The rise of Machine Learning (ML) has opened new business opportunities, particularly through Machine Learning as a Service (MLaaS), where costly models like Deep Neural Networks (DNNs) can be outsourced. However, this also raises concerns about model piracy. To protect against unauthorized use, watermarking techniques have been developed. One such method, null embedding by Li et al., disables the model if pirated but reduces classification accuracy. This paper proposes modifications to the null-embedding technique that reduce this impact and keep the classification accuracy close to that of a non-watermarked model.

In this work, we focus on watermarking time series datasets and explore one of the techniques known from audio-watermarking, namely Discrete Wavelet Transform (DWT) based watermarking, to investigate its effectiveness. We adapt (Attari and A. Shirazi, 2018) and embed a bit stream into a time series dataset by calculating the DWT coefficients and modifying their magnitudes for embedding. Our experimental results on two real-world datasets show good robustness against a small range of data modification attacks but lack capability in larger-scale attacks. We believe that our work could initiate a new research direction on dataset watermarking using well-known techniques from signal processing.

Employing blockchain and privacy-enhancing technologies, MedTech Chain promises an authenticated, decentralised, secure, and privacy-preserving environment for the real-time research and monitoring of medical device data. Through its querying functionalities, the platform can provide valuable insights for threat intelligence, medical research and hospital management. To our knowledge, the approach is among the first to employ ϵ-differential privacy in the context of medical device data. The current work details the framework's functionality and demonstrates a negligible time overhead induced by ϵ-differential privacy to data analysis.

Rapid advancements in digital medical technologies have significantly improved patient care but have also raised complex security and privacy challenges. Traditional tools for detecting vulnerabilities in networked medical devices, primarily used by network administrators and security specialists, have become insufficient due to their large-scale use across the entire healthcare network. Aiming to improve security in healthcare, MedTech Chain proposes a way to solve this challenge by leveraging blockchain and privacy-enhancing technologies, offering an authenticated, decentralised, secure, and privacy-preserving environment for the research and monitoring of medical device data. Currently, the framework enables counting, averaging, and grouped counting queries with multiple filtering capabilities like time frame and location. Such functionalities can provide valuable insights not only for threat intelligence but also for medical research and hospital management. MedTech Chain is modular and flexible, designed to seamlessly extend to new device technologies and research demands. To our knowledge, the approach is among the first to employ ϵ-differential privacy in the context of medical device data.

We consider the problem of publicly verifiable privacy-preserving data aggregation in the presence of a malicious aggregator colluding with malicious users. State-of-the-art solutions either split the aggregator into two parties under the assumption that they do not collude, or require many rounds of interactivity and have non-constant verification time. In this work, we propose mPVAS, the first publicly verifiable privacy-preserving data aggregation protocol that allows arbitrary collusion, without relying on trusted third parties during execution, where verification runs in constant time. We also show three extensions to mPVAS: mPVAS+, for improved communication complexity, mPVAS-IV, for the identification of malicious users, and mPVAS-UD, for graceful handling of reduced user availability without the need to redo the setup. We show that our schemes achieve the desired confidentiality, integrity, and authenticity. Finally, through both theoretical and experimental evaluations, we show that our schemes are feasible for real-world applications.

Multiparty private set intersection enables multiple parties to determine the intersection of their private sets without disclosing the actual content. It is pivotal for collaboration in cyber threat intelligence as it allows organizations to share compromising or sensitive data in a privacy-preserving manner. This data includes infected IP addresses, malware hashes and other indicators of compromise. Then, the organizations identify elements that overlap across all datasets and take action to mitigate the threat with the broadest impact. Although, in many cases, the condition that an element be present in all sets is too stringent. Therefore, in this work, we focus on threshold multiparty private set intersection (T-MPSI), a protocol that identifies elements present in a subgroup of the total sets instead of in all sets. We highlight the differences between three different perspectives when computing the threshold intersection: individual—only the party leader learns the elements from their set that meet the threshold, all—all parties learn the elements from their set that meet the threshold, and collective—all parties jointly learn all elements that are present in the threshold, regardless of whether they possess those elements themselves. While many implementations for T-MPSI_individual and T-MPSIall have been proposed, to the best of our knowledge, no implementation for T-MPSI_collective exists. Therefore, we present a generic composition that extends any T-MPSI_individual protocol into a TMPSI_collective protocol. Our extension employs a multiparty private set union to aggregate outputs efficiently. We then provide a comprehensive analysis and runtime evaluation, demonstrating the feasibility of the extension.

With the fast development of e-commerce, there is a higher demand for timely delivery. Logistic companies want to send receivers a more accurate arrival prediction to improve customer satisfaction and lower customer retention costs. One approach is to share (near) real-time location data with recipients, but this also introduces privacy and security issues such as malicious tracking and theft. In this paper, we propose a privacy-preserving real-time location sharing system including (1) a differential privacy based location publishing method and (2) location sharing protocols for both centralized and decentralized platforms. Different from existing location perturbation solutions which only consider privacy in theory, our location publishing method is based on a real map and different privacy levels for recipients. Our analyses and proofs show that the proposed location publishing method provides better privacy protection than existing works under real maps against possible attacks. We also provide a detailed analysis of the choice of the privacy parameter and their impact on the suggested noisy location outputs. The experimental results demonstrate that our proposed method is feasible for both centralized and decentralized systems and can provide more precise arrival prediction than using time slots in current delivery systems.

Private set intersection protocols allow two parties with private sets of data to compute the intersection between them without leaking other information about their sets. These protocols have been studied for almost 20 years, and have been significantly improved over time, reducing both their computation and communication costs. However, when more than two parties want to compute a private set intersection, these protocols are no longer applicable. While extensions exist to the multi-party case, these protocols are significantly less efficient than the two-party case. It remains an open question to design collusion-resistant multi-party private set intersection (MPSI) protocols that come close to the efficiency of two-party protocols. This work is made more difficult by the immense variety in the proposed schemes and the lack of systematization. Moreover, each new work only considers a small subset of previously proposed protocols, leaving out important developments from older works. Finally, MPSI protocols rely on many possible constructions and building blocks that have not been summarized. This work aims to point protocol designers to gaps in research and promising directions, pointing out common security flaws and sketching a frame of reference. To this end, we focus on the semi-honest model. We conclude that current MPSI protocols are not a one-size-fits-all solution, and instead there exist many protocols that each prevail in their own application setting.

Employing blockchain and privacy-enhancing technologies, MedTech Chain promises an authenticated, decentralised, secure, and privacy-preserving environment for the real-time research and monitoring of medical device data. Through its querying functionalities, the platform can provide valuable insights for threat intelligence, medical research and hospital management. To our knowledge, the approach is among the first to employ ϵ-differential privacy in the context of medical device data. The current work details the framework’s functionality and demonstrates a negligible time overhead induced by ϵ-differential privacy to data analysis.

Medical research benefits from large quantities of high-quality data. Internet-based data-sharing platforms bring the advantage of rapidly sharing data medical data. However, ensuring security and accountability in networked medical systems remains a challenge. In this paper, we propose a secure and auditable data-sharing platform for hospitals and research groups based on a distributed ledger. A two-party protocol for recoverable key agreement lies at the basis of securing the data sharing. This protocol enables two parties to agree on an encryption key and put the encryption key under the escrow of a board of semi-trusted auditors. A quorum of these auditors is required in order to recover the encryption key. The recoverable key agreement ensures that past communication can be audited, even if one of the two parties is malicious. We provide a realization of the protocol and analyze its complexity and performance. Based on these analyses, we demonstrate that the protocol is suitable for real-world use cases and resource-constrained devices.

Double auctions are procedures to trade commodities such as electricity or parts of the wireless spectrum at optimal prices. Buyers and sellers inform the auctioneer what quantity they want to buy or sell at specific prices. The auctioneer aggregates these offers into demand and supply curves and finds the intersection representing the optimal price. In this way, commodities exchange owners in an economically-efficient manner. Ideally, the auctioneer is a trusted third party that does not abuse the information they gain. However, the offers reveal sensitive information about the traders, which the auctioneer may use for economic gain as insider information. These concerns are not theoretical; investigations against auctioneers in electricity and advertisement auctions for manipulating auctions are ongoing. These concerns call for solutions that conduct double auctions in a privacy-preserving and verifiable way. However, current solutions are impractical: To the best of our knowledge, the only solutions satisfying these properties require full interaction of all participants. In this work, we design a more practical solution. We propose the first privacy-preserving and verifiable double auction scheme that does not require traders to interact actively, tailored to electricity trading on (inter)national exchanges. Our solution relies on homomorphic encryption, commitments, and zero-knowledge proofs. In a simulated auction with 256 traders, we observe that traders take up to 10 seconds to generate their order, the auctioneer takes 10 seconds to verify an order, and the auction result is computed and verified in 30 seconds. We extrapolate these results to larger auctions to show the practical potential.

Cloud services are an essential part of our digital infrastructure as organizations outsource large amounts of data storage and computations. While organizations typically keep sensitive data in encrypted form at rest, they decrypt it when performing computations, leaving the cloud provider free to observe the data. Unfortunately, access to raw data creates privacy risks. To alleviate these risks, researchers have developed secure outsourced data processing techniques. Such techniques enable cloud services that keep sensitive data encrypted, even during computations. For this purpose, fully homomorphic encryption is particularly promising, but operations on ciphertexts are computationally demanding. Therefore, modern fully homomorphic cryptosystems use packing techniques to store and process multiple values within a single ciphertext. However, a problem arises when packed data in one ciphertext does not align with another. For this reason, we propose a method to construct circuits that perform arbitrary permutations and mappings of such packed values. Unlike existing work, our method supports moving values across multiple ciphertexts, considering that the values in real-world scenarios cannot all be packed within a single ciphertext. We compare our open-source implementation against the state-of-the-art method implemented in HElib, which we adjusted to work with multiple ciphertexts. When data is spread among five or more ciphertexts, our method outperforms the existing method by more than an order of magnitude. Even when we only consider a permutation within a single ciphertext, our method still outperforms the state-of-the-art works implemented by HElib for circuits of similar depth.