4 minute read
PRIVACY RESEARCH AT THE NYU CENTER FOR CYBERSECURITY
by NYUTandon
If one were to rank the concerns of the general public about technology there is little doubt that privacy issues would be front and center. In a 2019 survey of U.S. residents by the Pew Charitable Trust, 81% of respondents voiced concern that they had no control over information collected about them by companies (see https://www.pewresearch.org/internet/2019/11/15/ americans-and-privacy-concerned-confused-and-feeling-lackof-control-over-their-personal-information/). Given the concern privacy issues raise, it should not be surprising that CCS faculty and students are researching so many different solutions to vulnerabilities that have privacy implications. Here is a quick look at a few of these projects.
of breaches. In this effort, Reagen and Maniatakos are working in collaboration with a data security company called Duality. Learn more about the research at https://engineering.nyu.edu/news/ novel-tandon-designed-microchip-will-allow-data-be-processedwithout-being-decrypted The second project aims to reduce the loss of efficiency associated with non-linear operators like ReLU (rectified linear activation function).
ENCRYPTION
The use of encryption strategies offers a way to protect data that is particularly sensitive, such as medical records or financial transactions. Unfortunately, the need to decrypt the data once it reaches its destination adds a layer of effort that could reduce the overall efficiency of the process. Now, a relatively new strategy called fully homomorphic data encryption has emerged that can allow computing to be performed on encrypted data. Several CCS-affiliated faculty, including Dr. Brandon Reagen (far left in photo) and Dr. Siddharth Garg (center) of Tandon’s Electrical and Computer Engineering Department, and Dr. Michail Maniatakos (right) of the Computer Engineering Department at NYU Abu Dhabi, have applied, tested, or advanced this technology in some way over the past year or so. In fact, Reagen has actually made contributions to two of these projects.
The first, supported by a three-and-a-half year, $14-million grant from the Defense Advanced Research Projects Agency (DARPA), is the development of an FHE encrypted chip that reduces the risk
To address these issues, Reagen and Garg, along with two then Ph.D. students, developed a set of optimizations they call DeepReDuce. As stated in a presentation given last summer at the International Conference on Machine Learning (https://arxiv. org/pdf/2103.01396.pdf ), “the key insight is that not all ReLUs contribute equally to accuracy. We leverage this insight to drop, or remove, ReLUs from classic networks to significantly reduce inference latency and maintain high accuracy.”
TESTING Many methods promise to provide privacy via anonymity, but do they deliver? One such technology, generative adversarial networks (GANs), uses machine-learning systems to “scrub” images of any traces of personal identity. But, a team of researchers, led by Garg, suggest that these scrubbed images leave a lot of “residue” behind. In tests conducted to see how effective tools like privacy protecting GANs (PP-GANs) actually were, Garg found that designs can, in fact, be subverted to pass privacy checks, while still permitting extraction of secret information.The results of this study were presented in a paper entitled “Subverting Privacy-Preserving GANs: Hiding Secrets in Sanitized Images.” Among its findings were “the insufficiency of existing DL-based privacy checks, and potential risks of using untrusted third-party PP-GAN tools.” The paper can be read in its entirety at https://arxiv.org/pdf/2009.09283.pdf
SYSTEMIC PROTECTION, INDIVIDUAL DEFENSE
Sometimes the best privacy defense is a good offense, and a good offense requires a deeper understanding of the mechanisms that allow breaches to occur. As stated on his website, Dr. Damon McCoy, an associate professor of computer science and engineering, has focused his research on “empirically measuring the security and privacy of technology systems and their intersections with society.” One of his most recent initiatives, conducted with Dr. Rachel Greenstadt (see profile on the next page), Ph.D. candidate Kejsi Take, Ph.D. alumnus Kevin Gallagher, and colleague Dr. Andrea Forte of Drexel University, examined the obstacles faced by individuals seeking to remove their data from People Search Websites. In a paper published in the Proceedings on Privacy Enhancing Technologies in July 2022, the team observes that “the successful monetization of users personal identifiable information motivates data aggregators to make the removal more difficult.” In order to fight back, McCoy and his team provide recommendations to users, third parties, removal services and researchers aiming to make the removal process more effective. You can read the paper at https://petsymposium.org/2022/files/papers/issue3/popets-2022-0067.pdf
Privacy In The Realm Of 5g
The emergence of 5G technologies has brought a rash of new security and privacy issues to the telecommunications sector. NYU Abu Dhabi’s Cyber Security and Privacy Lab, overseen by principal investigator Dr. Christina Pöpper, assistant professor of computer science, is tackling challenges in mobile network security, aviation security, and communication privacy. Pöpper’s recent research initiatives have examined the tracking of targeted users in 5G networks (paper at https://dl.acm.org/ doi/10.1145/3448300.3467826) and the potential service/privacy losses that can occur during the “handover procedure,” where an ongoing call or data session is switched from one base station or core network to another, e.g., when user equipment is moving (paper at https://dl.acm.org/doi/pdf/10.1145/3485832.3485914). Though the handover process is cryptographically protected, it is vulnerable to denial-of-service and man-in-the-middle attacks, and information disclosure. Read about the ongoing work of the lab at https:// nyuad.nyu.edu/en/research/faculty-labs-and-projects/cybersecurity-and-privacy-lab.html
Internet Of Things
As homes become smarter, the risk of privacy breaches from devices connected to Internet of Things devices grows as well. Dr. Danny Y. Huang, an assistant professor of electrical and computer engineering at Tandon, focuses much of his research efforts on improving the security of smart devices. Huang is part of a multi-university project team working with an open source app called IoT Inspector, (https://inspector.engineering.nyu.edu/) which gives individuals the ability to monitor network activity involving their in-home smart devices. Huang is also a Consumer Reports Digital Lab Fellow charged with uncovering and addressing emerging consumer harms from these devices. You can read more about his work with IoT Inspector in a paper published in the Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (https://iotinspector.org/papers/ ubicomp-20.pdf ).
