Balancing End-to-End Encryption and Public Safety

Over the last decade, there has been a significant debate around end-to-end encryption (E2EE) and its implications for public safety. At the forefront of the discourse is a false dichotomy between protecting privacy and ensuring national security. At the extreme ends of this deeply polarised debate are two key arguments. On the privacy side, it is believed that governments and law enforcement agencies desire unrestrained exceptional access to E2EE communications to spy on their citizens. On the security side, it is maintained that obtaining lawful exceptional access is the only way to protect citizens and uphold national security. The debate has reached a deadlock, with both sides perpetuating zero-sum views.However, experts are calling for a more nuanced conversation about possible solutions to the criminal use of E2EE services. It is vital that a range of views are considered in order to identify the key issues and inform a more productive debate. Through a review of the existing literature and insights from 22 semi-structured interviews, this paper balances the perspectives from a range of relevant stakeholders on the main elements of the E2EE debate and presents some key takeaways in an effort to move away from a crude privacy-versus-security binary.The paper presents the following key findings:There are clear and significant cyber security and privacy benefits to E2EE. Efforts to weaken or restrict its access would be a net loss for all.Criminal use of E2EE is a significant risk to public safety and solutions are vital. Yet, it should also be acknowledged that technology is an enabler of criminal and harmful activity and should not be treated as the root cause.The possibility of developing technical tools which could assist law enforcement investigations should not be categorically ruled out, but future proposals must be measured against the principles of proportionality, legality and technical robustness.Alternative options for law enforcement investigations such as metadata analysis and legal hacking should be considered, but they are not without their drawbacks. Legal hacking could be proportionate but its reliance on software vulnerabilities is largely at odds with strong cyber security. Metadata analysis is promising but more research is needed to determine the extent to which it can be used to aid law enforcement investigations.Industry do have a responsibility to make their platforms safer and free from criminal abuse. This requires implementation of safety-by-design principles and the provision of resources for better digital literacy and education. Governments must have oversight over the technical tools developed.A more nuanced debate must continue which actively moves away from zero-sum views of absolute privacy versus absolute security, and focuses more on how the risks to public safety can be reduced in proportion with the need to protect citizens' rights and freedoms

Privacy-Preserving Outsourced Media Search

International audienceThis work proposes a privacy-protection framework for an important application called outsourced media search. This scenario involves a data owner, a client, and an untrusted server, where the owner outsources a search service to the server. Due to lack of trust, the privacy of the client and the owner should be protected. The framework relies on multimedia hashing and symmetric encryption. It requires involved parties to participate in a privacy-enhancing protocol. Additional processing steps are carried out by the owner and the client: (i) before outsourcing low-level media features to the server, the owner has to one-way hash them, and partially encrypt each hash-value; (ii) the client completes the similarity search by re-ranking the most similar candidates received from the server. One-way hashing and encryption add ambiguity to data and make it difficult for the server to infer contents from database items and queries, so the privacy of both the owner and the client is enforced. The proposed framework realizes trade-offs among strength of privacy enforcement, quality of search, and complexity, because the information loss can be tuned during hashing and encryption. Extensive experiments demonstrate the effectiveness and the flexibility of the framework

Discontinued Privacy: Personal Data Leaks in Apple Bluetooth-Low-Energy Continuity Protocols

International audienceApple Continuity protocols are the underlying network component of Apple Continuity services which allow seamless nearby applications such as activity and file transfer, device pairing and sharing a network connection. Those protocols rely on Bluetooth Low Energy (BLE) to exchange information between devices: Apple Continuity messages are embedded in the pay-load of BLE advertisement packets that are periodically broadcasted by devices. Recently, Martin et al. identified [1] a number of privacy issues associated with Apple Continuity protocols; we show that this was just the tip of the iceberg and that Apple Continuity protocols leak a wide range of personal information. In this work, we present a thorough reverse engineering of Apple Continuity protocols that we use to uncover a collection of privacy leaks. We introduce new artifacts, including identifiers, counters and battery levels, that can be used for passive tracking, and describe a novel active tracking attack based on Handoff messages. Beyond tracking issues, we shed light on severe privacy flaws. First, in addition to the trivial exposure of device characteristics and status, we found that HomeKit accessories betray human activities in a smarthome. Then, we demonstrate that AirDrop and Nearby Action protocols can be leveraged by passive observers to recover e-mail addresses and phone numbers of users. Finally, we exploit passive observations on the advertising traffic to infer Siri voice commands of a user

Image Based Attack and Protection on Secure-Aware Deep Learning

In the era of Deep Learning, users are enjoying remarkably based on image-related services from various providers. However, many security issues also arise along with the ubiquitous usage of image-related deep learning. Nowadays, people rely on image-related deep learning in work and business, thus there are more entries for attackers to wreck the image-related deep learning system. Although many works have been published for defending various attacks, lots of studies have shown that the defense cannot be perfect. In this thesis, one-pixel attack, a kind of extremely concealed attacking method toward deep learning, is analyzed first. Two novel detection methods are proposed for detecting the one-pixel attack. Considering that image tempering mostly happens in image sharing through an unreliable way, next, this dissertation extends the detection against single attack method to a platform for higher level protection. We propose a novel smart contract based image sharing system. The system keeps full track of the shared images and any potential alteration to images will be notified to users. From extensive experiment results, it is observed that the system can effectively detect the changes on the image server even in the circumstance that the attacker erases all the traces from the image-sharing server. Finally, we focus on the attack targeting blockchain-enhanced deep learning. Although blockchain-enhanced federated learning can defend against many attack methods that purely crack the deep learning part, it is still vulnerable to combined attack. A novel attack method that combines attacks on PoS blockchain and attacks on federated learning is proposed. The proposed attack method can bypass the protection from blockchain and poison federated learning. Real experiments are performed to evaluate the proposed methods

A Framework for Multimedia Data Hiding (Security)

With the proliferation of multimedia data such as images, audio, and video, robust digital watermarking and data hiding techniques are needed for copyright protection, copy control, annotation, and authentication. While many techniques have been proposed for digital color and grayscale images, not all of them can be directly applied to binary document images. The difficulty lies in the fact that changing pixel values in a binary document could introduce Irregularities that is very visually noticeable. We have seen but limited number of papers proposing new techniques and ideas for document image watermarking and data hiding. In this paper, we present an overview and summary of recent developments on this important topic, and discuss important issues such as robustness and data hiding capacity of the different techniques

Frame-synchronous Blind Audio Watermarking for Tamper Proofing and Self-Recovery

This paper presents a lifting wavelet transform (LWT)-based blind audio watermarking scheme designed for tampering detection and self-recovery. Following 3-level LWT decomposition of a host audio, the coefficients in selected subbands are first partitioned into frames for watermarking. To suit different purposes of the watermarking applications, binary information is packed into two groups: frame-related data are embedded in the approximation subband using rational dither modulation; the source-channel coded bit sequence of the host audio is hidden inside the 2nd and 3rd -detail subbands using 2N-ary adaptive quantization index modulation. The frame-related data consists of a synchronization code used for frame alignment and a composite message gathered from four adjacent frames for content authentication. To endow the proposed watermarking scheme with a self-recovering capability, we resort to hashing comparison to identify tampered frames and adopt a Reed–Solomon code to correct symbol errors. The experiment results indicate that the proposed watermarking scheme can accurately locate and recover the tampered regions of the audio signal. The incorporation of the frame synchronization mechanism enables the proposed scheme to resist against cropping and replacement attacks, all of which were unsolvable by previous watermarking schemes. Furthermore, as revealed by the perceptual evaluation of audio quality measures, the quality degradation caused by watermark embedding is merely minor. With all the aforementioned merits, the proposed scheme can find various applications for ownership protection and content authentication

Digital Watermarking for Verification of Perception-based Integrity of Audio Data

In certain application fields digital audio recordings contain sensitive content. Examples are historical archival material in public archives that preserve our cultural heritage, or digital evidence in the context of law enforcement and civil proceedings. Because of the powerful capabilities of modern editing tools for multimedia such material is vulnerable to doctoring of the content and forgery of its origin with malicious intent. Also inadvertent data modification and mistaken origin can be caused by human error. Hence, the credibility and provenience in terms of an unadulterated and genuine state of such audio content and the confidence about its origin are critical factors. To address this issue, this PhD thesis proposes a mechanism for verifying the integrity and authenticity of digital sound recordings. It is designed and implemented to be insensitive to common post-processing operations of the audio data that influence the subjective acoustic perception only marginally (if at all). Examples of such operations include lossy compression that maintains a high sound quality of the audio media, or lossless format conversions. It is the objective to avoid de facto false alarms that would be expectedly observable in standard crypto-based authentication protocols in the presence of these legitimate post-processing. For achieving this, a feasible combination of the techniques of digital watermarking and audio-specific hashing is investigated. At first, a suitable secret-key dependent audio hashing algorithm is developed. It incorporates and enhances so-called audio fingerprinting technology from the state of the art in contentbased audio identification. The presented algorithm (denoted as ”rMAC” message authentication code) allows ”perception-based” verification of integrity. This means classifying integrity breaches as such not before they become audible. As another objective, this rMAC is embedded and stored silently inside the audio media by means of audio watermarking technology. This approach allows maintaining the authentication code across the above-mentioned admissible post-processing operations and making it available for integrity verification at a later date. For this, an existent secret-key ependent audio watermarking algorithm is used and enhanced in this thesis work. To some extent, the dependency of the rMAC and of the watermarking processing from a secret key also allows authenticating the origin of a protected audio. To elaborate on this security aspect, this work also estimates the brute-force efforts of an adversary attacking this combined rMAC-watermarking approach. The experimental results show that the proposed method provides a good distinction and classification performance of authentic versus doctored audio content. It also allows the temporal localization of audible data modification within a protected audio file. The experimental evaluation finally provides recommendations about technical configuration settings of the combined watermarking-hashing approach. Beyond the main topic of perception-based data integrity and data authenticity for audio, this PhD work provides new general findings in the fields of audio fingerprinting and digital watermarking. The main contributions of this PhD were published and presented mainly at conferences about multimedia security. These publications were cited by a number of other authors and hence had some impact on their works