ebook img

Preserving Privacy Against Side-Channel Leaks: From Data Publishing to Web Applications PDF

154 Pages·2016·1.785 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Preserving Privacy Against Side-Channel Leaks: From Data Publishing to Web Applications

Advances in Information Security 68 Wen Ming Liu Lingyu Wang Preserving Privacy Against Side-Channel Leaks From Data Publishing to Web Applications Advances in Information Security Volume 68 SeriesEditor SushilJajodia,GeorgeMasonUniversity,Fairfax,VA,USA Moreinformationaboutthisseriesathttp://www.springer.com/series/5576 Wen Ming Liu • Lingyu Wang Preserving Privacy Against Side-Channel Leaks From Data Publishing to Web Applications 123 WenMingLiu LingyuWang ConcordiaInstituteforInformation ConcordiaInstituteforInformation SystemsEngineering SystemsEngineering ConcordiaUniversity ConcordiaUniversity Montreal,QC,Canada Montreal,QC,Canada ISSN1568-2633 AdvancesinInformationSecurity ISBN978-3-319-42642-6 ISBN978-3-319-42644-0 (eBook) DOI10.1007/978-3-319-42644-0 LibraryofCongressControlNumber:2016948836 ©SpringerInternationalPublishingSwitzerland2016 Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartof thematerialisconcerned,specificallytherightsoftranslation,reprinting,reuseofillustrations,recitation, broadcasting,reproductiononmicrofilmsorinanyotherphysicalway,andtransmissionorinformation storageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilarmethodology nowknownorhereafterdeveloped. Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant protectivelawsandregulationsandthereforefreeforgeneraluse. Thepublisher,theauthorsandtheeditorsaresafetoassumethattheadviceandinformationinthisbook arebelievedtobetrueandaccurateatthedateofpublication.Neitherthepublishernortheauthorsor theeditorsgiveawarranty,expressorimplied,withrespecttothematerialcontainedhereinorforany errorsoromissionsthatmayhavebeenmade. Printedonacid-freepaper ThisSpringerimprintispublishedbySpringerNature TheregisteredcompanyisSpringerInternationalPublishingAGSwitzerland Tomywife,BaiRong. –WenMingLiu TomywifeQuan,withlove. –LingyuWang Preface1 Withrapidadvancementsininformationtechnology,today’sorganizationsroutinely collect, store, analyze, and redistribute vast amounts of data about individuals, such as user account information and online activities. In addition, the next generationofsmartsystems(e.g.,smartgridsandsmartmedicaldevices)willenable organizationstocollectpersonaldataabouteveryaspectofourdailylife,fromreal- timepowerconsumptiontomedicalconditions. Although collecting data may be essential for organizations to conduct their business, indiscriminate collection, retention, and dissemination of personal data representsaseriousintrusiontotheprivacyofindividuals.Asafundamentalright of all individuals, privacy protection means organizations should only collect and retain sensitive personal information for purposes that have been agreed upon by theindividualsandalsokeepcollectedinformationconfidentialandaccessibleonly toauthorizedpersonnel. Unfortunately, protecting personal information poses serious technical chal- lengesinalmosteverystageofthedatamanagementlifecycle,fromdatacollection to data dissemination. A particularly insidious threat in this context is the side- channel leak in which an adversary makes inference of confidential data based on some seemingly innocent characteristics of the data, such as data packet sizes or knowledge about public algorithms used to generate the data. While side-channel attacks in specific domains, such as cryptosystems, are well studied, there exist little effort on generalizing side-channel attacks across different domains in order tounderstandtheircommonality. Thisbookstudiesside-channelleaksandcorrespondingcountermeasuresinsev- eraldomains.First,wefocusonprivacy-preservingdatapublishing(PPDP)where side-channelleaksmaybecausedbyadversaries’knowledgeaboutthealgorithms usedtoanonymizethedata.Forcountermeasures,wefirststudyagenericstrategy independent of data utility measures and syntactic privacy properties, and then 1WenMingLiu’sworkonthisbookwascompletedduringhistimeasaPh.D.studentatConcordia University. vii viii Preface weproposeamoreefficientapproachbydecouplingprivacyprotectionandutility optimization.Second,weexamineWebapplicationswhereside-channelleaksmay becausedbypacketsizesandtiming.Forcountermeasures,wefirststudyaprivacy- preserving traffic padding method inspired by the aforementioned PPDP solution, andthenwefurtherstrengthentheapproachagainstadversaries’externalknowledge through random padding. Third, we look at smart metering where side-channel leaksmaybecausedbyfine-grainedmeterreadings.Finally,wediscusshowthose specificinstancesofside-channelleaksmaybemodeledusingagenericmodel. Thisbookprovidesreaderswithnotonlydetailedanalysisofside-channelleaks andtheirsolutionsineachoftheaforementioneddomainsbutalsoagenericmodel that bridges the gaps between those different threats and solutions. The benefit of such knowledge is twofold. First, it provides readers with sufficient technical background to understand the threat of side-channel leaks in those domains and consequently exposes readers to many challenging and important issues that still remain attractive research topics today. Second, it can also lead readers to look beyond those three domains and apply the insights and ideas to derive novel solutionsfordealingwithside-channelleaksinotherpracticalapplications. Montreal,QC,Canada LingyuWang Acknowledgments ThisresearchwasfundedinpartbytheNaturalSciencesandEngineeringResearch CouncilofCanadaunderDiscoveryGrantN01035. ix

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.