Biblio

Mobile browsers have become one of the main mediators of our online activities. However, as web pages continue to increase in size and streaming media on-the-go has become commonplace, mobile data plan constraints remain a significant concern for users. As a result, data-saving features can be a differentiating factor when selecting a mobile browser. In this paper, we present a comprehensive exploration of the security and privacy threat that data-saving functionality presents to users. We conduct the first analysis of Android's data-saving browser (DSB) ecosystem across multiple dimensions, including the characteristics of the various browsers' infrastructure, their application and protocol-level behavior, and their effect on users' browsing experience. Our research unequivocally demonstrates that enabling data-saving functionality in major browsers results in significant degradation of the user's security posture by introducing severe vulnerabilities that are not otherwise present in the browser during normal operation. In summary, our experiments show that enabling data savings exposes users to (i) proxy servers running outdated software, (ii) man-in-the-middle attacks due to problematic validation of TLS certificates, (iii) weakened TLS cipher suite selection, (iv) lack of support of security headers like HSTS, and (v) a higher likelihood of being labelled as bots. While the discovered issues can be addressed, we argue that data-saving functionality presents inherent risks in an increasingly-encrypted Web, and users should be alerted of the critical savings-vs-security trade-off that they implicitly accept every time they enable such functionality.

In digital communication, the transmission of medical images over communication network is very explosive. We need a communication system to transmit the medical information rapidly and securely. In this manuscript, we propose a cryptosystem with novel encoding strategy and lossless compression technique. The chaos based DNA cryptography is used to enrich security of medical images. The lossless Discrete Haar Wavelet Transform is used to reduce space and time efficiency during transmission. The cryptanalysis proves that proposed cryptosystem is secure against different types of attacks. The compression ratio and pixel comparison is performed to verify the similarity of retained medical image.

In order to erase data including confidential in-formation stored in storage devices, an unrelated and random sequence is usually overwritten, which prevents the data from being restored. The problem of minimizing the cost for information erasure when the amount of information leakage of the confidential information should be less than or equal to a constant asymptotically has been introduced by T. Matsuta and T. Uyematsu. Whereas the minimum cost for overwriting has been given for general sources, a single-letter characterization for stationary memoryless sources is not easily derived. In this paper, we give single-letter characterizations for stationary memoryless sources under two types of restrictions: one requires the output distribution of the encoder to be independent and identically distributed (i.i.d.) and the other requires it to be memoryless but not necessarily i.i.d. asymptotically. The characterizations indicate the relation among the amount of information leakage, the minimum cost for information erasure and the rate of the size of uniformly distributed sequences. The obtained results show that the minimum costs are different between these restrictions.

Device-Free Localization and Tracking (DFLT) acts as a key component for the contactless awareness applications such as elderly care and home security. However, the random phase errors in WiFi signal and weak target echoes submerged in background clutter signals are mainly obstacles for current DFLT systems. In this paper, we propose the design and implementation of MuTrack, a multiparameter based DFLT system using commodity WiFi devices with a single link. Firstly, we select an antenna with maximum reliability index as the reference antenna for signal sanitization in which the conjugate operation removes the random phase errors. Secondly, we design a multi-dimensional parameters estimator and then refine path parameters by optimizing the complete data of path components. Finally, the Hungarian Kalman Filter based tracking method is proposed to derive accurate locations from low-resolution parameter estimates. We extensively validate the proposed system in typical indoor environment and these experimental results show that MuTrack can achieve high tracking accuracy with the mean error of 0.82 m using only a single link.

As an essential part to intelligently fine-grained scheduling, planning and maintenance in smart grid and energy internet, short-term load forecasting makes great progress recently owing to the big data collected from smart meters and the leap forward in machine learning technologies. However, the centralized computing topology of classical electric information system, where individual electricity consumption data are frequently transmitted to the cloud center for load forecasting, tends to violate electric consumers' privacy as well as to increase the pressure on network bandwidth. To tackle the tricky issues, we propose a privacy-preserving framework based on the edge-fog-cloud continuum for smart grid. Specifically, 1) we gravitate the training of load forecasting models and forecasting workloads to distributed smart meters so that consumers' raw data are handled locally, and only the forecasting outputs that have been protected are reported to the cloud center via fog nodes; 2) we protect the local forecasting models that imply electricity features from model extraction attacks by model randomization; 3) we exploit a shuffle scheme among smart meters to protect the data ownership privacy, and utilize a re-encryption scheme to guarantee the forecasting data privacy. Finally, through comprehensive simulation and analysis, we validate our proposed privacy-preserving framework in terms of privacy protection, and computation and communication efficiency.

The paper proposes a new measurement method for impairments identification in wireline channels (i.e. wire cables) by exploiting a Compressive Sampling (CS)-based technique. The method consists of two-phases: (i) acquisition and reconstruction of the channel impulse response in the nominal working condition and (ii) analysis of the channel state to detect any physical anomaly/discontinuity like deterioration (e.g. aging due to harsh environment) or unauthorized side channel attacks (e.g. taps). The first results demonstrate that the proposed method is capable of estimating the channel impairments with an accuracy that could allow the classification of the main channel impairments. The proposed method could be used to develop low-cost instrumentation for continuous monitoring of the physical layer of data networks and to improve their hardware security.

Information sharing through internet has becoming challenge due to high-risk factor of attacks to the information being transferred. In this paper, a novel image-encryption edge based Image steganography technique is proposed. The proposed algorithm uses logistic map for encrypting the information prior to transmission. Laplacian of Gaussian (LoG) edge operator is used to find edge areas of the colored-cover-image. Simulation analysis demonstrates that the proposed algorithm has a good amount of payload along with better results of security analysis. The proposed scheme is compared with the existing-methods.

Data sharing through the cloud is flourishing with the development of cloud computing technology. The new wave of technology will also give rise to new security challenges, particularly the data confidentiality in cloud-based sharing applications. Searchable encryption is considered as one of the most promising solutions for balancing data confidentiality and usability. However, most existing searchable encryption schemes cannot simultaneously satisfy requirements for both high search efficiency and strong security due to lack of some must-have properties, such as parallel search and forward security. To address this problem, we propose a variant searchable encryption with parallelism and forward privacy, namely the parallel and forward private searchable public-key encryption (PFP-SPE). PFP-SPE scheme achieves both the parallelism and forward privacy at the expense of slightly higher storage costs. PFP-SPE has similar search efficiency with that of some searchable symmetric encryption schemes but no key distribution problem. The security analysis and the performance evaluation on a real-world dataset demonstrate that the proposed scheme is suitable for practical application.

The ability to specify various policies with different overriding criteria allows for complex sets of sharing policies. This is particularly useful in situations in which data privacy depends on various properties of the data, and complex policies are needed to express the conditions under which data is protected. However, if overriding policy decisions constrain the affected data, decisions from overridden policies should not be suppressed completely, because they can still apply to subsets of the affected data. This article describes how a privacy policy framework can be extended with a mechanism to partially override decisions based on specified constraints. Our solution automatically generates complementary sets of decisions for both the overridden and the complementary, non-overridden subsets of the data, and thus, provides a means to specify a complex policies tailored to specific properties of the protected data.

The threats from side-channel attacks to modern processors has become a serious problem, especially under the enhancement of the microarchitecture characteristics with multicore and resource sharing. Therefore, the research and measurement of the vulnerability of the side-channel attack of the system is of great significance for computer designers. Most of the current evaluation methods proposed by researchers are only for typical cache side-channel attacks. In this paper, we propose a method to measure systems' vulnerability to side-channel attacks caused by port contention called pcSVF. We collected the traces of the victim and attacker and computed the correlation coefficient between them, thus we can measure the vulnerability of the system against side-channel attack. Then we analyzed the effectiveness of the method through the results under different system defense schemes.

Tunnel approach to the security and privacy aspects of communication networks has been an issue since the inception of networking technologies. Neither the technology nor the regulatory and legal frame works proactively play a significant role towards addressing the ever escalating security challenges. As we have move to ubiquitous computing paradigm where information secrecy and privacy is coupled with new challenges of human to machine and machine to machine interfaces, a transformational model for security should be visited. This research is attempted to highlight the peripheral view of IoT based miniature device security paradigm with focus on standardization, regulations, user adaptation, software and applications, low computing resources and power consumption, human to machine interface and privacy.

In traditional virtual asset trading market, several risks, e.g. scams, cheating users, and market reach, have been pushed to users (sellers/buyers). Users need to decide who to trust; otherwise, no business. This fact impedes the growth of virtual asset trading market. In the past few years, several virtual asset marketplaces have embraced blockchain and smart contract technology to alleviate such risks, while trying to address privacy and scalability issues. To attain both speed and non-repudiation property for all transactions, existing blockchain-based exchange systems still cannot fully accomplish. In real-life trading, users use traditional contract to provide non-repudiation to achieve accountability in all committed transactions, so-called thorough non-repudiation. This is essential when dispute happens. To achieve similar thorough non-repudiation as well as privacy and scalability, we propose PEX, Privacy-preserved, multi-tier EXchange framework for cross platform virtual assets trading. PEX creates a smart contract for each virtual asset trading request. The key to address the challenges is to devise two-level distributed ledgers with two different types of quorums where one is for public knowledge in a global ledger and the other is for confidential information in a private ledger. A private quorum is formed to process individual smart contract and record the transactions in a private distributed ledger in order to maintain privacy. Smart contract execution checkpoints will be continuously written in a global ledger to strengthen thorough non-repudiation. PEX smart contract can be executed in parallel to promote scalability. PEX is also equipped with our reputation-based network to track contribution and discourage malicious behavior nodes or users, building healthy virtual asset ecosystem.

Today, everyone is highly dependent on the internet. Everyone performed online shopping and online activities such as online Bank, online booking, online recharge and more on internet. Phishing is a type of website threat and phishing is Illegally on the original website Information such as login id, password and information of credit card. This paper proposed an efficient machine learning based phishing detection technique. Overall, experimental results show that the proposed technique, when integrated with the Support vector machine classifier, has the best performance of accurately distinguishing 95.66% of phishing and appropriate websites using only 22.5% of the innovative functionality. The proposed technique exhibits optimistic results when benchmarking with a range of standard phishing datasets of the “University of California Irvine (UCI)” archive. Therefore, proposed technique is preferred and used for phishing detection based on machine learning.

We propose a photonic compressive sampling scheme based on multimode fiber for radio spectrum sensing, which shows high accuracy and stability, and low complexity and cost. Pulse overlapping is utilized for a fast detection. © 2020 The Author(s).

In this New Age where information has an indispensable value for companies and data mining technologies are growing in the area of Information Technology, privacy remains a sensitive issue in the approach to the exploitation of the large volume of data generated and processed by companies. The way data is collected, handled and destined is not yet clearly defined and has been the subject of constant debate by several areas of activity. This literature review gives an overview of privacy in the era of Business Analytics and Big Data in different timelines, the opportunities and challenges faced, aiming to broaden discussions on a subject that deserves extreme attention and aims to show that, despite measures for data protection have been created, there is still a need to discuss the subject among the different parties involved in the process to achieve a positive ideal for both users and companies.

Since GDPR was introduced, there is a reinforcement of the fact that users must give their consent before their personal data can be managed by any website. However, many studies have demonstrated that users often skip these policies and click the "I agree" button to continue browsing, being unaware of what the consent they gave was about, hence defeating the purpose of GDPR. This paper investigates if different ways of presenting users the privacy policy can change this behaviour and can lead to an increased awareness of the user in relation to what the user agrees with. Three different types of policies were used in the study: a full-text policy, a so-called usable policy, and a video-based policy. Results demonstrated that the type of policy has a direct influence on the user awareness and user satisfaction. The two alternatives to the text-based policy lead to a significant increase of user awareness in relation to the content of the policy and to a significant increase in the user satisfaction in relation to the usability of the policy.

In an online social network, users exhibit personal information to enjoy social interaction. The social network provider (SNP) exploits users' information for revenue generation through targeted advertising. The SNP can present ads to proper users efficiently. Therefore, an advertiser is more willing to pay for targeted advertising. However, the over-exploitation of users' information would invade users' privacy, which would negatively impact users' social activeness. Motivated by this, we study the optimal privacy policy of the SNP with targeted advertising business. We characterize the privacy policy in terms of the fraction of users' information that the provider should exploit, and formulate the interactions among users, advertiser, and SNP as a three-stage Stackelberg game. By carefully leveraging supermodularity property, we reveal from the equilibrium analysis that higher information exploitation will discourage users from exhibiting information, lowering the overall amount of exploited information and harming advertising revenue. We further characterize the optimal privacy policy based on the connection between users' information levels and privacy policy. Numerical results reveal some useful insights that the optimal policy can well balance the users' trade-off between social benefit and privacy loss.

Smart Meters (SM) are IoT end devices used to collect user utility consumption with limited processing power on the edge of the smart grid (SG). While SMs have great applications in providing data analysis to the utility provider and consumers, private user information can be inferred from SMs readings. For preserving user privacy, a number of methods were developed that use perturbation by adding noise to alter user load and hide consumer data. Most methods limit the amount of perturbation noise using differential privacy to preserve the benefits of data analysis. However, additive noise perturbation may have an undesirable effect on billing. Additionally, users may desire to select complete privacy without giving consent to having their data analyzed. We present a virtual battery model that uses perturbation with additive noise obtained from a virtual chargeable battery. The level of noise can be set to make user data differentially private preserving statistics or break differential privacy discarding the benefits of data analysis for more privacy. Our model uses fog aggregation with authentication and encryption that employs lightweight cryptographic primitives. We use Diffie-Hellman key exchange for symmetrical encryption of transferred data and a two-way challenge-response method for authentication.

In recent days the attention of the researchers has been grabbed by the advent of fog computing which is found to be a conservatory of cloud computing. The fog computing is found to be more advantageous and it solves mighty issues of the cloud namely higher delay and also no proper mobility awareness and location related awareness are found in the cloud environment. The IoT devices are connected to the fog nodes which support the cloud services to accumulate and process a component of data. The presence of Fog nodes not only reduces the demands of processing data, but it had improved the quality of service in real time scenarios. Nevertheless the fog node endures from challenges of false data injection, privacy violation in IoT devices and violating integrity of data. This paper is going to address the key issues related to homomorphic encryption algorithms which is used by various researchers for providing data integrity and authenticity of the devices with their merits and demerits.

Many organizations are still reluctant to move sensitive data to the cloud. Moreover, data protection regulations have established considerable punishments for violations of privacy and security requirements. Privacy, however, is a concept that is difficult to measure and to demonstrate. While many privacy design strategies, tactics and patterns have been proposed for privacy-preserving system design, it is difficult to evaluate an existing system with regards to whether these strategies have or have not appropriately been implemented. In this paper we propose indicators for a system's non-compliance with privacy design strategies, called privacy smells. To that end we first identify concrete metrics that measure certain aspects of existing privacy design strategies. We then define smells based on these metrics and discuss their limitations and usefulness. We identify these indicators on two levels of a cloud system: the data flow level and the access control level. Using a cloud system built in Microsoft Azure we show how the metrics can be measured technically and discuss the differences to other cloud providers, namely Amazon Web Services and Google Cloud Platform. We argue that while it is difficult to evaluate the privacy-awareness in a cloud system overall, certain privacy aspects in cloud systems can be mapped to useful metrics that can indicate underlying privacy problems. With this approach we aim at enabling cloud users and auditors to detect deep-rooted privacy problems in cloud systems.

Online privacy policies are lengthy and hard to comprehend. To address this problem, researchers have utilized machine learning (ML) to devise tools that automatically summarize online privacy policies for web users. One such tool is our free and publicly available browser extension, PrivacyCheck. In this paper, we enhance PrivacyCheck by adding a competitor analysis component-a part of PrivacyCheck that recommends other organizations in the same market sector with better privacy policies. We also monitored the usage patterns of about a thousand actual PrivacyCheck users, the first work to track the usage and traffic of an ML-based privacy analysis tool. Results show: (1) there is a good number of privacy policy URLs checked repeatedly by the user base; (2) the users are particularly interested in privacy policies of software services; and (3) PrivacyCheck increased the number of times a user consults privacy policies by 80%. Our work demonstrates the potential of ML-based privacy analysis tools and also sheds light on how these tools are used in practice to give users actionable knowledge they can use to pro-actively protect their privacy.

Smart meters (SMs) play a pivotal rule in the smart grid by being able to report the electricity usage of consumers to the utility provider (UP) almost in real-time. However, this could leak sensitive information about the consumers to the UP or a third-party. Recent works have leveraged the availability of energy storage devices, e.g., a rechargeable battery (RB), in order to provide privacy to the consumers with minimal additional energy cost. In this paper, a privacy-cost management unit (PCMU) is proposed based on a model-free deep reinforcement learning algorithm, called deep double Q-learning (DDQL). Empirical results evaluated on actual SMs data are presented to compare DDQL with the state-of-the-art, i.e., classical Q-learning (CQL). Additionally, the performance of the method is investigated for two concrete cases where attackers aim to infer the actual demand load and the occupancy status of dwellings. Finally, an abstract information-theoretic characterization is provided.

Load profiling is to cluster power consumption data to generate load patterns showing typical behaviors of consumers, and thus it has enormous potential applications in smart grid. However, short-interval readings would generate massive smart meter data. Although cloud computing provides an excellent choice to analyze such big data, it also brings significant privacy concerns since the cloud is not fully trustworthy. In this paper, based on a modified vector homomorphic encryption (VHE), we propose a privacy-preserving and outsourced k-means clustering scheme (PPOk M) for secure load profiling over encrypted meter data. In particular, we design a similarity-measuring method that effectively and non-interactively performs encrypted distance metrics. Besides, we present an integrity verification technique to detect the sloppy cloud server, which intends to stop iterations early to save computational cost. In addition, extensive experiments and analysis show that PPOk M achieves high accuracy and performance while preserving convergence and privacy.

The necessity for peer-to-peer (p2p) communications is obvious; current centralized solutions are capturing and storing too much information from the individual people communicating with each other. Privacy concerns with a centralized solution in possession of all the users data are a difficult matter. HELIOS platform introduces a new social-media platform that is not in control of any central operator, but brings the power of possession of the data back to the users. It does not have centralized servers that store and handle receiving/sending of the messages. Instead, it relies on the current open-source solutions available in the p2p communities to propagate the messages to the wanted recipients of the data and/or messages. The p2p communications also introduce new problems in terms of privacy and tracking of the user, as the nodes part of a p2p network can see what data the other nodes provide and ask for. How the sharing of data in a p2p network can be achieved securely, taking into account the user's privacy is a question that has not been fully answered so far. We do not claim we answer this question fully in this paper either, but we propose a set of protocols to help answer one specific problem. Especially, this paper proposes how to privately share data (end-point address or other) of the user between other users, provided that they have previously connected with each other securely, either offline or online.

A cyber-physical system (CPS) is a term that implements mainly three parts, Physical elements, communication networks, and control systems. Currently, CPS includes the Internet of Things (IoT), Internet of Vehicles (IoV), and many other systems. These systems face many security challenges and different types of attacks, such as Jamming, DDoS.CPS attacks tend to be much smarter and more dynamic; thus, it needs defending strategies that can handle this level of intelligence and dynamicity. Last few years, many researchers use machine learning as a base solution to many CPS security issues. This paper provides a survey of the recent works that utilized the Q-Learning algorithm in terms of security enabling and privacy-preserving. Different adoption of Q-Learning for security and defending strategies are studied. The state-of-the-art of Q-learning and CPS systems are classified and analyzed according to their attacks, domain, supported techniques, and details of the Q-Learning algorithm. Finally, this work highlight The future research trends toward efficient utilization of Q-learning and deep Q-learning on CPS security.