Moir\'e patterns in quantum images

We observed moir\'e fringes in spatial quantum correlations between twin photons generated by parametric down-conversion. Spatially periodic structures were nonlocally superposed giving rise to beat frequencies typical of moir\'e patterns. This result brings interesting perspectives regarding metrological applications of such a quantum optical setup.Comment: 4 pages, 5 figure

SmarPer: Context-Aware and Automatic Runtime-Permissions for Mobile Devices

Permission systems are the main defense that mobile platforms, such as Android and iOS, offer to users to protect their private data from prying apps. However, due to the tension between usability and control, such systems have several limitations that often force users to overshare sensitive data. In this work, we address some of these limitations with SmarPer, an advanced permission mechanism for Android. First, to address the rigidity of current permission systems and their poor matching of users' privacy preferences, SmarPer relies on contextual information and machine learning to predict permission decisions at runtime. Using our SmarPer implementation, we collected 8,521 runtime permission decisions from 41 participants in real conditions. Note that the goal of SmarPer is to mimic the users decisions, not to make privacy-preserving decisions per se. With this unique data set, we show that tting an efcient Bayesian linear regression model results in a mean correct classication rate of 80% (3%). This represents a mean relative improvement of 50% over a user-dened static permission policy, i.e., the model used in current permission systems. Second, SmarPer also focuses on the suboptimal trade-off between privacy and utility; instead of only “allow” or “deny” decisions, SmarPer also offers an “obfuscate” option where users can still obtain utility by revealing partial information to apps. We implemented obfuscation techniques in SmarPer for different data types and evaluated them during our data collection campaign. Our results show that 73% of the participants found obfuscation useful and it accounted for almost a third of the total number of decisions. In short, we are the first to show, using a large dataset of real in situ permission decisions, that it is possible to learn users’ unique decision patterns at runtime using contextual information while supporting data obfuscation; this an important step towards automating the management of permissions in smartphones

ORide: A Privacy-Preserving yet Accountable Ride-Hailing Service

In recent years, ride-hailing services (RHSs) have be- come increasingly popular, serving millions of users per day. Such systems, however, raise significant privacy concerns, because service providers are able to track the precise mobility patterns of all riders and drivers. In this paper, we propose ORide (Oblivious Ride), a privacy- preserving RHS based on somewhat-homomorphic en- cryption with optimizations such as ciphertext packing and transformed processing. With ORide, a service provider can match riders and drivers without learning their identities or location information. ORide offers rid- ers with fairly large anonymity sets (e.g., several thou- sands), even in sparsely populated areas. In addition, ORide supports key RHS features such as easy payment, reputation scores, accountability, and retrieval of lost items. Using real data-sets that consist of millions of rides, we show that the computational and network over- head introduced by ORide is acceptable. For example, ORide adds only several milliseconds to ride-hailing op- erations, and the extra driving distance for a driver is less than 0.5 km in more than 75% of the cases evaluated. In short, we show that a RHS can offer strong privacy guar- antees to both riders and drivers while maintaining the convenience of its services

A Predictive Model for User Motivation and Utility Implications of Privacy-Protection Mechanisms in Location Check-Ins

Location check-ins contain both geographical and semantic information about the visited venues. Semantic information is usually represented by means of tags (e.g., “restaurant”). Such data can reveal some personal information about users beyond what they actually expect to disclose, hence their privacy is threatened. To mitigate such threats, several privacy protection techniques based on location generalization have been proposed. Although the privacy implications of such techniques have been extensively studied, the utility implications are mostly unknown. In this paper, we propose a predictive model for quantifying the effect of a privacy-preserving technique (i.e., generalization) on the perceived utility of check-ins. We first study the users’ motivations behind their location check-ins, based on a study targeted at Foursquare users (N = 77). We propose a machine-learning method for determining the motivation behind each check-in, and we design a motivation-based predictive model for the utility implications of generalization. Based on the survey data, our results show that the model accurately predicts the fine-grained motivation behind a check-in in 43% of the cases and in 63% of the cases for the coarse-grained motivation. It also predicts, with a mean error of 0.52 (on a scale from 1 to 5), the loss of utility caused by semantic and geographical generalization. This model makes it possible to design of utility-aware, privacy-enhancing mechanisms in location-based online social networks. It also enables service providers to implement location-sharing mechanisms that preserve both the utility and privacy for their users

PrivateRide: A Privacy-Enhanced Ride-Hailing Service

In the past few years, we have witnessed a rise in the popularity of ride-hailing services (RHSs), an on-line marketplace that enables accredited drivers to use their own cars to drive ride-hailing users. Unlike other transportation services, RHSs raise significant privacy concerns, as providers are able to track the precise mobility patterns of millions of riders worldwide. We present the first survey and analysis of the privacy threats in RHSs. Our analysis exposes high-risk privacy threats that do not occur in conventional taxi services. Therefore, we pro- pose PrivateRide, a privacy-enhancing and practical solu- tion that offers anonymity and location privacy for riders, and protects drivers’ information from harvesting attacks. PrivateRide lowers the high-risk privacy threats in RHSs to a level that is at least as low as that of many taxi services. Using real data-sets from Uber and taxi rides, we show that PrivateRide significantly enhances riders’ privacy, while preserving tangible accuracy in ride matching and fare calculation, with only negligible effects on convenience. Moreover, by using our Android implementation for experimental evaluations, we show that PrivateRide’s overhead during ride setup is negligible. In short, we enable privacy- conscious riders to achieve levels of privacy that are not possible in current RHSs and even in some conventional taxi services, thereby offering a potential business differentiator

Consensual and Privacy-Preserving Sharing of Multi-Subject and Interdependent Data

Individuals share increasing amounts of personal data online. This data often involves–or at least has privacy implications for–data subjects other than the individuals who shares it (e.g., photos, genomic data) and the data is shared without their consent. A sadly popular example, with dramatic consequences, is revenge pornography. In this paper, we propose ConsenShare, a system for sharing, in a consensual (wrt the data subjects) and privacy-preserving (wrt both service providers and other individuals) way, data involving subjects other than the uploader. We describe a complete design and implementation of ConsenShare for photos, which relies on image processing and cryptographic techniques, as well as on a two-tier architecture (one entity for detecting the data subjects and contacting them; one entity for hosting the data and for collecting consent). We benchmark the performance (CPU and bandwidth) of ConsenShare by using a dataset of 20k photos from Flickr. We also conduct a survey targeted at Facebook users (N = 321). Our results are quite encouraging: The experimental results demonstrate the feasibility of our approach (i.e., acceptable overheads) and the survey results demonstrate a potential interest from the users

Prospectus, October 21, 2004

https://spark.parkland.edu/prospectus_2004/1024/thumbnail.jp

The (Co-)Location Sharing Game: Benefits and Privacy Implications of (Co)-Location Sharing with Interdependences

Most popular location-based social networks, such as Facebook and Foursquare, let their (mobile) users post location and co-location (involving other users) information. Such posts bring social benefits to the users who post them but also to their friends who view them. Yet, they also represent a severe threat to the users' privacy, as co-location information introduces interdependences between users. We propose the first game-theoretic framework for analyzing the strategic behaviors, in terms of information sharing, of users of OSNs. To design parametric utility functions that are representative of the users' actual preferences, we also conduct a survey of 250 Facebook users and use conjoint analysis to quantify the users' benefits of sharing vs. viewing (co)-location information and their preference for privacy vs. benefits. Our survey findings expose the fact that, among the users, there is a large variation, in terms of these preferences. We extensively evaluate our framework through data-driven numerical simulations. We study how users' individual preferences influence each other's decisions, we identify several factors that significantly affect these decisions (among which, the mobility data of the users), and we determine situations where dangerous patterns can emerge (e.g., a vicious circle of sharing, or an incentive to over-share)--even when the users share similar preferences

Incentives for Human Agents to Share Security Information: a Model and an Empirical Test

In this paper, we investigate the role of incentives for Security Information Sharing (SIS) between human agents working in institutions. We present an incentive-based SIS system model that is empirically tested with an exclusive dataset. The data was collected with an online questionnaire addressed to all participants of a deployed Information Sharing and Analysis Center (ISAC) that operates in the context of critical infrastructure protection (N=262). SIS is measured with a multidimensional approach (intensity, frequency) and regressed on five specific predicators (reciprocity, value of information, institutional barriers, reputation, trust) that are measured with psychometric scales. We close an important research gap by providing, to the best of our knowledge, the first empirical analysis on previous theoretical work that assumes SIS to be beneficial. Our results show that institutional barriers have a strong influence on our population, i.e., SIS decision makers in Switzerland. This lends support to a better institutional design of ISACs and the formulation of incentive-based policies that can avoid non-cooperative and free-riding behaviours. Both frequency and intensity are influenced by the extent to which decision makers expect to receive valuable information in return for SIS, which supports the econometric structure of our multidimensional model. Finally, our policy recommendations support the view that the effectiveness of mandatory security-breach reporting to authorities is limited. Therefore, we suggest that a conducive and lightly regulated SIS environment – as in Switzerland – with positive reinforcement and indirect suggestions can “nudge” SIS decision makers to adopt a productive sharing behaviour

To share or not to share: A behavioral perspective on human participation in security information sharing

Security information sharing (SIS) is an activity whereby individuals exchange information that is relevant to analyze or prevent cybersecurity incidents. However, despite technological advances and increased regulatory pressure, individuals still seem reluctant to share security information. Few contributions have addressed this conundrum to date. Adopting an interdisciplinary approach, our study proposes a behavioral framework that theorizes how and why human behav- ior and SIS may be associated. We use psychometric methods to test these associations, analyzing a unique sample of human Information Sharing and Analysis Center members who share real se- curity information. We also provide a dual empirical operationalization of SIS by introducing the measures of SIS frequency and intensity. We find significant associations between human behavior and SIS. Thus, the study contributes to clarifying why SIS, while beneficial, is underutil- ized by pointing to the pivotal role of human behavior for economic outcomes. It therefore extends the growing field of the economics of information security. By the same token, it informs managers and regulators about the significance of human behavior as they propagate goal alignment and shape institutions. Finally, the study defines a broad agenda for future research on SIS