Information Security Commons^™

A Conceptual Decentralized Identity Solution For State Government, Martin Duclos

Theses and Dissertations

In recent years, state governments, exemplified by Mississippi, have significantly expanded their online service offerings to reduce costs and improve efficiency. However, this shift has led to challenges in managing digital identities effectively, with multiple fragmented solutions in use. This paper proposes a Self-Sovereign Identity (SSI) framework based on distributed ledger technology. SSI grants individuals control over their digital identities, enhancing privacy and security without relying on a centralized authority. The contributions of this research include increased efficiency, improved privacy and security, enhanced user satisfaction, and reduced costs in state government digital identity management. The paper provides background on digital …

Privacy-Preserving Bloom Filter-Based Keyword Search Over Large Encrypted Cloud Data, Yanrong Liang, Jianfeng Ma, Yinbin Miao, Da Kuang, Xiangdong Meng, Robert H. Deng

Research Collection School Of Computing and Information Systems

To achieve the search over encrypted data in cloud server, Searchable Encryption (SE) has attracted extensive attention from both academic and industrial fields. The existing Bloom filter-based SE schemes can achieve similarity search, but will generally incur high false positive rates, and even leak the privacy of values in Bloom filters (BF). To solve the above problems, we first propose a basic Privacy-preserving Bloom filter-based Keyword Search scheme using the Circular Shift and Coalesce-Bloom Filter (CSC-BF) and Symmetric-key Hidden Vector Encryption (SHVE) technology (namely PBKS), which can achieve effective search while protecting the values in BFs. Then, we design a …

Integrating Human Expert Knowledge With Openai And Chatgpt: A Secure And Privacy-Enabled Knowledge Acquisition Approach, Ben Phillips

College of Engineering Summer Undergraduate Research Program

Advanced Large Language Models (LLMs) struggle to produce accurate results and preserve user privacy for use cases involving domain-specific knowledge. A privacy-preserving approach for leveraging LLM capabilities on domain-specific knowledge could greatly expand the use cases of LLMs in a variety of disciplines and industries. This project explores a method for acquiring domain-specific knowledge for use with GPT3 while protecting sensitive user information with ML-based text-sanitization.

Secure Deterministic Wallet And Stealth Address: Key-Insulated And Privacy-Preserving Signature Scheme With Publicly Derived Public Key, Zhen Liu, Guomin Yang, Duncan S. Wong, Khoa Nguyen, Huaxiong Wang, Xiaorong Ke, Yining Liu

Research Collection School Of Computing and Information Systems

Deterministic Wallet (DW) and Stealth Address (SA) mechanisms have been widely adopted in the cryptocurrency community, due to their virtues on functionality and privacy protection, which come from a key derivation mechanism that allows an arbitrary number of derived keys to be generated from a master key. However, these algorithms suffer a vulnerability that, when one derived key is compromised somehow, the damage is not limited to the leaked derived key only, but to the master key and in consequence all derived keys are compromised. In this article, we introduce and formalize a new signature variant, called Key-Insulated and Privacy-Preserving …

Information Provenance For Mobile Health Data, Taylor A. Hardin

Dartmouth College Ph.D Dissertations

Mobile health (mHealth) apps and devices are increasingly popular for health research, clinical treatment and personal wellness, as they offer the ability to continuously monitor aspects of individuals' health as they go about their everyday activities. Many believe that combining the data produced by these mHealth apps and devices may give healthcare-related service providers and researchers a more holistic view of an individual's health, increase the quality of service, and reduce operating costs. For such mHealth data to be considered useful though, data consumers need to be assured that the authenticity and the integrity of the data has remained intact---especially …

Proxy-Free Privacy-Preserving Task Matching With Efficient Revocation In Crowdsourcing, Jiangang Shu, Kan Yang, Xiaohua Jia, Ximeng Liu, Cong Wang, Robert H. Deng

Research Collection School Of Computing and Information Systems

Task matching in crowdsourcing has been extensively explored with the increasing popularity of crowdsourcing. However, privacy of tasks and workers is usually ignored in most of exiting solutions. In this paper, we study the problem of privacy-preserving task matching for crowdsourcing with multiple requesters and multiple workers. Instead of utilizing proxy re-encryption, we propose a proxy-free task matching scheme for multi-requester/multi-worker crowdsourcing, which achieves task-worker matching over encrypted data with scalability and non-interaction. We further design two different mechanisms for worker revocation including ServerLocal Revocation (SLR) and Global Revocation (GR), which realize efficient worker revocation with minimal overhead on the …

Towards Secure Data Flow Oriented Multi-Vendor Ict Governance Model, Lars Magnusson, Patrik Elm, Anita Mirijamdotter

International Journal of Business and Technology

Today, still, ICT Governance is being regarded as a departmental concern, not an overall organizational concern. History has shown us that implementation strategies, which are based on departments, results in fractional implementations leading to ad hoc solutions with no central control and stagnation for the in-house ICT strategy. Further, this recently has created an opinion trend; many are talking about the ICT department as being redundant, a dying out breed, which should be replaced by on-demand specialized external services. Clearly, the evermore changing surroundings do force organizations to accelerate the pace of new adaptations within their ICT plans, more vivacious …

Vpsearch: Achieving Verifiability For Privacy-Preserving Multi-Keyword Search Over Encrypted Cloud Data, Zhiguo Wan, Robert H. Deng

Research Collection School Of Computing and Information Systems

Although cloud computing offers elastic computation and storage resources, it poses challenges on verifiability of computations and data privacy. In this work we investigate verifiability for privacy-preserving multi-keyword search over outsourced documents. As the cloud server may return incorrect results due to system faults or incentive to reduce computation cost, it is critical to offer verifiability of search results and privacy protection for outsourced data at the same time. To fulfill these requirements, we design aVerifiablePrivacy-preserving keywordSearch scheme, called VPSearch, by integrating an adapted homomorphic MAC technique with a privacy-preserving multi-keyword search scheme. The proposed scheme enables the client to …

Secure Server-Aided Top-K Monitoring, Yujue Wang, Hwee Hwa Pang, Yanjiang Yang, Xuhua Ding

Research Collection School Of Computing and Information Systems

In a data streaming model, a data owner releases records or documents to a set of users with matching interests, in such a way that the match in interest can be calculated from the correlation between each pair of document and user query. For scalability and availability reasons, this calculation is delegated to third-party servers, which gives rise to the need to protect the integrity and privacy of the documents and user queries. In this paper, we propose a server-aided data stream monitoring scheme (DSM) to address the aforementioned integrity and privacy challenges, so that the users are able to …

Towards Secure Data Flow Oriented Multi-Vendor Ict Governance Model, Lars Magnusson, Patrik Elm, Anita Mirijamdotter

UBT International Conference

Today, still, ICT Governance is being regarded as a departmental concern, not an overall organizational concern. History has shown us that implementation strategies, which are based on departments, results in fractional implementations leading to ad hoc solutions with no central control and stagnation for the in-house ICT strategy. Further, this recently has created an opinion trend; many are talking about the ICT department as being redundant, a dying out breed, which should be replaced by on-demand specialized external services. Clearly, the evermore changing surroundings do force organizations to accelerate the pace of new adaptations within their ICT plans, more vivacious …

Cybersecurity Stovepiping, David Thaw

Articles

Most readers of this Article probably have encountered – and been frustrated by – password complexity requirements. Such requirements have become a mainstream part of contemporary culture: "the more complex your password is, the more secure you are, right?" So the cybersecurity experts tell us… and policymakers have accepted this "expertise" and even adopted such requirements into law and regulation.

This Article asks two questions. First, do complex passwords actually achieve the goals many experts claim? Does using the password "Tr0ub4dor&3" or the passphrase "correcthorsebatterystaple" actually protect your account? Second, if not, then why did such requirements become so widespread? …

Ancient Worries And Modern Fears: Different Roots And Common Effects Of U.S. And Eu Privacy Regulation, David Thaw, Pierluigi Perri

Articles

Much legal and technical scholarship discusses the differing views of the United States and European Union toward privacy concepts and regulation. A substantial amount of effort in recent years, in both research and policy, focuses on attempting to reconcile these viewpoints searching for a common framework with a common level of protection for citizens from both sides of Atlantic. Reconciliation, we argue, misunderstands the nature of the challenge facing effective cross-border data flows. No such reconciliation can occur without abdication of some sovereign authority of nations, that would require the adoption of an international agreement with typical tools of international …

Data Privacy Preservation In Collaborative Filtering Based Recommender Systems, Xiwei Wang

Theses and Dissertations--Computer Science

This dissertation studies data privacy preservation in collaborative filtering based recommender systems and proposes several collaborative filtering models that aim at preserving user privacy from different perspectives.

The empirical study on multiple classical recommendation algorithms presents the basic idea of the models and explores their performance on real world datasets. The algorithms that are investigated in this study include a popularity based model, an item similarity based model, a singular value decomposition based model, and a bipartite graph model. Top-N recommendations are evaluated to examine the prediction accuracy.

It is apparent that with more customers' preference data, recommender systems …

Data Breach (Regulatory) Effects, David Thaw

Articles

No abstract provided.

Reasonable Expectations Of Privacy Settings: Social Media And The Stored Communications Act, David Thaw, Christopher Borchert, Fernando Pinguelo

Articles

In 1986, Congress passed the Stored Communications Act (“SCA”) to provide additional protections for individuals’ private communications content held in electronic storage by third parties. Acting out of direct concern for the implications of the Third-Party Records Doctrine — a judicially created doctrine that generally eliminates Fourth Amendment protections for information entrusted to third parties — Congress sought to tailor the SCA to electronic communications sent via and stored by third parties. Yet, because Congress crafted the SCA with language specific to the technology of 1986, courts today have struggled to apply the SCA consistently with regard to similar private …

Privacy-Preserving Sanitization In Data Sharing, Wentian Lu

Doctoral Dissertations

In the era of big data, the prospect of analyzing, monitoring and investigating all sources of data starts to stand out in every aspect of our life. The benefit of such practices becomes concrete only when analysts or investigators have the information shared from data owners. However, privacy is one of the main barriers that disrupt the sharing behavior, due to the fear of disclosing sensitive information. This dissertation describes data sanitization methods that disguise the sensitive information before sharing a dataset and our criteria are always protecting privacy while preserving utility as much as possible. In particular, we provide …

Predicting Human Behavior, Tamara Kneese

Media Studies

Countless highly accurate predictions can be made from trace data, with varying degrees of personal or societal consequence (e.g., search engines predict hospital admission, gaming companies can predict compulsive gambling problems, government agencies predict criminal activity). Predicting human behavior can be both hugely beneficial and deeply problematic depending on the context. What kinds of predictive privacy harms are emerging? And what are the implications for systems of oversight and due process protections? For example, what are the implications for employment, health care and policing when predictive models are involved? How should varied organizations address what they can predict?

Surveillance At The Source, David Thaw

Articles

Contemporary discussion concerning surveillance focuses predominantly on government activity. These discussions are important for a variety of reasons, but generally ignore a critical aspect of the surveillance-harm calculus – the source from which government entities derive the information they use. The source of surveillance data is the information "gathering" activity itself, which is where harms like "chilling" of speech and behavior begin.

Unlike the days where satellite imaging, communications intercepts, and other forms of information gathering were limited to advanced law enforcement, military, and intelligence activities, private corporations now play a dominant role in the collection of information about individuals' …

Network Security: Privacy-Preserving Data Publication: A Review On “Updates” In Continuous Data Publication, Adeel Anjum, Guillaume Raschia

International Conference on Information and Communication Technologies

Preserving the privacy of individuals while publishing their relevant data has been an important problem. Most of previous works in privacy preserving data publication focus on one time, static release of datasets. In multiple publications however, where data is published multiple times, these techniques are unable to ensure privacy of the concerned individuals as just joining either of the releases could result in identity disclosure. In this work, we tried to investigate the major findings in the scenario of continuous data publication, in which the data is not only published multiple times but also modified with INSERTS, UPDATES and DELETE …

Embellishing Text Search Queries To Protect User Privacy, Hwee Hwa Pang, Xuhua Ding, Xiaokui Xiao

Research Collection School Of Computing and Information Systems

Users of text search engines are increasingly wary that their activities may disclose confidential information about their business or personal profiles. It would be desirable for a search engine to perform document retrieval for users while protecting their intent. In this paper, we identify the privacy risks arising from semantically related search terms within a query, and from recurring highspecificity query terms in a search session. To counter the risks, we propose a solution for a similarity text retrieval system to offer anonymity and plausible deniability for the query terms, and hence the user intent, without degrading the system’s precision-recall …