Another Look at Privacy-Preserving Automated Contact Tracing

In the current COVID-19 pandemic, manual contact tracing has been proven to be very helpful to reach close contacts of infected users and slow down spread of the virus. To improve its scalability, a number of automated contact tracing (ACT) solutions have been proposed, and some of them have been deployed. Despite the dedicated efforts, security and privacy issues of these solutions are still open and under intensive debate. In this article, we examine the ACT concept from a broader perspective, by focusing on not only security and privacy issues but also functional issues such as interface, usability, and coverage. We first elaborate on these issues and particularly point out the inevitable privacy leakages in existing Bluetooth Low Energy based ACT solutions, including centralized and decentralized ones. In addition, we examine the existing venue-based ACT solutions and identify their privacy and security concerns. Then, we propose a generic venue-based ACT solution and a concrete instantiation based on Bluetooth Low Energy technology. Our solution monitors users’ contacting history only in virus-spreading-prone venues and offers higher-level protection for both security and privacy than its predecessors. Finally, we evaluate our solution from security, privacy, and efficiency perspectives, and also highlight how to reduce false positives in some specific indoor environments.

Multi-Tier Stack of Block Chain with Proxy Re-Encryption Method Scheme on the Internet of Things Platform

Block chain provides an innovative solution to information storage, transaction execution, security, and trust building in an open environment. The block chain is technological progress for cyber security and cryptography, with efficiency-related cases varying in smart grids, smart contracts, over the IoT, etc. The movement to exchange data on a server has massively increased with the introduction of the Internet of Things. Hence, in this research, Splitting of proxy re-encryption method (Split-PRE) has been suggested based on the IoT to improve security and privacy in a private block chain. This study proposes a block chain-based proxy re-encryption program to resolve both the trust and scalability problems and to simplify the transactions. After encryption, the system saves the Internet of Things data in a distributed cloud. The framework offers dynamic, smart contracts between the sensor and the device user without the intervention of a trustworthy third party to exchange the captured IoT data. It uses an efficient proxy re-encryption system, which provides the owner and the person existing in the smart contract to see the data. The experimental outcomes show that the proposed approach enhances the efficiency, security, privacy, and feasibility of the system when compared to other existing methods.

DeFFusion: CNN-based Continuous Authentication Using Deep Feature Fusion

Smartphones have become crucial and important in our daily life, but the security and privacy issues have been major concerns of smartphone users. In this article, we present DeFFusion, a CNN-based continuous authentication system using Deep Feature Fusion for smartphone users by leveraging the accelerometer and gyroscope ubiquitously built into smartphones. With the collected data, DeFFusion first converts the time domain data into frequency domain data using the fast Fourier transform and then inputs both of them into a designed CNN, respectively. With the CNN-extracted features, DeFFusion conducts the feature selection utilizing factor analysis and exploits balanced feature concatenation to fuse these deep features. Based on the one-class SVM classifier, DeFFusion authenticates current users as a legitimate user or an impostor. We evaluate the authentication performance of DeFFusion in terms of impact of training data size and time window size, accuracy comparison on different features over different classifiers and on different classifiers with the same CNN-extracted features, accuracy on unseen users, time efficiency, and comparison with representative authentication methods. The experimental results demonstrate that DeFFusion has the best accuracy by achieving the mean equal error rate of 1.00% in a 5-second time window size.

Alexa, Who Am I Speaking To?: Understanding Users’ Ability to Identify Third-Party Apps on Amazon Alexa

Many Internet of Things devices have voice user interfaces. One of the most popular voice user interfaces is Amazon’s Alexa, which supports more than 50,000 third-party applications (“skills”). We study how Alexa’s integration of these skills may confuse users. Our survey of 237 participants found that users do not understand that skills are often operated by third parties, that they often confuse third-party skills with native Alexa functions, and that they are unaware of the functions that the native Alexa system supports. Surprisingly, users who interact with Alexa more frequently are more likely to conclude that a third-party skill is a native Alexa function. The potential for misunderstanding creates new security and privacy risks: attackers can develop third-party skills that operate without users’ knowledge or masquerade as native Alexa functions. To mitigate this threat, we make design recommendations to help users better distinguish native functionality and third-party skills, including audio and visual indicators of native and third-party contexts, as well as a consistent design standard to help users learn what functions are and are not possible on Alexa.

Blockchain Adoption for Provenance and Traceability in the Retail Food Supply Chain

Blockchain has evolved as one of the disruptive technologies in the landscape of business. The study aims to investigate drivers of consumer adoption of blockchain for product origin and track to trace history before making a purchase. An extended technology adoption model (TAM) has been proposed to examine the consumer perspective for blockchain adoption in the food supply chain. Based on the survey of 208 retail consumers the proposed model was validated using variance-based structure equation modeling. Findings of the study emphasize the significant role of perceived security and privacy in developing trust, ease of use, and usefulness of blockchain-enabled systems. The relationship between perceived ease of use and attitude is mediated through perceived usefulness. The strong influence of attitude on adoption intention represents the consumer interest for blockchain to understand the product provenance. Study provides vital insights for successful blockchain implementation to enhance supply chain effectiveness.

Automated Security Assessment Framework for Wearable BLE-enabled Health Monitoring Devices

The growth of IoT technology, increasing prevalence of embedded devices, and advancements in biomedical technology have led to the emergence of numerous wearable health monitoring devices (WHMDs) in clinical settings and in the community. The majority of these devices are Bluetooth Low Energy (BLE) enabled. Though the advantages offered by BLE-enabled WHMDs in tracking, diagnosing, and intervening with patients are substantial, the risk of cyberattacks on these devices is likely to increase with device complexity and new communication protocols. Furthermore, vendors face risk and financial tradeoffs between speed to market and ensuring device security in all situations. Previous research has explored the security and privacy of such devices by manually testing popular BLE-enabled WHMDs in the market and generally discussed categories of possible attacks, while mostly focused on IP devices. In this work, we propose a new semi-automated framework that can be used to identify and discover both known and unknown vulnerabilities in WHMDs. To demonstrate its implementation, we validate it with a number of commercially available BLE-enabled enabled wearable devices. Our results show that the devices are vulnerable to a number of attacks, including eavesdropping, data manipulation, and denial of service attacks. The proposed framework could therefore be used to evaluate potential devices before adoption into a secure network or, ideally, during the design and implementation of new devices.

Integration of Blockchain with Connected and Autonomous Vehicles: Vision and Challenge

Connected and Autonomous Vehicles (CAVs) are introduced to improve individuals’ quality of life by offering a wide range of services. They collect a huge amount of data and exchange them with each other and the infrastructure. The collected data usually includes sensitive information about the users and the surrounding environment. Therefore, data security and privacy are among the main challenges in this industry. Blockchain, an emerging distributed ledger, has been considered by the research community as a potential solution for enhancing data security, integrity, and transparency in Intelligent Transportation Systems (ITS). However, despite the emphasis of governments on the transparency of personal data protection practices, CAV stakeholders have not been successful in communicating appropriate information with the end users regarding the procedure of collecting, storing, and processing their personal data, as well as the data ownership. This article provides a vision of the opportunities and challenges of adopting blockchain in ITS from the “data transparency” and “privacy” perspective. The main aim is to answer the following questions: (1) Considering the amount of personal data collected by the CAVs, such as location, how would the integration of blockchain technology affect transparency , fairness , and lawfulness of personal data processing concerning the data subjects (as this is one of the main principles in the existing data protection regulations)? (2) How can the trade-off between transparency and privacy be addressed in blockchain-based ITS use cases?

Biometric iris templates security based on secret image sharing and chaotic maps

Biometric technique includes of uniquely identifying person based on their physical or behavioural characteristics. It is mainly used for authentication. Storing the template in the database is not a safe approach, because it can be stolen or be tampered with. Due to its importance the template needs to be protected. To treat this safety issue, the suggested system employed a method for securely storing the iris template in the database which is a merging approach for secret image sharing and hiding to enhance security and protect the privacy by decomposing the template into two independent host (public) iris images. The original template can be reconstructed only when both host images are available. Either host image does not expose the identity of the original biometric image. The security and privacy in biometrics-based authentication system is augmented by storing the data in the form of shadows at separated places instead of whole data at one. The proposed biometric recognition system includes iris segmentation algorithms, feature extraction algorithms, a (2, 2) secret sharing and hiding. The experimental results are conducted on standard colour UBIRIS v1 data set. The results indicate that the biometric template protection methods are capable of offering a solution for vulnerability that threatens the biometric template.

Enhancing Privacy in PUF-Cash through Multiple Trusted Third Parties and Reinforcement Learning

Electronic cash ( e-Cash ) is a digital alternative to physical currency such as coins and bank notes. Suitably constructed, e-Cash has the ability to offer an anonymous offline experience much akin to cash, and in direct contrast to traditional forms of payment such as credit and debit cards. Implementing security and privacy within e-Cash, i.e., preserving user anonymity while preventing counterfeiting, fraud, and double spending, is a non-trivial challenge. In this article, we propose major improvements to an e-Cash protocol, termed PUF-Cash, based on physical unclonable functions ( PUFs ). PUF-Cash was created as an offline-first, secure e-Cash scheme that preserved user anonymity in payments. In addition, PUF-Cash supports remote payments; an improvement over traditional currency. In this work, a novel multi-trusted-third-party exchange scheme is introduced, which is responsible for “blinding” Alice’s e-Cash tokens; a feature at the heart of preserving her anonymity. The exchange operations are governed by machine learning techniques which are uniquely applied to optimize user privacy, while remaining resistant to identity-revealing attacks by adversaries and trusted authorities. Federation of the single trusted third party into multiple entities distributes the workload, thereby improving performance and resiliency within the e-Cash system architecture. Experimental results indicate that improvements to PUF-Cash enhance user privacy and scalability.