171 research outputs found
On genomics, kin, and privacy
The storage of greater numbers of exomes or genomes raises the question of loss of privacy for the individual and for families if genomic data are not properly protected. Access to genome data may result from a personal decision to disclose, or from gaps in protection. In either case, revealing genome data has consequences beyond the individual, as it compromises the privacy of family members. Increasing availability of genome data linked or linkable to metadata through online social networks and services adds one additional layer of complexity to the protection of genome privacy. The field of computer science and information technology offers solutions to secure genomic data so that individuals, medical personnel or researchers can access only the subset of genomic information required for healthcare or dedicated studies
Variability Modelling Challenges from the Trenches of an Open Source Product Line Re-Engineering Project
Variability models, feature diagrams ahead, have become
commonplace in the software product lines engineering
literature. Whereas ongoing research keeps improving
their expressiveness, formalisation and automation,
more experience reports on their usage in real projects are
needed. This paper describes some challenges encountered
during the re-engineering of PloneMeeting, an Open Source
software family, into a software product line. The main
challenging issues we could observe were (i) the ambiguity
originating from implicit information (missing definitions
of feature labels and unclear modelling viewpoint),
(ii) the necessity of representing spurious features, (iii) the
difficulty of making diagrams and constraints resistant to
change, and (iv) the risks of using feature attributes to represent
large sets of subfeatures. Our study reveals the limitations
of current constructs, and calls for both language
and methodological improvements. It also suggests further
comparative evaluations of modelling alternatives.Comisión Interministerial de Ciencia y Tecnología TIN2006-0047
Privacy in the Genomic Era
Genome sequencing technology has advanced at a rapid pace and it is now
possible to generate highly-detailed genotypes inexpensively. The collection
and analysis of such data has the potential to support various applications,
including personalized medical services. While the benefits of the genomics
revolution are trumpeted by the biomedical community, the increased
availability of such data has major implications for personal privacy; notably
because the genome has certain essential features, which include (but are not
limited to) (i) an association with traits and certain diseases, (ii)
identification capability (e.g., forensics), and (iii) revelation of family
relationships. Moreover, direct-to-consumer DNA testing increases the
likelihood that genome data will be made available in less regulated
environments, such as the Internet and for-profit companies. The problem of
genome data privacy thus resides at the crossroads of computer science,
medicine, and public policy. While the computer scientists have addressed data
privacy for various data types, there has been less attention dedicated to
genomic data. Thus, the goal of this paper is to provide a systematization of
knowledge for the computer science community. In doing so, we address some of
the (sometimes erroneous) beliefs of this field and we report on a survey we
conducted about genome data privacy with biomedical specialists. Then, after
characterizing the genome privacy problem, we review the state-of-the-art
regarding privacy attacks on genomic data and strategies for mitigating such
attacks, as well as contextualizing these attacks from the perspective of
medicine and public policy. This paper concludes with an enumeration of the
challenges for genome data privacy and presents a framework to systematize the
analysis of threats and the design of countermeasures as the field moves
forward
Integration of Internet and Telecommunications- An Architecture for Hybrid Services
In this article, we propose an architecture for hybrid services, i.e., services that span many network technologies, such as the Public Switched Telephone Network (PSTN), cellular networks and networks based on the Internet Protocol (IP). These services will play an important role in the future because they leverage on the existing infrastructures, rather than requiring new and sophisticated mechanisms to be deployed. We explore a few issues related to hybrid services and propose a platform, as well as a set of components, to facilitate their creation and deployment. The existing infrastructure is only required to generate specific events when requests for hybrid services are detected. We present the design of a service layer, based on Java, that handles the treatment of these special requests. Our service layer is provided with a set of generic components realized according to the JavaBeans model. We illustrate the strength of our architecture by discussing two hybrid-service examples: a calendar service and a call forwarding service
Secure Vehicular Communication Systems: Implementation, Performance, and Research Challenges
Vehicular Communication (VC) systems are on the verge of practical
deployment. Nonetheless, their security and privacy protection is one of the
problems that have been addressed only recently. In order to show the
feasibility of secure VC, certain implementations are required. In [1] we
discuss the design of a VC security system that has emerged as a result of the
European SeVeCom project. In this second paper, we discuss various issues
related to the implementation and deployment aspects of secure VC systems.
Moreover, we provide an outlook on open security research issues that will
arise as VC systems develop from today's simple prototypes to full-fledged
systems
ORide: A Privacy-Preserving yet Accountable Ride-Hailing Service
In recent years, ride-hailing services (RHSs) have be- come increasingly popular, serving millions of users per day. Such systems, however, raise significant privacy concerns, because service providers are able to track the precise mobility patterns of all riders and drivers. In this paper, we propose ORide (Oblivious Ride), a privacy- preserving RHS based on somewhat-homomorphic en- cryption with optimizations such as ciphertext packing and transformed processing. With ORide, a service provider can match riders and drivers without learning their identities or location information. ORide offers rid- ers with fairly large anonymity sets (e.g., several thou- sands), even in sparsely populated areas. In addition, ORide supports key RHS features such as easy payment, reputation scores, accountability, and retrieval of lost items. Using real data-sets that consist of millions of rides, we show that the computational and network over- head introduced by ORide is acceptable. For example, ORide adds only several milliseconds to ride-hailing op- erations, and the extra driving distance for a driver is less than 0.5 km in more than 75% of the cases evaluated. In short, we show that a RHS can offer strong privacy guar- antees to both riders and drivers while maintaining the convenience of its services
Symplectic integration of space debris motion considering several Earth's shadowing models
In this work, we present a symplectic integration scheme to numerically
compute space debris motion. Such an integrator is particularly suitable to
obtain reliable trajectories of objects lying on high orbits, especially
geostationary ones. Indeed, it has already been demonstrated that such objects
could stay there for hundreds of years. Our model takes into account the
Earth's gravitational potential, luni-solar and planetary gravitational
perturbations and direct solar radiation pressure. Based on the analysis of the
energy conservation and on a comparison with a high order non-symplectic
integrator, we show that our algorithm allows us to use large time steps and
keep accurate results. We also propose an innovative method to model Earth's
shadow crossings by means of a smooth shadow function. In the particular
framework of symplectic integration, such a function needs to be included
analytically in the equations of motion in order to prevent numerical drifts of
the energy. For the sake of completeness, both cylindrical shadows and penumbra
transitions models are considered. We show that both models are not equivalent
and that big discrepancies actually appear between associated orbits,
especially for high area-to-mass ratios
PrivateRide: A Privacy-Enhanced Ride-Hailing Service
In the past few years, we have witnessed a rise in the popularity of ride-hailing services (RHSs), an on-line marketplace that enables accredited drivers to use their own cars to drive ride-hailing users. Unlike other transportation services, RHSs raise significant privacy concerns, as providers are able to track the precise mobility patterns of millions of riders worldwide. We present the first survey and analysis of the privacy threats in RHSs. Our analysis exposes high-risk privacy threats that do not occur in conventional taxi services. Therefore, we pro- pose PrivateRide, a privacy-enhancing and practical solu- tion that offers anonymity and location privacy for riders, and protects drivers’ information from harvesting attacks. PrivateRide lowers the high-risk privacy threats in RHSs to a level that is at least as low as that of many taxi services. Using real data-sets from Uber and taxi rides, we show that PrivateRide significantly enhances riders’ privacy, while preserving tangible accuracy in ride matching and fare calculation, with only negligible effects on convenience. Moreover, by using our Android implementation for experimental evaluations, we show that PrivateRide’s overhead during ride setup is negligible. In short, we enable privacy- conscious riders to achieve levels of privacy that are not possible in current RHSs and even in some conventional taxi services, thereby offering a potential business differentiator
The (Co-)Location Sharing Game: Benefits and Privacy Implications of (Co)-Location Sharing with Interdependences
Most popular location-based social networks, such as Facebook and Foursquare, let their (mobile) users post location and co-location (involving other users) information. Such posts bring social benefits to the users who post them but also to their friends who view them. Yet, they also represent a severe threat to the users' privacy, as co-location information introduces interdependences between users. We propose the first game-theoretic framework for analyzing the strategic behaviors, in terms of information sharing, of users of OSNs. To design parametric utility functions that are representative of the users' actual preferences, we also conduct a survey of 250 Facebook users and use conjoint analysis to quantify the users' benefits of sharing vs. viewing (co)-location information and their preference for privacy vs. benefits. Our survey findings expose the fact that, among the users, there is a large variation, in terms of these preferences. We extensively evaluate our framework through data-driven numerical simulations. We study how users' individual preferences influence each other's decisions, we identify several factors that significantly affect these decisions (among which, the mobility data of the users), and we determine situations where dangerous patterns can emerge (e.g., a vicious circle of sharing, or an incentive to over-share)--even when the users share similar preferences
GenoGuard: Protecting genomic data against brute-force attacks
Secure storage of genomic data is of great and increasing importance. The scientific community's improving ability to interpret individuals' genetic materials and the growing size of genetic database populations have been aggravating the potential consequences of data breaches. The prevalent use of passwords to generate encryption keys thus poses an especially serious problem when applied to genetic data. Weak passwords can jeopardize genetic data in the short term, but given the multi-decade lifespan of genetic data, even the use of strong passwords with conventional encryption can lead to compromise. We present a tool, called Geno Guard, for providing strong protection for genomic data both today and in the long term. Geno Guard incorporates a new theoretical framework for encryption called honey encryption (HE): it can provide information-theoretic confidentiality guarantees for encrypted data. Previously proposed HE schemes, however, can be applied to messages from, unfortunately, a very restricted set of probability distributions. Therefore, Geno Guard addresses the open problem of applying HE techniques to the highly non-uniform probability distributions that characterize sequences of genetic data. In Geno Guard, a potential adversary can attempt exhaustively to guess keys or passwords and decrypt via a brute-force attack. We prove that decryption under any key will yield a plausible genome sequence, and that Geno Guard offers an information-theoretic security guarantee against message-recovery attacks. We also explore attacks that use side information. Finally, we present an efficient and parallelized software implementation of Geno Guard. © 2015 IEEE
- …