Conditionals in Homomorphic Encryption and Machine Learning Applications

Homomorphic encryption aims at allowing computations on encrypted data without decryption other than that of the final result. This could provide an elegant solution to the issue of privacy preservation in data-based applications, such as those using machine learning, but several open issues hamper this plan. In this work we assess the possibility for homomorphic encryption to fully implement its program without relying on other techniques, such as multiparty computation (SMPC), which may be impossible in many use cases (for instance due to the high level of communication required). We proceed in two steps: i) on the basis of the structured program theorem (Bohm-Jacopini theorem) we identify the relevant minimal set of operations homomorphic encryption must be able to perform to implement any algorithm; and ii) we analyse the possibility to solve -- and propose an implementation for -- the most fundamentally relevant issue as it emerges from our analysis, that is, the implementation of conditionals (requiring comparison and selection/jump operations). We show how this issue clashes with the fundamental requirements of homomorphic encryption and could represent a drawback for its use as a complete solution for privacy preservation in data-based applications, in particular machine learning ones. Our approach for comparisons is novel and entirely embedded in homomorphic encryption, while previous studies relied on other techniques, such as SMPC, demanding high level of communication among parties, and decryption of intermediate results from data-owners. Our protocol is also provably safe (sharing the same safety as the homomorphic encryption schemes), differently from other techniques such as Order-Preserving/Revealing-Encryption (OPE/ORE).Comment: 14 pages, 1 figure, corrected typos, added introductory pedagogical section on polynomial approximatio

TB STIGMA – MEASUREMENT GUIDANCE

TB is the most deadly infectious disease in the world, and stigma continues to play a significant role in worsening the epidemic. Stigma and discrimination not only stop people from seeking care but also make it more difficult for those on treatment to continue, both of which make the disease more difficult to treat in the long-term and mean those infected are more likely to transmit the disease to those around them. TB Stigma – Measurement Guidance is a manual to help generate enough information about stigma issues to design and monitor and evaluate efforts to reduce TB stigma. It can help in planning TB stigma baseline measurements and monitoring trends to capture the outcomes of TB stigma reduction efforts. This manual is designed for health workers, professional or management staff, people who advocate for those with TB, and all who need to understand and respond to TB stigma

Economic drivers in security decisions in public Wi-Fi context

This thesis investigates economic drivers in security decisions in the context of public Wi-Fi. Four sets of studies took place. The first set examined the risks of public Wi-Fi today. An experimental rogue public Wi-Fi was set up for 150 hours first in London, UK, in 2016, and then in Nara, Japan, in 2017. Sensitive data such as emails and login credentials were found to have been transmitted insecurely. The second set of studies examined decision-making and drivers influencing users to use public Wi-Fi. Participants (106 - UK, 103 - Japan) took part in scenario-based questionnaires. Findings showed that the desire to save mobile data allowance, a form of resource preservation heuristic tendency (RPHT), significantly prompted participants who regularly face mobile data constraints to use public Wi-Fi. The next study examined evidence in the wild. Participants (71 - UK only) were recruited for three months to run My Wi-Fi Choices, an Android app developed to capture factors driving the decisions to use public Wi-Fi. The results emphasised the importance of RPHT in driving users to use public Wi-Fi. Therefore, advising an individual trapped in mobile data RPHT to stop using public Wi-Fi entirely is futile. Alternative security advice is needed. This led to the last set of studies examining user decision to adopt a Virtual Private Network (VPN) app which can help to mitigate public Wi-Fi risks. Discrete choice experiments were run with 243 participants (154 - UK, 94 - Japan) to examine attributes of a VPN app affecting user decision. Various attributes of a VPN app were identified as drivers for the download and installation and the actual use of the app. Combining the knowledge gained from all studies, this thesis proposes a RPHT-decision model explaining the effects of RPHT on security decisions

Self-sampling kits to increase HIV testing among black Africans in the UK: the HAUS mixed-methods study

Background: Timely diagnosis of human immunodeficiency virus (HIV) enables access to antiretroviral treatment, which reduces mortality, morbidity and further transmission in people living with HIV. In the UK, late diagnosis among black African people persists. Novel methods to enhance HIV testing in this population are needed. / Objectives: To develop a self-sampling kit (SSK) intervention to increase HIV testing among black Africans, using existing community and health-care settings (stage 1) and to assess the feasibility for a Phase III evaluation (stage 2). / Design: A two-stage, mixed-methods design. Stage 1 involved a systematic literature review, focus groups and interviews with key stakeholders and black Africans. Data obtained provided the theoretical base for intervention development and operationalisation. Stage 2 was a prospective, non-randomised study of a provider-initiated, HIV SSK distribution intervention targeted at black Africans. The intervention was assessed for cost-effectiveness. A process evaluation explored feasibility, acceptability and fidelity. / Setting: Twelve general practices and three community settings in London. / Main outcome measure: HIV SSK return rate. / Results: Stage 1 – the systematic review revealed support for HIV SSKs, but with scant evidence on their use and clinical effectiveness among black Africans. Although the qualitative findings supported SSK distribution in settings already used by black Africans, concerns were raised about the complexity of the SSK and the acceptability of targeting. These findings were used to develop a theoretically informed intervention. Stage 2 – of the 349 eligible people approached, 125 (35.8%) agreed to participate. Data from 119 were included in the analysis; 54.5% (65/119) of those who took a kit returned a sample; 83.1% of tests returned were HIV negative; and 16.9% were not processed, because of insufficient samples. Process evaluation showed the time pressures of the research process to be a significant barrier to feasibility. Other major barriers were difficulties with the SSK itself and ethnic targeting in general practice settings. The convenience and privacy associated with the SSK were described as beneficial aspects, and those who used the kit mostly found the intervention to be acceptable. Research governance delays prevented implementation in Glasgow. / Limitations: Owing to the study failing to recruit adequate numbers (the intended sample was 1200 participants), we were unable to evaluate the clinical effectiveness of SSKs in increasing HIV testing in black African people. No samples were reactive, so we were unable to assess pathways to confirmatory testing and linkage to care. / Conclusions: Our findings indicate that, although aspects of the intervention were acceptable, ethnic targeting and the SSK itself were problematic, and scale-up of the intervention to a Phase III trial was not feasible. The preliminary economic model suggests that, for the acceptance rate and test return seen in the trial, the SSK is potentially a cost-effective way to identify new infections of HIV. / Future work: Sexual and public health services are increasingly utilising self-sampling technologies. However, alternative, user-friendly SSKs that meet user and provider preferences and UK regulatory requirements are needed, and additional research is required to understand clinical effectiveness and cost-effectiveness for black African communities. / Study registration: This study is registered as PROSPERO CRD42014010698 and Integrated Research Application System project identification 184223. / Funding: The National Institute for Health Research Health Technology Assessment programme and the BHA for Equality in Health and Social Care

Security Testing: A Survey

Identifying vulnerabilities and ensuring security functionality by security testing is a widely applied measure to evaluate and improve the security of software. Due to the openness of modern software-based systems, applying appropriate security testing techniques is of growing importance and essential to perform effective and efficient security testing. Therefore, an overview of actual security testing techniques is of high value both for researchers to evaluate and refine the techniques and for practitioners to apply and disseminate them. This chapter fulfills this need and provides an overview of recent security testing techniques. For this purpose, it first summarize the required background of testing and security engineering. Then, basics and recent developments of security testing techniques applied during the secure software development lifecycle, i.e., model-based security testing, code-based testing and static analysis, penetration testing and dynamic analysis, as well as security regression testing are discussed. Finally, the security testing techniques are illustrated by adopting them for an example three-tiered web-based business application

Security Aspects in Modern Web Applications

World Wide Webin taustalla olevat tekniikat kehitettiin alun perin helpottamaan tiedon jakamista. Tämä jaettu tieto oli aluksi muuttumatonta tai harvoin muuttuvaa, mutta webin yleistyminen muutti tilanteen. Yleistyminen teki web-selaimesta nopeasti yleismaailmallisen ohjelmiston sovellusten tuottamiselle ja käyttäjälle välittämiselle. Vaikka nämä web-sovelluksiksi kutsuttavat ohjelmistot olivat alkujaan työpöytäsovelluksia monin tavoin huonompia, muuttui tilanne nopeasti. Web-sovelluksissa käytettävät tekniikat, kuten JavaScript ja CSS, sekä webselainten moninaisuus muodostavat yhdessä erin aisten kysymysten sekamelskan, jota vastaavaa ei työpöytäsovelluksissa ole. Eräs tärkeä kysymys on, miten sovellusten käyttäjien lähettämä ja käyttämä tieto turvataan. Tässä diplomityössä tutkitaan ja kuvaterään web-sovelluksen tietoturvallisuutta ja tietoturvaratkaisuja. Arvioiminen vaatii tiet astä sekä yleisistä tietoturvallisuuskysymyksistä että erityisesti web-sovelluksiin liittyvistä kysymyksistä. Ensimmäisenä tutustutaan tietoturvallisuuden peruskysymyksiin ja käsitteisiin, joiden ymmärtäminen on välttämätöntä. Perusteiden jälkeen käsillään pääsynhallintaa ja sovellusohjelmistojen tietoturvallisuutta. Ensimmäinen osa päättyy web-sovellusten ja niihin liittyvien tietoturvallisuuskysymysten esittelyyn. Jälkimmäinen osa diplomity tä soveltaa käsiteltyjä teorioita ja menetelmiä erään web-sovelluksen tapaustutkimuksessa. Tapaustutkimuksessa kuvataan ja arvioidaan sovelluksen tietoturvallisuutta sekä lopuksi esitellään löydettyjä haavoittuvuuksia ja ratkaisuja näihin haavoittuvuuksiin. Vaikka joidenkin ohjelmistojen tietoturvallisuuden arviointimenetelmien soveltamisessa olikin ongelmia, saatiin tapaustutkimuksen tuloksena tärkeää tietoa heikkouksista ohjelmiston tietoturvallisuudessa ja hyviä esityksiä näiden heikkouksien poistamiseksi. Esitykset toteuttamalla parannettiin sekä nykyistä tietoturvallisuutta että vakuututtiin siitä, että heikkouksia esintyy jatkossa vähemmän.Technologies behind the World Wide Web were created initially to ease sharing of static data in form of web pages. Popularity of the Web grew rapidly and led to adoption of web browser as a universal client for application delivery. Though initially inferior to desktop applications, these applications have caught up with their desktop counterparts in features and usability. These applications, called web applications, use multiple web technologies such as JavaScript and CSS and this multiplicity of web technologies combined with multiplicity of web browsers creates a unique brew of issues not found on the desktop. One of these issues is how data send and used by the applications' users is protected. In this thesis, security in one mature web application is described and assessed. Such an assessment requires knowledge of information security aspects both in the broader sense concerning all information systems and in the sense of aspects specific to web applications. Therefore, first introduced are the fundamental concepts of information security, building blocks for all the other sections. The fundamentals are followed by discussion of access control and security aspects in applications. The background part is concluded by discussion of web applications in general and of security questions specific to them. The latter part explores and applies these theories and methods in a case study of a mature web application. The case study first describes, then evaluates the subject and its security and concludes with discussion of some of the found vulnerabilities and solutions to them. Although there were some problems in application of security assessment methods, assessment results provided valuable information on the application's weaknesses and improvement proposals. Implementation of the proposals both improved current security and also gave assurance of fewer weaknesses in the future

Assesing the effects of blocking strategies in the online advertising

This project falls in the area of online privacy, in particular in the impact of online tracking on user's privacy and its importance on today's web, greatly fueled by advertising revenues. During this work, I have implemented a plugin for Firefox that helps users to prevent abuses in icted by the advertising industry. The plugin enables users to select their own rules using a graphic web interface, where they can create their own rules or select or to define under which circumstances they want to prevent tracking activities in order to stay in control of their data. I complement my development efforts with a research study that characterizes how HTTP Cookies are used to build user profiles and how they affect the ads printed on websites visited by the user.Ingeniería Informátic