During the COVID-19 pandemic, many countries have developed and deployed contact tracing technologies to curb the spread of the disease by locating and isolating people who have been in contact with coronavirus carriers. Subsequently, understanding why people install and use contact tracing apps is becoming central to their effectiveness and impact. This paper analyzes situations where centralized mass surveillance technologies are deployed simultaneously with a voluntary contact tracing mobile app. We use this parallel deployment as a natural experiment that tests how attitudes toward mass deployments affect people's installation of the contact tracing app. Based on a representative survey of Israelis (n=519), our findings show that positive attitudes toward mass surveillance were related to a reduced likelihood of installing contact tracing apps and an increased likelihood of uninstalling them. These results also hold when controlling for privacy concerns about the contact tracing app, attitudes toward the app, trust in authorities, and demographic properties. Similar reasoning may also be relevant for crowding out voluntary participation in data collection systems.
相關內容
Fabric-SCF: A Blockchain-based Secure Storage and Access Control Scheme for Supply Chain Finance
Supply chain finance(SCF) is committed to providing credit for small and medium-sized enterprises(SMEs) with low credit lines and small financing scales. The resulting financial credit data and related business transaction data are highly confidential and private. However, traditional SCF management schemes mostly use third-party platforms and centralized designs, which cannot achieve highly reliable secure storage and fine-grained access control. To fill this gap, this paper designs and implements Fabric-SCF, a secure storage and access control system based on blockchain and attribute-based access control (\textbf{ABAC}) model. This scheme uses distributed consensus to realize data security, traceability, and immutability. We also use smart contracts to define system processes and access policies to ensure the efficient operation of the system. To verify the performance of Fabric-SCF, we designed two sets of simulation experiments. The results show that Fabric-SCF achieves dynamic and fine-grained access control while maintaining high throughput in a simulated real-world operating scenario.
Object-oriented programming (OOP) is one of the most popular paradigms used for building software systems. However, despite its industrial and academic popularity, OOP is still missing a formal apparatus similar to lambda-calculus, which functional programming is based on. There were a number of attempts to formalize OOP, but none of them managed to cover all the features available in modern OO programming languages, such as C++ or Java. We have made yet another attempt and created phi-calculus. We also created EOLANG (also called EO), an experimental programming language based on phi-calculus.
Data protection law, including the General Data Protection Regulation (GDPR), usually requires a privacy policy before data can be collected from individuals. We analysed 15,145 privacy policies from 26,910 mobile apps in May 2019 (about one year after the GDPR came into force), finding that only opening the policy webpages shares data with third-parties for 48.5% of policies, potentially violating the GDPR. We compare this data sharing across countries, payment models (free, in-app-purchases, paid) and platforms (Google Play Store, Apple App Store). We further contacted 52 developers of apps, which did not provide a privacy policy, and asked them about their data practices. Despite being legally required to answer such queries, 12 developers (23%) failed to respond.
The advent of blockchain technology has led to a massive wave of different decentralized ledger technology (DLT) solutions. Such projects as Bitcoin and Ethereum have shifted the paradigm of how to transact value in a decentralized manner, but their various core technologies have their own advantages and disadvantages. This paper aims to describe an alternative to modern decentralized financial networks by introducing the Humanode network. Humanode is a network safeguarded by cryptographically secure bio-authorized nodes. Users will be able to deploy nodes by staking their encrypted biometric data. This approach can potentially lead to the creation of a public, permissionless financial network based on consensus between equal human nodes with algorithm-based emission mechanisms targeting real value growth and proportional emission. Humanode combines different technological stacks to achieve a decentralized, secure, scalable, efficient, consistent, immutable, and sustainable financial network: 1) a bio-authorization module based on cryptographically secure neural networks for the private classification of 3D templates of users' faces 2) a private Liveness detection mechanism for identification of real human beings 3) a Substrate module as a blockchain layer 4) a cost-based fee system 5) a Vortex decentralized autonomous organization (DAO) governing system 6) a monetary policy and algorithm, Fath, where monetary supply reacts to real value growth and emission is proportional. All of these implemented technologies have nuances that are crucial for the integrity of the network. In this paper we address these details, describing problems that might occur and their possible solutions. The main goal of Humanode is to create a stable and just financial network that relies on the existence of human life.
COVID-19 vaccines have been rolled out in many countries and with them a number of vaccination certificates. For instance, the EU is utilizing a digital certificate in the form of a QR-code that is digitally signed and can be easily validated throughout all EU countries. In this paper, we investigate the current state of the COVID-19 vaccination certificate market in the darkweb with a focus on the EU Digital Green Certificate (DGC). We investigate $17$ marketplaces and $10$ vendor shops, that include vaccination certificates in their listings. Our results suggest that a multitude of sellers in both types of platforms are advertising selling capabilities. According to their claims, it is possible to buy fake vaccination certificates issued in most countries worldwide. We demonstrate some examples of such sellers, including how they advertise their capabilities, and the methods they claim to be using to provide their services. We highlight two particular cases of vendor shops, with one of them showing an elevated degree of professionalism, showcasing forged valid certificates, the validity of which we verify using two different national mobile COVID-19 applications.
An outbreak of the Delta (B.1.617.2) variant of SARS-CoV-2 that began around mid-June 2021 in Sydney, Australia, quickly developed into a nation-wide epidemic. The ongoing epidemic is of major concern as the Delta variant is more infectious than previous variants that circulated in Australia in 2020. Using a re-calibrated agent-based model, we explored a feasible range of non-pharmaceutical interventions, including case isolation, home quarantine, school closures, and stay-at-home restrictions (i.e., "social distancing"). Our modelling indicated that the levels of reduced interactions in workplaces and across communities attained in Sydney and other parts of the nation were inadequate for controlling the outbreak. A counter-factual analysis suggested that if 70% of the population followed tight stay-at-home restrictions, then at least 45 days would have been needed for new daily cases to fall from their peak to below ten per day. Our model successfully predicted that, under a progressive vaccination rollout, if 40-50% of the Australian population follow stay-at-home restrictions, the incidence will peak by mid-October 2021. We also quantified an expected burden on the healthcare system and potential fatalities across Australia.
Data privacy is critical in instilling trust and empowering the societal pacts of modern technology-driven democracies. Unfortunately, it is under continuous attack by overreaching or outright oppressive governments, including some of the world's oldest democracies. Increasingly-intrusive anti-encryption laws severely limit the ability of standard encryption to protect privacy. New defense mechanisms are needed. Plausible deniability (PD) is a powerful property, enabling users to hide the existence of sensitive information in a system under direct inspection by adversaries. Popular encrypted storage systems such as TrueCrypt and other research efforts have attempted to also provide plausible deniability. Unfortunately, these efforts have often operated under less well-defined assumptions and adversarial models. Careful analyses often uncover not only high overheads but also outright security compromise. Further, our understanding of adversaries, the underlying storage technologies, as well as the available plausible deniable solutions have evolved dramatically in the past two decades. The main goal of this work is to systematize this knowledge. It aims to: - identify key PD properties, requirements, and approaches; - present a direly-needed unified framework for evaluating security and performance; - explore the challenges arising from the critical interplay between PD and modern system layered stacks; - propose a new "trace-oriented" PD paradigm, able to decouple security guarantees from the underlying systems and thus ensure a higher level of flexibility and security independent of the technology stack. This work is meant also as a trusted guide for system and security practitioners around the major challenges in understanding, designing, and implementing plausible deniability into new or existing systems.
Iris recognition technology has attracted an increasing interest in the last decades in which we have witnessed a migration from research laboratories to real world applications. The deployment of this technology raises questions about the main vulnerabilities and security threats related to these systems. Among these threats presentation attacks stand out as some of the most relevant and studied. Presentation attacks can be defined as presentation of human characteristics or artifacts directly to the capture device of a biometric system trying to interfere its normal operation. In the case of the iris, these attacks include the use of real irises as well as artifacts with different level of sophistication such as photographs or videos. This chapter introduces iris Presentation Attack Detection (PAD) methods that have been developed to reduce the risk posed by presentation attacks. First, we summarise the most popular types of attacks including the main challenges to address. Secondly, we present a taxonomy of Presentation Attack Detection methods as a brief introduction to this very active research area. Finally, we discuss the integration of these methods into Iris Recognition Systems according to the most important scenarios of practical application.
In many applications, it is important to characterize the way in which two concepts are semantically related. Knowledge graphs such as ConceptNet provide a rich source of information for such characterizations by encoding relations between concepts as edges in a graph. When two concepts are not directly connected by an edge, their relationship can still be described in terms of the paths that connect them. Unfortunately, many of these paths are uninformative and noisy, which means that the success of applications that use such path features crucially relies on their ability to select high-quality paths. In existing applications, this path selection process is based on relatively simple heuristics. In this paper we instead propose to learn to predict path quality from crowdsourced human assessments. Since we are interested in a generic task-independent notion of quality, we simply ask human participants to rank paths according to their subjective assessment of the paths' naturalness, without attempting to define naturalness or steering the participants towards particular indicators of quality. We show that a neural network model trained on these assessments is able to predict human judgments on unseen paths with near optimal performance. Most notably, we find that the resulting path selection method is substantially better than the current heuristic approaches at identifying meaningful paths.
Recommender systems rely on large datasets of historical data and entail serious privacy risks. A server offering recommendations as a service to a client might leak more information than necessary regarding its recommendation model and training dataset. At the same time, the disclosure of the client's preferences to the server is also a matter of concern. Providing recommendations while preserving privacy in both senses is a difficult task, which often comes into conflict with the utility of the system in terms of its recommendation-accuracy and efficiency. Widely-purposed cryptographic primitives such as secure multi-party computation and homomorphic encryption offer strong security guarantees, but in conjunction with state-of-the-art recommender systems yield far-from-practical solutions. We precisely define the above notion of security and propose CryptoRec, a novel recommendations-as-a-service protocol, which encompasses a crypto-friendly recommender system. This model possesses two interesting properties: (1) It models user-item interactions in a user-free latent feature space in which it captures personalized user features by an aggregation of item features. This means that a server with a pre-trained model can provide recommendations for a client without having to re-train the model with the client's preferences. Nevertheless, re-training the model still improves accuracy. (2) It only uses addition and multiplication operations, making the model straightforwardly compatible with homomorphic encryption schemes.
注冊地址: 北京市海淀區羊坊店路18號2幢3層301-191