and server-client modes regardless of mobile hardware configuration. The framework is able to continuously maintain the security status of the devices. With a high level of security status, users are permitted to access sensitive services and data. On the other hand, with the low level of security, users are required to re-authenticate before accessing sensitive service or data

Secure Data Collection and Analysis in Smart Health Monitoring

Smart health monitoring uses real-time monitored data to support diagnosis, treatment, and health decision-making in modern smart healthcare systems and benefit our daily life. The accurate health monitoring and prompt transmission of health data are facilitated by the ever-evolving on-body sensors, wireless communication technologies, and wireless sensing techniques. Although the users have witnessed the convenience of smart health monitoring, severe privacy and security concerns on the valuable and sensitive collected data come along with the merit. The data collection, transmission, and analysis are vulnerable to various attacks, e.g., eavesdropping, due to the open nature of wireless media, the resource constraints of sensing devices, and the lack of security protocols. These deficiencies not only make conventional cryptographic methods not applicable in smart health monitoring but also put many obstacles in the path of designing privacy protection mechanisms. In this dissertation, we design dedicated schemes to achieve secure data collection and analysis in smart health monitoring. The first two works propose two robust and secure authentication schemes based on Electrocardiogram (ECG), which outperform traditional user identity authentication schemes in health monitoring, to restrict the access to collected data to legitimate users. To improve the practicality of ECG-based authentication, we address the nonuniformity and sensitivity of ECG signals, as well as the noise contamination issue. The next work investigates an extended authentication goal, denoted as wearable-user pair authentication. It simultaneously authenticates the user identity and device identity to provide further protection. We exploit the uniqueness of the interference between different wireless protocols, which is common in health monitoring due to devices\u27 varying sensing and transmission demands, and design a wearable-user pair authentication scheme based on the interference. However, the harm of this interference is also outstanding. Thus, in the fourth work, we use wireless human activity recognition in health monitoring as an example and analyze how this interference may jeopardize it. We identify a new attack that can produce false recognition result and discuss potential countermeasures against this attack. In the end, we move to a broader scenario and protect the statistics of distributed data reported in mobile crowd sensing, a common practice used in public health monitoring for data collection. We deploy differential privacy to enable the indistinguishability of workers\u27 locations and sensing data without the help of a trusted entity while meeting the accuracy demands of crowd sensing tasks

Journal of Telecommunications and Information Technology, 2011, nr 4

kwartalni

Privacy-aware Security Applications in the Era of Internet of Things

In this dissertation, we introduce several novel privacy-aware security applications. We split these contributions into three main categories: First, to strengthen the current authentication mechanisms, we designed two novel privacy-aware alternative complementary authentication mechanisms, Continuous Authentication (CA) and Multi-factor Authentication (MFA). Our first system is Wearable-assisted Continuous Authentication (WACA), where we used the sensor data collected from a wrist-worn device to authenticate users continuously. Then, we improved WACA by integrating a noise-tolerant template matching technique called NTT-Sec to make it privacy-aware as the collected data can be sensitive. We also designed a novel, lightweight, Privacy-aware Continuous Authentication (PACA) protocol. PACA is easily applicable to other biometric authentication mechanisms when feature vectors are represented as fixed-length real-valued vectors. In addition to CA, we also introduced a privacy-aware multi-factor authentication method, called PINTA. In PINTA, we used fuzzy hashing and homomorphic encryption mechanisms to protect the users\u27 sensitive profiles while providing privacy-preserving authentication. For the second privacy-aware contribution, we designed a multi-stage privacy attack to smart home users using the wireless network traffic generated during the communication of the devices. The attack works even on the encrypted data as it is only using the metadata of the network traffic. Moreover, we also designed a novel solution based on the generation of spoofed traffic. Finally, we introduced two privacy-aware secure data exchange mechanisms, which allow sharing the data between multiple parties (e.g., companies, hospitals) while preserving the privacy of the individual in the dataset. These mechanisms were realized with the combination of Secure Multiparty Computation (SMC) and Differential Privacy (DP) techniques. In addition, we designed a policy language, called Curie Policy Language (CPL), to handle the conflicting relationships among parties. The novel methods, attacks, and countermeasures in this dissertation were verified with theoretical analysis and extensive experiments with real devices and users. We believe that the research in this dissertation has far-reaching implications on privacy-aware alternative complementary authentication methods, smart home user privacy research, as well as the privacy-aware and secure data exchange methods

Privacy-Preserving Biometric Authentication

Biometric-based authentication provides a highly accurate means of authentication without requiring the user to memorize or possess anything. However, there are three disadvantages to the use of biometrics in authentication; any compromise is permanent as it is impossible to revoke biometrics; there are significant privacy concerns with the loss of biometric data; and humans possess only a limited number of biometrics, which limits how many services can use or reuse the same form of authentication. As such, enhancing biometric template security is of significant research interest. One of the methodologies is called cancellable biometric template which applies an irreversible transformation on the features of the biometric sample and performs the matching in the transformed domain. Yet, this is itself susceptible to specific classes of attacks, including hill-climb, pre-image, and attacks via records multiplicity. This work has several outcomes and contributions to the knowledge of privacy-preserving biometric authentication. The first of these is a taxonomy structuring the current state-of-the-art and provisions for future research. The next of these is a multi-filter framework for developing a robust and secure cancellable biometric template, designed specifically for fingerprint biometrics. This framework is comprised of two modules, each of which is a separate cancellable fingerprint template that has its own matching and measures. The matching for this is based on multiple thresholds. Importantly, these methods show strong resistance to the above-mentioned attacks. Another of these outcomes is a method that achieves a stable performance and can be used to be embedded into a Zero-Knowledge-Proof protocol. In this novel method, a new strategy was proposed to improve the recognition error rates which is privacy-preserving in the untrusted environment. The results show promising performance when evaluated on current datasets

Effectiveness of innovative interventions on curbing transmission of Mycobacterium leprae

Leprosy or Hansen’s disease is a complex ancient infectious disease, caused by M.leprae and M.lepromatosis. The most believed frequent mode of transmission is airborne and therefore those in close contact with a new leprosy case are at the most risk of developing the disease although this depends on immunity heterogeneity. Despite leprosy has been the first infectious disease where the pathogen agent was identified, research and development have failed in the creation of reliable diagnostic tests for infection and disease. Therefore, the World Health Organization (WHO) recommends clinical cardinal signs and the ancient slit skin smear (SSS) for the diagnosis of the disease, and no diagnostic test for diagnosis of infection is currently recommended. Both clinical and laboratory skills and expertise are key for ensuring the reliability of diagnosis, which is dwindling due to the sustained decrease of leprosy prevalence worldwide. Nevertheless, the incidence has plateaued in the last decade around 200,000 new cases at the global scale and the highly effective treatment with multidrug therapy (MDT) has been insufficient to stop transmission. In 2018, the WHO has recommend single-dose rifampicin (SDR) as post-exposure prophylaxis (PEP) for the contacts of new leprosy patients without signs of leprosy disease. The protection of PEP is around 60% and is based on the pivotal COLEP trial in Bangladesh. The Leprosy post-exposure prophylaxis with single-dose rifampicin (LPEP) study has documented the feasibility of PEP under programmatic conditions, and there is also evidence that PEP is cost-effective. Nevertheless, operational challenges for the most cost-effective approach to the provision of PEP for the high-risk population without causing harm to the persons eligible for SDR, and avoiding the increase of prevalence of rifampicin resistance, remain. In this Ph.D., we developed and estimated the effectiveness of innovative active case detection strategies based on Geographic Information Systems-based (GIS-based) technologies for stopping transmission of M. leprae in high-priority countries i.e. Comoros, India, and Madagascar. We discussed the latest evidence of the natural history of leprosy and the most recent control strategies in Chapter 1. In chapter 2, we analyzed door-to-door screening for leprosy in four endemic villages of Comoros that received SDR-PEP and we calculated the spatial risk of contracting leprosy for contacts including the protective effect of SDR-PEP for those who received it. We found 114 new cases among 5760 contacts screened (2.0% prevalence), in addition to the 39 cases detected in the two preceding years. There were statistically significant associations of incident leprosy with physical distance to index cases ranging from 2.4 (95% confidence interval (95% CI) 1.5–3.6) for household contacts to 1.8 (95% CI 1.3–2.5) for those living at 1–25 m, compared to individuals living at ≥75 m. The effect of SDR-PEP appeared protective but did not reach statistical significance due to the low numbers.Chapter 3, describes the protocol of Post ExpOsure Prophylaxis for Leprosy in the Comoros and Madagascar (PEOPLE), a cluster-randomized trial to assess the effectiveness of three modalities of implementing PEP. In the PEOPLE trial, four annual door-to-door surveys will be performed in four arms. All consenting permanent residents will be screened for leprosy. Leprosy patients will be treated according to international guidelines and eligible contacts will be provided with SDR-PEP. Arm-1 is the comparator where no PEP will be provided. In arms 2, 3, and 4, SDR-PEP will be administered at a double dose (20 mg/kg) to eligible contacts aged two years and above. In arm 2, all household members of incident leprosy patients are eligible. In arm 3, not only household members but also neighborhood contacts living within 100-m of an incident case are eligible. In arm 4, such neighborhood contacts are only eligible if they test positive for anti-PGL-I, a serological marker. Incidence rate ratios calculated between the comparator arm 1 and each of the intervention arms will constitute the primary outcome. In chapter 4, we describe the findings of the baseline survey of the first year of the PEOPLE trial in Comoros and Madagascar. We also assessed clustering at the village level fitting a purely spatial Poisson model by Kulldorff’s spatial statistic and measured the distance risk of contact to the nearest leprosy patient. There were 455 leprosy patients; 200 (44.0%) belonged to 2735 households included in a cluster. Thirty-eight percent of leprosy patients versus 10% of the total population live 25 m from another leprosy patient. Risk ratios for being diagnosed with leprosy were 7.3, 2.4, 1.8, 1.4, and 1.7, for those in the same household, at 1–&lt;25 m, 25–&lt;50 m, 50–&lt;75 m, and 75–&lt;100 m as/from a leprosy patient, respectively, compared to those living at ≥100 m. Chapter 5, describes active case finding of household members of new cases detected in the preceding four years (2017-2020) in 32 villages not included in the PEOPLE trial in Anjouan, Comoros. Some neighbors requested to be screened for leprosy. We screened 131 out of 226 index case households aimed (58.8%), and 32 other nearby households. There were 945 persons recorded, 671 household contacts, and 274 neighborhood contacts. We examined 896 persons detecting 48(5.4%) leprosy cases. Among cases detected, 13(27.1%) had multibacillary (MB) leprosy, the median age was 18 years (IQR 8-34), 43% were below 15 years and two (4.2%) had visible deformities. The risk of contacts of developing leprosy was higher among 11 households linked to MB compared to one linked to a paucibacillary (PB) index case (OR 12.6, 95% CI 1.6-99.6). There were 12 new cases among 668 household contacts with a leprosy prevalence of 18.0 per 1,000 (95% CI 9.3-31.1). We found 30 new cases in neighbors and six additional cases were diagnosed between their households with a residual prevalence of 26.3 per 1,000 (95% CI 9.7-56.4). We found a high prevalence above 26‰ among household contacts. In chapter 6, we document the mobility of new leprosy cases in two endemic blocks of the State of Bihar, India. We also screened household contacts for leprosy. Finally, we developed a GIS-based system to outline the lowest administrative level (hamlets known as Tola) including its population for assessing clustering. We visited 169 patients and screened 1,044 household contacts in Bisfi and Benipatti blocks in the state of Bihar. Median number of years of residing in the village was 17, interquartile range (IQR)12-30. We found 11 new leprosy cases among 658 household contacts examined (167 per 10,000), of which seven had paucibacillary leprosy, one was a child under 14 years, and none had visible disabilities. We identified 739 hamlets with a total population of 802,788(median 163, IQR 65–774). There were five high-incidence clusters at the hamlet level including 12% of the population and 46%(78/169) of the leprosy cases. One highly significant cluster with a relative risk (RR) of 4.7(p&lt;0.0001) included 32 hamlets and 27 cases in 33,609 population. A second highly significant cluster included 32 hamlets and 24 cases in 33,809 population with a RR of 4.1(p&lt;0.001). The third highly significant cluster included 16 hamlets and 17 cases in 19,659 population with a RR of 4.8(p&lt;0.001). There was a high yield of active household contact screening. Conclusion Our findings highlighted the crucial role of geographical information systems in the control of leprosy while ensuring rational and efficient use of resources. As clustering is beyond the household level, regardless of the provision of PEP, there is a need 1) to explore the efficacy of adapted active case detection and PEP, 2) to monitor the success of control activities, and 3) to ensure surveillance in a post-elimination phase. All the tools we used are open-source and user-friendly, and the expertise we developed includes multidisciplinary partners i.e. the national leprosy programs, non-governmental organizations, and research institutions making them ready for scaling up in different leprosy prevalence settings while maximizing their cost-effectiveness.<br/