data-enabled cities are recently accelerated and enhanced with automated learning for improved Smart Cities applications. In the context of an Internet of Things (IoT) ecosystem, the data communication is frequently c...
详细信息
ISBN:
(纸本)9781450395229
data-enabled cities are recently accelerated and enhanced with automated learning for improved Smart Cities applications. In the context of an Internet of Things (IoT) ecosystem, the data communication is frequently costly, inefficient, not scalable and lacks security. Federated Learning (FL) plays a pivotal role in providing privacy-preserving and communication efficient Machine Learning (ML) frameworks. In this paper we evaluate the feasibility of FL in the context of a Smart Cities Street Light Monitoring application. FL is evaluated against benchmarks of centralised and (fully) personalised machine learning techniques for the classification task of the lampposts operation. Incorporating FL in such a scenario shows minimal performance reduction in terms of the classification task, but huge improvements in the communication cost and the privacy preserving. These outcomes strengthen FL's viability and potential for IoT applications.
Location-based services (LBS) increasingly rely on participatory or crowd-sensed data: users voluntarily contribute data about their whereabouts and points of interest (POIs) and allow the LBS to capture the dynamical...
详细信息
ISBN:
(纸本)9781450392167
Location-based services (LBS) increasingly rely on participatory or crowd-sensed data: users voluntarily contribute data about their whereabouts and points of interest (POIs) and allow the LBS to capture the dynamically changing environment, e.g., how crowded specific places, streets, or public transportation are. Popular LBS applications do not offer strong security, less so for their participatory sensing (PS) and data contribution part. Openness favors participation and increases data, but it also makes attacks easier. Sporadic misbehavior incidents and the presumed user honesty should not be reassuring: an attacker could exploit the PS components and submit a large volume of forged data to dominate the PS-collected LBS data, locally or at a large scale. Individuals, organizations, or entire areas could be targeted, e.g., having customers diverted or causing public transportation routes or roads to appear congested. The lingering open question is whether such attacks can be perpetrated against well-established popular LBS with PS components. This paper affirms this: we investigate Google Maps, the single most popular application in this domain, and show a range of effective and scalable attacks based on very modest adversarial assumptions. We reverse-engineer the data submission process and automate attacks that craft and submit false data in volume and a targeted fashion. We collect evidence that our attacks work on POI crowdedness, traffic congestion levels, and public transportation crowdedness with extreme caution. We responsibly disclosed the attacks to Google, acknowledged them and awarded recognition. The attack methodology carries over to other LBS applications but, most importantly, raises awareness and motivates countermeasures, which we also outline here, for stronger LBS and PS security overall.
We study the problem of privacy-preserving proofs on streamed authenticated data. In this setting, a server receives a continuous stream of data from a trusted data provider, and is requested to prove computations ove...
详细信息
Zero-knowledge proof (ZKP) is a cryptographic protocol that allows one party to prove the correctness of a statement to another party without revealing any information beyond the correctness of the statement itself. I...
详细信息
ISBN:
(纸本)9781450399166
Zero-knowledge proof (ZKP) is a cryptographic protocol that allows one party to prove the correctness of a statement to another party without revealing any information beyond the correctness of the statement itself. It guarantees computation integrity and confidentiality, and is therefore increasingly adopted in industry for a variety of privacy-preserving applications, such as verifiable outsource computing and digital currency. A significant obstacle in using ZKP for online applications is the performance overhead of its proof generation. We develop GZKP, a GPU accelerated zero-knowledge proof system that supports different levels of security requirements and brings significant speedup toward making ZKP truly usable. For polynomial computation over a large finite field, GZKP promotes a cache-friendly memory access pattern while eliminating the costly external shuffle in existing solutions. For multi-scalar multiplication, GZKP adopts a new parallelization strategy, which aggressively combines integer elliptic curve point operations and exploits fine-grained task parallelism with load balancing for sparse integer distribution. GZKP outperforms the state-of-the-art ZKP systems by an order of magnitude, achieving up to 48.1x and 17.6x speedup with standard cryptographic benchmarks and a real-world application workload, respectively.
As the adoption of wearable and smart devices increases, their privacy and security are still a concern. These devices collect sensitive data and constantly communicate with each other, posing new privacy threats that...
详细信息
ISBN:
(纸本)9798400714764
As the adoption of wearable and smart devices increases, their privacy and security are still a concern. These devices collect sensitive data and constantly communicate with each other, posing new privacy threats that need to be understood and addressed. In this paper, we analyze the privacy of smart devices from a multi-device perspective. The central premise of our work is that information available at each device may be non-sensitive or lightly so, but by orchestrating information from multiple connected smart devices, it is possible to infer sensitive content. To verify this, we conduct a user study to understand user perceptions towards privacy on smart devices and contrast them with their actual behavior while operating these devices. We then present an attack framework that can leverage tightly coupled and connected smart devices, such as mobile, wearable, and smart TV, to leak sensitive information inferred from individually non-sensitive data. Finally, we introduce a tool based on NLP techniques to identify potential privacy vulnerabilities on smart devices and propose an integrated solution to increase smart devices' security. This analysis helps close the gap between user's perception and reality regarding privacy risks within their smart ecosystem.
暂无评论