David Lorenzi

A Random Decision Tree Framework for Privacy-Preserving Data Mining

Distributed data is ubiquitous in modern information driven applications. With multiple sources of data, the natural challenge is to determine how to collaborate effectively across proprietary organizational boundaries while maximizing the utility of collected information. Since using only local data gives suboptimal utility, techniques for privacy-preserving collaborative knowledge discovery must be developed. Existing cryptography-based work for privacy-preserving data mining is still too slow to be effective for large scale data sets to face todays big data challenge. Previous work on random decision trees (RDT) shows that it is possible to generate equivalent and accurate models with much smaller cost. We exploit the fact that RDTs can naturally fit into a parallel and fully distributed architecture, and develop protocols to implement privacy-preserving RDTs that enable general and efficient distributed privacy-preserving knowledge discovery.

Enhancing the government service experience through QR codes on mobile platforms

Abstract Digital government is universally gaining acceptance as the public becomes more technologically advanced. It is critical for the government to embrace new technology for minimizing costs and maximizing utility of services to the taxpayers. While administrative services have been easily ported to the digital world, there are still many important citizen-centric services that have not yet been effectively migrated. Quick Response codes (QR codes) provide a means to effectively distribute many different varieties of information to the public. We propose to integrate QR code systems and corresponding smartphone applications into existing government services with the goal of providing a new level of interactivity for the public. We illustrate this through two case studies, examining the National Park Services and the Mobile Environmental Information Services (MENVIS). The focus is on developing a QR code waypoint system for park navigation, as well as incentivizing park use through gamification of site attractions. The system provides increased safety for park goers, disseminates information more effectively and accurately, and improves feedback.

Utilizing social media to improve local government responsiveness

In this paper, we investigate ways that social media platforms can enhance the responsiveness of branches of local government that deal primarily in performing tasks on the behalf of citizens or interacting with them. More specifically, we utilize the Twitter platform (on the web and capable smartphones) to provide a two way communications channel between a local government system and citizens. Through such social media driven communication, citizens can submit requests for work to be completed, which could then be carried out by the local government. The goal of such a system is to enable the local government to increase responsiveness and gain efficiency in its manpower usage through optimized route planning and intelligent work dispatch.

Using QR codes for enhancing the scope of digital government services

Digital government is universally gaining acceptance as the public becomes more technologically advanced. The government must embrace new technology to minimize costs and maximize utility of services to the taxpayer. While administrative services have been easily ported to the digital world, there are still many important citizen-centric services that have not yet been effectively migrated. Quick Response codes (QR codes) provide a means to effectively distribute many different varieties of information to the public. We propose a QR code system and a corresponding smartphone application for the U. S. National Park Service (NPS) with the goal of providing a new level of interactivity for the public. The focus is on developing a QR code waypoint system for park navigation, as well as incentivizing park use through gamification of site attractions. The system provides increased safety for park goers, disseminates information more effectively and accurately, and improves feedback between the NPS and the public.

PEER: A Framework for Public Engagement in Emergency Response

While government agencies, NGOs, and even commercial entities immediately swing into action to help out, in the case of large disasters, one of the biggest resources-citizens themselves-are underutilized. The rise of social media creates an opportunity for the citizen participation for disaster response management. By harnessing the power of citizen crowdsourcing, the government can have enhanced disaster situation awareness and utilize resources provided by citizen volunteers, resulting in more effective disaster responses. In this paper, the prototype Public Engagement in Emergency Response PEER framework is presented. It provides a comprehensive online and mobile crowdsourcing platform for situation reporting and resource volunteering. Events are described that transpired in the aftermath of superstorm Sandy, which demonstrate the benefits of using the PEER framework in a major disaster situation. Also described is how it can alleviate some of the issues associated with the crowdsourcing responses such as fraud.

Migrating from DAC to RBAC

Role Based Access Control (RBAC) is one of the most popular means for enforcing access control. One of the main reasons for this is that it is perceived as the least expensive configuration with respect to security administration. In this paper, we demonstrate that security administration is not always cheaper under RBAC when compared to the traditional Discretionary Access Control (DAC). If RBAC proves to be beneficial, organizations may choose to migrate from DAC to RBAC. There have been many algorithms developed to generate RBAC configurations from DAC configuration. Although these algorithms provide an RBAC configuration, the quality of the generated RBAC configuration could vary among different algorithms and DAC configurations. In this paper, we propose a decision support framework, which provides a basis for comparison among different potential RBAC derivations from DAC to determine the most desirable outcome with respect to the cost of security administration.

Attacking Image Based CAPTCHAs Using Image Recognition Techniques

CAPTCHAs have become the de-facto standard in providing protection from automated robot attacks against online forms and services. These captchas can take on many forms, combining the use of text, images or other cognitive tasks that are difficult for computers to solve but easy for humans. In this paper, we focus on captchas where the challenge to be solved is an image recognition task. We show that well established image classification techniques and algorithms can be used by attackers to “crack” such captchas. Specifically, we examine three state of the art image recognition captchas, SQ-PIX, ESP-PIX, and ASIRRA, and show that with modern image processing tools, the CAPTCHAs do not provide much security and can be easily circumvented.

Generating Secure Images for CAPTCHAs through Noise Addition

As online automation, image processing and computer vision become increasingly powerful and sophisticated, methods to secure online assets from automated attacks (bots) are required. As traditional text based CAPTCHAs become more vulnerable to attacks, new methods for ensuring a user is human must be devised. To provide a solution to this problem, we aim to reduce some of the security shortcomings in an alternative style of CAPTCHA - more specifically, the image CAPTCHA. Introducing noise helps image CAPTCHAs thwart attacks from Reverse Image Search (RIS) engines and Computer Vision (CV) attacks while still retaining enough usability to allow humans to pass challenges. We present a secure image generation method based on noise addition that can be used for image CAPTCHAs, along with 4 different styles of image CAPTCHAs to demonstrate a fully functional image CAPTCHA challenge system.

Enhancing the Security of Image CAPTCHAs Through Noise Addition

Text based CAPTCHAs are the de facto method of choice to ensure that humans (rather than automated bots) are interacting with websites. Unfortunately, users often find it inconvenient to read characters and type them in. Image CAPTCHAs provide an alternative that is often preferred to text-based implementations. However, Image CAPTCHAs have their own set of security and usability problems. A key issue is their susceptibility to Reverse Image Search (RIS) and Computer Vision (CV) attacks. In this paper, we present a generalized methodology to transform existing images by applying various noise generation algorithms into variants that are resilient to such attacks. To evaluate the usability/security tradeoff, we conduct a user study to determine if the method can provide “usable” images that meet our security requirements – thus improving the overall security provided by Image CAPTCHAs.

Web Services Based Attacks against Image CAPTCHAs

CAPTCHAs provide protection from automated robot attacks against online forms and services. Image recognition CAPTCHAs, which require users to perform an image recognition task, have been proposed as a more robust alternative to character recognition CAPTCHAs. However, in recent years, a number of web services that deal with content based image retrieval and analysis have been developed and released for public consumption. These web services can be used in completely unexpected ways to attack image CAPTCHAs. Specifically, in this paper, we consider three specific kinds of web services: 1 Reverse Image Search RIS, 2 Image Similarity Search ISS, and 3 Automatic Linguistic Annotation ALA. We show how the functionality of these image based web services, used in conjunction with regular expressions, keyword ontologies and some statistical analysis/inference, can pose a dangerous attack that easily bypasses the hard AI problem used in challenges for typical image CAPTCHAs. We also discuss effective defensive measures that can be utilized to make CAPTCHAs more resistant to the attack vectors these web services provide.