- Speaker: Mina Sheikhalishahi
- Title: Privacy-preserving collaborative data analysis
- Abstract: Facing the new challenges brought by a continuous evolving Information Technologies (IT) market,
large companies and small-to-medium enterprises found in Information Sharing a valid instrument to improve their key performance indexes.
Sharing data with partners, authorities for data collection and even competitors, may help in inferring additional intelligence through collaborative information analysis.
Such an intelligence could be exploited to improve revenues, prevent loss coming from brand-new potential cyber-threats, or analysis of medical data.
Independently from the final goal, unfortunately information sharing brings issues and drawbacks, which must be addressed.
These issues are mainly related to the information privacy.
Hence, an information analysis framework must also include a set of mechanisms to ensure confidentiality and privacy of shared information.
To address this issue, in this talk, it is assumed that data is distributed between two (or more) parties.
For mutual benefits, the data holders are interested in collaborative data analysis on the whole of their data,
but for privacy concerns they are not willing to share their original data sets.
Different scenarios of the problem are considered and addressed as the following:
1) when data is distributed either horizontally or vertically;
2) when data is planed to be exploited for constructing a clustering algorithm or a classifier ;
3) when different privacy mechanisms, e.g. data anonymization, or secure multi-party computation, are exploited.
In all these scenarios, it is planed to balance the data utility loss and privacy gain.
- Speaker: Cheng-Te Li
- Title: Tackling the Achilles Heel of Online Streaming Services:
Towards Better Music Recommendation Systemsby User Identification
- Abstract: Nowadays users in online streaming services can consume items, such as movies in Netƒix and music in Spotify and KKBOX. While users tend to pursue unlimited, diverse, and high-quality streaming content, service providers earn the pro€t by charging fees. However, the prices may be too expensive for users to a‚ord. Hence, lots of users may share accounts, instead of individually purchasing premium accounts. To this end, the recommenders embedded in streaming services cannot deliver satisfying recommendation, and user experience is cut down and the pro€t is reduced. In this talk, I will present how to detect shared accounts, identify which users use the same account, and predict the current user of a new session issued by an account. A session-based heterogeneous graph embedding technique is developed to achieve these goals and boost the performance of music recommendationsystems.
- Speaker: Razvan Rosie
- Title: Key-Robustness for Cryptographic Primitives
- Abstract: Robustness is a notion often tacitly assumed while working with encrypted
data. Roughly speaking, it states that a ciphertext cannot be decrypted
under different keys. Initially formalized in a public-key context, it has
been further extended to key-encapsulation mechanisms.
In this talk, we begin by studying the security of symmetric primitives
under the incorrect usage of keys. We formalize simple, yet strong
definitions of key robustness for authenticated-encryption,
message-authentication codes and PRFs. We show standard notions (such as
AE or PRF security) guarantee a basic level of key-robustness under
honestly generated keys, but fail to imply key-robustness under
adversarially generated (or known) keys. We show robust encryption and
MACs compose well through generic composition, and identify robust PRFs as
the main primitive used in building robust schemes. Standard hash
functions are expected to satisfy key-robustness and PRF security, and
hence suffice for practical instantiations. We however provide further
theoretical justifications (in the standard model) by constructing robust
PRFs from (left-and-right) collision-resistant PRGs.
Next, we motivate the importance of establishing similar guarantees for
digital and functional signatures (a signature should not verify under
multiple keys), as well as for functional encryption schemes under
adversarially generated keys. We describe scenarios that can result in
attacks against existing constructions if robustness fails. We show that
there exist simple, generic transformations that convert a scheme into a
functionally equivalent but robust one, preserving in particular the
original scheme’s guarantees.
- Speaker: Richard Clayton
- Title: Booters, Beagles, Blogs, Blackmail and other Badness
- Abstract: This talks presents a number of relatively small pieces of research into cybercrime - not all of which has yet made into published academic papers. For most of the badness I will be showing you live websites and
explaining how and why they exist - and what we currently know about
the criminals that operate them. Much of the underlying data can be made
available from the Cambridge Cybercrime Centre should you wish to extend
this research yourself.
- Speaker: Iraklis Symeonidis
- Title: Analysis and design of privacy-enhancing systems: the case of Facebook and car sharing
- Abstract: The advancement of communication technologies such as the Internet, mobile communications, wireless networks and online platforms has eased the exchange of information between individuals: it has enabled collection of large amounts of personal data to an ever-increasing rate. In this talk we focus on two use cases: the interdependent privacy on Facebook and the privacy issues of car sharing systems. First, I will present a comprehensive analysis and countermeasures of the interdependent privacy problem on Facebook; providers of third-party applications on Facebook exploit the interdependency between users and their friends. Second, I will present the privacy issues on car sharing systems; owing to the massive amounts of personal information, rich information about individuals' everyday lives and habits can be extracted, enabling profiling. Finally, I will present a fully-fledged privacy-enhancing protocol (sketch) for car access provision as a solution design.
- Speaker: David Mestel
- Title: Quantifying information flow in interactive systems
- Abstract: Given a system with which two agents interact, how much information can each obtain about the actions of the other? This is relevant to many situations: for instance, a single processor may host threads belonging to both trusted and untrusted users, especially in `the cloud', and unauthorised communication between threads via cache timing channels was also crucial to the notorious Meltdown and Spectre attacks. It turns out that if the shared system is deterministic then this reduces to a natural combinatorial problem, namely computing the maximum sizes of antichains in certain partially ordered sets. For the case where the shared system is modelled by a finite automaton, solution of this problem yields a nice dichotomy theorem between logarithmic and linear information flow, together with an algorithm for determining which case holds for a particular protocol specification.
- Speaker: Karola Marky
- Title: Investigation of Human Factors in End-to-End Verifiable E-Voting Schemes
- Abstract: E-voting delivers benefits in terms of efficiency and accessibility and is already used in a number of countries.
End-to-end verifiable e-voting schemes facilitate verification of the integrity of individual votes as well as the election outcome.
Voters are actively involved in end-to-end verifiable e-voting schemes, therefore these schemes have to be tailored according to the voters' needs.
This talk gives an overview on the investigation of human factors in end-to-end verifiable e-voting schemes and resulting challenges.
- Speaker: Boris Skoric
- Title: Quantum security with optical PUFs
- Abstract: The combination of optical PUFs and quantum optics makes it possible to build protocols whose security relies on physical assumptions, e.g. the assumption that it is difficult to losslessly emulate a PUF's behaviour.
QSA (Quantum Secure Authentication) is an example of such a protocol.
Unfortunately, QSA requires a two-way quantum channel.
This talk discusses a new protocol, PUF-Enabled Asymmetric Communication (PEAC), which needs only a one-way channel.
- Speaker: Lara Schmid
- Title: How to model (e-voting) protocols in Tamarin
- Abstract: The Tamarin prover is a tool for the symbolic modeling and analysis of security protocols. It takes as input a protocol model, a specification of the adversary, and a specification of the protocol's desired properties. Tamarin can then be used to automatically check if the protocol fulfills the properties, given that arbitrarily many instances of the protocol's roles are run in parallel with the adversary.
In addition to trace properties, Tamarin can express observational equivalence properties. Such properties express that an adversary cannot distinguish two systems and are especially useful for modeling privacy.
In this talk, we present an introduction to the Tamarin tool and
explain how a protocol specified in traditional Alice&Bob notation can be translated to the Tamarin protocol model. Furthermore, we explain on the example of a simplified e-voting protocol how properties such as privacy and receipt-freeness can be modeled with Tamarin's built in observational equivalence theory.
- Speaker: Tiziano Bianchi
- Title: User Authentication via PRNU-Based Physical Unclonable Functions
- Abstract: Multifactor user authentication systems enhance security by augmenting passwords with the verification of additional pieces of information such as the possession of a particular device. In this work we present an innovative user authentication scheme that verifies the possession of the user's smartphone by uniquely identifying its camera sensor. High-frequency components of the photo-response nonuniformity of the optical sensor are extracted from raw images and used as a weak physical unclonable function. A novel scheme for efficient transmission and server-side verification is also designed based on adaptive random projections and on an innovative fuzzy extractor using polar codes. The security of the system is thoroughly analyzed under different attack scenarios both theoretically and experimentally.
Back to SRM presentations.
For questions and comments contact