ABSTRACT. Homomorphic e-voting is usually more efficient than shuffling-based e-voting, but depends on validity of the encrypted ballots. Proof and verification of validity of all the encrypted ballots is the efficiency bottleneck of homomorphic e-voting. So homomorphic e-voting schemes still need efficiency improvements to support users with low-capability. In this paper, a new e-voting scheme is proposed on the basis of an efficiency-improving technology, batch ZK proof of 1-out-of-2 knowledge. It achieves much higher efficiency in ballot validity proof and can improve efficiency of homomorphic e-voting to achieve an obvious advantage over the existing solutions.

ABSTRACT. Nowadays, the vehicle to grid (V2G) technology enables bi-directional energy interactions between the power grid and the battery of an electric car. However, there still exists some issues in terms of security and privacy preservation. In this paper, we propose an efficient and privacy-preserving scheme to achieve the two-way electricity trading between vehicles and the power grid, by exploiting a dynamic threshold public-key encryption algorithm. Our proposed scheme includes two phases: The first phase includes the secure aggregation of the vehicles' electricity requests and the recovery of the aggregation result; if the power grid can satisfy the aggregated electricity request, the vehicles execute in the second phase electricity trading. Meanwhile, the proposed scheme can adapt to a varying threshold of participating users, which enables the dynamic fluctuation of users. Extensive security analysis demonstrate the security properties of the proposed scheme in terms of privacy preservation and authentication. Performance evaluations are conducted to show the efficiency of our proposed scheme, and simulation results show that our scheme greatly reduces the introduced communication and computation overheads.

ABSTRACT. This work studies a vulnerability in face obfuscation techniques intended to preserve the privacy of individuals. There have been several attempts to prevent unauthorized face recognition from being performed, aiming to guarantee anonymity in video data. Most of these attempts have focused on facial areas that are thought as sensitive to contribute most to facial recognition. However, obfuscation of such facial areas is insufficient to preserve privacy because gait information such as arm movements and step characteristics can be used to identify individuals and other personal information such as gender. In this paper, we claim that individual tracking and gender estimation are possible just from the gait information extracted from a video without using face-related data. We propose a set of biometric features and an algorithm to estimate gender from skeleton data. Our experiments with more than 100 subjects demonstrate that gender is estimated with a significant accuracy of 99.86\%. The proposed identification algorithm, which is based on pattern-matching techniques, is robust against changes in the manner of walking and successfully identifies subjects with only small error of $0.036$.

ABSTRACT. Password-based authentication system has been praised for its user-friendly, cost-effective, and easily deployable features. It is arguably the most commonly used security mechanism for various resources, services, and applications. The password-based authentication scheme, on the other hand, has well-known security flaws, including vulnerability to guessing attacks. Present state-of-the-art approaches have high overheads, as well as difficulties and unreliability during training, resulting in a poor user experience and a high false positive rate. As a result, a lightweight authentication compromise detection model that can make accurate detection with a low false positive rate is required.

In this paper we propose -- LOG-OFF -- a behavior based authentication compromise detection model. LOG-OFF is a lightweight model that can be deployed efficiently in practice because it does not include a labeled dataset. Based on the assumption that the behavioral pattern of a specific user does not suddenly change, we study the real-world authentication traffic data. The dataset contains more than 4 million records. We use two features to model the user behaviors, i.e., consecutive failures and login time, and develop a novel approach. LOG-OFF learns from the historical user behaviors to construct user profiles and makes probabilistic predictions of future login attempts for authentication compromise detection. LOG-OFF has a low false positive rate and latency, making it suitable for real-world deployment. In addition, it can also evolve with time and make more accurate detection as more data is being collected.

ABSTRACT. In this paper we propose and implement a digital permissioned decentralized anonymous payment scheme that finds a balance between anonymity and auditability. This approach allows banks to ensure that their clients are not participating in illegal financial transactions, whilst clients stay in control over their sensitive, personal information. Existing anonymous payment schemes often provide good privacy, but only little or mostly no auditability. We provide both by extending the Zerocash zk-SNARK based approach and adding functionality that allows for customer due diligence 'at the gate'. Clients can do fully anonymous transactions up to a certain amount per time unit and larger transactions are forced to include verifiably encrypted transactions details that can only be opened by a select group of 'judges'.

ABSTRACT. Most newly proposed detection methods in intrusion detection incorporate machine learning models to distinguish between benign and malicious traffic. The models are validated on a handful of academic datasets and ranked based on their classification performance. This article aims to demonstrate that unbeknownst to the new models' authors, there are features in these datasets which heavily bias the results and obscure a realistic, reliable estimate of the separability of the datasets.

The contaminating influence of the features of six widely adopted intrusion detection datasets (NSL-KDD, UNSW-NB15, CIC-IDS-2017,CIC-DoS-2017, CSE-CIC-IDS-2018 and CIC-DDoS-2019) is established by testing them in single feature models. During training those models are exposed to a balanced mix of benign traffic and a single attack class. During testing, they are tasked with evaluating test sets for all attack classes.

Well-behaved, informative features were expected to yield good results on the test set where the testing attack class matched the training attack class, with some blind generalization power towards similar attack classes and weak results on unrelated attack classes. This pattern does emerge for many features, but some in each dataset show a pattern where regardless of training attack class, the models blindly generalize towards all attack classes with nearly identical classification metrics. These features provide undeserved boosts in the baseline classification scores for each dataset. By themselves, some contaminant features even push these baselines upwards of 90\% accuracy (balanced).

ABSTRACT. With the rapid growth of Internet of Things (IoT) devices and evolving 5G/6G networks, satellite communication has become extremely important, which can provide the capability of sending information from one place to another via a communication satellite in orbit around the Earth. Due to the increasing needs, the Internet traffic is naturally part of satellite communication, carrying a large number of sensitive or private information and data. As such, the proliferation of satellites may bring increased security risks. Motivated by this concern, in this work, we aim to investigate the potential security breaches in satellite communication, with a specific focus on geostationary orbit (GEO) satellites. In particular, we firstly set up an experimental environment to collect data from satellites that the hardware equipment supports, and then perform a risk assessment based on NIST. In terms of our experimental findings and risk analysis, we identify a total of 15 threat sources that may cause various security issues. In the end, we discuss potential solutions to enhance the security and lessons learnt in our setup.

ABSTRACT. The kidney exchange problem (KEP) seeks to determine a constellation of exchanges that maximizes the number of possible transplants between a set of patients and their incompatible donors. Recently, Secure Multi-Party Computation (SMPC) techniques were used to devise privacy-preserving protocols that allow the solving of the KEP in a distributed fashion. However, these protocols lack sufficient performance in practice. In the non-privacy-preserving case, the most efficient algorithms solving the KEP are based on integer programming. It is in this context, that we propose a privacy-preserving protocol based on these integer programming techniques that efficiently solves the KEP in a privacy-preserving fashion. We prove the security of this protocol and analyze its complexity. Furthermore, we provide a comprehensive performance evaluation of an implementation of the protocol in the SMPC benchmarking framework MP-SPDZ.

ABSTRACT. Mental health is an extremely important subject, especially in these unprecedented times of the COVID-19 pandemic. Ubiquitous mobile phones can equip users to supplement psychiatric treatment and manage their mental health. Mobile Mental Health (MMH) apps emerge as an effective alternative to assist with a broad range of psychological disorders filling the much-needed patient-provider accessibility gap. However, it also raises significant concerns with sensitive information leakage. The absence of a transparent privacy policy and lack of user awareness may pose a significant threat to undermining the applicability of such tools. We conducted a multifold study of - 1) Privacy policies (Manually and with Polisis, an automated framework to evaluate privacy policies); 2) App permissions; 3) Static Analysis for inherent security issues; 4) Dynamic Analysis for threat surface and vulnerabilities detection, and 5) Traffic Analysis. Our results indicate that apps’ exploitable flaws, dangerous permissions, and insecure data handling pose a potential threat to the users’ privacy and security. The Dynamic analysis identified 145 vulnerabilities in 20 top-rated MMH apps where attackers and malicious apps can access sensitive information. 45% of MMH apps use a unique identifier, Hardware Id, which can link a unique id to a particular user and probe users’ mental health. Traffic analysis shows that sensitive mental health data can be leaked through insecure data transmission. MMH apps need better scrutiny and regulation for more widespread usage to meet the increasing need for mental health care without being intrusive to the already vulnerable population.

ABSTRACT. Dynamic Searchable Symmetric Encryption (DSSE) allows a cloud server to perform search queries on a user's documents while both queries and files are encrypted. It also enables the user to update the corpus efficiently. Recently, the notion of Forward Privacy (FP) was introduced, which guarantees the privacy of a newly added document in the presence of previous queries. However, most of the existing approaches work only with honest-but-curious servers. In these schemes, it is assumed the cloud server follows the prescribed protocols, but due to the untrusted nature of the cloud servers, this assumption does not always hold in practice. Hence, it is essential to design and implement new approaches that verify the results of queries and detect malicious behavior of a cloud server. In this paper, we construct a new forward-private DSSE scheme that efficiently achieves result verifiability. To obtain this goal, along with the search results, the server provides a ``proof of work" to demonstrate result completeness. Moreover, our cost-efficient scheme supports both updates and searches. Provided security proof and performance analysis demonstrate our approach's practicality, efficiency, and security.

ABSTRACT. Network traces represent a critical piece of data for network security. Due to lack of expertise, companies are forced to outsource their network traces to third parties to perform analytics on the traces and provide security feedback and recommendations. However, these companies are reluctant to share their network traces, as they comprise sensitive information (e.g., IP addresses). Therefore, the network traces are anonymized to ensure the privacy of the data and preserve its utility. The latter guarantees that the essence of the data remains valid after anonymization, otherwise the analytics are useless. Existing solutions, such as CryptoPAN, preserves the data utility (by preserving the IP prefixes), but are vulnerable to semantic attacks.

In this paper, we propose an anonymization solution, which is based on the Feistel, which is widely used in encryption systems, such as DES and Twofish. Our solution preserves both data privacy and its utility at the same time. We validate our solution using the Kddcup99 dataset and measure the data leakage (dual of privacy) provided by our solution. We evaluate the security of our solution using the avalanche property, which is widely used to measure the security of encryption systems. Moreover, the efficacy of our solution is evaluated against Injection attacks. Overall, the obtained results, avalanche property and resistance to Injection attacks, are appealing.

ABSTRACT. Making digital evidence presentable is hard due to the intangible and complex nature of digital evidence and the variety of targeted audiences. In this paper, we present Digital Forensic Knowledge Graph (DFKG) for visualizing and reasoning about digital forensic evidence. We first describe the criteria of presentable evidence to ensure authenticity, integrity, validity, credibility, and relevance of evidence. Then we specify DFKG to capture presentable forensic evidence from three perspectives: (1) the background of a criminal case, (2) the reconstructed timeline of a criminal case, and (3) the verifiable digital evidence related to the criminal activity timeline. We also present a case study to illustrate the DFKG-based approach.

ABSTRACT. The Internet of Things (IoT) is an emerging technology that enables the development of low-cost and energy-efficient IoT devices across various solutions from smart cities to healthcare domains. With such a complex and heterogeneous instance of IoT devices and their applications, numerous challenges arise in both device management and security concerns. Thus, it is essential to develop intelligent IoT identification/profiling and intrusion detection components that are tailored to IoT applications. Such systems require a realistic and multidimensional reference IoT dataset for training and evaluation. In this paper, we analyzed the behaviour of 60 IoT devices during experiments conducted in our lab setup at the Canadian Institute for Cybersecurity (CIC). Our IoT devices include WiFi, ZigBee, and Z-Wave devices. We collected data from each device in four stages: powered on, idle, active, and interactions. Besides these stages, different scenario experiments were conducted using a microcosm of devices to simulate the network activity of a smart home. Additionally, we have generated two attack datasets, namely flood denial-of-service attack and RTSP brute-force attack. Lastly, we implement an extensive case study on the transferability of the Random Forest classifier and train our model with the dataset from our lab, transfer the model to the dataset from a different lab and test the trained model on their dataset. This paper's dataset materials are available on the CIC dataset page under the CIC IoT dataset 2022.

ABSTRACT. Privacy policies inform users of the data practices and access protocols employed by organizations and their digital counterparts. Research has shown that users often feel that these privacy policies are lengthy and complex to read and comprehend. However, it is critical for people to be aware of the data access practices employed by the organizations. Hence, much research has focused on automatically extracting privacy-specific artifacts from the policies, predominantly by using natural language classification tools. However, these classification tools are designed primarily for the classification of paragraphs or segments of the policies. In this paper, we report on our research where we identify the gap in classifying policies at a segment level, and provide an alternate definition of segment classification using sentence classification. To this aid, we train and evaluate sentence classifiers for privacy policies using BERT and XLNet. Our approach demonstrates improvements in prediction quality of existing models and hence, surpasses the current baselines for classification models, without requiring additional parameter and model tuning. Using our sentence classifiers, we also study topical structures in Alexa top 5000 website policies, in order to identify and quantify the diffusion of information pertaining to privacy-specific topics in a policy.

ABSTRACT. Mobile Crowdsourcing (MCS) is a newly-emerged sensing paradigm where a group of workers is selected to collect and share real-time data for a particular task. As the extensive development of Internet of Things (IoTs), cloud computing, and 5G network, MCS has drawn great attention in recent years. Worker selection is one of the most fundamental problems in MCS, as the selected workers' qualifications play a significant role in the service quality. In this paper, by extending the research scope of previous literature, we formulate a novel worker selection problem in MCS that incorporates spatial-temporal constraints over workers' tentative future trajectories. Specifically, each worker is required to submit a tentative future trajectory in advance and the MCS platform only selects qualified workers who meet both the spatial and temporal constraints. To increase the efficiency of worker selection, we propose a hybrid indexing approach to efficiently index workers' spatial-temporal information by combining MX-CIF quadtree and Interval tree. Besides, we design a greedy algorithm, which considers both the reliability of the selected workers and the overall budget at the same time. Furthermore, to protect workers' sensitive spatial-temporal information from being disclosed to untrusted parties, we design a privacy-preserving technique by transferring workers' real spatial-temporal information to the approximate data with restricted information. Security analysis shows that the proposed solution is privacy-preserving. Extensive experiments are conducted, and the results demonstrate that our scheme outperforms the baseline methods.

ABSTRACT. With federated learning, local learners train a shared global model using their own data, and report model updates to a server to aggregate and then update the global model. Such a learning paradigm may suffer from two attacks: privacy attacks by the untrusted server; adversarial attacks (e.g., poisoning attacks) by malicious learners. There is extensive research on addressing each of the attacks separately, but there is no scheme that can address both of them. In this paper, we propose a scheme that enables both privacy-preserving aggregation and poisoning attack detection at the server, by utilizing additive homomorphic encryption and a trusted execution environment (TEE). Our evaluation based on an implemented prototype system demonstrates that our scheme can attain a similar level of detection accuracy as the state-of-the-art poisoning detection scheme, and that the increased computational workload can be parallelized and mostly executed outside of the TEE. A privacy analysis shows that the proposed scheme can protect individual learners' model updates from being exposed.