Maryam Azadmanesh; Behrouz Shahgholi Ghahfarokhi; Maede Ashouri-Talouki
Abstract
Using generative models to produce unlimited synthetic samples is a popular replacement for database sharing. Generative Adversarial Network (GAN) is a popular class of generative models which generates synthetic data samples very similar to real training datasets. However, GAN models do not necessarily ...
Read More
Using generative models to produce unlimited synthetic samples is a popular replacement for database sharing. Generative Adversarial Network (GAN) is a popular class of generative models which generates synthetic data samples very similar to real training datasets. However, GAN models do not necessarily guarantee training privacy as these models may memorize details of training data samples. When these models are built using sensitive data, the developers should ensure that the training dataset is appropriately protected against privacy leakage. Hence, quantifying the privacy risk of these models is essential. To this end, this paper focuses on evaluating the privacy risk of publishing the generator network of GAN models. Specially, we conduct a novel generator white-box membership inference attack against GAN models that exploits accessible information about the victim model, i.e., the generator’s weights and synthetic samples, to conduct the attack. In the proposed attack, an auto-encoder is trained to determine member and non-member training records. This attack is applied to various kinds of GANs. We evaluate our attack accuracy with respect to various model types and training configurations. The results demonstrate the superior performance of the proposed attack on non-private GANs compared to previous attacks in white-box generator access. The accuracy of the proposed attack is 19% higher on average than similar work. The proposed attack, like previous attacks, has better performance for victim models that are trained with small training sets.
Hamid Amiryousefi; Zahra Ahmadian
Abstract
This paper analyses the security and efficiency of some notable privacy preserving data aggregation schemes, SP2DAS, 3PDA, and EPPA. For SP2DAS and 3PDA schemes, We show that despite the designers’ claims, there are efficient forgery attacks on the signature scheme used. We present aselective forgery ...
Read More
This paper analyses the security and efficiency of some notable privacy preserving data aggregation schemes, SP2DAS, 3PDA, and EPPA. For SP2DAS and 3PDA schemes, We show that despite the designers’ claims, there are efficient forgery attacks on the signature scheme used. We present aselective forgery attack on the signature scheme of SP2DAS in the key-only attack model and a selective forgery attack on the 3PDA’s signature scheme in the known-message attack model,requiring only two pairs of message-signature. These attacks enable the attacker to inject any arbitrary faulty data into the data aggregated by the network, without being detected, which is a serious threat to the performance of the whole network. We also present an improved version of the broadcast encryption scheme used in EPPA scheme, in which the decryption key is half, the decryption complexity is half, and the ciphertext size is 3=4 of the original one. The semantic security of the proposed scheme is proved under the same assumption as the original scheme.
Vahid Chegeni; Hamid Haj Seyyed Javadi; Mohammad Reza Moazami Goudarzi; Afshin Rezakhani
Abstract
Today, the Internet of Things (IoT) is one of the emerging technologies that enable the connection and transfer of information through communication networks. The main idea of the IoT is the widespread presence of objects such as mobile devices, sensors, and RFID. With the increase in traffic volume ...
Read More
Today, the Internet of Things (IoT) is one of the emerging technologies that enable the connection and transfer of information through communication networks. The main idea of the IoT is the widespread presence of objects such as mobile devices, sensors, and RFID. With the increase in traffic volume in urban areas, the existing intelligent urban traffic management system based on IoT can be vital. Therefore, this paper focused on security in urban traffic based on using RFID. In our scheme, RFID tags chose as the purpose of this article. We, in this paper, present a mutual authentication protocol that leads to privacy based on hybrid cryptography. Also, an authentication process with RFID tags is proposed that can be read at high speed. The protocol has attempted to reduce the complexity of computing. At the same time, the proposed method can withstand attacks such as spoofing of tag and reader, tag tracking, and replay attack.
Mohammad Reza Mohammadrezaei; Mohammad Ebrahim Shiri; Amir Masoud Rahmani
Abstract
Detection of fake accounts on social networks is a challenging process. The previous methods in identification of fake accounts have not considered the strength of the users’ communications, hence reducing their efficiency. In this work, we are going to present a detection method based on the users’ ...
Read More
Detection of fake accounts on social networks is a challenging process. The previous methods in identification of fake accounts have not considered the strength of the users’ communications, hence reducing their efficiency. In this work, we are going to present a detection method based on the users’ similarities considering the network communications of the users. In the first step, similarity measures somethings such as common neighbors, common neighbors graph edges, cosine, and the Jaccard similarity coefficient are calculated based on adjacency matrix of the corresponding graph of the social network. In the next step, in order to reduce the complexity of data, Principal Component Analysis is applied to each computed similarity matrix to provide a set of informative features. then, a set of highly informative eigenvectors are selected using elbow-method. Extracted features are employed to train a One Class Classification (OCC) algorithm. Finally, this trained model is employed to identify fake accounts. As our experimental results indicate the promising performance of the proposed method a detection accuracy and false negative rates are 99.6% and 0%, respectively. We conclude that bringing similarity measures and One Class Classification algorithms into play, rather than the multi-class algorithms, provide better results.
S. Sajjadi Ghaemmaghami; A. Haghbin; M. Mirmohseni
Abstract
Radio Frequency Identification (RFID) applications have spread all over the world. In order to provide their security and privacy, researchers proposed different kinds of protocols. In this paper, we analyze the privacy of a new protocol, proposed by Yu-Jehn in 2015 which is based on Electronic Product ...
Read More
Radio Frequency Identification (RFID) applications have spread all over the world. In order to provide their security and privacy, researchers proposed different kinds of protocols. In this paper, we analyze the privacy of a new protocol, proposed by Yu-Jehn in 2015 which is based on Electronic Product Code Class1 Generation 2 (EPC C1 G2) standard. By applying the Ouafi_Phan privacy model, we show that the Yu-Jehn protocol is vulnerable to secret parameter reveal attack, traceability attacks, forward traceability attack and it also does not provide the privacy of RFID users. To enhance the privacy of the analyzed protocol, an improved version of the protocol is proposed which eliminates the existing weaknesses of Yu-Jehn protocol.
K. Baghery; B. Abdolmaleki; B. Akhbari; M. R. Aref
Abstract
Nowadays Radio Frequency Identification (RFID) systems have appeared in lots of identification and authentication applications. In some sensitive applications, providing secure and confidential communication is very important for end-users. To this aim, different RFID authentication protocols have been ...
Read More
Nowadays Radio Frequency Identification (RFID) systems have appeared in lots of identification and authentication applications. In some sensitive applications, providing secure and confidential communication is very important for end-users. To this aim, different RFID authentication protocols have been proposed, which have tried to provide security and privacy of RFID users. In this paper, we analyze the privacy of two recently proposed RFID authentication protocols in 2012 and 2013. We present several traceability attacks including traceability, backward traceability and forward traceability against the first protocol. We also show that, the second protocol not only suffers from Denial-of-Service (DoS) attack, but also it is vulnerable to traceability and backward traceability attacks. We present our privacy analysis based on a well-known formal RFID privacy model which has been proposed by Ouafi and Phan in 2008. Then, in order to overcome the weaknesses, we apply some modifications on these protocols and propose two modified versions.
J. Alizadeh; M. R. Aref; N. Bagheri
Abstract
Authenticated encryption schemes establish both privacy and authenticity. This paper specifies a family of the dedicated authenticated encryption schemes, Artemia. It is an online nonce-based authenticated encryption scheme which supports the associated data. Artemia uses the permutation based mode, ...
Read More
Authenticated encryption schemes establish both privacy and authenticity. This paper specifies a family of the dedicated authenticated encryption schemes, Artemia. It is an online nonce-based authenticated encryption scheme which supports the associated data. Artemia uses the permutation based mode, JHAE, that is provably secure in the ideal permutation model. The scheme does not require the inverse of the permutation in the decryption function, which causes the resource efficiency. Artemia permutations have an efficient and a simple structure and are provably secure against the differential and linear cryptanalysis. In the permutations, MDS recursive layers are used that can be easily implemented in both software and hardware.
F. Raji; A. Miri; M. Davarpanah Jazi
Abstract
There are some critical privacy concerns in the current online social networks (OSNs). Users' information is disclosed to different entities that they were not supposed to access. Furthermore, the notion of friendship is inadequate in OSNs since the degree of social relationships between users dynamically ...
Read More
There are some critical privacy concerns in the current online social networks (OSNs). Users' information is disclosed to different entities that they were not supposed to access. Furthermore, the notion of friendship is inadequate in OSNs since the degree of social relationships between users dynamically changes over the time. Additionally, users may define similar privacy settings for their friends in an OSN. In this paper, we present a centralized privacy-preserving framework for OSNs to address these issues. Using the proposed approach, the users enforce confidentiality and access control on the shared data while their connections/relationships with other users are kept anonymous in OSNs. In this way, the users themselves create and modify personalized privacy settings for their shared data while employing each other's privacy settings. Detailed evaluations of the proposed framework show the advantages of the proposed architecture compared to the most analogous recent approach.