EsPRESSo: Efficient Privacy-Preserving Evaluation of Sample Set Similarity

Electronic information is increasingly often shared among entities without complete mutual trust. To address related security and privacy issues, a few cryptographic techniques have emerged that support privacy-preserving information sharing and retrieval. One interesting open problem in this context involves two parties that need to assess the similarity of their datasets, but are reluctant to disclose their actual content. This paper presents an efficient and provably-secure construction supporting the privacy-preserving evaluation of sample set similarity, where similarity is measured as the Jaccard index. We present two protocols: the first securely computes the (Jaccard) similarity of two sets, and the second approximates it, using MinHash techniques, with lower complexities. We show that our novel protocols are attractive in many compelling applications, including document/multimedia similarity, biometric authentication, and genetic tests. In the process, we demonstrate that our constructions are appreciably more efficient than prior work.Comment: A preliminary version of this paper was published in the Proceedings of the 7th ESORICS International Workshop on Digital Privacy Management (DPM 2012). This is the full version, appearing in the Journal of Computer Securit

Poseidon: Mitigating Interest Flooding DDoS Attacks in Named Data Networking

Content-Centric Networking (CCN) is an emerging networking paradigm being considered as a possible replacement for the current IP-based host-centric Internet infrastructure. In CCN, named content becomes a first-class entity. CCN focuses on content distribution, which dominates current Internet traffic and is arguably not well served by IP. Named-Data Networking (NDN) is an example of CCN. NDN is also an active research project under the NSF Future Internet Architectures (FIA) program. FIA emphasizes security and privacy from the outset and by design. To be a viable Internet architecture, NDN must be resilient against current and emerging threats. This paper focuses on distributed denial-of-service (DDoS) attacks; in particular we address interest flooding, an attack that exploits key architectural features of NDN. We show that an adversary with limited resources can implement such attack, having a significant impact on network performance. We then introduce Poseidon: a framework for detecting and mitigating interest flooding attacks. Finally, we report on results of extensive simulations assessing proposed countermeasure.Comment: The IEEE Conference on Local Computer Networks (LCN 2013

ANDaNA: Anonymous Named Data Networking Application

Content-centric networking -- also known as information-centric networking (ICN) -- shifts emphasis from hosts and interfaces (as in today's Internet) to data. Named data becomes addressable and routable, while locations that currently store that data become irrelevant to applications. Named Data Networking (NDN) is a large collaborative research effort that exemplifies the content-centric approach to networking. NDN has some innate privacy-friendly features, such as lack of source and destination addresses on packets. However, as discussed in this paper, NDN architecture prompts some privacy concerns mainly stemming from the semantic richness of names. We examine privacy-relevant characteristics of NDN and present an initial attempt to achieve communication privacy. Specifically, we design an NDN add-on tool, called ANDaNA, that borrows a number of features from Tor. As we demonstrate via experiments, it provides comparable anonymity with lower relative overhead.Comment: NDSS 2012 - Proceedings of the Network and Distributed System Security Symposium, San Diego, California, US

Privacy-Preserving Population-Enhanced Biometric Key Generation from Free-Text Keystroke Dynamics

Biometric key generation techniques are used to reliably generate cryptographic material from biometric signals. Existing constructions require users to perform a particular activity (e.g., type or say a password, or provide a handwritten signature), and are therefore not suitable for generating keys continuously. In this paper we present a new technique for biometric key generation from free-text keystroke dynamics. This is the first technique suitable for continuous key generation. Our approach is based on a scaled parity code for key generation (and subsequent key reconstruction), and can be augmented with the use of population data to improve security and reduce key reconstruction error. In particular, we rely on linear discriminant analysis (LDA) to obtain a better representation of discriminable biometric signals. To update the LDA matrix without disclosing user's biometric information, we design a provably secure privacy-preserving protocol (PP-LDA) based on homomorphic encryption. Our biometric key generation with PP-LDA was evaluated on a dataset of 486 users. We report equal error rate around 5% when using LDA, and below 7% without LDA

Secure, Fast, and Energy-Efficient Outsourced Authentication for Smartphones

Common smartphone authentication mechanisms (e.g., PINs, graphical passwords, and fingerprint scans) are not designed to offer security post-login. Multi-modal continuous authentication addresses this issue by frequently and unobtrusively authenticating the user via behavioral biometric signals, such as touchscreen interaction and hand movements. Because smartphones can easily fall into the hands of the adversary, it is critical that the behavioral biometric information collected and processed on these devices is secured. This can be done by offloading encrypted template information to a remote server, and then performing authentication via privacy-preserving protocols. In this paper, we demonstrate that the energy overhead of current privacy-preserving protocols for continuous authentication is unsustainable on smartphones. To reduce energy consumption, we design a technique that leverages characteristics unique to the authentication setting in order to securely outsource computation to an untrusted Cloud. Our approach is secure against a colluding smartphone and Cloud, thus making it well suited for authentication. We performed extensive experimental evaluation. With our technique, the energy requirement for running an authentication instance that computes Manhattan distance is 0.2 mWh, which corresponds to a negligible fraction of the smartphone\u27s battery capacity. In addition, for Manhattan distance, our protocol runs in 0.72 and 2 s for 8 and 28 biometric features, respectively. We were also able to compute Hamming distance in 3.29 s, compared with 95.57 s achieved with the previous fastest outsourced computation protocol (Whitewash). These results demonstrate that ours is presently the only technique suitable for low-latency continuous authentication (e.g., with authentication scan windows of 60 s or shorter)

On Inferring Browsing Activity on Smartphones via USB Power Analysis Side-Channel

In this paper, we show that public USB charging stations pose a significant privacy risk to smartphone users even when no data communication is possible between the station and the user\u27s mobile device. We present a side-channel attack that allows a charging station to identify which Webpages are loaded while the smartphone is charging. To evaluate this side-channel, we collected power traces of Alexa top 50 Websites on multiple smartphones under several conditions, including battery charging level, browser cache enabled/disabled, taps on the screen, Wi-Fi/LTE, TLS encryption enabled/disabled, time elapsed between collection of training and testing data, and location of the Website. The results of our evaluation show that the attack is highly successful: in many settings, we were able to achieve over 90% Webpage identification accuracy. On the other hand, our experiments also show that this side-channel is sensitive to some of the aforementioned conditions. For instance, when training and testing traces were collected 70 days apart, accuracies were as low as 2.2%. Although there are studies that show that power-based side-channels can predict browsing activity on laptops, this paper is unique, because it is the first to study this side-channel on smartphones, under smartphone-specific constraints. Further, we demonstrate that Websites can be correctly identified within a short time span of 2 x 6 seconds, which is in contrast with prior work, which uses 15-s traces. This is important, because users typically spend less than 15 s on a Webpage