Enhancing Privacy in PUF-Cash through Multiple Trusted Third Parties and Reinforcement Learning

Electronic cash ( e-Cash ) is a digital alternative to physical currency such as coins and bank notes. Suitably constructed, e-Cash has the ability to offer an anonymous offline experience much akin to cash, and in direct contrast to traditional forms of payment such as credit and debit cards. Implementing security and privacy within e-Cash, i.e., preserving user anonymity while preventing counterfeiting, fraud, and double spending, is a non-trivial challenge. In this article, we propose major improvements to an e-Cash protocol, termed PUF-Cash, based on physical unclonable functions ( PUFs ). PUF-Cash was created as an offline-first, secure e-Cash scheme that preserved user anonymity in payments. In addition, PUF-Cash supports remote payments; an improvement over traditional currency. In this work, a novel multi-trusted-third-party exchange scheme is introduced, which is responsible for “blinding” Alice’s e-Cash tokens; a feature at the heart of preserving her anonymity. The exchange operations are governed by machine learning techniques which are uniquely applied to optimize user privacy, while remaining resistant to identity-revealing attacks by adversaries and trusted authorities. Federation of the single trusted third party into multiple entities distributes the workload, thereby improving performance and resiliency within the e-Cash system architecture. Experimental results indicate that improvements to PUF-Cash enhance user privacy and scalability.

Facial Privacy Preservation using FGSM and Universal Perturbation attacks

<p>Recent research has established the possibility of deducing soft-biometric attributes such as age, gender and race from an individual’s face image with high accuracy. Many techniques have been proposed to ensure user privacy, such as visible distortions to the images, manipulation of the original image with new face attributes, face swapping etc. Though these techniques achieve the goal of user privacy by fooling face recognition models, they don’t help the user when they want to upload original images without visible distortions or manipulation. The objective of this work is to implement techniques to ensure the privacy of user’s sensitive or personal data in face images by creating minimum pixel level distortions using white-box and black-box perturbation algorithms to fool AI models while maintaining the integrity of the image, so as to appear the same to a human eye.</p><div><br></div>

Facial Privacy Preservation using FGSM and Universal Perturbation attacks

<p>Recent research has established the possibility of deducing soft-biometric attributes such as age, gender and race from an individual’s face image with high accuracy. Many techniques have been proposed to ensure user privacy, such as visible distortions to the images, manipulation of the original image with new face attributes, face swapping etc. Though these techniques achieve the goal of user privacy by fooling face recognition models, they don’t help the user when they want to upload original images without visible distortions or manipulation. The objective of this work is to implement techniques to ensure the privacy of user’s sensitive or personal data in face images by creating minimum pixel level distortions using white-box and black-box perturbation algorithms to fool AI models while maintaining the integrity of the image, so as to appear the same to a human eye.</p><div><br></div>

The Impact of Decentralized Technologies on Social Media Megacorporations

Social media is a mega-industry built by systematically monetizing the exploitation of human emotions, reactions, and biases. The authors explain how this industry became so profitable by creating a fear of missing out (FOMO) to command our attention, blending news and content in one feed to keep users 'in-app', and using powerful algorithms to promote more provocative posts, filter content, and trigger the reward centres of our brains. The authors examine how decentralized technologies, including cryptocurrencies, tokenization, and blockchain are being developed and deployed into new social media applications. The authors speculate on how these blockchain-backed startups could challenge the status quo and appeal to new expectations of user privacy, tighter regulation, and a more equitable monetization system.

An efficient anonymous group handover authentication protocol for MTC devices for 5G networks

Machine Type Communication (MTC) has been emerging for a wide range of applications and services for the Internet of Things (IoT). In some scenarios, a large group of MTC devices (MTCDs) may enter the communication coverage of a new target base station simultaneously. However, the current handover mechanism specified by the Third Generation Partnership Project (3GPP) incur high signalling overhead over the access network and the core network for such scenario. Moreover, other existing solutions have several security problems in terms of failure of key forward secrecy (KFS) and lack of mutual authentication. In this paper, we propose an efficient authentication protocol for a group of MTCDs in all handover scenarios. By the proposal, the messages of two MTCDs are concatenated and sent by an authenticated group member to reduce the signalling cost. The proposed protocol has been analysed on its security functionality to show its ability to preserve user privacy and resist from major typical malicious attacks. It can be expected that the proposed scheme is applicable to all kinds of group mobility scenarios such as a platoon of vehicles or a high-speed train. The performance evaluation demonstrates that the proposed protocol is efficient in terms of computational and signalling cost.

Security of Cloud based Medical of Internet Things (MIoTs)

In this digital era expectations for medical quality have increased. As the number of patients continues to increase, conventional health care methods are having to deal with new complications. In light of these observations, researchers suggested a hybrid combination of conventional health care methods with IoT technology and develop MIoT. The goal of IoMT is to ensure that patients can respond more effectively and efficiently to their treatment. But preserving user privacy is a critical issue when it comes to collecting and handling highly sensitive personal health data. However, IoMTs have limited processing power; hence, they can only implement minimal security techniques. Consequently, throughout the health data transfer through MIoT, patient’s data is at risk of data leakage. This manuscript per the authors emphasizes the need of implementing suitable security measures to increase the IoMT's resilience to cyberattacks. Additionally, this manuscript per the authors discusses the main security and privacy issues associated with IoMT and provide an overview of existing techniques.

Toward Responsible AI: An Overview of Federated Learning for User-centered Privacy-preserving Computing

With the rapid advances of Artificial Intelligence (AI) technologies and applications, an increasing concern is on the development and application of responsible AI technologies. Building AI technologies or machine-learning models often requires massive amounts of data, which may include sensitive, user private information to be collected from different sites or countries. Privacy, security, and data governance constraints rule out a brute force process in the acquisition and integration of these data. It is thus a serious challenge to protect user privacy while achieving high-performance models. This article reviews recent progress of federated learning in addressing this challenge in the context of privacy-preserving computing. Federated learning allows global AI models to be trained and used among multiple decentralized data sources with high security and privacy guarantees, as well as sound incentive mechanisms. This article presents the background, motivations, definitions, architectures, and applications of federated learning as a new paradigm for building privacy-preserving, responsible AI ecosystems.

Promoting Privacy Considerations in Real-World Projects in Capstone Courses with Ideation Cards

Nearly all software built today impinges upon end-user privacy and needs to comply with relevant regulations. Therefore, there have been increasing calls for integrating considerations of compliance with privacy regulations throughout the software engineering lifecycle. However, software engineers are typically trained in the technical fields and lack sufficient knowledge and support for sociotechnical considerations of privacy. Privacy ideation cards attempt to address this issue by making privacy compliance understandable and actionable for software developers. However, the application of privacy ideation cards in real-world software projects has not yet been systemically investigated. The effectiveness of ideation cards as a pedagogical tool has not yet been examined either. We address these gaps by studying how teams of undergraduate students applied privacy ideation cards in capstone projects that involved building real-world software for industry sponsors. We found that privacy ideation cards fostered greater consideration and understanding of the extent to which the projects aligned with privacy regulations. We identified three main themes from student discussions of privacy compliance: (i) defining personal data; (ii) assigning responsibility for privacy compliance; and (iii) determining and exercising autonomy. The results suggest that application of the cards for real-world projects requires careful consideration of intersecting factors such as the stage at which the cards are used and the autonomy available to the developers. Pedagogically, ideation cards can facilitate low-level cognitive engagement (especially the cognitive processes of meaning construction and interpretation) for specific components within a project. Higher-level cognitive processes were comparatively rare in ideation sessions. These findings provide important insight to help enhance capstone instruction and to improve privacy ideation cards to increase their impact on the privacy properties of the developed software.

PMHE:A Wearable Medical Sensor Assisted Framework For Health Care Based On Blockchain And Privacy Computing

Nowadays, smart medical cloud platforms have become a new direction in the industry. However, because the medical system involves personal physiological data, user privacy in data transmission and processing is also easy to leak in the smart medical cloud platform. This paper proposed a medical data privacy protection framework named PMHE based on blockchain and fully homomorphic encryption technology. The framework receives personal physiological data from wearable devices on the client side, and uses blockchain as data storage to ensure that the data cannot be tampered with or forged; Besides, it use fully homomorphic encryption method to design a disease prediction model, which was implemented using smart contracts. In PMHE, data is encoded and encrypted on the client side, and encrypted data is uploaded to the cloud platform via the public Internet, preventing privacy leakage caused by channel eavesdropping; Smart contracts run on the blockchain platform for disease prediction, and the operators participating in computing are encrypted user data too, so it avoids privacy and security issues caused by platform data leakage. The client-to-cloud interaction protocol is also designed to overcome the defect that fully homomorphic encryption only supports addition and multiplication by submitting tuples on the client side, to ensure that the prediction model can perform complex computing. In addition, the design of the smart contract is introduced in detail, and the performance of the system is analyzed. Finally, experiments are conducted to verify the operating effect of the system, ensuring that user privacy is not leaked without affecting the accuracy of the model, and realizing a smart medical cloud platform in which data can be used but cannot be borrowed.

Thru-the-wall Eavesdropping on Loudspeakers via RFID by Capturing Sub-mm Level Vibration

The unprecedented success of speech recognition methods has stimulated the wide usage of intelligent audio systems, which provides new attack opportunities for stealing the user privacy through eavesdropping on the loudspeakers. Effective eavesdropping methods employ a high-speed camera, relying on LOS to measure object vibrations, or utilize WiFi MIMO antenna array, requiring to eavesdrop in quiet environments. In this paper, we explore the possibility of eavesdropping on the loudspeaker based on COTS RFID tags, which are prevalently deployed in many corners of our daily lives. We propose Tag-Bug that focuses on the human voice with complex frequency bands and performs the thru-the-wall eavesdropping on the loudspeaker by capturing sub-mm level vibration. Tag-Bug extracts sound characteristics through two means: (1) Vibration effect, where a tag directly vibrates caused by sounds; (2) Reflection effect, where a tag does not vibrate but senses the reflection signals from nearby vibrating objects. To amplify the influence of vibration signals, we design a new signal feature referred as Modulated Signal Difference (MSD) to reconstruct the sound from RF-signals. To improve the quality of the reconstructed sound for human voice recognition, we apply a Conditional Generative Adversarial Network (CGAN) to recover the full-frequency band from the partial-frequency band of the reconstructed sound. Extensive experiments on the USRP platform show that Tag-Bug can successfully capture the monotone sound when the loudness is larger than 60dB. Tag-Bug can efficiently recognize the numbers of human voice with 95.3%, 85.3% and 87.5% precision in the free-space eavesdropping, thru-the-brick-wall eavesdropping and thru-the-insulating-glass eavesdropping, respectively. Tag-Bug can also accurately recognize the letters with 87% precision in the free-space eavesdropping.