Resisting tracker attacks by query terms analysis

Tracker attacks pose a serious threat to databases, especially those used in manufactory and management in industry. These attacks can be used to infer sensitive information in databases and they are difficult to detect. This paper proposes a new approach to dealing with such attacks by analysing each disjunctive term in every query statement. Potential tracker attacks will be detected and then suppressed to avoid any further real attacks. A sample database table and a sample attack are given and analysed to show the effectiveness of the new approach

An electronic healthcare record server implemented in PostgreSQL

This paper describes the implementation of an Electronic Healthcare Record server inside a PostgreSQL relational database without dependency on any further middleware infrastructure. The five-part international standard for communicating healthcare records (ISO EN 13606) is used as the information basis for the design of the server. We describe some of the features that this standard demands that are provided by the server, and other areas where assumptions about the durability of communications or the presence of middleware lead to a poor fit. Finally, we discuss the use of the server in two real-world scenarios including a commercial application

Exploring Privacy Preservation in Outsourced K-Nearest Neighbors with Multiple Data Owners

The k-nearest neighbors (k-NN) algorithm is a popular and effective classification algorithm. Due to its large storage and computational requirements, it is suitable for cloud outsourcing. However, k-NN is often run on sensitive data such as medical records, user images, or personal information. It is important to protect the privacy of data in an outsourced k-NN system. Prior works have all assumed the data owners (who submit data to the outsourced k-NN system) are a single trusted party. However, we observe that in many practical scenarios, there may be multiple mutually distrusting data owners. In this work, we present the first framing and exploration of privacy preservation in an outsourced k-NN system with multiple data owners. We consider the various threat models introduced by this modification. We discover that under a particularly practical threat model that covers numerous scenarios, there exists a set of adaptive attacks that breach the data privacy of any exact k-NN system. The vulnerability is a result of the mathematical properties of k-NN and its output. Thus, we propose a privacy-preserving alternative system supporting kernel density estimation using a Gaussian kernel, a classification algorithm from the same family as k-NN. In many applications, this similar algorithm serves as a good substitute for k-NN. We additionally investigate solutions for other threat models, often through extensions on prior single data owner systems

On the Measurement of Privacy as an Attacker's Estimation Error

A wide variety of privacy metrics have been proposed in the literature to evaluate the level of protection offered by privacy enhancing-technologies. Most of these metrics are specific to concrete systems and adversarial models, and are difficult to generalize or translate to other contexts. Furthermore, a better understanding of the relationships between the different privacy metrics is needed to enable more grounded and systematic approach to measuring privacy, as well as to assist systems designers in selecting the most appropriate metric for a given application. In this work we propose a theoretical framework for privacy-preserving systems, endowed with a general definition of privacy in terms of the estimation error incurred by an attacker who aims to disclose the private information that the system is designed to conceal. We show that our framework permits interpreting and comparing a number of well-known metrics under a common perspective. The arguments behind these interpretations are based on fundamental results related to the theories of information, probability and Bayes decision.Comment: This paper has 18 pages and 17 figure

Ensuring patients privacy in a cryptographic-based-electronic health records using bio-cryptography

Several recent works have proposed and implemented cryptography as a means to preserve privacy and security of patients health data. Nevertheless, the weakest point of electronic health record (EHR) systems that relied on these cryptographic schemes is key management. Thus, this paper presents the development of privacy and security system for cryptography-based-EHR by taking advantage of the uniqueness of fingerprint and iris characteristic features to secure cryptographic keys in a bio-cryptography framework. The results of the system evaluation showed significant improvements in terms of time efficiency of this approach to cryptographic-based-EHR. Both the fuzzy vault and fuzzy commitment demonstrated false acceptance rate (FAR) of 0%, which reduces the likelihood of imposters gaining successful access to the keys protecting patients protected health information. This result also justifies the feasibility of implementing fuzzy key binding scheme in real applications, especially fuzzy vault which demonstrated a better performance during key reconstruction

Interactive Range Queries under Differential Privacy

Differential privacy approaches employ a curator to control data sharing with analysts without compromising individual privacy. The curator’s role is to guard the data and determine what is appropriate for release using the parameter epsilon to adjust the accuracy of the released data. A low epsilon value provides more privacy, while a higher epsilon value is associated with higher accuracy. Counting queries, which ”count” the number of items in a dataset that meet specific conditions, impose additional restrictions on privacy protection. In particular, if the resulting counts are low, the data released is more specific and can lead to privacy loss. This work addresses privacy challenges in single-attribute counting-range queries by proposing a Workload Partitioning Mechanism (WPM) which generates estimated answers based on query sensitivity. The mechanism is then extended to handle multiple-attribute range queries by preventing interrelated attributes from revealing private information about individuals. Further, the mechanism is paired with access control to improve system privacy and security, thus illustrating its practicality. The work also extends the WPM to reduce the error to be polylogarithmic in the sensitivity degree of the issued queries. This thesis describes the research questions addressed by WPM to date, and discusses future plans to expand the current research tasks toward developing a more efficient mechanism for range queries