Juan Camilo Corena

A Privacy Risk Model for Trajectory Data

Time sequence data relating to users, such as medical histories and mobility data, are good candidates for data mining, but often contain highly sensitive information. Different methods in privacy-preserving data publishing are utilised to release such private data so that individual records in the released data cannot be re-linked to specific users with a high degree of certainty. These methods provide theoretical worst-case privacy risks as measures of the privacy protection that they offer. However, often with many real-world data the worst-case scenario is too pessimistic and does not provide a realistic view of the privacy risks: the real probability of re-identification is often much lower than the theoretical worst-case risk. In this paper we propose a novel empirical risk model for privacy which, in relation to the cost of privacy attacks, demonstrates better the practical risks associated with a privacy preserving data release. We show detailed evaluation of the proposed risk model by using k-anonymised real-world mobility data.

Secure and Fast Aggregation of Financial Data in Cloud-Based Expense Tracking Applications

Tracking expenses is a task performed in homes and businesses worldwide; for personal finances, the practice of organizing receipts for refunds or summarizing its contents for purposes such as budget planning and tax submission, has been recently aided by different services; these allow automatic collection of receipts either at store terminals or using a photo of the receipt submitted by the user, which can be later accessed using an online interface. Given the importance of financial information and the inherent danger introduced by these services, we present in this article an architecture based on additive homomorphic cryptosystems and secret sharing schemes to store information securely while still allowing fast aggregation queries at an outsourced untrusted cloud server. The proposal was evaluated in terms of security, server load, amount of user interaction, computational load at the acquiring terminal and computational load at the untrusted server.

PrefRank: fair aggregation of subjective user preferences

Ranking vast amounts of user-contributed content, such as digital photographs, is handled well through user-driven ranking, but user-driven ranking is often subjective and difficult to compare. The analytic hierarchy process helps making sense of subjective opinion, whereas finding a global ranking is a problem of rank aggregation of partially ranked lists. In this position paper, we propose a solution -- PrefRank -- based on eigenvector centrality that helps aggregating partially ranked lists. Our proposed approach can be used in other application scenarios involving qualitative judgement and ranking, such as reviewing academic papers for a conference.

A risk model for privacy in trajectory data

Time sequence data relating to users, such as medical histories and mobility data, are good candidates for data mining, but often contain highly sensitive information. Different methods in privacy-preserving data publishing are utilised to release such private data so that individual records in the released data cannot be re-linked to specific users with a high degree of certainty. These methods provide theoretical worst-case privacy risks as measures of the privacy protection that they offer. However, often with many real-world data the worst-case scenario is too pessimistic and does not provide a realistic view of the privacy risks: the real probability of re-identification is often much lower than the theoretical worst-case risk. In this paper, we propose a novel empirical risk model for privacy which, in relation to the cost of privacy attacks, demonstrates better the practical risks associated with a privacy preserving data release. We show detailed evaluation of the proposed risk model by using k-anonymised real-world mobility data and then, we show how the empirical evaluation of the privacy risk has a different trend in synthetic data describing random movements.

XOR network coding pollution prevention without homomorphic functions

Network coding is a way of transmitting information where nodes in a network combine incoming packets into a single one to increase throughput in some scenarios, nodes wishing to get the original information can perform decoding when enough packets have been received. Given its efficiency, the exclusive or (XOR) operation is very popular for network coding. One security concern for networks using network coding is the so called “pollution attack”, where an adversary introduces packets that are not combinations of the original ones. In this paper, we present a construction to prevent pollution attacks in XOR network coding that is suitable for networks where nodes must perform fast verifications. Unlike existing constructions in the literature which are based on XOR-homomorphic authentication functions, our construction can be instantiated with existing cryptographic primitives that are not related to the XOR operation. The core insight of our proposal is a carefully selected set of authenticated packets that are used to authenticate the network coding stream. We show that our proposal is computationally efficient at the intermediate nodes and that can be computed efficiently at the nodes which are generating the content.

A Multiple-MAC-Based Protocol to Identify Misbehaving Nodes in Network Coding

In network coding, intermediate nodes are allowed to transmit a function of the packets, instead of the traditional scheme where unmodified packets travel through the network. Some of the advantages of this mechanism are: a unified way to represent Broadcast, Multicast and Unicast, robustness in link and node failures and robustness to routing loops. However, allowing intermediate nodes to change information, introduces new points where byzantine attackers may try to disrupt the network. In this paper, we present a Message Authentication Code (MAC) Based protocol which can identify misbehaving nodes. Our construction uses only fast symmetric cryptographic operations, making it suitable for multicast networks, where latency is an important factor. For its construction, we used an efficient key assignment based on Bloms scheme, and a Merkle tree to provide authenticity during our identification routine. We show our construction is relevant in the context of network coding, by showing its execution time compared to that of pollution detection routines and other schemes used for authentication.

Lightweight Practical Private One-Way Anonymous Messaging

Opinions from people, evident in surveys and microblogging, for instance, may have bias or low user participation due to legitimate concerns about privacy and anonymity. To provide sender (the participant) anonymity, the identity of the message sender must be hidden from the message recipient (the opinion collector) and the contents of the actual message hidden from any intermediate actors (such as, routers) that may be responsible for relaying the message. We propose a novel one-way message routing scheme based on probabilistic forwarding that guarantees message privacy and sender anonymity through cryptographic means; utilising an additively homomorphic public-key cryptosystem along with a symmetric cipher. Our scheme involves intermediate relays and can work with either a centralised or a decentralised registry that helps with connecting the relays to each other. In addition to theoretical analysis, we demonstrate a real-world prototype built with HTML5 technologies and deployed on a public cloud environment. The prototype allows anonymous messaging over HTTP(S), and has been run inside HTML5 browsers on mobile application environments with no configurations at the network level. While we leave constructing the reverse path as future work, the proposal contained in this paper complete and has practical applications in anonymous surveys and microblogging.

Proofs of data possession and pollution checking for Regenerating Codes

Regenerating Codes strip a file in several servers, such that it is possible to recover the file when at least a given number of them is online. The difference between these codes and traditional erasure codes such as Reed-Solomon (RS), is that they require less bandwidth to repair failed nodes. This property is meant to improve storage reliability in cloud storage data systems. In this article, we present a method to check the availability of files that have been encoded using linear regenerating codes, by implementing two protocols that prove with high probability a node is in possession of a particular combination of data units from the original file. The constructions only use fast linear operations and are suited for real world files. Our proposal is based on the linear properties of the dot product among vectors and smart key assignments based on Combinatorics as well as Linear Algebra.

Hypercubes and Private Information Retrieval

In geometry, a hypercube is a regular polytype – a generalisation of a 3-dimensional cube to \(\lambda \)-dimensions, with mutually perpendicular sides of equal lengths. For \(\lambda = 0, 1, 2, 3, \text {and}\,4\), a hypercube is a point, a straight line segment, a square, a cube and a tesseract respectively. In this paper, we apply the concept of hypercubes in computationally private information retrieval (CPIR) based on additively homomorphic cryptosystems and optimise it further at the cost of a measurable privacy loss.

Practical Private One-way Anonymous Message Routing

Opinions from people can either be biased or reflect low participation due to legitimate concerns about privacy and anonymity. To alleviate those concerns, the identity of a message sender should be disassociated from the message while the contents of the actual message should be hidden from any relaying nodes. We propose a novel message routing scheme based on probabilistic forwarding that guarantees message privacy and sender anonymity through additively homomorphic public-key encryption. Our scheme is applicable to anonymous surveys and microblogging.