maede ashouri-talouki

Using generative models to produce unlimited synthetic samples is a popular replacement for database sharing. Generative Adversarial Network (GAN) is a popular class of generative models which generates synthetic data samples very similar to real training datasets. However, GAN models do not necessarily guarantee training privacy as these models may memorize details of training data samples. When these models are built using sensitive data, the developers should ensure that the training dataset is appropriately protected against privacy leakage. Hence, quantifying the privacy risk of these models is essential. To this end, this paper focuses on evaluating the privacy risk of publishing the generator network of GAN models. Specially, we conduct a novel generator white-box membership inference attack against GAN models that exploits accessible information about the victim model, i.e., the generator’s weights and synthetic samples, to conduct the attack. In the proposed attack, an auto-encoder is trained to determine member and non-member training records. This attack is applied to various kinds of GANs. We evaluate our attack accuracy with respect to various model types and training configurations. The results demonstrate the superior performance of the proposed attack on non-private GANs compared to previous attacks in white-box generator access. The accuracy of the proposed attack is 19% higher on average than similar work. The proposed attack, like previous attacks, has better performance for victim models that are trained with small training sets.

Steganography is a solution for covert communication and blockchain is a p2p network for data transmission, so the benefits of blockchain can be used in steganography. In this paper, we discuss the advantages of blockchain in steganography, which include the ability to embed hidden data without manual change in the original data, as well as the readiness of the blockchain platform for data transmission and storage. By reviewing the previous four steganography schemes in blockchain, we have examined their drawback and shown that most of them are non-practical schemes for steganography in blockchain. We have proposed two algorithms for steganography in blockchain, the first one is a high-capacity algorithm for the key and the steganography algorithm exchange and switching, and the second one is a medium-capacity algorithm for embedding hidden data. The proposed method is a general method for steganography in each blockchain, and we investigate how it can be implemented in two most popular blockchains, Bitcoin and Ethereum. Experimental result shows the efficiency and practicality of proposed method in terms of execution time, latency and steganography fee. Finally, we have explained the challenges of steganography in blockchain from the steganographers' and steganalyzers' point of view.

Smart grids using information technology (IT) and communication networks control smart home appliances to reduce costs and increase reliability and transparency. Preserving the privacy of the user data is one of the biggest challenges in smart grid research; by disclosing user-related data, an internal or external adversary can understand the habits and behavior of the users. A solution to address this challenge is, however, a data aggregation mechanism in which the aggregated data of all of the users in a residential area. The security and efficiency of the data aggregation approach are important. The drawback of the previous works is leaking fine-grained user data or the high computation and communication overhead. In this paper, we present an efficient privacy-preserving data-aggregation protocol, called PPDA, based on the Elliptic Curve Cryptography (ECC) and Anonymous Veto network protocol. The PPDA protocol aggregates metering data efficiently and securely so that it becomes applicable for resource-constraint metering devices. We also present an improved multi-cycle proposal of PPDA, called MC-PPDA. In the improved approach, the system initialization step runs only at the first cycle of the protocol which increases the efficiency of the protocol. Evaluation results show that the proposed approaches preserve the privacy of the fine-grained user data against an internal and external adversary; the improved multi-cycle approach is also secure against collusion. Compared to the previous approaches, the proposed approaches incur less computation and communication overhead.

Electronic health record (EHR) system facilitates integrating patients' medical information and improves service productivity. However, user access to patient data in a privacy-preserving manner is still challenging problem. Many studies concerned with security and privacy in EHR systems. Rezaeibagha and Mu [1] have proposed a hybrid architecture for privacy-preserving accessing patient records in a cloud system. In their scheme, encrypted EHRs are stored in multiple clouds to provide scalability and privacy. In addition, they considered a role-based access control (RBAC) such that for any user, an EHR access policy must be determined. They also encrypt the EHRs by the public keys of all users. So, for a large amount of EHRs, this scheme is not efficient. Furthermore, using RBAC for access policy makes the policy changing difficult. In their scheme, users cannot search on encrypted EHRs based on diseases and some physicians must participate in the data retrieval by a requester physician. In this paper, we address these problems by considering a ciphertext-policy attribute-based encryption (CP-ABE) which is conceptually closer to the traditional access control methods such as RBAC. Our secure scheme can retrieve encrypted EHR based on a specific disease. Furthermore, the proposed scheme guarantees the user access control and the anonymity of the user or data owner during data retrieval. Moreover, our scheme is resistant against collusion between unauthorized retrievers to access the data. The analysis shows that our scheme is secure and efficient for cloud-based EHRs.

Doing a joint and secure computation on private inputs (Secure Multiparty Computation) is an interesting problem in the field of information security. The Millionaire problem is the first SMC problem in which two millionaires wish to know who is richer without disclosing their wealth. Then many problems have been defined in the field of secure multiparty computation. In this paper, the problem of secure multiparty summation is considered where a group of users wants to jointly and securely compute the summation value of their private inputs. We have reviewed and compared the related works in this filed; we have also identified the open issues and future works.

Location-based services (LBSs) provide appropriate information based on users’ locations. These services can be invoked by an individual user or a group of users. Using these services requires users to reveal their locations; thus, providing uses’ location privacy during the use of these services is an important issue. There are many works to protect users’ location privacy. In this paper, we have reviewed the related works to provide the location privacy for a group of users during the use of LBSs. We have classified them into two categories: the first category consists of the solutions that protect an individual user location privacy through group formation, while the second category contains the specific solutions to provide group location privacy. We have then analyzed and compared the performance and security properties of the related works, and have identified the open issues and future works in this field.