PrivExtractor:Towards Redressing the Imbalance of Understanding Between Virtual Assistant Users and Vendors

The use of voice-controlled virtual assistants (VAs) is significant, and user numbers increase every year. Extensive use of VAs has provided the large, cash-rich technology companies who sell them with another way of consuming users' data, providing a lucrative revenue stream. Whilst these companies are legally obliged to treat users' information "fairly and responsibly,"artificial intelligence techniques used to process data have become incredibly sophisticated, leading to users' concerns that a lack of clarity is making it hard to understand the nature and scope of data collection and use.There has been little work undertaken on a self-contained user awareness tool targeting VAs. PrivExtractor, a novel web-based awareness dashboard for VA users, intends to redress this imbalance of understanding between the data "processors"and the user. It aims to achieve this using the four largest VA vendors as a case study and providing a comparison function that examines the four companies' privacy practices and their compliance with data protection law.As a result of this research, we conclude that the companies studied are largely compliant with the law, as expected. However, the user remains disadvantaged due to the ineffectiveness of current data regulation that does not oblige the companies to fully and transparently disclose how and when they use, share, or profit from the data. Furthermore, the software tool developed during the research is, we believe, the first that is capable of a comparative analysis of VA privacy with a visual demonstration to increase ease of understanding for the user

Accountable privacy preserving attribute based framework for authenticated encrypted access in clouds

In this paper, we propose an accountable privacy preserving attribute-based framework, called Ins-PAbAC, that combines attribute based encryption and attribute based signature techniques for securely sharing outsourced data contents via public cloud servers. The proposed framework presents several advantages. First, it provides an encrypted access control feature, enforced at the data owner’s side, while providing the desired expressiveness of access control policies. Second, Ins-PAbAC preserves users’ privacy, relying on an anonymous authentication mechanism, derived from a privacy preserving attribute based signature scheme that hides the users’ identifying information. Furthermore, our proposal introduces an accountable attribute based signature that enables an inspection authority to reveal the identity of the anonymously-authenticated user if needed. Third, Ins-PAbAC is provably secure, as it is resistant to both curious cloud providers and malicious users adversaries. Finally, experimental results, built upon OpenStack Swift testbed, point out the applicability of the proposed scheme in real world scenarios

Constant-size threshold attribute based signcryption for cloud applications

International audienceIn this paper, we propose a novel constant-size threshold attribute-based signcryption scheme for securely sharing data through public clouds. Our proposal has several advantages. First, it provides flexible cryptographic access control, while preserving users' privacy as the identifying information for satisfying the access control policy are not revealed. Second, the proposed scheme guarantees both data origin authentication and anonymity thanks to the novel use of attribute based signcryption mechanism, while ensuring the unlinkability between the different access sessions. Third, the proposed signcryption scheme has efficient computation cost and constant communication overhead whatever the number of involved attributes. Finally, our scheme satisfies strong security properties in the random oracle model, namely Indistinguishability against the Adaptive Chosen Ciphertext Attacks (IND-CCA2), Existential Unforgeability against Chosen Message Attacks (EUFCMA) and privacy preservation of the attributes involved in the signcryption process, based on the assumption that the augmented Multi-Sequence of Exponents Decisional Diffie-Hellman (aMSE-DDH) problem and the Computational Diffie Hellman Assumption (CDH) are har

On the Security and Privacy Challenges of Virtual Assistants

Since the purchase of Siri by Apple, and its release with the iPhone 4S in 2011, virtualassistants (VAs) have grown in number and popularity. The sophisticated natural language processingand speech recognition employed by VAs enables users to interact with them conversationally, almostas they would with another human. To service user voice requests, VAs transmit large amounts ofdata to their vendors; these data are processed and stored in the Cloud. The potential data securityand privacy issues involved in this process provided the motivation to examine the current state ofthe art in VA research. In this study, we identify peer-reviewed literature that focuses on securityand privacy concerns surrounding these assistants, including current trends in addressing how voiceassistants are vulnerable to malicious attacks and worries that the VA is recording without the user’sknowledge or consent. The findings show that not only are these worries manifold, but there is agap in the current state of the art, and no current literature reviews on the topic exist. This reviewsheds light on future research directions, such as providing solutions to perform voice authenticationwithout an external device, and the compliance of VAs with privacy regulations

Hospitalizations for communicable diseases in a developing country: prevalence and trends—Monastir, Tunisia, 2002–2013

Background: In spite of the epidemiological transition, communicable diseases remain a public health problem and represent a significant cause of morbidity and mortality worldwide, especially in developing countries. This study aimed to determine the crude and standardized prevalence rates of hospitalizations for communicable disease (HCD) and to assess trends in HCD by age and sex at a university hospital in Tunisia over a period of 12 years (2002–2013). Methods: All cases of HCD from 2002 to 2013 in the university hospital departments were included. Data collected from the regional register of hospital morbidity were used. The discharge diagnoses were coded according to the International Classification of Diseases, 10th revision (ICD-10). Results: HCD represented 17.45% of all hospitalizations during the study period (34 289/196 488; 95% confidence interval 17.28–17.62%). The median age at the time of admission was 31 years (interquartile range (IQR) 15–52 years). The median hospital length of stay (LOS) was 5 days (IQR 3–9 days). The crude prevalence rate (CPR) was 5.41 per 1000 inhabitants. The CPR was highest among patients aged ≥65 years. The four communicable disease categories that represented 70% of all HCD were abdominal infection, skin infection, genitourinary infection, and lower respiratory tract infection. The majority of HCD decreased over time; however, there was a significant increase in HIV diseases, tuberculosis, and viral hepatitis. Conclusion: This study provides evidence of the epidemiological transition, showing a decline in communicable diseases, which needs to be sustained and improved