416 research outputs found
Oblivion: Mitigating Privacy Leaks by Controlling the Discoverability of Online Information
Search engines are the prevalently used tools to collect information about
individuals on the Internet. Search results typically comprise a variety of
sources that contain personal information -- either intentionally released by
the person herself, or unintentionally leaked or published by third parties,
often with detrimental effects on the individual's privacy. To grant
individuals the ability to regain control over their disseminated personal
information, the European Court of Justice recently ruled that EU citizens have
a right to be forgotten in the sense that indexing systems, must offer them
technical means to request removal of links from search results that point to
sources violating their data protection rights. As of now, these technical
means consist of a web form that requires a user to manually identify all
relevant links upfront and to insert them into the web form, followed by a
manual evaluation by employees of the indexing system to assess if the request
is eligible and lawful.
We propose a universal framework Oblivion to support the automation of the
right to be forgotten in a scalable, provable and privacy-preserving manner.
First, Oblivion enables a user to automatically find and tag her disseminated
personal information using natural language processing and image recognition
techniques and file a request in a privacy-preserving manner. Second, Oblivion
provides indexing systems with an automated and provable eligibility mechanism,
asserting that the author of a request is indeed affected by an online
resource. The automated ligibility proof ensures censorship-resistance so that
only legitimately affected individuals can request the removal of corresponding
links from search results. We have conducted comprehensive evaluations, showing
that Oblivion is capable of handling 278 removal requests per second, and is
hence suitable for large-scale deployment
Password-conditioned Anonymization and Deanonymization with Face Identity Transformers
Cameras are prevalent in our daily lives, and enable many useful systems
built upon computer vision technologies such as smart cameras and home robots
for service applications. However, there is also an increasing societal concern
as the captured images/videos may contain privacy-sensitive information (e.g.,
face identity). We propose a novel face identity transformer which enables
automated photo-realistic password-based anonymization as well as
deanonymization of human faces appearing in visual data. Our face identity
transformer is trained to (1) remove face identity information after
anonymization, (2) make the recovery of the original face possible when given
the correct password, and (3) return a wrong--but photo-realistic--face given a
wrong password. Extensive experiments show that our approach enables multimodal
password-conditioned face anonymizations and deanonymizations, without
sacrificing privacy compared to existing anonymization approaches.Comment: ECCV 202
Towards Forward Secure Internet Traffic
Forward Secrecy (FS) is a security property in key-exchange algorithms which
guarantees that a compromise in the secrecy of a long-term private-key does not
compromise the secrecy of past session keys. With a growing awareness of
long-term mass surveillance programs by governments and others, FS has become
widely regarded as a highly desirable property. This is particularly true in
the TLS protocol, which is used to secure Internet communication. In this
paper, we investigate FS in pre-TLS 1.3 protocols, which do not mandate FS, but
still widely used today. We conduct an empirical analysis of over 10 million
TLS servers from three different datasets using a novel heuristic approach.
Using a modern TLS client handshake algorithms, our results show 5.37% of top
domains, 7.51% of random domains, and 26.16% of random IPs do not select FS
key-exchange algorithms. Surprisingly, 39.20% of the top domains, 24.40% of the
random domains, and 14.46% of the random IPs that do not select FS, do support
FS. In light of this analysis, we discuss possible paths toward forward secure
Internet traffic. As an improvement of the current state, we propose a new
client-side mechanism that we call "Best Effort Forward Secrecy" (BEFS), and an
extension of it that we call "Best Effort Forward Secrecy and Authenticated
Encryption" (BESAFE), which aims to guide (force) misconfigured servers to FS
using a best effort approach. Finally, within our analysis, we introduce a
novel adversarial model that we call "discriminatory" adversary, which is
applicable to the TLS protocol
A Performance and Resource Consumption Assessment of Secure Multiparty Computation
In recent years, secure multiparty computation (SMC) advanced from a
theoretical technique to a practically applicable technology. Several
frameworks were proposed of which some are still actively developed.
We perform a first comprehensive study of performance characteristics of SMC
protocols using a promising implementation based on secret sharing, a common
and state-of-the-art foundation. Therefor, we analyze its scalability with
respect to environmental parameters as the number of peers, network properties
-- namely transmission rate, packet loss, network latency -- and
parallelization of computations as parameters and execution time, CPU cycles,
memory consumption and amount of transmitted data as variables.
Our insights on the resource consumption show that such a solution is
practically applicable in intranet environments and -- with limitations -- in
Internet settings
Monitoring energy hotspots in software
International audienceGreen IT has emerged as a discipline concerned with the optimiza- tion of software solutions with regards to their energy consumption. In this domain, most of the state-of-the-art solutions concentrate on coarse-grained approaches to monitor the energy consumption of a device or a process. In this paper, we report on a fine-grained runtime energy monitoring framework we developed to help developers to diagnose energy hotspots with a better accuracy.Concretely, our approach adopts a 2-layer architecture including OS-level and process-level energy monitoring. OS-level energy monitoring estimates the energy consumption of processes according to different hardware devices (CPU, network card). Process-level energy monitoring focuses on Java-based applications and builds on OS-level energy monitoring to provide an estimation of energy consumption at the granularity of classes and methods. We argue that this per-method analysis of energy consumption provides better insights to the application in order to identify potential energy hotspots. In particular, our preliminary validation demonstrates that we can monitor energy hotspots of Jetty web servers and monitor their variations under stress scenarios
Quadratic time algorithm for inversion of binary permutation polynomials
International audienceIn this paper, we propose a new version of the Lagrangian interpolation applied to binary permutation polynomials and, more generally , permutation polynomials over prime power modular rings. We discuss its application to obfuscation and reverse engineering.Quadratic time algorithm for inversion of binary permutation polynomial
Multiparty Generation of an RSA Modulus
We present a new multiparty protocol for the distributed generation of biprime RSA moduli, with security against any subset of maliciously colluding parties assuming oblivious transfer and the hardness of factoring.
Our protocol is highly modular, and its uppermost layer can be viewed as a template that generalizes the structure of prior works and leads to a simpler security proof. We introduce a combined sampling-and-sieving technique that eliminates both the inherent leakage in the approach of Frederiksen et al. (Crypto\u2718), and the dependence upon additively homomorphic encryption in the approach of Hazay et al. (JCrypt\u2719). We combine this technique with an efficient, privacy-free check to detect malicious behavior retroactively when a sampled candidate is not a biprime, and thereby overcome covert rejection-sampling attacks and achieve both asymptotic and concrete efficiency improvements over the previous state of the art
Post-quantum cryptography
Cryptography is essential for the security of online communication, cars and implanted medical devices. However, many commonly used cryptosystems will be completely broken once large quantum computers exist. Post-quantum cryptography is cryptography under the assumption that the attacker has a large quantum computer; post-quantum cryptosystems strive to remain secure even in this scenario. This relatively young research area has seen some successes in identifying mathematical operations for which quantum algorithms offer little advantage in speed, and then building cryptographic systems around those. The central challenge in post-quantum cryptography is to meet demands for cryptographic usability and flexibility without sacrificing confidence.</p
Public Evidence from Secret Ballots
Elections seem simple---aren't they just counting? But they have a unique,
challenging combination of security and privacy requirements. The stakes are
high; the context is adversarial; the electorate needs to be convinced that the
results are correct; and the secrecy of the ballot must be ensured. And they
have practical constraints: time is of the essence, and voting systems need to
be affordable and maintainable, and usable by voters, election officials, and
pollworkers. It is thus not surprising that voting is a rich research area
spanning theory, applied cryptography, practical systems analysis, usable
security, and statistics. Election integrity involves two key concepts:
convincing evidence that outcomes are correct and privacy, which amounts to
convincing assurance that there is no evidence about how any given person
voted. These are obviously in tension. We examine how current systems walk this
tightrope.Comment: To appear in E-Vote-Id '1
- …