Byron Marohn, C. V. Wright, W. Feng, Mike Rosulek, R. Bobba
Thumbnail preserving encryption (TPE) was suggested by Wright et al. [Information Hiding & Multimedia Security Workshop 2015] as a way to balance privacy and usability for online image sharing. The idea is to encrypt a plaintext image into a ciphertext image that has roughly the same thumbnail as well as retaining the original image format. At the same time, TPE allows users to take advantage of much of the functionality of online photo management tools, while still providing some level of privacy against the service provider. In this work we present two new approximate TPE encryption schemes. In our schemes, ciphertexts and plaintexts have perceptually similar, but not identical, thumbnails. Our constructions are the first TPE schemes designed to work well with JPEG compression. In addition, we show that they also have provable security guarantees that characterize precisely what information about the plaintext is leaked by the ciphertext image. We empirically evaluate our schemes according to the similarity of plaintext & ciphertext thumbnails, increase in file size under JPEG compression, preservation of perceptual image hashes, among other aspects. We also show how approximate TPE can be an effective tool to thwart inference attacks by machine-learning image classifiers, which have shown to be effective against other image obfuscation techniques.
{"title":"Approximate Thumbnail Preserving Encryption","authors":"Byron Marohn, C. V. Wright, W. Feng, Mike Rosulek, R. Bobba","doi":"10.1145/3137616.3137621","DOIUrl":"https://doi.org/10.1145/3137616.3137621","url":null,"abstract":"Thumbnail preserving encryption (TPE) was suggested by Wright et al. [Information Hiding & Multimedia Security Workshop 2015] as a way to balance privacy and usability for online image sharing. The idea is to encrypt a plaintext image into a ciphertext image that has roughly the same thumbnail as well as retaining the original image format. At the same time, TPE allows users to take advantage of much of the functionality of online photo management tools, while still providing some level of privacy against the service provider. In this work we present two new approximate TPE encryption schemes. In our schemes, ciphertexts and plaintexts have perceptually similar, but not identical, thumbnails. Our constructions are the first TPE schemes designed to work well with JPEG compression. In addition, we show that they also have provable security guarantees that characterize precisely what information about the plaintext is leaked by the ciphertext image. We empirically evaluate our schemes according to the similarity of plaintext & ciphertext thumbnails, increase in file size under JPEG compression, preservation of perceptual image hashes, among other aspects. We also show how approximate TPE can be an effective tool to thwart inference attacks by machine-learning image classifiers, which have shown to be effective against other image obfuscation techniques.","PeriodicalId":198787,"journal":{"name":"Proceedings of the 2017 on Multimedia Privacy and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129089389","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Multimedia introduces whole new worlds of opportunities and challenges for security and privacy. The NSF Secure and Trustworthy Cyberspace (SaTC) program funds a wide range of research in the area, and welcomes proposals for additional areas. This extended abstract identifies some of the topic areas that have been funded in the past and are of interest for the future.
{"title":"An NSF View of Multimedia Privacy and Security: Extended Abstract","authors":"J. Epstein","doi":"10.1145/3137616.3137622","DOIUrl":"https://doi.org/10.1145/3137616.3137622","url":null,"abstract":"Multimedia introduces whole new worlds of opportunities and challenges for security and privacy. The NSF Secure and Trustworthy Cyberspace (SaTC) program funds a wide range of research in the area, and welcomes proposals for additional areas. This extended abstract identifies some of the topic areas that have been funded in the past and are of interest for the future.","PeriodicalId":198787,"journal":{"name":"Proceedings of the 2017 on Multimedia Privacy and Security","volume":"98 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124894327","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Session details: Session 4: Intrusion Detection and Prevention","authors":"K. Rohloff","doi":"10.1145/3252985","DOIUrl":"https://doi.org/10.1145/3252985","url":null,"abstract":"","PeriodicalId":198787,"journal":{"name":"Proceedings of the 2017 on Multimedia Privacy and Security","volume":"60 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121526937","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Session details: Session 2: Invited Talk: Mr. Jeremy Epstein, National Science Foundation","authors":"Roger A. Hallman","doi":"10.1145/3252983","DOIUrl":"https://doi.org/10.1145/3252983","url":null,"abstract":"","PeriodicalId":198787,"journal":{"name":"Proceedings of the 2017 on Multimedia Privacy and Security","volume":"84 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131879493","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Session details: Session 1: Privacy","authors":"K. Rohloff","doi":"10.1145/3252982","DOIUrl":"https://doi.org/10.1145/3252982","url":null,"abstract":"","PeriodicalId":198787,"journal":{"name":"Proceedings of the 2017 on Multimedia Privacy and Security","volume":"106 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114629292","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
It is our great pleasure to welcome you to the 1st International Workshop on Multimedia Privacy and Security - MPS 2017. We are pleased to present this newly-established workshop that brings together researchers and practitioners in the fields of multimedia, data privacy, and cybersecurity. MPS 2017 highlights the important intersection of these fields that has been brought about by the emergence and widespread adoption of social media, Internet of Things (IoT), and other ubiquitous computing platforms. Indeed, with the rise of social media, mobile technologies, cloud services, and IoT, massive quantities of multimedia content are created and disseminated as users post updates that include personal information, video and audio data, and other analytical information. Multimedia has arguably expanded well beyond the scope of its original definition. � �Our call for papers attracted submissions from North America, Central America, Asia, and Europe. We received seven submissions, of which three were selected as Full Papers (42%) and two were accepted as Short Papers after a double-blind review by our program committee. In addition to these presentations, we will feature an invited keynote address and discussion panel: �An NSF View of Multimedia Privacy and Security, Mr. Jeremy Epstein (Deputy Division Director, Computer and Network Systems, National Science Foundation) �Multimedia Security and Privacy with IoT and Social Networks, moderated by Kurt Rohloff and Roger Hallman
{"title":"Proceedings of the 2017 on Multimedia Privacy and Security","authors":"Roger A. Hallman, K. Rohloff, Victor Chang","doi":"10.1145/3137616","DOIUrl":"https://doi.org/10.1145/3137616","url":null,"abstract":"It is our great pleasure to welcome you to the 1st International Workshop on Multimedia Privacy and Security - MPS 2017. We are pleased to present this newly-established workshop that brings together researchers and practitioners in the fields of multimedia, data privacy, and cybersecurity. MPS 2017 highlights the important intersection of these fields that has been brought about by the emergence and widespread adoption of social media, Internet of Things (IoT), and other ubiquitous computing platforms. Indeed, with the rise of social media, mobile technologies, cloud services, and IoT, massive quantities of multimedia content are created and disseminated as users post updates that include personal information, video and audio data, and other analytical information. Multimedia has arguably expanded well beyond the scope of its original definition. \u0000 \u0000Our call for papers attracted submissions from North America, Central America, Asia, and Europe. We received seven submissions, of which three were selected as Full Papers (42%) and two were accepted as Short Papers after a double-blind review by our program committee. In addition to these presentations, we will feature an invited keynote address and discussion panel: \u0000An NSF View of Multimedia Privacy and Security, Mr. Jeremy Epstein (Deputy Division Director, Computer and Network Systems, National Science Foundation) \u0000Multimedia Security and Privacy with IoT and Social Networks, moderated by Kurt Rohloff and Roger Hallman","PeriodicalId":198787,"journal":{"name":"Proceedings of the 2017 on Multimedia Privacy and Security","volume":"138 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116012488","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Session details: Session 3: Image and Video Security","authors":"Roger A. Hallman","doi":"10.1145/3252984","DOIUrl":"https://doi.org/10.1145/3252984","url":null,"abstract":"","PeriodicalId":198787,"journal":{"name":"Proceedings of the 2017 on Multimedia Privacy and Security","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123870546","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Anonymization is one of the major processes to protect location-based services (LBS) from privacy leakage. However, there are many discussions about de-anonymization attacks to LBS and whether anonymization processing is a sufficient countermeasure for privacy leakage. In this paper, we proposed a novel method to reconstruct the location of user considering the time series using the Markov Transition Field (MTF) and Denoising Auto Encoder (DAE). We also focused on Wi-Fi location data including many erasures errors. We conducted an evaluation of de-anonymization attack using our reconstruction method to the Wi-Fi location dataset that was consisted of 10000 devices / four weeks in the four wards of Tokyo. We confirmed that the successful attack rate (SAR) was 24% when the number of candidate devices was 100 and 6% when that was 10000 devices.
{"title":"A Study on Autoencoder-based Reconstruction Method for Wi-Fi Location Data with Erasures","authors":"Tetsushi Ohki, Akira Otsuka","doi":"10.1145/3137616.3137620","DOIUrl":"https://doi.org/10.1145/3137616.3137620","url":null,"abstract":"Anonymization is one of the major processes to protect location-based services (LBS) from privacy leakage. However, there are many discussions about de-anonymization attacks to LBS and whether anonymization processing is a sufficient countermeasure for privacy leakage. In this paper, we proposed a novel method to reconstruct the location of user considering the time series using the Markov Transition Field (MTF) and Denoising Auto Encoder (DAE). We also focused on Wi-Fi location data including many erasures errors. We conducted an evaluation of de-anonymization attack using our reconstruction method to the Wi-Fi location dataset that was consisted of 10000 devices / four weeks in the four wards of Tokyo. We confirmed that the successful attack rate (SAR) was 24% when the number of candidate devices was 100 and 6% when that was 10000 devices.","PeriodicalId":198787,"journal":{"name":"Proceedings of the 2017 on Multimedia Privacy and Security","volume":"949 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127014305","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Due to the flaws in policy followed by web browsers for granting permissions to browser extensions and due to a lack of effective static and dynamic detection systems for identifying malicious extensions uploaded on the web stores, malicious browser extensions have become the easiest way to carry out phishing, spying, fraud and other kinds of advanced attacks. This paper identifies and analyzes a subset of these attacks which can be performed with the use of malicious browser extensions (using Google Chrome) and discusses the research gaps of the existing prevention and detection schemes to adequately defend against these attacks. An initial set of malicious signatures responsible for cyber fraud and spying is identified during the study. We use this set of signatures to develop a lightweight malicious extension detection system which can alert users of suspected spying or fraud extensions installed on the Chrome browser on a PC. Results show that the proposed detection system performs better than known malicious extension detectors such as Chrome Cleanup tool and Chrome safeguard tool.
{"title":"Detecting Spying and Fraud Browser Extensions: Short Paper","authors":"G. Varshney, M. Misra, P. Atrey","doi":"10.1145/3137616.3137619","DOIUrl":"https://doi.org/10.1145/3137616.3137619","url":null,"abstract":"Due to the flaws in policy followed by web browsers for granting permissions to browser extensions and due to a lack of effective static and dynamic detection systems for identifying malicious extensions uploaded on the web stores, malicious browser extensions have become the easiest way to carry out phishing, spying, fraud and other kinds of advanced attacks. This paper identifies and analyzes a subset of these attacks which can be performed with the use of malicious browser extensions (using Google Chrome) and discusses the research gaps of the existing prevention and detection schemes to adequately defend against these attacks. An initial set of malicious signatures responsible for cyber fraud and spying is identified during the study. We use this set of signatures to develop a lightweight malicious extension detection system which can alert users of suspected spying or fraud extensions installed on the Chrome browser on a PC. Results show that the proposed detection system performs better than known malicious extension detectors such as Chrome Cleanup tool and Chrome safeguard tool.","PeriodicalId":198787,"journal":{"name":"Proceedings of the 2017 on Multimedia Privacy and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129402710","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The recent expansion of Internet of Things (IoT) and the grow- ing trends towards a healthier lifestyle, have been followed by a proliferation in the use of tness-trackers in our daily life. These wearable IoT devices combined with the extensive use by individu- als of Online Social Networks (OSNs) have raised many security and privacy concerns. Individuals enrich the content of their online posts with their physical performance and attendance at sporting events, without considering the plausible risks that this may result in. This paper aims to examine the potential exposure of users- identity that is caused by information that they share online and personal data that are stored by their tness-trackers. We approach the privacy concerns that arise by building an interactive tool. This tool models online information shared by individuals and elaborates on how they might be exposed to the unwanted leakage of further personal data. The tool also illustrates the privacy risks that arise from information that people expose, which could be exploited by malicious parties such as fraudsters, stalkers and other online and o ine criminals. To understand the level of users-awareness con- cerning their identity exposure when engaging with such devices and online services, we also have conducted a qualitative analysis and present our ndings here.
{"title":"Unwinding Ariadne's Identity Thread: Privacy Risks with Fitness Trackers and Online Social Networks","authors":"Angeliki Aktypi, Jason R. C. Nurse, M. Goldsmith","doi":"10.1145/3137616.3137617","DOIUrl":"https://doi.org/10.1145/3137616.3137617","url":null,"abstract":"The recent expansion of Internet of Things (IoT) and the grow- ing trends towards a healthier lifestyle, have been followed by a proliferation in the use of tness-trackers in our daily life. These wearable IoT devices combined with the extensive use by individu- als of Online Social Networks (OSNs) have raised many security and privacy concerns. Individuals enrich the content of their online posts with their physical performance and attendance at sporting events, without considering the plausible risks that this may result in. This paper aims to examine the potential exposure of users- identity that is caused by information that they share online and personal data that are stored by their tness-trackers. We approach the privacy concerns that arise by building an interactive tool. This tool models online information shared by individuals and elaborates on how they might be exposed to the unwanted leakage of further personal data. The tool also illustrates the privacy risks that arise from information that people expose, which could be exploited by malicious parties such as fraudsters, stalkers and other online and o ine criminals. To understand the level of users-awareness con- cerning their identity exposure when engaging with such devices and online services, we also have conducted a qualitative analysis and present our ndings here.","PeriodicalId":198787,"journal":{"name":"Proceedings of the 2017 on Multimedia Privacy and Security","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131833840","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: