Praveen Manoharan
Saarland University
Network
Latest external collaboration on country level. Dive into details by clicking on the dots.
Publication
Featured researches published by Praveen Manoharan.
european symposium on research in computer security | 2017
Kathrin Grosse; Nicolas Papernot; Praveen Manoharan; Michael Backes; Patrick D. McDaniel
Machine learning models are known to lack robustness against inputs crafted by an adversary. Such adversarial examples can, for instance, be derived from regular inputs by introducing minor—yet carefully selected—perturbations.
computer and communications security | 2016
Michael Backes; Pascal Berrang; Mathias Humbert; Praveen Manoharan
The continuous decrease in cost of molecular profiling tests is revolutionizing medical research and practice, but it also raises new privacy concerns. One of the first attacks against privacy of biological data, proposed by Homer et al. in 2008, showed that, by knowing parts of the genome of a given individual and summary statistics of a genome-based study, it is possible to detect if this individual participated in the study. Since then, a lot of work has been carried out to further study the theoretical limits and to counter the genome-based membership inference attack. However, genomic data are by no means the only or the most influential biological data threatening personal privacy. For instance, whereas the genome informs us about the risk of developing some diseases in the future, epigenetic biomarkers, such as microRNAs, are directly and deterministically affected by our health condition including most common severe diseases. In this paper, we show that the membership inference attack also threatens the privacy of individuals contributing their microRNA expressions to scientific studies. Our results on real and public microRNA expression data demonstrate that disease-specific datasets are especially prone to membership detection, offering a true-positive rate of up to 77% at a false-negative rate of less than 1%. We present two attacks: one relying on the L_1 distance and the other based on the likelihood-ratio test. We show that the likelihood-ratio test provides the highest adversarial success and we derive a theoretical limit on this success. In order to mitigate the membership inference, we propose and evaluate both a differentially private mechanism and a hiding mechanism. We also consider two types of adversarial prior knowledge for the differentially private mechanism and show that, for relatively large datasets, this mechanism can protect the privacy of participants in miRNA-based studies against strong adversaries without degrading the data utility too much. Based on our findings and given the current number of miRNAs, we recommend to only release summary statistics of datasets containing at least a couple of hundred individuals.
workshop on privacy in the electronic society | 2016
Michael Backes; Pascal Berrang; Oana Goga; Krishna P. Gummadi; Praveen Manoharan
A number of works have recently shown that the privacy offered by pseudonymous identities on social media systems like Twitter or Reddit is threatened by cross-site identity linking attacks. Such attacks link the identities of the same user across websites. Therefore, assessing linkability, i.e., the risk that identities are linked across different websites, remains an important open problem. In this work, we analyze whether anonymity within a single social media site can protect a user from being linked across sites. To this end, we first introduce a relative linkability measure ranking identities within a social media site by their anonymity. We show that anonymity alone is not sufficient to assess linkability risks, by evaluating this measure on a data set comprising 15 million comments gathered from the Reddit social media system. Second, we mitigate this insufficiency and present our absolute linkability measure, which in addition utilizes information about matching identities. Then, we confirm the validity of this measure on our data set. The measure is able to accurately assess the linkability risk in almost 75% of the cases and, more importantly, is shown to never underestimate the linkability risk.
ieee computer security foundations symposium | 2014
Michael Backes; Praveen Manoharan; Esfandiar Mohammadi
The anonymous communication protocol Tor constitutes the most widely deployed technology for providing anonymity for user communication over the Internet. Several frameworks have been proposed that show strong anonymity guarantees, none of these, however, are capable of modeling the class of traffic-related timing attacks against Tor, such as traffic correlation and website fingerprinting. In this work, we present TUC: the first framework that allows for establishing strong anonymity guarantees in the presence of time-sensitive adversaries that mount traffic-related timing attacks. TUC incorporates a comprehensive notion of time in an asynchronous communication model with sequential activation, while offering strong compositionality properties for security proofs. We apply TUC to evaluate a novel countermeasure for Tor against website fingerprinting attacks. Our analysis relies on a formalization of the onion routing protocol that underlies Tor and proves rigorous anonymity guarantees in the presence of traffic-related timing attacks.
ieee computer security foundations symposium | 2017
Michael Backes; Manuel Gomez-Rodriguez; Praveen Manoharan; Bartlomiej Surma
Social Networks and other social media systems are an ever popular medium that allow users to freely communicate and interact with their peers. Once a user shares a piece of information, however, the transitive propagation of information in such systems can allow this information to spread quickly throughout the whole system. Due to the potentially sensitive nature of the shared information, users naturally have an interest in controlling the propagation of information to ensure privacy. At the same time, users also have utility requirements in terms of users they want to share a certain piece of information with, which naturally causes a conflict with the privacy requirements.,,In this paper, we tackle the issue of controlling the propagation of information through a social network while at the same time maintaining utility requirements set by the user. We leverage continuous-time diffusion networks to model the global propagation behavior in social networks and define combined privacy and utility policies that allow us to enforce privacy under utility restrictions, and vice versa. We show that optimally satisfying such policies corresponds to solving a constrained submodular minimization problem, which, while NP-hard, allows for a constant factor approximation due to the structure of our objective function.
Tutorial Lectures on Foundations of Security Analysis and Design VIII - Volume 9808 | 2016
Michael Backes; Pascal Berrang; Praveen Manoharan
In this paper, we develop a user-centric privacy framework for quantitatively assessing the exposure of personal information in open settings. Our formalization addresses key-challenges posed by such open settings, such as the unstructured dissemination of heterogeneous information and the necessity of user- and context-dependent privacy requirements. We propose a new definition of information sensitivity derived from our formalization of privacy requirements, and, as a sanity check, show that hard non-disclosure guarantees are impossible to achieve in open settings. After that, we provide an instantiation of our framework to address the identity disclosure problem, leading to the novel notion of d-convergence. d-convergence is based on indistinguishability of entities and it bounds the likelihood with which an adversary successfully links two profiles of the same user across online communities. Finally, we provide a large-scale evaluation of our framework on a collection of 15 million comments collected from the Online Social Network Reddit. Our evaluation validates the notion of d-convergence for assessing the linkability of entities in our data set and provides deeper insights into the data sets structure.
arXiv: Cryptography and Security | 2016
Kathrin Grosse; Nicolas Papernot; Praveen Manoharan; Michael Backes; Patrick D. McDaniel
arXiv: Cryptography and Security | 2017
Kathrin Grosse; Praveen Manoharan; Nicolas Papernot; Michael Backes; Patrick D. McDaniel
ieee computer security foundations symposium | 2013
Michael Backes; Aniket Kate; Praveen Manoharan; Sebastian Meiser; Esfandiar Mohammadi
Archive | 2015
Michael Backes; Pascal Berrang; Praveen Manoharan