Bøger i Synthesis Lectures on Information Security, Privacy, and Trust serien

This book explores machine learning (ML) defenses against the many cyberattacks that make our workplaces, schools, private residences, and critical infrastructures vulnerable as a consequence of the dramatic increase in botnets, data ransom, system and network denials of service, sabotage, and data theft attacks. The use of ML techniques for security tasks has been steadily increasing in research and also in practice over the last 10 years. Covering efforts to devise more effective defenses, the book explores security solutions that leverage machine learning (ML) techniques that have recently grown in feasibility thanks to significant advances in ML combined with big data collection and analysis capabilities. Since the use of ML entails understanding which techniques can be best used for specific tasks to ensure comprehensive security, the book provides an overview of the current state of the art of ML techniques for security and a detailed taxonomy of security tasks and corresponding ML techniques that can be used for each task. It also covers challenges for the use of ML for security tasks and outlines research directions. While many recent papers have proposed approaches for specific tasks, such as software security analysis and anomaly detection, these approaches differ in many aspects, such as with respect to the types of features in the model and the dataset used for training the models. In a way that no other available work does, this book provides readers with a comprehensive view of the complex area of ML for security, explains its challenges, and highlights areas for future research. This book is relevant to graduate students in computer science and engineering as well as information systems studies, and will also be useful to researchers and practitioners who work in the area of ML techniques for security tasks.

The social benefit derived from Online Social Networks (OSNs) can lure users to reveal unprecedented volumes of personal data to an online audience that is much less trustworthy than their offline social circle. Even if a user hides his personal data from some users and shares with others, privacy settings of OSNs may be bypassed, thus leading to various privacy harms such as identity theft, stalking, or discrimination. Therefore, users need to be assisted in understanding the privacy risks of their OSN profiles as well as managing their privacy settings so as to keep such risks in check, while still deriving the benefits of social network participation.This book presents to its readers how privacy risk analysis concepts such as privacy harms and risk sources can be used to develop mechanisms for privacy scoring of user profiles and for supporting users in privacy settings management in the context of OSNs. Privacy scoring helps detect and minimize the risks due to the dissemination and use of personal data. The book also discusses many open problems in this area to encourage further research.

Anomaly detection has been a long-standing security approach with versatile applications, ranging from securing server programs in critical environments, to detecting insider threats in enterprises, to anti-abuse detection for online social networks. Despite the seemingly diverse application domains, anomaly detection solutions share similar technical challenges, such as how to accurately recognize various normal patterns, how to reduce false alarms, how to adapt to concept drifts, and how to minimize performance impact. They also share similar detection approaches and evaluation methods, such as feature extraction, dimension reduction, and experimental evaluation.The main purpose of this book is to help advance the real-world adoption and deployment anomaly detection technologies, by systematizing the body of existing knowledge on anomaly detection. This book is focused on data-driven anomaly detection for software, systems, and networks against advanced exploits and attacks, but also touches on a number of applications, including fraud detection and insider threats. We explain the key technical components in anomaly detection workflows, give in-depth description of the state-of-the-art data-driven anomaly-based security solutions, and more importantly, point out promising new research directions. This book emphasizes on the need and challenges for deploying service-oriented anomaly detection in practice, where clients can outsource the detection to dedicated security providers and enjoy the protection without tending to the intricate details.

This book focuses on the combined cyber and physical security issues in advanced electric smart grids. Existing standards are compared with classical results and the security and privacy principles of current practice are illustrated. The book paints a way for future development of advanced smart grids that operated in a peer-to-peer fashion, thus requiring a different security model. Future defenses are proposed that include information flow analysis and attestation systems that rely on fundamental physical properties of the smart grid system.

The new field of cryptographic currencies and consensus ledgers, commonly referred to as blockchains, is receiving increasing interest from various different communities. These communities are very diverse and amongst others include: technical enthusiasts, activist groups, researchers from various disciplines, start ups, large enterprises, public authorities, banks, financial regulators, business men, investors, and also criminals. The scientific community adapted relatively slowly to this emerging and fast-moving field of cryptographic currencies and consensus ledgers. This was one reason that, for quite a while, the only resources available have been the Bitcoin source code, blog and forum posts, mailing lists, and other online publications. Also the original Bitcoin paper which initiated the hype was published online without any prior peer review. Following the original publication spirit of the Bitcoin paper, a lot of innovation in this field has repeatedly come from the community itself in the form of online publications and online conversations instead of established peer-reviewed scientific publishing. On the one side, this spirit of fast free software development, combined with the business aspects of cryptographic currencies, as well as the interests of today's time-to-market focused industry, produced a flood of publications, whitepapers, and prototypes. On the other side, this has led to deficits in systematization and a gap between practice and the theoretical understanding of this new field. This book aims to further close this gap and presents a well-structured overview of this broad field from a technical viewpoint. The archetype for modern cryptographic currencies and consensus ledgers is Bitcoin and its underlying Nakamoto consensus. Therefore we describe the inner workings of this protocol in great detail and discuss its relations to other derived systems.

Digital forensic science, or digital forensics, is the application of scientific tools and methods to identify, collect, and analyze digital (data) artifacts in support of legal proceedings. From a more technical perspective, it is the process of reconstructing the relevant sequence of events that have led to the currently observable state of a target IT system or (digital) artifacts.Over the last three decades, the importance of digital evidence has grown in lockstep with the fast societal adoption of information technology, which has resulted in the continuous accumulation of data at an exponential rate. Simultaneously, there has been a rapid growth in network connectivity and the complexity of IT systems, leading to more complex behavior that needs to be investigated.The goal of this book is to provide a systematic technical overview of digital forensic techniques, primarily from the point of view of computer science. This allows us to put the field in the broader perspective of a host of related areas and gain better insight into the computational challenges facing forensics, as well as draw inspiration for addressing them. This is needed as some of the challenges faced by digital forensics, such as cloud computing, require qualitatively different approaches; the sheer volume of data to be examined also requires new means of processing it.

Over the last decade, differential privacy (DP) has emerged as the de facto standard privacy notion for research in privacy-preserving data analysis and publishing. The DP notion offers strong privacy guarantee and has been applied to many data analysis tasks.This Synthesis Lecture is the first of two volumes on differential privacy. This lecture differs from the existing books and surveys on differential privacy in that we take an approach balancing theory and practice. We focus on empirical accuracy performances of algorithms rather than asymptotic accuracy guarantees. At the same time, we try to explain why these algorithms have those empirical accuracy performances. We also take a balanced approach regarding the semantic meanings of differential privacy, explaining both its strong guarantees and its limitations.We start by inspecting the definition and basic properties of DP, and the main primitives for achieving DP. Then, we give a detailed discussion on the the semantic privacy guarantee provided by DP and the caveats when applying DP. Next, we review the state of the art mechanisms for publishing histograms for low-dimensional datasets, mechanisms for conducting machine learning tasks such as classification, regression, and clustering, and mechanisms for publishing information to answer marginal queries for high-dimensional datasets. Finally, we explain the sparse vector technique, including the many errors that have been made in the literature using it.The planned Volume 2 will cover usage of DP in other settings, including high-dimensional datasets, graph datasets, local setting, location privacy, and so on. We will also discuss various relaxations of DP.

Privacy Risk Analysis fills a gap in the existing literature by providing an introduction to the basic notions, requirements, and main steps of conducting a privacy risk analysis.The deployment of new information technologies can lead to significant privacy risks and a privacy impact assessment should be conducted before designing a product or system that processes personal data. However, if existing privacy impact assessment frameworks and guidelines provide a good deal of details on organizational aspects (including budget allocation, resource allocation, stakeholder consultation, etc.), they are much vaguer on the technical part, in particular on the actual risk assessment task. For privacy impact assessments to keep up their promises and really play a decisive role in enhancing privacy protection, they should be more precise with regard to these technical aspects.This book is an excellent resource for anyone developing and/or currently running a risk analysis as it defines the notions of personal data, stakeholders, risk sources, feared events, and privacy harms all while showing how these notions are used in the risk analysis process. It includes a running smart grids example to illustrate all the notions discussed in the book.

With the rapid development of cloud computing, the enterprises and individuals can outsource their sensitive data into the cloud server where they can enjoy high quality data storage and computing services in a ubiquitous manner. This is known as the outsourcing computation paradigm. Recently, the problem for securely outsourcing various expensive computations or storage has attracted considerable attention in the academic community. In this book, we focus on the latest technologies and applications of secure outsourcing computations. Specially, we introduce the state-of-the-art research for secure outsourcing some specific functions such as scientific computations, cryptographic basic operations, and verifiable large database with update. The constructions for specific functions use various design tricks and thus result in very efficient protocols for real-world applications. The topic of outsourcing computation is a hot research issue nowadays. Thus, this book will be beneficial to academic researchers in the field of cloud computing and big data security.

The current social and economic context increasingly demands open data to improve scientific research and decision making. However, when published data refer to individual respondents, disclosure risk limitation techniques must be implemented to anonymize the data and guarantee by design the fundamental right to privacy of the subjects the data refer to. Disclosure risk limitation has a long record in the statistical and computer science research communities, who have developed a variety of privacy-preserving solutions for data releases. This Synthesis Lecture provides a comprehensive overview of the fundamentals of privacy in data releases focusing on the computer science perspective. Specifically, we detail the privacy models, anonymization methods, and utility and risk metrics that have been proposed so far in the literature. Besides, as a more advanced topic, we identify and discuss in detail connections between several privacy models (i.e., how to accumulate the privacy guarantees they offer to achieve more robust protection and when such guarantees are equivalent or complementary); we also explore the links between anonymization methods and privacy models (how anonymization methods can be used to enforce privacy models and thereby offer ex ante privacy guarantees). These latter topics are relevant to researchers and advanced practitioners, who will gain a deeper understanding on the available data anonymization solutions and the privacy guarantees they can offer.

Whereas user-facing applications are often written in modern languages, the firmware, operating system, support libraries, and virtual machines that underpin just about any modern computer system are still written in low-level languages that value flexibility and performance over convenience and safety. Programming errors in low-level code are often exploitable and can, in the worst case, give adversaries unfettered access to the compromised host system. This book provides an introduction to and overview of automatic software diversity techniques that, in one way or another, use randomization to greatly increase the difficulty of exploiting the vast amounts of low-level code in existence. Diversity-based defenses are motivated by the observation that a single attack will fail against multiple targets with unique attack surfaces. We introduce the many, often complementary, ways that one can diversify attack surfaces and provide an accessible guide to more than two decades worth of research on the topic. We also discuss techniques used in conjunction with diversity to prevent accidental disclosure of randomized program aspects and present an in-depth case study of one of our own diversification solutions.

Social media greatly enables people to participate in online activities and shatters the barrier for online users to create and share information at any place at any time. However, the explosion of user-generated content poses novel challenges for online users to find relevant information, or, in other words, exacerbates the information overload problem. On the other hand, the quality of user-generated content can vary dramatically from excellence to abuse or spam, resulting in a problem of information credibility. The study and understanding of trust can lead to an effective approach to addressing both information overload and credibility problems. Trust refers to a relationship between a trustor (the subject that trusts a target entity) and a trustee (the entity that is trusted). In the context of social media, trust provides evidence about with whom we can trust to share information and from whom we can accept information without additional verification. With trust, we make the mental shortcut by directly seeking information from trustees or trusted entities, which serves a two-fold purpose: without being overwhelmed by excessive information (i.e., mitigated information overload) and with credible information due to the trust placed on the information provider (i.e., increased information credibility). Therefore, trust is crucial in helping social media users collect relevant and reliable information, and trust in social media is a research topic of increasing importance and of practical significance. This book takes a computational perspective to offer an overview of characteristics and elements of trust and illuminate a wide range of computational tasks of trust. It introduces basic concepts, deliberates challenges and opportunities, reviews state-of-the-art algorithms, and elaborates effective evaluation methods in the trust study. In particular, we illustrate properties and representation models of trust, elucidate trust prediction with representative algorithms, and demonstrate real-world applications where trust is explicitly used. As a new dimension of the trust study, we discuss the concept of distrust and its roles in trust computing.

Today, embedded systems are used in many security-critical applications, from access control, electronic tickets, sensors, and smart devices (e.g., wearables) to automotive applications and critical infrastructures. These systems are increasingly used to produce and process both security-critical and privacy-sensitive data, which bear many security and privacy risks. Establishing trust in the underlying devices and making them resistant to software and hardware attacks is a fundamental requirement in many applications and a challenging, yet unsolved, task. Solutions solely based on software can never ensure their own integrity and trustworthiness while resource-constraints and economic factors often prevent the integration of sophisticated security hardware and cryptographic co-processors. In this context, Physically Unclonable Functions (PUFs) are an emerging and promising technology to establish trust in embedded systems with minimal hardware requirements. This book explores the design of trusted embedded systems based on PUFs. Specifically, it focuses on the integration of PUFs into secure and efficient cryptographic protocols that are suitable for a variety of embedded systems. It exemplarily discusses how PUFs can be integrated into lightweight device authentication and attestation schemes, which are popular and highly relevant applications of PUFs in practice. For the integration of PUFs into secure cryptographic systems, it is essential to have a clear view of their properties. This book gives an overview of different approaches to evaluate the properties of PUF implementations and presents the results of a large scale security analysis of different PUF types implemented in application-specific integrated circuits (ASICs). To analyze the security of PUF-based schemes as is common in modern cryptography, it is necessary to have a security framework for PUFs and PUF-based systems. In this book, we give a flavor of the formal modeling of PUFs that is in its beginning and that is still undergoing further refinement in current research. The objective of this book is to provide a comprehensive overview of the current state of secure PUF-based cryptographic system design and the related challenges and limitations. Table of Contents: Preface / Introduction / Basics of Physically Unclonable Functions / Attacks on PUFs and PUF-based Systems / Advanced PUF Concepts / PUF Implementations and Evaluation / PUF-based Cryptographic Protocols / Security Model for PUF-based Systems / Conclusion / Terms and Abbreviations / Bibliography / Authors' Biographies

There has been roughly 15 years of research into approaches for aligning research in Human Computer Interaction with computer Security, more colloquially known as ``usable security.'' Although usability and security were once thought to be inherently antagonistic, today there is wide consensus that systems that are not usable will inevitably suffer security failures when they are deployed into the real world. Only by simultaneously addressing both usability and security concerns will we be able to build systems that are truly secure. This book presents the historical context of the work to date on usable security and privacy, creates a taxonomy for organizing that work, outlines current research objectives, presents lessons learned, and makes suggestions for future research.

Digital Watermarking is the art and science of embedding information in existing digital content for Digital Rights Management (DRM) and authentication. Reversible watermarking is a class of (fragile) digital watermarking that not only authenticates multimedia data content, but also helps to maintain perfect integrity of the original multimedia "e;cover data."e; In non-reversible watermarking schemes, after embedding and extraction of the watermark, the cover data undergoes some distortions, although perceptually negligible in most cases. In contrast, in reversible watermarking, zero-distortion of the cover data is achieved, that is the cover data is guaranteed to be restored bit-by-bit. Such a feature is desirable when highly sensitive data is watermarked, e.g., in military, medical, and legal imaging applications. This work deals with development, analysis, and evaluation of state-of-the-art reversible watermarking techniques for digital images. In this work we establish the motivation for research on reversible watermarking using a couple of case studies with medical and military images. We present a detailed review of the state-of-the-art research in this field. We investigate the various subclasses of reversible watermarking algorithms, their operating principles, and computational complexities. Along with this, to give the readers an idea about the detailed working of a reversible watermarking scheme, we present a prediction-based reversible watermarking technique, recently published by us. We discuss the major issues and challenges behind implementation of reversible watermarking techniques, and recently proposed solutions for them. Finally, we provide an overview of some open problems and scope of work for future researchers in this area.

Recently, mobile security has garnered considerable interest in both the research community and industry due to the popularity of smartphones. The current smartphone platforms are open systems that allow application development, also for malicious parties. To protect the mobile device, its user, and other mobile ecosystem stakeholders such as network operators, application execution is controlled by a platform security architecture. This book explores how such mobile platform security architectures work. We present a generic model for mobile platform security architectures: the model illustrates commonly used security mechanisms and techniques in mobile devices and allows a systematic comparison of different platforms. We analyze several mobile platforms using the model. In addition, this book explains hardware-security mechanisms typically present in a mobile device. We also discuss enterprise security extensions for mobile platforms and survey recent research in the area of mobile platform security. The objective of this book is to provide a comprehensive overview of the current status of mobile platform security for students, researchers, and practitioners.

As a fast-evolving new area, RFID security and privacy has quickly grown from a hungry infant to an energetic teenager during recent years. Much of the exciting development in this area is summarized in this book with rigorous analyses and insightful comments. In particular, a systematic overview on RFID security and privacy is provided at both the physical and network level. At the physical level, RFID security means that RFID devices should be identified with assurance in the presence of attacks, while RFID privacy requires that RFID devices should be identified without disclosure of any valuable information about the devices. At the network level, RFID security means that RFID information should be shared with authorized parties only, while RFID privacy further requires that RFID information should be shared without disclosure of valuable RFID information to any honest-but-curious server which coordinates information sharing. Not only does this book summarize the past, but it also provides new research results, especially at the network level. Several future directions are envisioned to be promising for advancing the research in this area.

The enormous success and diffusion that online social networks (OSNs) are encountering nowadays is vastly apparent. Users' social interactions now occur using online social media as communication channels; personal information and activities are easily exchanged both for recreational and business purposes in order to obtain social or economic advantages. In this scenario, OSNs are considered critical applications with respect to the security of users and their resources, for their characteristics alone: the large amount of personal information they manage, big economic upturn connected to their commercial use, strict interconnection among users and resources characterizing them, as well as user attitude to easily share private data and activities with strangers. In this book, we discuss three main research topics connected to security in online social networks: (i) trust management, because trust can be intended as a measure of the perception of security (in terms of risks/benefits) that users in an OSN have with respect to other (unknown/little-known) parties; (ii) controlled information sharing, because in OSNs, where personal information is not only connected to user profiles, but spans across users' social activities and interactions, users must be provided with the possibility to directly control information flows; and (iii) identity management, because OSNs are subjected more and more to malicious attacks that, with respect to traditional ones, have the advantage of being more effective by leveraging the social network as a new medium for reaching victims. For each of these research topics, in this book we provide both theoretical concepts as well as an overview of the main solutions that commercial/non-commercial actors have proposed over the years. We also discuss some of the most promising research directions in these fields.

In our digital world, integrated circuits are present in nearly every moment of our daily life. Even when using the coffee machine in the morning, or driving our car to work, we interact with integrated circuits. The increasing spread of information technology in virtually all areas of life in the industrialized world offers a broad range of attack vectors. So far, mainly software-based attacks have been considered and investigated, while hardware-based attacks have attracted comparatively little interest. The design and production process of integrated circuits is mostly decentralized due to financial and logistical reasons. Therefore, a high level of trust has to be established between the parties involved in the hardware development lifecycle. During the complex production chain, malicious attackers can insert non-specified functionality by exploiting untrusted processes and backdoors. This work deals with the ways in which such hidden, non-specified functionality can be introduced into hardware systems. After briefly outlining the development and production process of hardware systems, we systematically describe a new type of threat, the hardware Trojan. We provide a historical overview of the development of research activities in this field to show the growing interest of international research in this topic. Current work is considered in more detail. We discuss the components that make up a hardware Trojan as well as the parameters that are relevant for an attack. Furthermore, we describe current approaches for detecting, localizing, and avoiding hardware Trojans to combat them effectively. Moreover, this work develops a comprehensive taxonomy of countermeasures and explains in detail how specific problems are solved. In a final step, we provide an overview of related work and offer an outlook on further research in this field.

This book deals with Private Information Retrieval (PIR), a technique allowing a user to retrieve an element from a server in possession of a database without revealing to the server which element is retrieved. PIR has been widely applied to protect the privacy of the user in querying a service provider on the Internet. For example, by PIR, one can query a location-based service provider about the nearest car park without revealing his location to the server. The first PIR approach was introduced by Chor, Goldreich, Kushilevitz and Sudan in 1995 in a multi-server setting, where the user retrieves information from multiple database servers, each of which has a copy of the same database. To ensure user privacy in the multi-server setting, the servers must be trusted not to collude. In 1997, Kushilevitz and Ostrovsky constructed the first single-database PIR. Since then, many efficient PIR solutions have been discovered. Beginning with a thorough survey of single-database PIR techniques, this text focuses on the latest technologies and applications in the field of PIR. The main categories are illustrated with recently proposed PIR-based solutions by the authors. Because of the latest treatment of the topic, this text will be highly beneficial to researchers and industry professionals in information security and privacy.

Sharing of location data enables numerous exciting applications, such as location-based queries, location-based social recommendations, monitoring of traffic and air pollution levels, etc. Disclosing exact user locations raises serious privacy concerns, as locations may give away sensitive information about individuals' health status, alternative lifestyles, political and religious affiliations, etc. Preserving location privacy is an essential requirement towards the successful deployment of location-based applications. These lecture notes provide an overview of the state-of-the-art in location privacy protection. A diverse body of solutions is reviewed, including methods that use location generalization, cryptographic techniques or differential privacy. The most prominent results are discussed, and promising directions for future work are identified.

This book deals with "e;crypto-biometrics"e;, a relatively new and multi-disciplinary area of research (started in 1998). Combining biometrics and cryptography provides multiple advantages, such as, revocability, template diversity, better verification accuracy, and generation of cryptographically usable keys that are strongly linked to the user identity. In this text, a thorough review of the subject is provided and then some of the main categories are illustrated with recently proposed systems by the authors. Beginning with the basics, this text deals with various aspects of crypto-biometrics, including review, cancelable biometrics, cryptographic key generation from biometrics, and crypto-biometric key sharing protocols. Because of the thorough treatment of the topic, this text will be highly beneficial to researchers and industry professionals in information security and privacy. Table of Contents: Introduction / Cancelable Biometric System / Cryptographic Key Regeneration Using Biometrics / Biometrics-Based Secure Authentication Protocols / Concluding Remarks

Increasingly our critical infrastructures are reliant on computers. We see examples of such infrastructures in several domains, including medical, power, telecommunications, and finance. Although automation has advantages, increased reliance on computers exposes our critical infrastructures to a wider variety and higher likelihood of accidental failures and malicious attacks. Disruption of services caused by such undesired events can have catastrophic effects, such as disruption of essential services and huge financial losses. The increased reliance of critical services on our cyberinfrastructure and the dire consequences of security breaches have highlighted the importance of information security. Authorization, security protocols, and software security are three central areas in security in which there have been significant advances in developing systematic foundations and analysis methods that work for practical systems. This book provides an introduction to this work, covering representative approaches, illustrated by examples, and providing pointers to additional work in the area. Table of Contents: Introduction / Foundations / Detecting Buffer Overruns Using Static Analysis / Analyzing Security Policies / Analyzing Security Protocols

Operating systems provide the fundamental mechanisms for securing computer processing. Since the 1960s, operating systems designers have explored how to build "e;secure"e; operating systems - operating systems whose mechanisms protect the system against a motivated adversary. Recently, the importance of ensuring such security has become a mainstream issue for all operating systems. In this book, we examine past research that outlines the requirements for a secure operating system and research that implements example systems that aim for such requirements. For system designs that aimed to satisfy these requirements, we see that the complexity of software systems often results in implementation challenges that we are still exploring to this day. However, if a system design does not aim for achieving the secure operating system requirements, then its security features fail to protect the system in a myriad of ways. We also study systems that have been retrofit with secure operating system features after an initial deployment. In all cases, the conflict between function on one hand and security on the other leads to difficult choices and the potential for unwise compromises. From this book, we hope that systems designers and implementors will learn the requirements for operating systems that effectively enforce security and will better understand how to manage the balance between function and security. Table of Contents: Introduction / Access Control Fundamentals / Multics / Security in Ordinary Operating Systems / Verifiable Security Goals / Security Kernels / Securing Commercial Operating Systems / Case Study: Solaris Trusted Extensions / Case Study: Building a Secure Operating System for Linux / Secure Capability Systems / Secure Virtual Machine Systems / System Assurance