67 research outputs found
New Differential Privacy Communication Pipeline and Design Framework
Organizations started to adopt differential privacy (DP) techniques hoping to
persuade more users to share personal data with them. However, many users do
not understand DP techniques, thus may not be willing to share. Previous
research suggested that the design of DP mechanism communication could
influence users' willingness to share data. Based on the prior work, we propose
a new communication pipeline that starts by asking users about their privacy
concerns and then provides a customized DP mechanism and communication. We also
propose a design framework that systemically explores effective communication
designs ranging from a text-based high-level description to a step-by-step
interactive storyboard. Based on the framework, we created 17 designs and
recruited five people to evaluate. Our user study showed that text-based
descriptions have the highest clarity in all scenarios, while the step-by-step
interactive storyboards have the potential to persuade users to trust central
DP. Our future work will optimize the design and conduct a large-scale efficacy
study.Comment: poste
A distributed anomaly detection system for in-vehicle network using HTM
With the development of 5G and Internet of Vehicles technology, the possibility of remote wireless attack on an in-vehicle network has been proven by security researchers. Anomaly detection technology can effectively alleviate the security threat, as the first line of security defense. Based on this, this paper proposes a distributed anomaly detection system using hierarchical temporal memory (HTM) to enhance the security of a vehicular controller area network bus. The HTM model can predict the flow data in real time, which depends on the state of the previous learning. In addition, we improved the abnormal score mechanism to evaluate the prediction. We manually synthesized field modification and replay attack in data field. Compared with recurrent neural networks and hidden Markov model detection models, the results show that the distributed anomaly detection system based on HTM networks achieves better performance in the area under receiver operating characteristic curve score, precision, and recall
LiSum: Open Source Software License Summarization with Multi-Task Learning
Open source software (OSS) licenses regulate the conditions under which users
can reuse, modify, and distribute the software legally. However, there exist
various OSS licenses in the community, written in a formal language, which are
typically long and complicated to understand. In this paper, we conducted a
661-participants online survey to investigate the perspectives and practices of
developers towards OSS licenses. The user study revealed an indeed need for an
automated tool to facilitate license understanding. Motivated by the user study
and the fast growth of licenses in the community, we propose the first study
towards automated license summarization. Specifically, we released the first
high quality text summarization dataset and designed two tasks, i.e., license
text summarization (LTS), aiming at generating a relatively short summary for
an arbitrary license, and license term classification (LTC), focusing on the
attitude inference towards a predefined set of key license terms (e.g.,
Distribute). Aiming at the two tasks, we present LiSum, a multi-task learning
method to help developers overcome the obstacles of understanding OSS licenses.
Comprehensive experiments demonstrated that the proposed jointly training
objective boosted the performance on both tasks, surpassing state-of-the-art
baselines with gains of at least 5 points w.r.t. F1 scores of four
summarization metrics and achieving 95.13% micro average F1 score for
classification simultaneously. We released all the datasets, the replication
package, and the questionnaires for the community
Unmodified Half-Gates is Adaptively Secure - So is Unmodified Three-Halves
Adaptive security is a crucial property for garbling schemes in pushing the communication of garbled circuits to an offline phase when the input is unknown. In this paper, we show that the popular half-gates scheme by Zahur et al. (Eurocrypt’15), without any modification, is adaptively secure in the non-programmable random permutation model (npRPM). Since real implementations of selective-secure half-gates are already based on npRPM, our result shows that these implementations are already adaptively secure under the same condition where the selective security is proven. Additionally, we expand our analysis to cover the recent three-halves construction by Rosulek and Roy (Crypto’21); we also discuss some optimizations and separation when considering the programmable random permutation model instead
FFSSE: Flexible Forward Secure Searchable Encryption with Efficient Performance
Searchable Symmetric Encryption (SSE) has been widely applied in the design of encrypted database for exact queries or even range queries in practice. In spite of its efficiency and functionalities, it always suffers from information leakages. Some recent attacks point out that forward privacy is the desirable security goal. However, there are only a very small number of schemes achieving this security. In this paper, we propose a new forward secure SSE scheme, denoted as ``FFSSE\u27\u27, which has the best performance in the literature, namely with fast search operation, fast token generation and O(1) update complexity. It also supports both add and delete operations in the unique instance. Technically, we exploit a novel ``key-based blocks chain\u27\u27 technique based on symmetric cryptographic primitive, which can be deployed in arbitrary index tree structures or key-value structures directly to provide forward privacy. In order to reduce the storage on the client side, we further propose an efficient permutation technique (with similar function as trapdoor permutation) to support the re-construction of the search tokens. Experiments show that our scheme is 4 times, 300 times and 300 times faster than the state-of-the-art forward private SSE scheme (proposed in CCS 2016) in search, update and token generation, respectively. Security analysis shows that our scheme is secure
- …