949 research outputs found
Protecting privacy of users in brain-computer interface applications
Machine learning (ML) is revolutionizing research and industry. Many ML applications rely on the use of large amounts of personal data for training and inference. Among the most intimate exploited data sources is electroencephalogram (EEG) data, a kind of data that is so rich with information that application developers can easily gain knowledge beyond the professed scope from unprotected EEG signals, including passwords, ATM PINs, and other intimate data. The challenge we address is how to engage in meaningful ML with EEG data while protecting the privacy of users. Hence, we propose cryptographic protocols based on secure multiparty computation (SMC) to perform linear regression over EEG signals from many users in a fully privacy-preserving(PP) fashion, i.e., such that each individual's EEG signals are not revealed to anyone else. To illustrate the potential of our secure framework, we show how it allows estimating the drowsiness of drivers from their EEG signals as would be possible in the unencrypted case, and at a very reasonable computational cost. Our solution is the first application of commodity-based SMC to EEG data, as well as the largest documented experiment of secret sharing-based SMC in general, namely, with 15 players involved in all the computations
The Crypto-democracy and the Trustworthy
In the current architecture of the Internet, there is a strong asymmetry in
terms of power between the entities that gather and process personal data
(e.g., major Internet companies, telecom operators, cloud providers, ...) and
the individuals from which this personal data is issued. In particular,
individuals have no choice but to blindly trust that these entities will
respect their privacy and protect their personal data. In this position paper,
we address this issue by proposing an utopian crypto-democracy model based on
existing scientific achievements from the field of cryptography. More
precisely, our main objective is to show that cryptographic primitives,
including in particular secure multiparty computation, offer a practical
solution to protect privacy while minimizing the trust assumptions. In the
crypto-democracy envisioned, individuals do not have to trust a single physical
entity with their personal data but rather their data is distributed among
several institutions. Together these institutions form a virtual entity called
the Trustworthy that is responsible for the storage of this data but which can
also compute on it (provided first that all the institutions agree on this).
Finally, we also propose a realistic proof-of-concept of the Trustworthy, in
which the roles of institutions are played by universities. This
proof-of-concept would have an important impact in demonstrating the
possibilities offered by the crypto-democracy paradigm.Comment: DPM 201
Learning Character Strings via Mastermind Queries, with a Case Study Involving mtDNA
We study the degree to which a character string, , leaks details about
itself any time it engages in comparison protocols with a strings provided by a
querier, Bob, even if those protocols are cryptographically guaranteed to
produce no additional information other than the scores that assess the degree
to which matches strings offered by Bob. We show that such scenarios allow
Bob to play variants of the game of Mastermind with so as to learn the
complete identity of . We show that there are a number of efficient
implementations for Bob to employ in these Mastermind attacks, depending on
knowledge he has about the structure of , which show how quickly he can
determine . Indeed, we show that Bob can discover using a number of
rounds of test comparisons that is much smaller than the length of , under
reasonable assumptions regarding the types of scores that are returned by the
cryptographic protocols and whether he can use knowledge about the distribution
that comes from. We also provide the results of a case study we performed
on a database of mitochondrial DNA, showing the vulnerability of existing
real-world DNA data to the Mastermind attack.Comment: Full version of related paper appearing in IEEE Symposium on Security
and Privacy 2009, "The Mastermind Attack on Genomic Data." This version
corrects the proofs of what are now Theorems 2 and 4
Secure Cloud-Edge Deployments, with Trust
Assessing the security level of IoT applications to be deployed to
heterogeneous Cloud-Edge infrastructures operated by different providers is a
non-trivial task. In this article, we present a methodology that permits to
express security requirements for IoT applications, as well as infrastructure
security capabilities, in a simple and declarative manner, and to automatically
obtain an explainable assessment of the security level of the possible
application deployments. The methodology also considers the impact of trust
relations among different stakeholders using or managing Cloud-Edge
infrastructures. A lifelike example is used to showcase the prototyped
implementation of the methodology
- âŠ