Property Inference Attacks

Karan Ganju, Qi Wang, Wei Yang, Carl A. Gunter, and Nikita Borisov recently published a paper titled Property Inference Attacks on Fully Connected Neural Networks using Permutation Invariant Representations:

With the growing adoption of machine learning, sharing of learned models is becoming popular. However, in addition to the prediction properties the model producer aims to share, there is also a risk that the model consumer can infer other properties of the training data the model producer did not intend to share. In this paper, we focus on the inference of global properties of the training data, such as the environment in which the data was produced, or the fraction of the data that comes from a certain class, as applied to white-box Fully Connected Neural Networks (FCNNs). Because of their complexity and inscrutability, FCNNs have a particularly high risk of leaking unexpected information about their training sets; at the same time, this complexity makes extracting this information challenging. We develop techniques that reduce this complexity by noting that FCNNs are invariant under permutation of nodes in each layer. We develop our techniques using representations that capture this invariance and simplify the information extraction task. We evaluate our techniques on several synthetic and standard benchmark datasets and show that they are very effective at inferring various data properties. We also perform two case studies to demonstrate the impact of our attack. In the first case study we show that a classifier that recognizes smiling faces also leaks information about the relative attractiveness of the individuals in its training set. In the second case study we show that a classifier that recognizes Bitcoin mining from performance counters also leaks information about whether the classifier was trained on logs from machines that were patched for the Meltdown and Spectre attacks.

ACM Computer and Communications Security (CCS ’18), Toronto Canada, October 2018.  DOI:10.1145/3243734.3243834

Meaningful healthcare security

Juhee Kwon and Eric Johnson recently published an article aimed at the question Does “meaningful-use” attestation improve information security performance? 

Certification mechanisms are often employed to assess and signal difficult-to-observe management practices and foster improvement. In the U.S. healthcare sector, a certification mechanism called meaningful-use attestation was recently adopted as part of an effort to encourage electronic health record (EHR) adoption while also focusing healthcare providers on protecting sensitive healthcare data. This new regime motivated us to examine how meaningful-use attestation influences the occurrence of data breaches. Using a propensity score matching technique combined with a difference-in-differences (DID) approach, our study shows that the impact of meaningful-use attestation is contingent on the nature of data breaches and the time frame. Hospitals that attest to having reached Stage 1 meaningful-use standards observe fewer external breaches in the short term, but do not see continued improvement in the following year. On the other hand, attesting hospitals observe short-term increases in accidental internal breaches but eventually see long-term reductions. We do not find any link between malicious internal breaches and attestation. Our findings offer theoretical and practical insights into the effective design of certification mechanisms.

The full paper appears in in MIS Quarterly. Vol. 42, No. 4 (December), 1043-1067, 2018. DOI: 10.25300/MISQ/2018/13580


The Evolving Cyberthreat to Privacy

THaW’s A.J. Burns and Eric Johnson recently published a piece in IT Professional:

ABSTRACT: Cyberthreats create unique risks for organizations and individuals, especially regarding breaches of personally identifiable information (PII). However, relatively little research has examined hackings distinct impact on privacy. The authors analyze cyber breaches of PII and found that they are significantly larger compared to other breaches, showing that past breaches are useful for predicting future breaches.
Issue No. 03 – May./Jun. (2018 vol. 20)

Best Poster – MobiCom’18

Tim Pierson’s dissertation work resulted in an innovative method for single-antenna Wi-Fi devices (like many mHealth devices, medical devices, or those in the IoT) to determine with strong confidence whether a Wi-Fi transmitter is close by (within a few centimeters).  This proximity detector can be the basis for trustworthy relationships between devices.   A poster paper about this idea just won the best-poster award at MobiCom 2018, and the full paper was just accepted for presentation at MobiCom 2019. See below for the abstract, or check out the corresponding three-page paper.poster award

Continue reading

Ubicomp’18: vocal resonance as a biometric

At the Joint Conference on Pervasive and Ubiquitous Computing conference, Ubicomp, David Kotz presented THaW’s work to develop a novel biometric approach to identifying and verifying who is wearing a device – an important consideration for a medical device that may be collecting diagnostic information that is fed into an electronic health record. Their novel approach is to use vocal resonance, i.e., the sound of your voice as it passes through bones and tissues, for a device to recognize its wearer and verify that it is physically in contact with the wearer… not just nearby.  They implemented the method on a wearable-class computing device and showed high accuracy and low energy consumption. 2018-10-08-00147-crop.jpg

Rui Liu, Cory Cornelius, Reza Rawassizadeh, Ron Peterson, and David Kotz. Vocal Resonance: Using Internal Body Voice for Wearable AuthenticationProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT) (UbiComp), 2(1), March 2018. DOI 10.1145/3191751.

Abstract: We observe the advent of body-area networks of pervasive wearable devices, whether for health monitoring, personal assistance, entertainment, or home automation. For many devices, it is critical to identify the wearer, allowing sensor data to be properly labeled or personalized behavior to be properly achieved. In this paper we propose the use of vocal resonance, that is, the sound of the person’s voice as it travels through the person’s body – a method we anticipate would be suitable for devices worn on the head, neck, or chest. In this regard, we go well beyond the simple challenge of speaker recognition: we want to know who is wearing the device. We explore two machine-learning approaches that analyze voice samples from a small throat-mounted microphone and allow the device to determine whether (a) the speaker is indeed the expected person, and (b) the microphone-enabled device is physically on the speaker’s body. We collected data from 29 subjects, demonstrate the feasibility of a prototype, and show that our DNN method achieved balanced accuracy 0.914 for identification and 0.961 for verification by using an LSTM-based deep-learning model, while our efficient GMM method achieved balanced accuracy 0.875 for identification and 0.942 for verification.

Kevin Fu Discusses Medical Device Security

In a recent Viewpoint article in JAMA, THaW member Kevin Fu explored a recent pacemaker vulnerability, and its ramifications for medical device security in general. In the post, he discusses both the full extent of the vulnerabilities, as well as the practical considerations to be taken as a result. To read the full text of the article, click the link below.

Cybersecurity Concerns and Medical Devices – Lessons From a Pacemaker Advisory

WearSys papers, MobiSys posters

THaW researchers are showing off some cool research at this week’s MobiSys conference in Niagara Falls, with three papers at MobiSys workshops and a poster in the poster session.

  • Aarathi Prasad and David Kotz. ENACT: Encounter-based Architecture for Contact Tracing. In ACM Workshop on Physical Analytics (WPA), pages 37-42, June 2017. ACM Press. DOI 10.1145/3092305.3092310.
  • Rui Liu, Reza Rawassizadeh, and David Kotz. Toward Accurate and Efficient Feature Selection for Speaker Recognition on Wearables. InProceedings of the ACM Workshop on Wearable Systems and Applications (WearSys), pages 41-46, 2017. ACM Press. DOI 10.1145/3089351.3089352.
  • Rui Liu, Cory Cornelius, Reza Rawassizadeh, Ron Peterson, and David Kotz. Poster: Vocal Resonance as a Passive Biometric. In Proceedings of the ACM International Conference on Mobile Systems, Applications, and Services (MobiSys), pages 160, 2017. ACM Press. DOI 10.1145/3081333.3089304.
  • Xiaohui Liang and David Kotz. AuthoRing: Wearable User-presence Authentication. In Proceedings of the ACM Workshop on Wearable Systems and Applications (WearSys), pages 5-10, 2017. ACM Press. DOI 10.1145/3089351.3089357.

THaW Project LightTouch Selected For INFOCOM

THaW Researchers Xiaohui Liang, Tianlong Yun, Ronald Peterson, and David Kotz have been researching new methods for connecting wearables to external screens. Their paper, LightTouch: Securely Connecting Wearables to Ambient Displays with User Intent, has been accepted to INFOCOM 2017. In it, they explore a security system that uses a screen’s brightness level to ensure secure connection between screen and device. Moreover, they also address additional screen-based counter measures that can be taken to further secure the protocol. For more information and to read the paper, click the link below.


New York Times Features THaW Research Into Acoustic Device Hacking


THaW researcher Kevin Fu’s work on acoustic device hacking has recently been featured in the New York Times. The article discusses the team’s work on using acoustic signals to fool sensors in mobile device, and create the potential for security violations. For more information beyond the article, click here for a quick video, or read the complete paper below.

WALNUT: Waging Doubt on the Integrity of MEMS Accelerometers with Acoustic Injection Attacks