Privacy and Security Concerns Associated with Mobile Money Applications in Africa

The rapid adoption of mobile money use in Africa raises concerns regarding the privacy and security of users, particularly in light of Financial Action Task Force recommendations requiring user transparency and the collection of transaction data. The transparency required of the now-financially-included—particularly in nations with weak adherence to the rule of law and limited privacy protections—leaves users vulnerable to abuse. Further, the increasing complexity of mobile phone use that is indicative of mobile money applications raises concerns regarding Africa’s preparedness for heightened security threats that come hand in hand with increased use. To address these problems, the authors of this Article recommend specific policy actions by African nations to improve consumer privacy and cybersecurity, supported by policies of industrialized nations like the United States and responsible corporate behavior

Practical Hidden Voice Attacks against Speech and Speaker Recognition Systems

Voice Processing Systems (VPSes), now widely deployed, have been made significantly more accurate through the application of recent advances in machine learning. However, adversarial machine learning has similarly advanced and has been used to demonstrate that VPSes are vulnerable to the injection of hidden commands - audio obscured by noise that is correctly recognized by a VPS but not by human beings. Such attacks, though, are often highly dependent on white-box knowledge of a specific machine learning model and limited to specific microphones and speakers, making their use across different acoustic hardware platforms (and thus their practicality) limited. In this paper, we break these dependencies and make hidden command attacks more practical through model-agnostic (blackbox) attacks, which exploit knowledge of the signal processing algorithms commonly used by VPSes to generate the data fed into machine learning systems. Specifically, we exploit the fact that multiple source audio samples have similar feature vectors when transformed by acoustic feature extraction algorithms (e.g., FFTs). We develop four classes of perturbations that create unintelligible audio and test them against 12 machine learning models, including 7 proprietary models (e.g., Google Speech API, Bing Speech API, IBM Speech API, Azure Speaker API, etc), and demonstrate successful attacks against all targets. Moreover, we successfully use our maliciously generated audio samples in multiple hardware configurations, demonstrating effectiveness across both models and real systems. In so doing, we demonstrate that domain-specific knowledge of audio signal processing represents a practical means of generating successful hidden voice command attacks

Continued monitoring of acute kidney injury survivors might not be necessary in those regaining an estimated glomerular filtration rate > 60 mL/min at 1 year

Background. Severe acute kidney injury (AKI) among hospitalized patients often necessitates initiation of short-term dialysis. Little is known about the long-term outcome of those who recover to normal renal function. The aim of this study was to determine the long-term renal outcome of patients experiencing AKI requiring dialysis secondary to hypoperfusion injury and/or sepsis who recovered to apparently normal renal function. Methods. All adult patients with AKI requiring dialysis in our centre between 1 January 1980 and 31 December 2010 were identified. We included patients who had estimated glomerular filtration rate (eGFR) >60 mL/min/1.73 m2 12 months or later after the episode of AKI. Patients were followed up until 3 March 2015. The primary outcome was time to chronic kidney disease (CKD) (defined as eGFR persistently <60 mL/min/1.73 m2) from first dialysis for AKI. Results. Among 2922 patients with a single episode of dialysis-requiring AKI, 396 patients met the study inclusion criteria. The mean age was 49.8 (standard deviation 16.5) years and median follow-up was 7.9 [interquartile range (IQR) 4.8–12.7] years. Thirty-five (8.8%) of the patients ultimately developed CKD after a median of 5.3 (IQR 2.8–8.0) years from first dialysis for AKI giving an incidence rate of 1 per 100 person-years. Increasing age, diabetes and vascular disease were associated with higher risk of progression to CKD [adjusted hazard ratios (95% confidence interval): 1.06 (1.03, 1.09), 3.05 (1.41, 6.57) and 3.56 (1.80, 7.03), respectively]. Conclusions. Recovery from AKI necessitating in-hospital dialysis was associated with a very low risk of progression to CKD. Most of the patients who progressed to CKD had concurrent medical conditions meriting monitoring of renal function. Therefore, it seems unlikely that regular follow-up of renal function is beneficial in patients who recover to eGFR >60 mL/min/1.73 m2 by 12 months after an episode of AKI

Renal replacement modality and stroke risk in end-stage renal disease—a national registry study

Background: The risk of stroke in end-stage renal disease (ESRD) on renal replacement therapy (RRT) is up to 10-fold greater than the general population. However, whether this increased risk differs by RRT modality is unclear. Methods: We used data contained in the Scottish Renal Registry and the Scottish Stroke Care Audit to identify stroke in all adult patients who commenced RRT for ESRD from 2005 to 2013. Incidence rate was calculated and regression analyses were performed to identify variables associated with stroke. We explored the effect of RRT modality at initiation and cumulative dialysis exposure by time-dependent regression analysis, using transplant recipients as the reference group. Results: A total of 4957 patients commenced RRT for ESRD. Median age was 64.5 years, 41.5% were female and 277 patients suffered a stroke (incidence rate was 18.6/1000 patient-years). Patients who had stroke were older, had higher blood pressure and were more likely to be female and have diabetes. On multivariable regression older age, female sex, diabetes and higher serum phosphate were associated with risk of stroke. RRT modality at initiation was not. On time-dependent analysis, haemodialysis (HD) exposure was independently associated with increased risk of stroke. Conclusions: In patients with ESRD who initiate RRT, HD use independently increases risk of stroke compared with transplantation. Use of peritoneal dialysis did not increase risk on adjusted analysis

OPFE: Outsourcing Computation for Private Function Evaluation

Outsourcing secure multiparty computation(SMC) protocols has allowed resource-constrained devices to take advantage of these developing cryptographic primitives with great efficiency. While the existing constructions for outsourced SMC guarantee input and output privacy, they require that all parties know the function being evaluated. Thus, stronger security guarantees are necessary in applications where the function itself needs to be kept private. We develop the first linear-complexity protocols for outsourcing private function evaluation (PFE), a subset of SMC protocols that provide both input and function privacy. Assuming a semi-honest function holder, we build on the most efficient two-party PFE constructions to develop outsourced protocols that are secure against a semi-honest, covert, or malicious Cloud server and malicious mobile devices providing input to the function. Our protocols require minimal symmetric key operations and only two rounds of communication from the mobile participants. As a secondary contribution, we develop a technique for combining public and private sub-circuits in a single computation called partially-circuit private (PCP) garbling. This novel garbling technique allows us to apply auxiliary circuits to check for malicious behavior using only free-XOR overhead gates rather than the significantly more costly PFE gate construction. These protocols demonstrate the feasibility of outsourced PFE and provide a first step towards developing privacy-preserving applications for use in Cloud computing

Association between urinary sodium, creatinine, albumin, and long term survival in chronic kidney disease

Dietary sodium intake is associated with hypertension and cardiovascular risk in the general population. In patients with chronic kidney disease, sodium intake has been associated with progressive renal disease, but not independently of proteinuria. We studied the relationship between urinary sodium excretion and urinary sodium:creatinine ratio and mortality or requirement for renal replacement therapy in chronic kidney disease. Adults attending a renal clinic who had at least one 24-hour urinary sodium measurement were identified. 24-hour urinary sodium measures were collected and urinary sodium:creatinine ratio calculated. Time to renal replacement therapy or death was recorded. 423 patients were identified with mean estimated glomerular filtration rate of 48ml/min/1.73m<sup>2</sup>. 90 patients required renal replacement therapy and 102 patients died. Mean slope decline in estimated glomerular filtration rate was -2.8ml/min/1.73m<sup>2</sup>/year. Median follow-up was 8.5 years. Patients who died or required renal replacement therapy had significantly higher urinary sodium excretion and urinary sodium:creatinine but the association with these parameters and poor outcome was not independent of renal function, age and albuminuria. When stratified by albuminuria, urinary sodium:creatinine was a significant cumulative additional risk for mortality, even in patients with low level albuminuria. There was no association between low urinary sodium and risk, as observed in some studies. This study demonstrates an association between urinary sodium excretion and mortality in chronic kidney disease, with a cumulative relationship between sodium excretion, albuminuria and reduced survival. These data support reducing dietary sodium intake in chronic kidney disease but further study is required to determine the target sodium intake

Whitewash: Outsourcing Garbled Circuit Generation for Mobile Devices

Research areas: Information Security and Cryptography, Secure Multiparty Computation, Mobile SecurityGarbled circuits offer a powerful primitive for computation on a user’s personal data while keeping that data private. Despite recent improvements, constructing and evaluating circuits of any useful size remains expensive on the limited hardware resources of a smartphone, the primary computational device available to most users around the world. In this work, we develop a new technique for securely outsourcing the generation of garbled circuits to a Cloud provider. By outsourcing the circuit generation, we are able to eliminate the most costly operations from the mobile device, including oblivious transfers. After proving the security of our techniques in the malicious model, we experimentally demonstrate that our new protocol, built on this role reversal, decreases execution time by 98% and reduces network costs by as much as 63% compared to previous outsourcing protocols. In so doing, we demonstrate that the use of garbled circuits on mobile devices can be made nearly as practical as it is becoming for server-class machines

Leveraging Cellular Infrastructure to Improve Fraud Prevention

Abstract—The relationship between physical security and crit-ical infrastructure has traditionally been unidirectional- the former being necessary to sustain the latter. However, certain pieces of critical infrastructure hold the potential to significantly improve the security of individuals and their most sensitive information. In this paper, we develop a pair of mechanisms for cellular networks and mobile devices that augment the physical security of their users ’ financial credentials. In particular, we create FrauVent, a multi-modal protocol that provides users with information related to a pending questionable transaction (e.g., transaction value, location, vendor) in a way that improves the available context for approving or rejecting such exchanges. Through protocol design, formal verification and implementation of an application for the Android platform, we develop a robust tool to help reduce the costs of fraud without requiring financial institutions to significantly change their extensively deployed end systems (i.e., card readers). More critically, we provide a general framework that allows cellular infrastructure to actively improve the physical security of sensitive information