Maryam Azadmanesh; Behrouz Shahgholi Ghahfarokhi; Maede Ashouri-Talouki
Abstract
Using generative models to produce unlimited synthetic samples is a popular replacement for database sharing. Generative Adversarial Network (GAN) is a popular class of generative models which generates synthetic data samples very similar to real training datasets. However, GAN models do not necessarily ...
Read More
Using generative models to produce unlimited synthetic samples is a popular replacement for database sharing. Generative Adversarial Network (GAN) is a popular class of generative models which generates synthetic data samples very similar to real training datasets. However, GAN models do not necessarily guarantee training privacy as these models may memorize details of training data samples. When these models are built using sensitive data, the developers should ensure that the training dataset is appropriately protected against privacy leakage. Hence, quantifying the privacy risk of these models is essential. To this end, this paper focuses on evaluating the privacy risk of publishing the generator network of GAN models. Specially, we conduct a novel generator white-box membership inference attack against GAN models that exploits accessible information about the victim model, i.e., the generator’s weights and synthetic samples, to conduct the attack. In the proposed attack, an auto-encoder is trained to determine member and non-member training records. This attack is applied to various kinds of GANs. We evaluate our attack accuracy with respect to various model types and training configurations. The results demonstrate the superior performance of the proposed attack on non-private GANs compared to previous attacks in white-box generator access. The accuracy of the proposed attack is 19% higher on average than similar work. The proposed attack, like previous attacks, has better performance for victim models that are trained with small training sets.
Omid Torki; Maede Ashouri-Talouki; Mojtaba Mahdavi
Abstract
Steganography is a solution for covert communication and blockchain is a p2p network for data transmission, so the benefits of blockchain can be used in steganography. In this paper, we discuss the advantages of blockchain in steganography, which include the ability to embed hidden data without manual ...
Read More
Steganography is a solution for covert communication and blockchain is a p2p network for data transmission, so the benefits of blockchain can be used in steganography. In this paper, we discuss the advantages of blockchain in steganography, which include the ability to embed hidden data without manual change in the original data, as well as the readiness of the blockchain platform for data transmission and storage. By reviewing the previous four steganography schemes in blockchain, we have examined their drawback and shown that most of them are non-practical schemes for steganography in blockchain. We have proposed two algorithms for steganography in blockchain, the first one is a high-capacity algorithm for the key and the steganography algorithm exchange and switching, and the second one is a medium-capacity algorithm for embedding hidden data. The proposed method is a general method for steganography in each blockchain, and we investigate how it can be implemented in two most popular blockchains, Bitcoin and Ethereum. Experimental result shows the efficiency and practicality of proposed method in terms of execution time, latency and steganography fee. Finally, we have explained the challenges of steganography in blockchain from the steganographers' and steganalyzers' point of view.
Afshin Karampour; Maede Ashouri-Talouki; Behrouz Tork Ladani
Abstract
Smart grids using information technology (IT) and communication networks control smart home appliances to reduce costs and increase reliability and transparency. Preserving the privacy of the user data is one of the biggest challenges in smart grid research; by disclosing user-related data, an internal ...
Read More
Smart grids using information technology (IT) and communication networks control smart home appliances to reduce costs and increase reliability and transparency. Preserving the privacy of the user data is one of the biggest challenges in smart grid research; by disclosing user-related data, an internal or external adversary can understand the habits and behavior of the users. A solution to address this challenge is, however, a data aggregation mechanism in which the aggregated data of all of the users in a residential area. The security and efficiency of the data aggregation approach are important. The drawback of the previous works is leaking fine-grained user data or the high computation and communication overhead. In this paper, we present an efficient privacy-preserving data-aggregation protocol, called PPDA, based on the Elliptic Curve Cryptography (ECC) and Anonymous Veto network protocol. The PPDA protocol aggregates metering data efficiently and securely so that it becomes applicable for resource-constraint metering devices. We also present an improved multi-cycle proposal of PPDA, called MC-PPDA. In the improved approach, the system initialization step runs only at the first cycle of the protocol which increases the efficiency of the protocol. Evaluation results show that the proposed approaches preserve the privacy of the fine-grained user data against an internal and external adversary; the improved multi-cycle approach is also secure against collusion. Compared to the previous approaches, the proposed approaches incur less computation and communication overhead.
Maryam Zarezadeh; Maede Ashouri-Talouki; Mohammad Siavashi
Abstract
Electronic health record (EHR) system facilitates integrating patients' medical information and improves service productivity. However, user access to patient data in a privacy-preserving manner is still challenging problem. Many studies concerned with security and privacy in EHR systems. Rezaeibagha ...
Read More
Electronic health record (EHR) system facilitates integrating patients' medical information and improves service productivity. However, user access to patient data in a privacy-preserving manner is still challenging problem. Many studies concerned with security and privacy in EHR systems. Rezaeibagha and Mu [1] have proposed a hybrid architecture for privacy-preserving accessing patient records in a cloud system. In their scheme, encrypted EHRs are stored in multiple clouds to provide scalability and privacy. In addition, they considered a role-based access control (RBAC) such that for any user, an EHR access policy must be determined. They also encrypt the EHRs by the public keys of all users. So, for a large amount of EHRs, this scheme is not efficient. Furthermore, using RBAC for access policy makes the policy changing difficult. In their scheme, users cannot search on encrypted EHRs based on diseases and some physicians must participate in the data retrieval by a requester physician. In this paper, we address these problems by considering a ciphertext-policy attribute-based encryption (CP-ABE) which is conceptually closer to the traditional access control methods such as RBAC. Our secure scheme can retrieve encrypted EHR based on a specific disease. Furthermore, the proposed scheme guarantees the user access control and the anonymity of the user or data owner during data retrieval. Moreover, our scheme is resistant against collusion between unauthorized retrievers to access the data. The analysis shows that our scheme is secure and efficient for cloud-based EHRs.
A. Mohseni-Ejiyeh; M. Ashouri-Talouki; M. Mahdavi
Abstract
Due to the explosion of smart devices, data traffic over cellular networks has seen an exponential rise in recent years. This increase in mobile data traffic has caused an immediate need for offloading traffic from operators. Device-to-Device(D2D) communication is a promising solution to boost the ...
Read More
Due to the explosion of smart devices, data traffic over cellular networks has seen an exponential rise in recent years. This increase in mobile data traffic has caused an immediate need for offloading traffic from operators. Device-to-Device(D2D) communication is a promising solution to boost the capacity of cellular networks and alleviate the heavy burden on backhaul links. However, direct wireless connections between devices in D2D communication are vulnerable to certain security threats. In this paper, we propose an incentive-aware lightweight secure data sharing scheme for D2D communication. We have considered the major security challenges of the data sharing scheme, including data confidentiality, integrity, detecting message modification, and preventing the propagation of malformed data. We have also applied an incentive mechanism to motivate users involvement in the process of data sharing. Actually, D2D communication is highly dependent on user participation in sharing content, so, we apply the concept of virtual check to motivate users(named proxy users)to help the requesting user(client) in the process of obtaining the data. Unlike the previous studies, our proposed protocol is an stateless protocol and does not depend on the users contextual information. Therefore, it can be used at anytime and from anywhere. The security analysis proves that the proposed protocol resists the security attacks and meets the security requirements. The performance evaluation shows that the proposed protocol outperforms the previous works in terms of communication and computation cost. Thus, the proposed protocol is indeed an efficient and practical solution for secure data sharing in D2D communication.