Showing papers by "George Danezis published in 2014"

Privacy and Data Protection by Design - from policy to engineering

Abstract: Privacy and data protection constitute core values of individuals and of democratic societies. There have been decades of debate on how those values -and legal obligations- can be embedded into systems, preferably from the very beginning of the design process. One important element in this endeavour are technical mechanisms, known as privacy-enhancing technologies (PETs). Their effectiveness has been demonstrated by researchers and in pilot implementations. However, apart from a few exceptions, e.g., encryption became widely used, PETs have not become a standard and widely used component in system design. Furthermore, for unfolding their full benefit for privacy and data protection, PETs need to be rooted in a data governance strategy to be applied in practice. This report contributes to bridging the gap between the legal framework and the available technological implementation measures by providing an inventory of existing approaches, privacy design strategies, and technical building blocks of various degrees of maturity from research and development. Starting from the privacy principles of the legislation, important elements are presented as a first step towards a design process for privacy-friendly systems and services. The report sketches a method to map legal obligations to design strategies, which allow the system designer to select appropriate techniques for implementing the identified privacy requirements. Furthermore, the report reflects limitations of the approach. It concludes with recommendations on how to overcome and mitigate these limits.

Square Span Programs with Applications to Succinct NIZK Arguments

Abstract: We propose a new characterization of NP using square span programs (SSPs). We first characterize NP as affine map constraints on small vectors. We then relate this characterization to SSPs, which are similar but simpler than Quadratic Span Programs (QSPs) and Quadratic Arithmetic Programs (QAPs) since they use a single series of polynomials rather than 2 or 3.

PrivEx: Private Collection of Traffic Statistics for Anonymous Communication Networks

Abstract: In addition to their common use for private online communication, anonymous communication networks can also be used to circumvent censorship. However, it is difficult to determine the extent to which they are actually used for this purpose without violating the privacy of the networks' users. Knowing this extent can be useful to designers and researchers who would like to improve the performance and privacy properties of the network. To address this issue, we propose a statistical data collection system, PrivEx, for collecting egress traffic statistics from anonymous communication networks in a secure and privacy-preserving manner. Our solution is based on distributed differential privacy and secure multiparty computation; it preserves the security and privacy properties of anonymous communication networks, even in the face of adversaries that can compromise data collection nodes or coerce operators to reveal cryptographic secrets and keys.

An Automated Social Graph De-anonymization Technique.

Abstract: Copyright © 2014 ACM. We present a generic and automated approach to re-identifying nodes in anonymized social networks which enables novel anonymization techniques to be quickly evaluated. It uses machine learning (decision forests) to matching pairs of nodes in disparate anonymized sub-graphs. The technique uncovers artefacts and invariants of any black-box anonymization scheme from a small set of examples. Despite a high degree of automation, classification succeeds with significant true positive rates even when small false positive rates are sought. Our evaluation uses publicly available real world datasets to study the performance of our approach against realworld anonymization strategies, namely the schemes used to protect datasets of The Data for Development (D4D) Challenge. We show that the technique is effective even when only small numbers of samples are used for training. Further, since it detects weaknesses in the black-box anonymization scheme it can re-identify nodes in one social network when trained on another.

An Automated Social Graph De-anonymization Technique

Abstract: We present a generic and automated approach to re-identifying nodes in anonymized social networks which enables novel anonymization techniques to be quickly evaluated. It uses machine learning (decision forests) to matching pairs of nodes in disparate anonymized sub-graphs. The technique uncovers artefacts and invariants of any black-box anonymization scheme from a small set of examples. Despite a high degree of automation, classification succeeds with significant true positive rates even when small false positive rates are sought. Our evaluation uses publicly available real world datasets to study the performance of our approach against real-world anonymization strategies, namely the schemes used to protect datasets of The Data for Development (D4D) Challenge. We show that the technique is effective even when only small numbers of samples are used for training. Further, since it detects weaknesses in the black-box anonymization scheme it can re-identify nodes in one social network when trained on another.

Fast and Private Genomic Testing for Disease Susceptibility

Abstract: Advances in DNA sequencing are bringing mass computational genomic testing increasingly closer to reality. The sensitivity of genetic data, however, prompts the need for carefully protecting patients' privacy. Also, it is crucial to conceal the test's specifics, which often constitute a pharmaceutical company's trade secret. This paper presents two cryptographic protocols for privately assessing a patient's genetic susceptibility to a disease, computing a weighted average of patient's genetic markers (the "SNPs") and their importance factor. We build on the architecture introduced by Ayday et al. but point out an important limitation of their model, namely, that the protocol leaks which and how many SNPs are tested. Then, we demonstrate that an alternative SNP encoding can simplify (private) computations, and make patient-side computation on a smartcard device extremely efficient. A second protocol variant, based on secret sharing, further reduces online computation.

Bayesian Inference of Accurate Population Sizes and FRET Efficiencies from Single Diffusing Biomolecules

Abstract: It is of significant biophysical interest to obtain accurate intramolecular distance information and population sizes from single-molecule Forster resonance energy transfer (smFRET) data obtained from biomolecules in solution. Experimental methods of increasing cost and complexity are being developed to improve the accuracy and precision of data collection. However, the analysis of smFRET data sets currently relies on simplistic, and often arbitrary methods, for the selection and denoising of fluorescent bursts. Although these methods are satisfactory for the analysis of simple, low-noise systems with intermediate FRET efficiencies, they display systematic inaccuracies when applied to more complex systems. We have developed an inference method for the analysis of smFRET data from solution studies based on rigorous model-based Bayesian techniques. We implement a Monte Carlo Markov chain (MCMC) based algorithm that simultaneously estimates population sizes and intramolecular distance information directly fr...

Simpler protocols for privacy-preserving disease susceptibility testing

Abstract: This short paper presents a preliminary description of two new protocols for privacy-preserving disease susceptibility testing, following the model proposed by Ayday et al. in [5]. We show that an alternative encoding of the patient’s SNPs can simplify private computations, and make patient-side computation on a trusted smartcard device extremely efficient. To support larger tests, we propose a second protocol variant based on secret sharing that is also simpler than the original proposal, and relies on more efficient primitives.

An Automated Social Graph De-anonymization Technique

Abstract: We present a generic and automated approach to re-identifying nodes in anonymized social networks which enables novel anonymization techniques to be quickly evaluated. It uses machine learning (decision forests) to matching pairs of nodes in disparate anonymized sub-graphs. The technique uncovers artefacts and invariants of any black-box anonymization scheme from a small set of examples. Despite a high degree of automation, classification succeeds with significant true positive rates even when small false positive rates are sought. Our evaluation uses publicly available real world datasets to study the performance of our approach against real-world anonymization strategies, namely the schemes used to protect datasets of The Data for Development (D4D) Challenge. We show that the technique is effective even when only small numbers of samples are used for training. Further, since it detects weaknesses in the black-box anonymization scheme it can re-identify nodes in one social network when trained on another.