PrivExtractor:Towards Redressing the Imbalance of Understanding Between Virtual Assistant Users and Vendors

The use of voice-controlled virtual assistants (VAs) is significant, and user numbers increase every year. Extensive use of VAs has provided the large, cash-rich technology companies who sell them with another way of consuming users' data, providing a lucrative revenue stream. Whilst these companies are legally obliged to treat users' information "fairly and responsibly,"artificial intelligence techniques used to process data have become incredibly sophisticated, leading to users' concerns that a lack of clarity is making it hard to understand the nature and scope of data collection and use.There has been little work undertaken on a self-contained user awareness tool targeting VAs. PrivExtractor, a novel web-based awareness dashboard for VA users, intends to redress this imbalance of understanding between the data "processors"and the user. It aims to achieve this using the four largest VA vendors as a case study and providing a comparison function that examines the four companies' privacy practices and their compliance with data protection law.As a result of this research, we conclude that the companies studied are largely compliant with the law, as expected. However, the user remains disadvantaged due to the ineffectiveness of current data regulation that does not oblige the companies to fully and transparently disclose how and when they use, share, or profit from the data. Furthermore, the software tool developed during the research is, we believe, the first that is capable of a comparative analysis of VA privacy with a visual demonstration to increase ease of understanding for the user

Accountable privacy preserving attribute based framework for authenticated encrypted access in clouds

In this paper, we propose an accountable privacy preserving attribute-based framework, called Ins-PAbAC, that combines attribute based encryption and attribute based signature techniques for securely sharing outsourced data contents via public cloud servers. The proposed framework presents several advantages. First, it provides an encrypted access control feature, enforced at the data owner’s side, while providing the desired expressiveness of access control policies. Second, Ins-PAbAC preserves users’ privacy, relying on an anonymous authentication mechanism, derived from a privacy preserving attribute based signature scheme that hides the users’ identifying information. Furthermore, our proposal introduces an accountable attribute based signature that enables an inspection authority to reveal the identity of the anonymously-authenticated user if needed. Third, Ins-PAbAC is provably secure, as it is resistant to both curious cloud providers and malicious users adversaries. Finally, experimental results, built upon OpenStack Swift testbed, point out the applicability of the proposed scheme in real world scenarios

Personal Data-Less Personalized Software Applications

Adoption of software solutions is often hindered by privacy concerns, especially for applications which aim to collect data capable of `total privacy eradication'. To address this, the General Data Protection Regulation (GDPR) has introduced the Data Minimization principle that stipulates on only collecting the minimum amount of data necessary to achieve a legitimate and pre-defined purpose. Privacy researchers have argued that this principle has led to a privacy-utility trade-off where the less personal data is collected by a software application the less utility users receive from that software. In this paper, we demonstrate that we can design software to provide quite ``personalized" utility even before any sensitive personal data is collected. To do so, we have re-engineered the software use process by allowing users to self-categorize within personas (i.e., generic user categories with similar software use needs to that of the intended beneficiary user groups). This approach is illustrated with a case study of home energy management system design. Only when a householder decides to fully use particular personalization features to fine-tune the application to their needs would this householder choose to give up their personal data

Machine Learning Security of Connected Autonomous Vehicles: A Systems Perspective

Machine Learning security is vital for the safe operationof Autonomous Vehicles. When Autonomous Vehicles areconnected and cooperating, they form a system of systems thathave shared objectives. However, adversarial environments andadversarial vehicles in the system can cause security challengesfor the whole system. Current research focuses on the MachineLearning security challenges from the perspective of a singlevehicle. We argue that there is a need to consider these securitychallenges from the perspective of multiple interconnected vehicles,as a system. In this paper, we explore these challenges fromthe perspective of many Connected Autonomous Vehicles as asystem with respect to Machine Learning security. We includeattack scenarios that demonstrate the system interactions thatcan lead to cascading failures, which test the resilience of thesystem. We also outline some of the challenges in researching thisperspective, where a key challenge is identifying indicators andmetrics to describe the system resilience when under attack. Toobserve the system, experimentation via simulation is identifiedas a suitable environment that can capture the complex anddynamic system interactions in this security context

Constant-size threshold attribute based signcryption for cloud applications

International audienceIn this paper, we propose a novel constant-size threshold attribute-based signcryption scheme for securely sharing data through public clouds. Our proposal has several advantages. First, it provides flexible cryptographic access control, while preserving users' privacy as the identifying information for satisfying the access control policy are not revealed. Second, the proposed scheme guarantees both data origin authentication and anonymity thanks to the novel use of attribute based signcryption mechanism, while ensuring the unlinkability between the different access sessions. Third, the proposed signcryption scheme has efficient computation cost and constant communication overhead whatever the number of involved attributes. Finally, our scheme satisfies strong security properties in the random oracle model, namely Indistinguishability against the Adaptive Chosen Ciphertext Attacks (IND-CCA2), Existential Unforgeability against Chosen Message Attacks (EUFCMA) and privacy preservation of the attributes involved in the signcryption process, based on the assumption that the augmented Multi-Sequence of Exponents Decisional Diffie-Hellman (aMSE-DDH) problem and the Computational Diffie Hellman Assumption (CDH) are har