skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Everything You Always Wanted to Know About Secure and Private Database Systems (but were Afraid to Ask)
Individuals and organizations are accumulating data at an unprecedented rate owing to the advent of inexpensive cloud computing. Data owners are increasingly turning to secure and privacy-preserving collaborative analytics to maximize the value of their records. In this paper, we will survey the state-of-the- art of this growing area. We will describe how researchers are bringing security and privacy-enhancing technologies, such as differential privacy, secure multiparty computation, and zero-knowledge proofs, into the query lifecycle. We also touch upon some of the challenges and opportunities associated with deploying these technologies in the field.  more » « less
Award ID(s):
2016240 1846447
PAR ID:
10545939
Author(s) / Creator(s):
; ;
Editor(s):
Xiao, Xiaokui
Publisher / Repository:
IEEE
Date Published:
Journal Name:
IEEE Data Engineering Bulletin
Volume:
48
Issue:
1
ISSN:
1053-1238
Page Range / eLocation ID:
3-18
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; (, IEEE)
    The healthcare industry has experienced a re-markable digital transformation through the adoption of IoT technologies, resulting in a significant increase in the volume and variety of medical data generated. Challenges in processing, analyzing, and sharing healthcare data persist. Traditional cloud computing approaches, while useful for processing healthcare data, have drawbacks, including delays in data transfer, data privacy concerns, and the risk of data unavailability. In this paper, we propose a software-defined 5G and AI-enabled distributed edge-cloud collaboration platform to classify healthcare data at the edge devices, facilitate realtime service delivery, and create AI/ML-based models for identifying patients' potential medical conditions. In our architecture, we have incorporated a federated learning scheme based on homomorphic encryption to provide privacy in data sharing and processing. The proposed framework ensures secure and efficient data communication and processing, ultimately fostering effective collaboration among healthcare institutions. The models will be validated by performing a comparative time analysis, and the interplay between edge and cloud computing will be investigated to support realtime healthcare applications. 
    more » « less
  2. (, ACM)
    Integrated sensing and communication (ISAC) is considered an emerging technology for 6th-generation (6G) wireless and mobile networks. It is expected to enable a wide variety of vertical applications, ranging from unmanned aerial vehicles (UAVs) detection for critical infrastructure protection to physiological sensing for mobile healthcare. Despite its significant socioeconomic benefits, ISAC technology also raises unique challenges in system security and user privacy. Being aware of the security and privacy challenges, understanding the trade-off between security and communication performance, and exploring potential countermeasures in practical systems are critical to a wide adoption of this technology in various application scenarios. This talk will discuss various security and privacy threats in emerging ISAC systems with a focus on communication-centric ISAC systems, that is, using the cellular or WiFi infrastructure for sensing. We will then examine potential mechanisms to secure ISAC systems and protect user privacy at the physical and data layers under different sensing modes. At the wireless physical (PHY) layer, an ISAC system is subject to both passive and active attacks, such as unauthorized passive sensing, unauthorized active sensing, signal spoofing, and jamming. Potential countermeasures include wireless channel/radio frequency (RF) environment obfuscation, waveform randomization, anti-jamming communication, and spectrum/RF monitoring. At the data layer, user privacy could be compromised during data collection, sharing, storage, and usage. For sensing systems powered by artificial intelligence (AI), user privacy could also be compromised during the model training and inference stages. An attacker could falsify the sensing data to achieve a malicious goal. Potential countermeasures include the application of privacy enhancing technologies (PETs), such as data anonymization, differential privacy, homomorphic encryption, trusted execution, and data synthesis. 
    more » « less
  3. (, IEEE intelligent transportation systems magazine)
    null (Ed.)
    Intelligent Transportation Systems (ITS) aim at integrating sensing, control, analysis, and communication technologies into travel infrastructure and transportation to improve mobility, comfort, safety, and efficiency. Car manufacturers are continuously creating smarter vehicles, and advancements in roadways and infrastructure are changing the feel of travel. Traveling is becoming more efficient and reliable with a range of novel technologies, and research and development in ITS. Safer vehicles are introduced every year with greater considerations for passenger and pedestrian safety, nevertheless, the new technology and increasing connectivity in ITS present unique attack vectors for malicious actors. Smart cities with connected public transportation systems introduce new privacy concerns with the data collected about passengers and their travel habits. In this paper, we provide a comprehensive classification of security and privacy vulnerabilities in ITS. Furthermore, we discuss challenges in addressing security and privacy issues in ITS and contemplate potential mitigation techniques. Finally, we highlight future research directions to make ITS more safe, secure, and privacy-preserving. 
    more » « less
  4. ; ; (, Proceedings of the USENIX Security Symposium)
    Augmented reality (AR), which overlays virtual content on top of the user’s perception of the real world, has now begun to enter the consumer market. Besides smartphone platforms, early-stage head-mounted displays such as the Microsoft HoloLens are under active development. Many compelling uses of these technologies are multi-user: e.g., inperson collaborative tools, multiplayer gaming, and telepresence. While prior work on AR security and privacy has studied potential risks from AR applications, new risks will also arise among multiple human users. In this work, we explore the challenges that arise in designing secure and private content sharing for multi-user AR. We analyze representative application case studies and systematize design goals for security and functionality that a multi-user AR platform should support. We design an AR content sharing control module that achieves these goals and build a prototype implementation (ShareAR) for the HoloLens. This work builds foundations for secure and private multi-user AR interactions. 
    more » « less
  5. ; ; ; ; ; ; ; (, Fifteenth Symposium on Usable Privacy and Security)
    Secure multi-party computation (MPC) allows multiple parties to jointly compute the output of a function while preserving the privacy of any individual party's inputs to that function. As MPC protocols transition from research prototypes to real-world applications, the usability of MPC-enabled applications is increasingly critical to their successful deployment and wide adoption. Our Web-MPC platform, designed with a focus on usability, has been deployed for privacy-preserving data aggregation initiatives with the City of Boston and the Greater Boston Chamber of Commerce. After building and deploying an initial version of this platform, we conducted a heuristic evaluation to identify additional usability improvements and implemented corresponding application enhancements. However, it is difficult to gauge the effectiveness of these changes within the context of real-world deployments using traditional web analytics tools without compromising the security guarantees of the platform. This work consists of two contributions that address this challenge: (1) the Web-MPC platform has been extended with the capability to collect web analytics using existing MPC protocols, and (2) this capability has been leveraged to conduct a usability study comparing the two version of Web-MPC (before and after the heuristic evaluation and associated improvements). While many efforts have focused on ways to enhance the usability of privacy-preserving technologies, this study can serve as a model for using a privacy-preserving data-driven approach in evaluating or enhancing the usability of privacy-preserving websites and applications deployed in real-world scenarios. The data collected in this study yields insights about the interplay between usability and security that can help inform future implementations of applications that employ MPC. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email