The Information Security and Privacy (ISP) Group
We are tackling the challenging problem of enabling the use of technology while preserving individual and organisations’ privacy, and guaranteeing information and data safety and security.
Data comes in different formats and, today, almost every organisation in our digital economy relies on data one way or the other. The ISP group at Macquarie University aims to build on expertise in systems and protocols, information theory, applied cryptography and cryptanalysis as well as machine learning and data mining to secure data transmission and ensure private processing of the data across the entire data lifecycle.
From data acquisition and extraction to the analytics and insights use through the networking and transportation of the data, we build algorithms enabling:
- Characterisation and measurement of the security and privacy of networked distributed systems
- Threat quantification and security and privacy risk assessment to raise awareness and understand how to build better defence mechanisms
- Designing and building secure and privacy-preserving technologies
- Mohammed Saeed Alqahtani, PhD Candidate
- Nazim Uddin Sheikh, PhD Candidate
- Saad Hashmi, PhD Candidate
- Hasina Rahman, MRes Candidate
- Adam Pam
- Dione Morales
- Kieran Wouterlood
- Abir Khurshied
- Tasfia Qauder
- Dean Rabe
Privacy-Preserving Technologies for Data Sharing
The drive to share datasets is gaining momentum owing to its potential benefits to businesses and the community alike. Despite its appeal, sharing datasets, especially when they contain sensitive information about individuals, has serious privacy implications such as the risk of being able to link information to specific individuals, and hence learning sensitive information. Our approach for privacy-preserving access to data is to rely on mathematically rigorous notions of privacy such as differential privacy. These notions provide a formal privacy guarantee that successfully addresses the conundrum of learning nothing about an individual while learning useful trends from the dataset.
- Asghar, H.J., Ding, M., Rakotoarivelo, T., Mrabet, S. and Kaafar, M.A., 2018. Differentially Private Release of High-Dimensional Datasets using the Gaussian Copula. Submitted to PETS 2018.
- Kamalaruban, P., Perrier, V., Asghar, H.J. and Kaafar, M.A., 2018. dx-Private Mechanisms for Linear Queries. Submitted to ICML 2018.
- Perrier, V., Asghar, H.J. and Kaafar, M.A., 2018. Improved Private Release of Real Time Statistics. Submitted to IEEE S&P 2018.
- Friedman, A., Berkovsky, S. and Kaafar, M.A., 2016. A differential privacy framework for matrix factorization recommender systems. User Modeling and User-Adapted Interaction, 26(5), pp.425-458.
Web Security and Privacy
Our online presence and participation leaves digital footprints behind which can be used in a variety of ways to compromise our privacy. It also leaves us vulnerable to security issues under the hood. This project aims to (a) detect personal information sent to third parties, (b) identify new instances of user tracking, (c) assessing vulnerabilities in security protocols, and (d) developing alternative solutions that enhance web security and privacy.
- Masood, R., Vatsalan, D., Ikram, M. and Kaafar, M.A., 2018, April. Incognito: A Method for Obfuscating Web Data. In Proceedings of the 2018 World Wide Web Conference on World Wide Web (pp. 267-276). International World Wide Web Conferences Steering Committee.
- Masood, R., Zhao, B.Z.H., Asghar, H.J. and Kaafar, M.A., 2018. Touch and You’re Trapp (ck) ed: Quantifying the Uniqueness of Touch Gestures for Tracking. Proceedings on Privacy Enhancing Technologies, 2018(2), pp.122-142.
- Ikram, M., Asghar, H.J., Kaafar, M.A., Mahanti, A. and Krishnamurthy, B., 2017. Towards seamless tracking-free web: Improved detection of trackers via one-class learning. Proceedings on Privacy Enhancing Technologies, 2017(1), pp.79-99.
Mobile Security and Privacy
Millions of users worldwide resort to mobile Ad-Blocking apps to block third-party tracking and ads services as well as use VPN clients to either circumvent censorship or to access geo-blocked content, and more generally for privacy and security purposes. However, are Ad-Blocking apps efficient and VPN services trustworthy? Do they guarantee user’s privacy or instead compromise it? We illuminate on these questions by build tools for collecting and analyzing source codes of mobile Ad-Blocking apps and VPN clients as well as inspect their runtime dynamic behaviours.
- Ikram, M., Vallina-Rodriguez, N., Seneviratne, S., Kaafar, M.A. and Paxson, V., 2016, November. An analysis of the privacy and security risks of android VPN permission-enabled apps. In Proceedings of the 2016 Internet Measurement Conference (pp. 349-364). ACM.
- Ikram, M. and Kaafar, M.A., 2017, October. A First Look at Mobile Ad-Blocking Apps. In 2017 IEEE 16th International Symposium on Network Computing and Applications (NCA) (pp. 1-8). IEEE.
Next Generation Authentication Systems
Can we have a provably observation-resistant user authentication scheme that is as usable as password-based authentication? The next generation of authentication systems aims to overcome the security issues in password-based systems, such as susceptibility to shoulder-surfing and difficulty to memorise strong passwords, by using alternative modes and means for authentication. These include authentication via behavioural biometrics and authentication relying on human cognitive abilities.
Research Papers (recent):
- Asghar, H.J. and Kaafar, M.A., 2017. When are identification protocols with sparse challenges safe? The case of the Coskun and Herley attack. Journal of Mathematical Cryptology, 11(3), pp.177-194.
- Chauhan, J., Zhao, B.Z.H., Asghar, H.J., Chan, J. and Kaafar, M.A., 2017, April. BehavioCog: An Observation Resistant Authentication Scheme. In International Conference on Financial Cryptography and Data Security (pp. 39-58). Springer, Cham.
- Chauhan, J., Asghar, H.J., Mahanti, A. and Kaafar, M.A., 2016, June. Gesture-based continuous authentication for wearable devices: The smart glasses use case. In International Conference on Applied Cryptography and Network Security (pp. 648-665). Springer, Cham.
- Asghar, H.J., Steinfeld, R., Li, S., Kaafar, M.A. and Pieprzyk, J., 2015. On the linearization of human identification protocols: Attacks based on linear algebra, coding theory, and lattices. IEEE Transactions on Information Forensics and Security, 10(8), pp.1643-1655.
Authentication for IoT Networks
Internet of Things (IoT) devices are resource constrained having low memory, communication and computational power. Lightweight security and cryptographic protocols are beneficial for such devices as they free up resources for other functionalities and potentially increase the life time of these battery-powered devices. This project aims at constructing lightweight security protocols using new cryptographic primitives with applications for IoT devices.
- Monteiro, M., Kahatapitiya, K., Asghar, H.J., Thilakarathna, K., Rakotoarivelo, T., Kaafar, M.A., Li, S., Pieprzyk, J. and Steinfeld, R., 2018. Foxtail+: A New Identification Protocol for Resource Constrained Devices. Submitted to IEEE TIFS, 2018.