Prevent Information Leakage Research Articles

Traceable Method for Personal Information Registration Based on Blockchain

When a user registers a digital service, the service provider often asks for the user's personal information, such as name, phone number and so on. With the digital services gradually becoming an indispensable part of our lives, the abuse and misappropriation of personal information have caused people's attention to the protection of it. At present, The technical schemes for personal information protection mainly focus on preventing information leakage. We provide protection in a different way: propose a traceable method for personal information registration based on blockchain, which can distinguish the service provider obtained the information legally or illegally, by storing the personal information transaction records on the blockchain. The proposed method includes both direct and third-party personal information transaction scenarios. In different scenarios, the user will send the encrypted personal information data or authorization file to the service provider. After the transaction record is confirmed to be on the blockchain, the certification center will assist the service provider to decrypt the personal information. With this method, users can clearly understand which personal information has been delivered to which service providers. Moreover, the user's personal information data involving privacy are not stored on or transmitted through the blockchain. Hence, there is no additional risk of information disclosure, so as to achieve the purpose of personal information protection. Additionally, we analyze the proposed method using Kailar logic, and conduct a transaction performance simulation using NS-3. It shows that our method has properties of privacy, reliability, and accountability, and can meet the transaction performance requirements under the practical application scene.

Cyanostilbene-based vapo-fluorochromic supramolecular assemblies for reversible 3D code encryption.

Scanning codes with the capability for stimuli-triggered decryption are urgently needed to prevent information leakage and counterfeiting. Compared to conventional 1D barcodes and 2D QR codes, 3D codes show promise in this field thanks to the presence of four different colors in the icon, with great information variability. Up to now, encrypted 3D code development has primarily focused on chemical reaction-based systems, leading to information decryption in an irreversible transformation manner. Herein, a novel and intelligent 3D code encryption system has been constructed with full reversibility and a fast response, taking advantage of the luminescent vapochromism of cyanostilbene-based supramolecular assemblies. Information in the inkjet-printed 3D code is specifically decrypted through vapor fuming with chlorinated solvents, while it is reversibly encrypted upon removing the vapor. Hence, this study provides a novel and effective strategy for obtaining high-performance smart scanning codes.

Secure Simultaneous Information and Power Transfer for Downlink Multi-User Massive MIMO

In this article, downlink secure transmission in simultaneous information and power transfer (SWIPT) system enabled with massive multiple-input multiple-output (MIMO) is studied. A base station (BS) with a large number of antennas transmits energy and information signals to its intended users, but these signals are also received by an active eavesdropper. The users and eavesdropper employ a power splitting technique to simultaneously decode information and harvest energy. Massive MIMO helps the BS to focus energy to the users and prevent information leakage to the eavesdropper. The harvested energy by each user is employed for decoding information and transmitting uplink pilot signals for channel estimation. It is assumed that the active eavesdropper also harvests energy in the downlink and then contributes during the uplink training phase. Achievable secrecy rate is considered as the performance criterion and a closed-form lower bound for it is derived. To provide secure transmission, the achievable secrecy rate is then maximized through an optimization problem with constraints on the minimum harvested energy by the user and the maximum harvested energy by the eavesdropper. Numerical results show the effectiveness of using massive MIMO in providing physical layer security in SWIPT systems and also show that our closed-form expressions for the secrecy rate are accurate.

Federated Learning With Differential Privacy: Algorithms and Performance Analysis

In this paper, to effectively prevent information leakage, we propose a novel framework based on the concept of differential privacy (DP), in which artificial noises are added to the parameters at the clients side before aggregating, namely, noising before model aggregation FL (NbAFL). First, we prove that the NbAFL can satisfy DP under distinct protection levels by properly adapting different variances of artificial noises. Then we develop a theoretical convergence bound of the loss function of the trained FL model in the NbAFL. Specifically, the theoretical bound reveals the following three key properties: 1) There is a tradeoff between the convergence performance and privacy protection levels, i.e., a better convergence performance leads to a lower protection level; 2) Given a fixed privacy protection level, increasing the number $N$ of overall clients participating in FL can improve the convergence performance; 3) There is an optimal number of maximum aggregation times (communication rounds) in terms of convergence performance for a given protection level. Furthermore, we propose a $K$-random scheduling strategy, where $K$ ($1<K<N$) clients are randomly selected from the $N$ overall clients to participate in each aggregation. We also develop the corresponding convergence bound of the loss function in this case and the $K$-random scheduling strategy can also retain the above three properties. Moreover, we find that there is an optimal $K$ that achieves the best convergence performance at a fixed privacy level. Evaluations demonstrate that our theoretical results are consistent with simulations, thereby facilitating the designs on various privacy-preserving FL algorithms with different tradeoff requirements on convergence performance and privacy levels.

A novel application integration architecture for the education industry.

Since the Ministry of Education launched Education Informatization 2.0, the digitalization of colleges and universities has entered a stage of rapid growth. However, after more than 20 years of construction, problems such as system barriers and information islands have emerged in the digital construction of university systems. In order to solve such problems between the university systems, this paper proposes an easily expandable and configurable open information integration architecture by considering traditional information integration methods and combining with Web service technology. The architecture handles user service invocation information through a service layer, and manages the registration and invocation of services through a service module. The permission module manages user permissions to prevent information leakage and security issues. The data module abstracts data-related services to provide a basis for the deep use of data. And other optional development services are designed to satisfy special requirements for different platforms. The architecture proposed in this paper can integrate different heterogeneous subsystems in colleges and universities, eliminating the problem of system barriers and information islands, and providing specifications for the construction of new applications.

Adaptive Compiler Strategies for Mitigating Timing Side Channel Attacks

Existing compiler techniques can transform code to make its timing behavior independent of sensitive values to prevent information leakage through time side channels. Those techniques are hampered, however, by their static nature and dependence on details of the processor targeted during the compilation. This paper presents a dynamic compiler approach based on offline profiles and JIT compiler strategies. This approach reduces overhead significantly and enables a trade-off between provided protection and overhead. Furthermore, it supports adaptive policies in which the protection adapts to run-time changes in the requirements. A prototype implementation in the Jikes Research VM is evaluated on RSA encryption, HMAC key verification, and IDEA encryption.

Incentive Design and Differential Privacy Based Federated Learning: A Mechanism Design Perspective

Due to stricter data management regulations and large size of the training data, distributed learning paradigm such as federated learning (FL) has gained attention recently. FL is capable of significantly preserving end-users' private data from being exposed to external adversaries. However, private information can still be divulged by uploading parameters from users. Therefore, a key challenge in the FL platform is how users participate to build a high-quality learning model with effectively preventing information leakage. To address the above challenge, we design a novel incentive mechanism to attract more data owners to join in the FL process with the consideration of privacy preservation. To implement our proposed scheme, we adopt the concepts of mechanism design (MD) and differential privacy (DP); MD takes an objectives-first approach to designing incentives toward desired objectives, and the DP can provide a theoretical guarantee for users' privacy in FL participations. Based on the DP based incentive mechanism, our joint approach can leverage the full synergy that gives mutual advantages for users and learning operators. Therefore, we can take various benefits in a rational way under the dynamic changing FL environments. Through simulation analysis, the numerical results validate the performance efficiency of our proposed scheme.

Asymptotic Analysis of Blind Reconstruction of BCH Codes Based on Consecutive Roots of Generator Polynomials

In the military surveillance and security information systems, correct blind reconstruction of signal parameters from unknown signals is very important. Especially, many blind reconstruction methods of error-correcting codes have been proposed, and their theoretical performance analysis is essential for both the defender who wants to prevent information leakage and the challenger who wants to extract information from the intercepted signals. However, a proper performance analysis of most blind reconstruction methods has not been performed yet. Among many blind reconstruction methods of BCH codes proposed so far, the blind reconstruction method based on consecutive roots of generator polynomials proposed by Jo, Kwon, and Shin, called the JKS method, shows the best performance under the unknown channel information. However, the performance of the JKS method is only evaluated through simulation without performing theoretical analysis. In this paper, the JKS method is asymptotically analyzed under the binary symmetric channel with the cross-over probability $p$ . Since the blind reconstruction performance heavily depends on how many and which received codewords are used even for the same channel environment, sufficiently many codewords are assumed to perform asymptotic analysis. More specifically, an asymptotic threshold on $p$ , up to which blind reconstruction is successful, is derived when the number of received codewords is sufficiently large, which can be used as a new performance metric for blind reconstruction methods. Finally, the validity of the asymptotic analysis is confirmed through simulation.

Intelligent Control of Urban Lighting System Based on Video Image Processing Technology

The rapid iterative development of information technology, computer technology and Internet of things technology promotes the construction of smart city, and the related concepts of smart city gradually move from theory to practice. As an important part of the development of smart city, the intelligent lighting and intelligent control of urban lighting system become increasingly urgent with the development of the latest Internet of things technology and video image processing technology. Based on the current Internet of things data communication and related processing technology as the background, this article constructs the overall control model of smart city lighting system, including GPRS wireless transmission technology and ZigBee technology. In the core algorithm, this article innovatively presents an improved video image processing technology based on Gaussian mixture algorithm, which mainly describes the background of a specific scene in multi-dimensional model, so as to improve the reliability of the whole scene judgment. At the level of noise suppression, the video image processing algorithm proposed in this article designs interference noise suppression technology based on the principle of mean filtering, so as to achieve the accuracy and integrity of urban traffic scene extraction. In order to solve the security problems of the whole video image processing technology in information extraction, storage and analysis, this article adds the electromagnetic information leakage prevention algorithm in the video image processing technology, which mainly processes the video image at the source, so as to reduce the electromagnetic radiation of the overall information. Based on this, this article completed the construction of the software and hardware of the city intelligent lighting system. On this basis, the software and hardware construction of urban intelligent lighting system is completed. At the same time, the experiment was carried out in a small-scale scene of a city. The experimental results show that the intelligent urban lighting system based on video image processing technology is feasible and can achieve the desired effect. At the same time, the lighting energy consumption level can be reduced by about 30%, and the corresponding failure rate can be reduced by about 30%.

SegGuard: Segmentation-based Anonymization of Network Data in Clouds for Privacy-Preserving Security Auditing

Security auditing allows cloud tenants to verify the compliance of cloud infrastructure with respect to desirable security properties, e.g., whether a tenant’s virtual network is properly isolated from other tenants’ networks. However, the input to the auditing task, such as the detailed topology of the underlying cloud infrastructure, typically contains sensitive information which a cloud provider may be reluctant to hand over to a third party auditor. Additionally, auditing results intended for one tenant may inadvertently reveal private information about other tenants, e.g., another tenant’s VM is reachable due to a misconfiguration. How to anonymize both the input data and the auditing results in order to prevent such information leakage is a novel challenge that has received little attention. Directly applying most of the existing anonymization techniques to such a context would either lead to insufficient protection or render the data unsuitable for auditing. In this article, we propose SegGuard , a novel anonymization approach that prevents cross-tenant information leakage through per-tenant encryption, and prevents information leakage to auditors through hiding real input segments among fake ones; in addition, applying property-preserving encryption in an innovative way enables SegGuard to preserve the data utility for auditing while mitigating semantic attacks. We implement SegGuard based on OpenStack, and evaluate its effectiveness and overhead using both synthetic and real data. Our experimental results demonstrate that SegGuard can reduce the information leakage to a negligible level (e.g., less than 1 percent for an adversary with 50 percent pre-knowledge) with a practical response time (e.g., 62 seconds to anonymize a cloud infrastructure with 25,000 virtual machines).

Exploiting Bank Conflict-based Side-channel Timing Leakage of GPUs

To prevent information leakage during program execution, modern software cryptographic implementations target constant-time function, where the number of instructions executed remains the same when program inputs change. However, the underlying microarchitecture behaves differently when processing different data inputs, impacting the execution time of the same instructions. These differences in execution time can covertly leak confidential information through a timing channel. Given the recent reports of covert channels present on commercial microprocessors, a number of microarchitectural features on CPUs have been re-examined from a timing leakage perspective. Unfortunately, a similar microarchitectural evaluation of the potential attack surfaces on GPUs has not been adequately performed. Several prior work has considered a timing channel based on the behavior of a GPU’s coalescing unit. In this article, we identify a second finer-grained microarchitectural timing channel, related to the banking structure of the GPU’s Shared Memory. By considering the timing channel caused by Shared Memory bank conflicts, we have developed a differential timing attack that can compromise table-based cryptographic algorithms. We implement our timing attack on an Nvidia Kepler K40 GPU and successfully recover the complete 128-bit encryption key of an Advanced Encryption Standard (AES) GPU implementation using 900,000 timing samples. We also evaluate the scalability of our attack method by attacking an implementation of the AES encryption algorithm that fully occupies the compute resources of the GPU. We extend our timing analysis onto other Nvidia architectures: Maxwell, Pascal, Volta, and Turing GPUs. We also discuss countermeasures and experiment with a novel multi-key implementation, evaluating its resistance to our side-channel timing attack and its associated performance overhead.

Non-probabilistic method to consider uncertainties in frequency response function for vibration-based damage detection using Artificial Neural Network

Artificial neural network (ANN) has become a popular computational approach in the field of vibration-based damage detection, based on its ability to relate the nonlinear relationship between structural vibration characteristics and damage information. In the meantime, frequency response function (FRF) estimation has been proven effective as a dynamic parameter for damage detection due to its prevention of information leakage. In this regard, FRF is chosen as the input variable for ANN to detect structural damage in this study. However, the main concern in damage detection using FRF with ANN is the size of FRF data. A full-size FRF data will result in a wide composition range of the ANN input layer, thus affecting the iteration divergence in the network training process and resulting in the computational inefficiency. In most applications, principal component analysis (PCA) has been used to reduce the size of the FRF data before being fed to an ANN model. However, as the structures become more complex, the FRF data size also increases. The large size of FRF data may result in the PCA not being effective in selecting important information from the actual FRF data, leading to false damage detection. Moreover, the existence of uncertainties from modelling error and measurement error may also amplify the error in damage detection. Hence, this study proposes a combination of a non-probabilistic method with PCA to consider the problem of the existing uncertainties and the inefficiency of using FRF data in ANN-based damage detection. In this study, ANN is used to relate the FRF data to a damage feature. The input data for the network are the compressed real FRFs and the outputs are the elemental stiffness parameter (ESP). The compressed FRF data obtained from PCA provide a new damage index (DI) that is used as the input layer of the ANN. Based on the interval analysis method, the uncertainties in the new DI are considered to bind together to obtain the interval bound (lower and upper bounds) of the DI changes. The possibility of damage existence (PoDE) is designed to ascertain the relationship between the input and output parameters in the form of undamaged and damaged conditions. The verification conducted on a numerical model and a laboratory tested steel truss bridge model demonstrated that the proposed method is efficient in dealing with uncertainties using FRF for damage detection.

Brew: A Security Policy Analysis Framework for Distributed SDN-Based Cloud Environments

The ease of programmability in Software-Defined Networking (SDN) makes it a great platform implementation of various initiatives that involve application deployment, dynamic topology changes, and decentralized network management in a multi-tenant data center environment. However, implementing security solutions in such an environment is fraught with policy conflicts and consistency issues with the hardness of this problem being affected by the distribution scheme for the SDN controllers. In this paper we present Brew, a security policy analysis framework implemented on an OpenDaylight SDN controller, that has comprehensive conflict detection and resolution modules to ensure that no two flow rules in a distributed SDN-based cloud environment have conflicts at any layer; thereby assuring consistent conflict-free security policy implementation and preventing information leakage. We present techniques for global prioritization of flow rules in a decentralized environment, extend firewall rule conflict classification from a traditional environment to SDN flow rule conflicts by recognizing and classifying conflicts stemming from cross-layer conflicts and provide strategies for unassisted resolution of these conflicts. Alternately, if administrator input is desired to resolve conflicts, a novel visualization scheme is implemented to help the administrators view the conflicts graphically. We demonstrate the correctness, feasibility and scalability of our framework through a proof-of-concept prototype.

IoT Security Configurability with Security-by-Contract.

Cybersecurity is one of the biggest challenges in the Internet of Things (IoT) domain, as well as one of its most embarrassing failures. As a matter of fact, nowadays IoT devices still exhibit various shortcomings. For example, they lack secure default configurations and sufficient security configurability. They also lack rich behavioural descriptions, failing to list provided and required services. To answer this problem, we envision a future where IoT devices carry behavioural contracts and Fog nodes store network policies. One requirement is that contract consistency must be easy to prove. Moreover, contracts must be easy to verify against network policies. In this paper, we propose to combine the security-by-contract (S × C) paradigm with Fog computing to secure IoT devices. Following our previous work, first we formally define the pillars of our proposal. Then, by means of a running case study, we show that we can model communication flows and prevent information leaks. Last, we show that our contribution enables a holistic approach to IoT security, and that it can also prevent unexpected chains of events.

Research on Absorbing Properties of New Porous Metals Materials with Light Weight

The development of electronic science technology makes electromag-netic radiation problems increasingly severe. High-performance absorbing and shielding electromagnetic wave materials with light weight are researched and developed as one of effectiveness methods to restrain electromagnetic radiation and prevent information leakage. The absorbing properties of aluminium foams coating absorbing paint were studied and tested by making use of RCS in “the reflectivity testing measurement of radar absorbing material” of GJB 2038-94 in this work. The effect of absorbent species and metal base structure on absorbing properties of materials was discussed. The results indicate that the absorbing properties of materials coating magnetic dielectric absorbing paint are better than others, and that of the sample CFe are best in 12.0—18.0GHz, while that of the sample CNi’ are optimal in 26.5—40.0GHz; comparing with aluminium alloy plate materials, aluminium alloy foams have some absorbing properties, and after coating absorbing paint, absorbing properties’ improvement of aluminium foams are larger than of aluminium alloy plate that were resulted from complex porous structure mainly of aluminium foams’.

Anonymization in Online Social Networks Based on Enhanced Equi-Cardinal Clustering

Recent trends show that the popularity of online social networks (OSNs) has been increasing rapidly. From daily communication sites to online communities, an average person’s daily life has become dependent on these online networks. Hence, it has become evident that protection should be provided to these networks from unwanted intruders. In this paper, we consider the data privacy on OSNs at the network level rather than the user level. This network-level privacy helps us to prevent information leakage to third-party users, such as advertisers. We propose a novel scheme that combines the privacy of all the elements of a social network: node, edge, and attribute privacy by clustering the users based on their attribute similarity. We use an enhanced equi-cardinal clustering (ECC) as a way to achieve $k$ -anonymity. We further improve $k$ -anonymity with $l$ -diversity. Our proposed enhanced ECC ensures that there are at least “ $k$ ” users in any given network as well as the attributes in each cluster has at least $l$ -distinct values. We further provide proofs on how the proposed ECC ensures $k$ -anonymity and the maximum information loss. We consider a weighted directed social network graph as an input to our method to consider the existing complexities in a social network. With the help of two real-world data sets, we evaluate this method in terms of privacy and efficiency.

Blinding the Elephant: Combat, Information, and Rebel Violence

ABSTRACT How does combat affect insurgent violence against civilians? Existing studies emphasize the role of combat outcomes, but have not explored the direct effects of various combat events. This article argues that one such event, government attacks on the rebels, has a positive effect on insurgent violence that stems from the logic of guerrilla warfare. In guerrilla wars, government forces tend to rely on informants in finding the insurgents. Their attacks therefore often evince civilian denunciation. To deter future denunciations, the rebels have incentives to subsequently punish the suspected or known denunciator. This argument is probed using detailed original data from Nepal’s Maoist insurgency. A panel analysis shows that government attacks were positively associated with rebel violence against civilians, and especially with violence against suspected informants. Process-tracing evidence further supports the argument, suggesting that the rebels used violence strategically to prevent information leaks and government attacks.

Supply Chain Contracts That Prevent Information Leakage

This paper determines categories of contracts that facilitate vertical information sharing in a supply chain while precluding horizontal information leakage among competing newsvendors. We consider a supply chain in which retailers replenish inventory from a common supplier to satisfy uncertain demand and are engaged in newsvendor competition. Each retailer has imperfect demand information. Yet one of the retailers (the incumbent) has a more accurate demand forecast than the other (the entrant). Information leakage among such competing retailers precludes vertical information sharing and is often the reason for many retailers to abandon collaborative forecast-sharing initiatives, leading to suboptimized supply chains. We show that whether a contract can prevent information leakage depends on how the inventory risk (i.e., cost of supply–demand mismatch) is allocated among the supplier and retailers in conjunction with the allocation of profits. We categorize contracts according to how they allocate inventory risk among firms when compared with a wholesale‐price contract. This comparison yields four mutually exclusive and collectively exhaustive categories of contracts. A downside-protection contract is one that effectively reduces retailers’ cost of excess inventory by shifting some of their overage cost to the supplier. Examples of such contracts include buy-back and revenue-sharing contracts. An upside-protection contract is one that effectively increases retailers’ cost of inventory shortage by shifting some of the supplier’s underage cost to retailers. Examples of such contracts include penalty and rebate contracts. A two-sided protection contract combines the properties of the previous two categories. A no-protection contract is one that fails to shift firms’ cost of inventory shortage or excess from one to the other. Examples of such contracts include wholesale-price and two-part tariff contracts. We show that no-protection contracts, which are extensively used in practice, cannot prevent information leakage, whereas others may do so. We also show that preventing information leakage could be costly for the supply chain (i.e., low channel efficiency). We conclude by illustrating how our unified framework to study a variety of contracts can enable a firm to determine the best-performing contract (among many) that precludes information leakage while almost coordinating the channel. For example, we show why buy‐back contracts perform significantly better than revenue‐sharing or rebate contracts. This paper was accepted by Serguei Netessine, operations management.

SPECTRAL APPROACH TO DEVELOPMENT SYNTHESIS ON THE BASIS OF INHOMOGENEOUS LINES AND ISSUES OF DETERMINING WAVE RESISTANCE ACCORDING TO THE CENTRAL PART OF LEAKAGE INFORMATION CHANNELS (REVIEW)

One of the methods to prevent information leakage is filtering, which is carried out in order to prevent the propagation of high-frequency information signals outside the controlled area. To filter the signals in the power supply circuits, noise suppressing low-pass filters (LPF) are currently used. It is established that information leakage channels are determined by the location of the zeros and poles of the input impedance of the line on which the filter is based. In this case, two situations are possible: when building a filter, it is possible to change the zeros and poles of both the input resistance of the open circuit and the closed line. The set of zeros and poles consists of resonance and resonance frequencies that form the spectrum of the line. The procedure for increasing the frequency band of the barrier of distributed low-pass filters (LPF) due to the use of non-uniform (irregular) segments of transmission lines as filter sections is considered. This task has many solutions, one of which is the finding of such a function of wave impedance change from the line coordinate, for which there are no information leakage channels (parasitic channels) in a given frequency band. As a result, it is possible to obtain a significant gain in the discharge of the spectrum of resonant frequencies, improve the selective properties, suppress spurious bandwidths, and make technological nodes, the realization of which on the basis of homogeneous lines would be impossible. The considered techniques can be used to develop methods for constructing filters with a given distribution of information leakage channels by shifting the zeros and poles of the input resistance and to obtain analytical expressions for determining the wave resistances of multi-step lines with the required number of steps, which allows determining wave resistances filter step

Effective defense against fingerprinting attack based on autocorrelation property minimization approach

The website fingerprinting attack is one of the most important traffic analysis attacks that is able to identify a visited website in an anonymizing network such as Tor. It is shown that the existing defense methods against website fingerprinting attacks are inappropriate. In addition, they use large bandwidth and time overhead. In this study, we show that the autocorrelation property is the most important success factor of the website fingerprinting attack. We offer a new effective defense model to resolve this security vulnerability of the Tor anonymity network. The proposed defense model prevents information leakage from the passing traffic. In this regard, a novel mechanism is developed to make the traffic analysis a hard task. This mechanism is based on decreasing the entropy of instances by minimizing the autocorrelation property of them. By applying the proposed defense model, the accuracy of the most effective website fingerprinting attack reduces from 98% to the lowest success rate of the website fingerprinting attack, while the maximum bandwidth overhead of the network traffic remains on about 8%. Recall that the current best defense mechanisms reduce the accuracy of the attack to 23% with a minimum bandwidth overhead of more than 44%. Hence, the proposed defense model significantly reduces the accuracy of the website fingerprinting attack, while the bandwidth overhead increases very slightly (i.e., up to 8%).