Biblio

Large-scale sensing and actuation infrastructures have allowed buildings to achieve significant energy savings; at the same time, these technologies introduce significant privacy risks that must be addressed. In this paper, we present a framework for modeling the trade-off between improved control performance and increased privacy risks due to occupancy sensing. More specifically, we consider occupancy-based HVAC control as the control objective and the location traces of individual occupants as the private variables. Previous studies have shown that individual location information can be inferred from occupancy measurements. To ensure privacy, we design an architecture that distorts the occupancy data in order to hide individual occupant location information while maintaining HVAC performance. Using mutual information between the individual's location trace and the reported occupancy measurement as a privacy metric, we are able to optimally design a scheme to minimize privacy risk subject to a control performance guarantee. We evaluate our framework using real-world occupancy data: first, we verify that our privacy metric accurately assesses the adversary's ability to infer private variables from the distorted sensor measurements; then, we show that control performance is maintained through simulations of building operations using these distorted occupancy readings.

This paper proposes a novel privacy-preserving smart metering system for aggregating distributed smart meter data. It addresses two important challenges: (i) individual users wish to publish sensitive smart metering data for specific purposes, and (ii) an untrusted aggregator aims to make queries on the aggregate data. We handle these challenges using two main techniques. First, we propose Fourier Perturbation Algorithm (FPA) and Wavelet Perturbation Algorithm (WPA) which utilize Fourier/Wavelet transformation and distributed differential privacy (DDP) to provide privacy for the released statistic with provable sensitivity and error bounds. Second, we leverage an exponential ElGamal encryption mechanism to enable secure communications between the users and the untrusted aggregator. Standard differential privacy techniques perform poorly for time-series data as it results in a Θ(n) noise to answer n queries, rendering the answers practically useless if n is large. Our proposed distributed differential privacy mechanism relies on Gaussian principles to generate distributed noise, which guarantees differential privacy for each user with O(1) error, and provides computational simplicity and scalability. Compared with Gaussian Perturbation Algorithm (GPA) which adds distributed Gaussian noise to the original data, the experimental results demonstrate the superiority of the proposed FPA and WPA by adding noise to the transformed coefficients.

This paper investigates the privacy-preserving problem of the distributed consensus-based energy management considering both generation units and responsive demands in smart grid. First, we reveal the private information of consumers including the electricity consumption and the sensitivity of the electricity consumption to the electricity price can be disclosed without any privacy-preserving strategy. Then, we propose a privacy-preserving algorithm to preserve the private information of consumers through designing the secret functions, and adding zero-sum and exponentially decreasing noises. We also prove that the proposed algorithm can preserve the privacy while keeping the optimality of the final state and the convergence performance unchanged. Extensive simulations validate the theoretical results and demonstrate the effectiveness of the proposed algorithm.

The Internet of Things is a disruptive paradigm based on the cooperation of a plethora of heterogeneous smart things to collect, transmit, and analyze data from the ambient environment. To this end, many monitored variables are combined by a data analysis module in order to implement efficient context-aware decision mechanisms. To ensure resource efficiency, aggregation is a long established solution, however it is applicable only in the case of one sensed variable. We extend the use of aggregation to the complex context of IoT by proposing a novel approach for secure cooperation of smart things while granting confidentiality and integrity. Traditional solutions for data concealment in resource constrained devices rely on hop-by-hop or end-to-end encryption, which are shown to be inefficient in our context. We use a more sophisticated scheme relying on homomorphic encryption which is not compromise resilient. We combine fully additive encryption with fully additive secret sharing to fulfill the required properties. Thorough security analysis and performance evaluation show a viable tradeoff between security and efficiency for our scheme.

Privacy issues in recommender systems have attracted the attention of researchers for many years. So far, a number of solutions have been proposed. Unfortunately, most of them are far from practical as they either downgrade the utility or are very inefficient. In this paper, we aim at a more practical solution, by proposing a privacy-preserving hybrid recommender system which consists of an incremental matrix factorization (IMF) component and a user-based collaborative filtering (UCF) component. The IMF component provides the fundamental utility while it allows the service provider to efficiently learn feature vectors in plaintext domain, and the UCF component improves the utility while allows users to carry out their computations in an offline manner. Leveraging somewhat homomorphic encryption (SWHE) schemes, we provide privacy-preserving candidate instantiations for both components. Our experiments demonstrate that the hybrid solution is much more efficient than existing solutions.

Machine learning algorithms based on deep neural networks (NN) have achieved remarkable results and are being extensively used in different domains. On the other hand, with increasing growth of cloud services, several Machine Learning as a Service (MLaaS) are offered where training and deploying machine learning models are performed on cloud providers' infrastructure. However, machine learning algorithms require access to raw data which is often privacy sensitive and can create potential security and privacy risks. To address this issue, we develop new techniques to provide solutions for applying deep neural network algorithms to the encrypted data. In this paper, we show that it is feasible and practical to train neural networks using encrypted data and to make encrypted predictions, and also return the predictions in an encrypted form. We demonstrate applicability of the proposed techniques and evaluate its performance. The empirical results show that it provides accurate privacy-preserving training and classification.

We propose a privacy-preserving framework for learning visual classifiers by leveraging distributed private image data. This framework is designed to aggregate multiple classifiers updated locally using private data and to ensure that no private information about the data is exposed during and after its learning procedure. We utilize a homomorphic cryptosystem that can aggregate the local classifiers while they are encrypted and thus kept secret. To overcome the high computational cost of homomorphic encryption of high-dimensional classifiers, we (1) impose sparsity constraints on local classifier updates and (2) propose a novel efficient encryption scheme named doublypermuted homomorphic encryption (DPHE) which is tailored to sparse high-dimensional data. DPHE (i) decomposes sparse data into its constituent non-zero values and their corresponding support indices, (ii) applies homomorphic encryption only to the non-zero values, and (iii) employs double permutations on the support indices to make them secret. Our experimental evaluation on several public datasets shows that the proposed approach achieves comparable performance against state-of-the-art visual recognition methods while preserving privacy and significantly outperforms other privacy-preserving methods.

Genetic data are important dataset utilised in genetic epidemiology to investigate biologically coded information within the human genome. Enormous research has been delved into in recent years in order to fully sequence and understand the genome. Personalised medicine, patient response to treatments and relationships between specific genes and certain characteristics such as phenotypes and diseases, are positive impacts of studying the genome, just to mention a few. The sensitivity, longevity and non-modifiable nature of genetic data make it even more interesting, consequently, the security and privacy for the storage and processing of genomic data beg for attention. A common activity carried out by geneticists is the association analysis between allele-allele, or even a genetic locus and a disease. We demonstrate the use of cryptographic techniques such as homomorphic encryption schemes and multiparty computations, how such analysis can be carried out in a privacy friendly manner. We compute a 3 × 3 contingency table, and then, genome analyses algorithms such as linkage disequilibrium (LD) measures, all on the encrypted domain. Our computation guarantees privacy of the genome data under our security settings, and provides up to 98.4% improvement, compared to an existing solution.

As the key component of the smart grid, smart meters fill in the gap between electrical utilities and household users. Todays smart meters are capable of collecting household power information in real-time, providing precise power dispatching control services for electrical utilities and informing real-time power price for users, which significantly improve the user experiences. However, the use of data also brings a concern about privacy leakage and the trade-off between data usability and user privacy becomes an vital problem. Existing works propose privacy-utility trade-off frameworks against statistical inference attack. However, these algorithms are basing on distorted data, and will produce cumulative errors when tracing household power usage and lead to false power state estimation, mislead dispatching control, and become an obstacle for practical application. Furthermore, previous works consider power usage as discrete variables in their optimization problems while realistic smart meter data is continuous variable. In this paper, we propose a mechanism to estimate the trade-off between utility and privacy on a continuous time-series distorted dataset, where we extend previous optimization problems to continuous variables version. Experiments results on smart meter dataset reveal that the proposed mechanism is able to prevent inference to sensitive appliances, preserve insensitive appliances, as well as permit electrical utilities to trace household power usage periodically efficiently.

Vehicular Ad-Hoc Networks (VANET) are the creation of several vehicles communicating with each other in order to create a network capable of communication and data exchange. One of the most promising methods for security and trust amongst vehicular networks is the usage of Public Key Infrastructure (PKI). However, current implementations of PKI as a security solution for determining the validity and authenticity of vehicles in a VANET is not efficient due to the usage of large amounts of delay and computational overhead. In this paper, we investigate the potential of PKI when predictively and preemptively passing along certificates to roadside units (RSU) in an effort to lower delay and computational overhead in a dynamic environment. We look to accomplish this through utilizing fog computing and propose a new protocol to pass certificates along the projected path.

This article presents PrOLoc, a localization system that combines partially homomorphic encryption with a new way of structuring the localization problem to enable emcient and accurate computation of a target's location while preserving the privacy of the observers.

This work concerns distributed consensus algorithms and application to a network intrusion detection system (NIDS) [21]. We consider the problem of defending the system against multiple data falsification attacks (Byzantine attacks), a vulnerability of distributed peer-to-peer consensus algorithms that has not been widely addressed in its practicality. We consider both naive (independent) and colluding attackers. We test three defense strategy implementations, two classified as outlier detection methods and one reputation-based method. We have narrowed our attention to outlier and reputation-based methods because they are relatively light computationally speaking. We have left out control theoretic methods which are likely the most effective methods, however their computational cost increase rapidly with the number of attackers. We compare the efficiency of these three implementations for their computational cost, detection performance, convergence behavior and possible impacts on the intrusion detection accuracy of the NIDS. Tests are performed based on simulations of distributed denial of service attacks using the KSL-KDD data set.

In smart grid, large quantities of data is collected from various applications, such as smart metering substation state monitoring, electric energy data acquisition, and smart home. Big data acquired in smart grid applications is usually sensitive. For instance, in order to dispatch accurately and support the dynamic price, lots of smart meters are installed at user's house to collect the real-time data, but all these collected data are related to user privacy. In this paper, we propose a data aggregation scheme based on secret sharing with fault tolerance in smart grid, which ensures that control center gets the integrated data without revealing user's privacy. Meanwhile, we also consider fault tolerance during the data aggregation. At last, we analyze the security of our scheme and carry out experiments to validate the results.

Power grids are undergoing major changes due to rapid growth in renewable energy resources and improvements in battery technology. While these changes enhance sustainability and efficiency, they also create significant management challenges as the complexity of power systems increases. To tackle these challenges, decentralized Internet-of-Things (IoT) solutions are emerging, which arrange local communities into transactive microgrids. Within a transactive microgrid, "prosumers" (i.e., consumers with energy generation and storage capabilities) can trade energy with each other, thereby smoothing the load on the main grid using local supply. It is hard, however, to provide security, safety, and privacy in a decentralized and transactive energy system. On the one hand, prosumers' personal information must be protected from their trade partners and the system operator. On the other hand, the system must be protected from careless or malicious trading, which could destabilize the entire grid. This paper describes Privacy-preserving Energy Transactions (PETra), which is a secure and safe solution for transactive microgrids that enables consumers to trade energy without sacrificing their privacy. PETra builds on distributed ledgers, such as blockchains, and provides anonymity for communication, bidding, and trading.

Protection of information achieves keeping confidentiality, integrity, and availability of the data. These features are essential for the proper operation of modern industrial technologies, like Smart Grid. The complex grid system integrates many electronic devices that provide an efficient way of exploiting the power systems but cause many problems due to their vulnerabilities to attacks. The aim of the work is to propose a solution to the privacy problem in Smart Grid communication network between the customers and Control center. It consists in using the relatively new cryptographic task - quantum key distribution (QKD). The solution is based on choosing an appropriate quantum key distribution method out of all the conventional ones by performing an assessment in terms of several parameters. The parameters are: key rate, operating distances, resources, and trustworthiness of the devices involved. Accordingly, we discuss an answer to the privacy problem of the SG network with regard to both security and resource economy.

As modern attacks become more stealthy and persistent, detecting or preventing them at their early stages becomes virtually impossible. Instead, an attack investigation or provenance system aims to continuously monitor and log interesting system events with minimal overhead. Later, if the system observes any anomalous behavior, it analyzes the log to identify who initiated the attack and which resources were affected by the attack and then assess and recover from any damage incurred. However, because of a fundamental tradeoff between log granularity and system performance, existing systems typically record system-call events without detailed program-level activities (e.g., memory operation) required for accurately reconstructing attack causality or demand that every monitored program be instrumented to provide program-level information. To address this issue, we propose RAIN, a Refinable Attack INvestigation system based on a record-replay technology that records system-call events during runtime and performs instruction-level dynamic information flow tracking (DIFT) during on-demand process replay. Instead of replaying every process with DIFT, RAIN conducts system-call-level reachability analysis to filter out unrelated processes and to minimize the number of processes to be replayed, making inter-process DIFT feasible. Evaluation results show that RAIN effectively prunes out unrelated processes and determines attack causality with negligible false positive rates. In addition, the runtime overhead of RAIN is similar to existing system-call level provenance systems and its analysis overhead is much smaller than full-system DIFT.

Cloud computing presents unlimited prospects for Information Technology (IT) industry and business enterprises alike. Rapid advancement brings a dark underbelly of new vulnerabilities and challenges unfolding with alarming regularity. Although cloud technology provides a ubiquitous environment facilitating business enterprises to conduct business across disparate locations, security effectiveness of this platform interspersed with threats which can bring everything that subscribes to the cloud, to a halt raises questions. However advantages of cloud platforms far outweighs drawbacks and study of new challenges helps overcome drawbacks of this technology. One such emerging security threat is of ransomware attack on the cloud which threatens to hold systems and data on cloud network to ransom with widespread damaging implications. This provides huge scope for IT security specialists to sharpen their skillset to overcome this new challenge. This paper covers the broad cloud architecture, current inherent cloud threat mechanisms, ransomware vulnerabilities posed and suggested methods to mitigate it.

This paper proposes a prototype of a level 3 autonomous vehicle using Raspberry Pi, capable of detecting the nearby vehicles using an IR sensor. We make the first attempt to analyze autonomous vehicles from a microscopic level, focusing on each vehicle and their communications with the nearby vehicles and road-side units. Two sets of passive and active experiments on a pair of prototypes were run, demonstrating the interconnectivity of the developed prototype. Several sensors were incorporated into an emulation based on System-on-Chip to further demonstrate the feasibility of the proposed model.

The factors that threaten electric power information network are analyzed. Aiming at the weakness of being unable to provide numerical value of risk, this paper presents the evaluation index system, the evaluation model and method of network security based on multilevel fuzzy comprehensive judgment. The steps and method of security evaluation by the synthesis evaluation model are provided. The results show that this method is effective to evaluate the risk of electric power information network.

With the repaid growth of social tagging users, it becomes very important for social tagging systems how the required resources are recommended to users rapidly and accurately. Firstly, the architecture of an agent-based intelligent social tagging system is constructed using agent technology. Secondly, the design and implementation of user interest mining, personalized recommendation and common preference group recommendation are presented. Finally, a self-adaptive recommendation strategy for social tagging and its implementation are proposed based on the analysis to the shortcoming of the personalized recommendation strategy and the common preference group recommendation strategy. The self-adaptive recommendation strategy achieves equilibrium selection between efficiency and accuracy, so that it solves the contradiction between efficiency and accuracy in the personalized recommendation model and the common preference recommendation model.

Location-based Services (LBSs) provide valuable features but can also reveal sensitive user information. Decentralized privacy protection removes the need for a so-called anonymizer, but relying on peers is a double-edged sword: adversaries could mislead with fictitious responses or even collude to compromise their peers' privacy. We address here exactly this problem: we strengthen the decentralized LBS privacy approach, securing peer-to-peer (P2P) interactions. Our scheme can provide precise timely P2P responses by passing proactively cached Point of Interest (POI) information. It reduces the exposure both to the honest-but-curious LBS servers and peer nodes. Our scheme allows P2P responses to be validated with very low fraction of queries affected even if a significant fraction of nodes are compromised. The exposure can be kept very low even if the LBS server or a large set of colluding curious nodes collude with curious identity management entities.

In the past decade, the information security and threat landscape has grown significantly making it difficult for a single defender to defend against all attacks at the same time. This called for introducing information sharing, a paradigm in which threat indicators are shared in a community of trust to facilitate defenses. Standards for representation, exchange, and consumption of indicators are proposed in the literature, although various issues are undermined. In this paper, we take the position of rethinking information sharing for actionable intelligence, by highlighting various issues that deserve further exploration. We argue that information sharing can benefit from well-defined use models, threat models, well-understood risk by measurement and robust scoring, well-understood and preserved privacy and quality of indicators and robust mechanism to avoid free riding behavior of selfish agents. We call for using the differential nature of data and community structures for optimizing sharing designs and structures.

In contrast with goal-oriented dialogue, social dialogue has no clear measure of task success. Consequently, evaluation of these systems is notoriously hard. In this paper, we review current evaluation methods, focusing on automatic metrics. We conclude that turn-based metrics often ignore the context and do not account for the fact that several replies are valid, while end-of-dialogue rewards are mainly hand-crafted. Both lack grounding in human perceptions.

The paper presents the study of protecting wireless sensor network (WSNs) by using game theory for malicious node. By means of game theory the malicious attack nodes can be effectively modeled. In this research there is study on different game theoretic strategies for WSNs. Wireless sensor network are made upon the open shared medium which make easy to built attack. Jamming is the most serious security threats for information preservation. The key purpose of this paper is to present a general synopsis of jamming technique, a variety of types of jammers and its prevention technique by means of game theory. There is a network go through from numerous kind of external and internal attack. The jamming of attack that can be taking place because of the high communication inside the network execute by the nodes in the network. As soon as the weighty communications raise the power expenditure and network load also increases. In research work a game theoretic representation is define for the safe communication on the network.

In this paper, we present a decentralized nonlinear robust controller to enhance the transient stability margin of synchronous generators. Although, the trend in power system control is shifting towards centralized or distributed controller approaches, the remote data dependency of these schemes fuels cyber-physical security issues. Since the excessive delay or losing remote data affect severely the operation of those controllers, the designed controller emerges as an alternative for stabilization of Smart Grids in case of unavailability of remote data and in the presence of plant parametric uncertainties. The proposed controller actuates distributed storage systems such as flywheels in order to reduce stabilization time and it implements a novel input time delay compensation technique. Lyapunov stability analysis proves that all the tracking error signals are globally uniformly ultimately bounded. Furthermore, the simulation results demonstrate that the proposed controller outperforms traditional local power systems controllers such as Power System Stabilizers.