An E-Passport System with Multi-Stage Authentication : A Casestudy of the Security of Sri Lankaas E-Passport

E-passport or Electronic passport is one of the newly established research areas, especially since in the last few years there have been numerous reported attempts of illegal immigration across a number of country borders. Therefore, many countries are choosing to introduce electronic passports for their citizens and to automate the verification process at their border control security. The current e-passport systems are based on two technologies: RFID and Biometrics. New applications of RFID technology have been introduced in various aspects of people2019;s lives. Even though this technology has existed for more than a decade, it still holds considerable security and privacy risks. But together with RFID and biometric technologies an e-passport verification system can reduce fraud, identity theft and will help governments worldwide to improve security at their country borders. In 2017 Sri Lankan government proposed to introduce a new epassport scheme which will contain embedded RFID tags for person identification purpose. Therefore, this paper proposes a novel multi-stage e-passport verification scheme based on watermarking, biometrics and RFID

Preserving individual privacy in ubiquitous e-commerce environments: a utility preserving approach for user-based privacy control

Applications such as e-commerce, smart home appliances, and healthcare systems, amongst other things, have become part and parcel of our daily lives. The data aggregated through these applications combined with state-of-the-art machine learning approaches have even increased the widespread uptake of these applications. However, such data aggregation and analytical practices have raised privacy concerns among users. Privacy-preserving machine learning models mitigate these concerns through private data aggregation and analytical techniques. The first objective of this thesis is to design a privacy preserving data aggregation and analytical approach for recommendation systems. Recommendation systems rely heavily on behavioural and preferential data of a user to produce accurate recommendations. Aggregation of such data can reveal sensitive information about users to the Third-Party Service Providers (TPSPs). We start with designing a recommendation system that uses Local Differential Privacy (LDP) based input data perturbation mechanism to perturb users’ ratings locally before sending it to the TPSP. Hence, the TPSP aggregates only the perturbed ratings and has no access to original ratings. This approach protects a user’s privacy from TPSPs who aggregate ratings to infer any sensitive information. Next, we propose an LDP-based hybrid recommendation framework to protect users’ privacy from TPSPs who aggregate both ratings and reviews. We propose to perturb user ratings and pre-process user reviews at the user-side before sending them to the TPSP. Such an approach ensures that the TPSP cannot aggregate the original ratings or reviews from the users. However, these approaches still do not protect a user’s privacy from TPSPs who collect implicit feedback to predict a user’s preferences. Hence, we design an LDP-based federated matrix factorization for implicit feedback. We motivate the idea of stochastic gradient perturbation using the Bounded Laplace (BLP) mechanism to ensure strong privacy protection for users. The second objective of this thesis is to design a privacy preserving untraceable TPSP-based payment protocol. A TPSP based payment system does not protect a customer’s privacy in the face of an untrustworthy TPSP. Customers cannot make transactions anonymously as the TPSP collects detailed transaction-related information. TPSP uses this information to create a comprehensive behaviour profile of each customer, based on which TPSP can deduce sensitive information about a customer’s lifestyle. Hence we propose an untraceable payment system in this thesis to tackle this problem

Private and Utility Enhanced Recommendations with Local Differential Privacy and Gaussian Mixture Model

Recommendation systems rely heavily on behavioural and preferential data (e.g. ratings and likes) of a user to produce accurate recommendations. However, such unethical data aggregation and analytical practices of Service Providers (SP) causes privacy concerns among users. Local differential privacy (LDP) based perturbation mechanisms address this concern by adding noise to users' data at the user-side before sending it to the SP. The SP then uses the perturbed data to perform recommendations. Although LDP protects the privacy of users from SP, it causes a substantial decline in recommendation accuracy. We propose an LDP-based Matrix Factorization (MF) with a Gaussian Mixture Model (MoG) to address this problem. The LDP perturbation mechanism, i.e., Bounded Laplace (BLP), regulates the effect of noise by confining the perturbed ratings to a predetermined domain. We derive a sufficient condition of the scale parameter for BLP to satisfy ε -LDP. We use the MoG model at the SP to estimate the noise added locally to the ratings and the MF algorithm to predict missing ratings. Our LDP based recommendation system improves the predictive accuracy without violating LDP principles. We demonstrate that our method offers a substantial increase in recommendation accuracy under a strong privacy guarantee through empirical evaluations on three real-world datasets, i.e., Movielens, Libimseti and Jester

Local Differentially Private Matrix Factorization For Recommendations

In recent years recommendation systems have become popular in the e-commerce industry as they can be used to provide a personalized experience to users. However, performing analytics on users' information has also raised privacy concerns. Various privacy protection mechanisms have been proposed for recommendation systems against user-side adversaries. However most of them disregards the privacy violations caused by the service providers. In this paper, we propose a local differential privacy mechanism for matrix factorization based recommendation systems. In our mechanism, users perturb their ratings locally on their devices using Laplace and randomized response mechanisms and send the perturbed ratings to the service provider. We evaluate the proposed mechanism using Movielens dataset and demonstrate that it can achieve a satisfactory tradeoff between data utility and user privacy

A Local Differential Privacy based Hybrid Recommendation Model with BERT and Matrix Factorization

Many works have proposed integrating sentiment analysis with collaborative filtering algorithms to improve the accuracy of recommendation systems. As a result, service providers collect both reviews and ratings, which is increasingly causing privacy concerns among users. Several works have used the Local Differential Privacy (LDP) based input perturbation mechanism to address privacy concerns related to the aggregation of ratings. However, researchers have failed to address whether perturbing just ratings can protect the privacy of users when both reviews and ratings are collected. We answer this question in this paper by applying an LDP based perturbation mechanism in a recommendation system that integrates collaborative filtering with a sentiment analysis model. On the user-side, we use the Bounded Laplace mechanism (BLP) as the input rating perturbation method and Bidirectional Encoder Representations from Transformers (BERT) to tokenize the reviews. At the service provider’s side, we use Matrix Factorization (MF) with Mixture of Gaussian (MoG) as our collaborative filtering algorithm and Convolutional Neural Network (CNN) as the sentiment classification model. We demonstrate that our proposed recommendation system model produces adequate recommendation accuracy under strong privacy protection using Amazon’s review and rating datasets