Inference attack

Last updated

An Inference Attack is a data mining technique performed by analyzing data in order to illegitimately gain knowledge about a subject or database. [1] A subject's sensitive information can be considered as leaked if an adversary can infer its real value with a high confidence. [2] This is an example of breached information security. An Inference attack occurs when a user is able to infer from trivial information more robust information about a database without directly accessing it. [3] The object of Inference attacks is to piece together information at one security level to determine a fact that should be protected at a higher security level. [4]

While inference attacks were originally discovered as a threat in statistical databases, [5] today they also pose a major privacy threat in the domain of mobile and IoT sensor data. Data from accelerometers, which can be accessed by third-party apps without user permission in many mobile devices, [6] has been used to infer rich information about users based on the recorded motion patterns (e.g., driving behavior, level of intoxication, age, gender, touchscreen inputs, geographic location). [7] Highly sensitive inferences can also be derived, for example, from eye tracking data, [8] [9] smart meter data [10] [11] and voice recordings (e.g., smart speaker voice commands). [12]

Related Research Articles

<span class="mw-page-title-main">Keystroke logging</span> Action of recording the keys struck on a keyboard

Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitored. Data can then be retrieved by the person operating the logging program. A keystroke recorder or keylogger can be either software or hardware.

<span class="mw-page-title-main">Home automation</span> Building automation for a home

Home automation or domotics is building automation for a home, called a smart home or smart house. A home automation system will monitor and/or control home attributes such as lighting, climate, entertainment systems, and appliances. It may also include home security such as access control and alarm systems. When connected with the Internet, home devices are an important constituent of the Internet of Things ("IoT").

An accelerometer is a tool that measures proper acceleration. Proper acceleration is the acceleration of a body in its own instantaneous rest frame; this is different from coordinate acceleration, which is acceleration in a fixed coordinate system. For example, an accelerometer at rest on the surface of the Earth will measure an acceleration due to Earth's gravity, straight upwards of g ≈ 9.81 m/s2. By contrast, accelerometers in free fall will measure zero.

<span class="mw-page-title-main">Sensor fusion</span>

Sensor fusion is the process of combining sensor data or data derived from disparate sources such that the resulting information has less uncertainty than would be possible when these sources were used individually. For instance, one could potentially obtain a more accurate location estimate of an indoor object by combining multiple data sources such as video cameras and WiFi localization signals. The term uncertainty reduction in this case can mean more accurate, more complete, or more dependable, or refer to the result of an emerging view, such as stereoscopic vision.

A voice-user interface (VUI) makes spoken human interaction with computers possible, using speech recognition to understand spoken commands and answer questions, and typically text to speech to play a reply. A voice command device is a device controlled with a voice user interface.

The Internet of things (IoT) describes physical objects with sensors, processing ability, software and other technologies that connect and exchange data with other devices and systems over the Internet or other communications networks. Internet of things has been considered a misnomer because devices do not need to be connected to the public internet, they only need to be connected to a network and be individually addressable.

Activity recognition aims to recognize the actions and goals of one or more agents from a series of observations on the agents' actions and the environmental conditions. Since the 1980s, this research field has captured the attention of several computer science communities due to its strength in providing personalized support for many different applications and its connection to many different fields of study such as medicine, human-computer interaction, or sociology.

<span class="mw-page-title-main">Virtual assistant</span> Mobile software agent

An intelligent virtual assistant (IVA) or intelligent personal assistant (IPA) is a software agent that can perform tasks or services for an individual based on commands or questions. The term "chatbot" is sometimes used to refer to virtual assistants generally or specifically accessed by online chat. In some cases, online chat programs are exclusively for entertainment purposes. Some virtual assistants are able to interpret human speech and respond via synthesized voices. Users can ask their assistants questions, control home automation devices and media playback via voice, and manage other basic tasks such as email, to-do lists, and calendars with verbal commands. A similar concept, however with differences, lays under the dialogue systems.

Urban computing is an interdisciplinary field which pertains to the study and application of computing technology in urban areas. This involves the application of wireless networks, sensors, computational power, and data to improve the quality of densely populated areas. Urban computing is the technological framework for smart cities.

ProVerif is a software tool for automated reasoning about the security properties found in cryptographic protocols. The tool has been developed by Bruno Blanchet.

<span class="mw-page-title-main">Cellphone surveillance</span> Interception of mobile phone activity

Cellphone surveillance may involve tracking, bugging, monitoring, eavesdropping, and recording conversations and text messages on mobile phones. It also encompasses the monitoring of people's movements, which can be tracked using mobile phone signals when phones are turned on.

Implicit authentication (IA) is a technique that allows the smart device to recognize its owner by being acquainted with his/her behaviors. It is a technique that uses machine learning algorithms to learn user behavior through various sensors on the smart devices and achieve user identification. Most of the current authentication techniques, e.g., password, pattern lock, finger print and iris recognition, are explicit authentication which require user input. Comparing with explicit authentication, IA is transparent to users during the usage, and it significantly increases the usability by reducing time users spending on login, in which users find it more annoying than lack of cellular coverage.

Crowdsensing, sometimes referred to as mobile crowdsensing, is a technique where a large group of individuals having mobile devices capable of sensing and computing collectively share data and extract information to measure, map, analyze, estimate or infer (predict) any processes of common interest. In short, this means crowdsourcing of sensor data from mobile devices.

The International Conference on Information Systems Security and PrivacyICISSP – aims to create a meeting point for practitioners and researchers interested in security and privacy challenges that concern information systems covering technological and social issues.

Network eavesdropping, also known as eavesdropping attack, sniffing attack, or snooping attack, is a method that retrieves user information through the internet. This attack happens on electronic devices like computers and smartphones. This network attack typically happens under the usage of unsecured networks, such as public wifi connections or shared electronic devices. Eavesdropping attacks through the network is considered one of the most urgent threats in industries that rely on collecting and storing data. Internet users use eavesdropping via the Internet to improve information security.

<span class="mw-page-title-main">Pulse watch</span> Electronic devices

A pulse watch, also known as a pulsometer or pulsograph, is an individual monitoring and measuring device with the ability to measure heart or pulse rate. Detection can occur in real time or can be saved and stored for later review. The pulse watch measures electrocardiography data while the user is performing tasks, whether it be simple daily tasks or intense physical activity. The pulse watch functions without the use of wires and multiple sensors. This makes it useful in health and medical settings where wires and sensors may be an inconvenience. Use of the device is also common in sport and exercise environments where individuals are required to measure and monitor their biometric data.

Soft privacy technologies fall under the category of PETs, Privacy-enhancing technologies, as methods of protecting data. Soft privacy is a counterpart to another subcategory of PETs, called hard privacy. Soft privacy technology has the goal of keeping information safe, allowing services to process data while having full control of how data is being used. To accomplish this, soft privacy emphasizes the use of third-party programs to protect privacy, emphasizing auditing, certification, consent, access control, encryption, and differential privacy. Since evolving technologies like the internet, machine learning, and big data are being applied to many long-standing fields, we now need to process billions of datapoints every day in areas such as health care, autonomous cars, smart cards, social media, and more. Many of these fields rely on soft privacy technologies when they handle data.

Nina Vankova Nikolova is a Bulgarian climatologist, and a professor at Sofia University.

<span class="mw-page-title-main">Jean-Pierre Hubaux</span> Swiss-Belgian computer scientist spezialised in security and privacy

Jean-Pierre Hubaux is a Swiss-Belgian computer scientist specialised in security and privacy. He is a professor of computer science at EPFL and is the head of the Laboratory for Data Security at EPFL's School of Computer and Communication Sciences.

A lightweight blockchain is a modified blockchain which has a simplified algorithm without sacrificing data security. This type of blockchain is suitable for applications that need data reliability, but limited computational resources like Internet of Things (IoT) and Autonomous Driving. Especially in IoT, most of the connected devices are small, ubiquitous, and run on battery but aim to work for a long period of time remotely and securely. Lightweight blockchain enabled trust evaluation mechanism in wireless sensor network for secured data transaction between nodes.

References

  1. "Inference Attacks on Location Tracks" by John Krumm
  2. http://www.ics.uci.edu/~chenli/pub/2007-dasfaa.pdf "Protecting Individual Information Against Inference Attacks in Data Publishing" by Chen Li, Houtan Shirani-Mehr, and Xiaochun Yang
  3. "Detecting Inference Attacks Using Association Rules" by Sangeetha Raman, 2001
  4. "Database Security Issues: Inference" by Mike Chapple
  5. V. P. Lane (8 November 1985). Security of Computer Based Information Systems. Macmillan International Higher Education. pp. 11–. ISBN   978-1-349-18011-0.
  6. Bai, Xiaolong; Yin, Jie; Wang, Yu-Ping (2017). "Sensor Guardian: prevent privacy inference on Android sensors". EURASIP Journal on Information Security. 2017 (1). doi: 10.1186/s13635-017-0061-8 . ISSN   2510-523X.
  7. Kröger, Jacob Leon; Raschke, Philip (January 2019). "Privacy implications of accelerometer data: a review of possible inferences". Proceedings of the International Conference on Cryptography, Security and Privacy. ACM, New York. pp. 81–87. doi: 10.1145/3309074.3309076 .
  8. Liebling, Daniel J.; Preibusch, Sören (2014). "Privacy considerations for a pervasive eye tracking world". Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing: Adjunct Publication. pp. 1169–1177. doi:10.1145/2638728.2641688. ISBN   9781450330473. S2CID   3663921.
  9. Kröger, Jacob Leon; Lutz, Otto Hans-Martin; Müller, Florian (2020). "What Does Your Gaze Reveal About You? On the Privacy Implications of Eye Tracking". Privacy and Identity Management. Data for Better Living: AI and Privacy. IFIP Advances in Information and Communication Technology. Vol. 576. pp. 226–241. doi: 10.1007/978-3-030-42504-3_15 . ISBN   978-3-030-42503-6. ISSN   1868-4238.
  10. Clement, Jana; Ploennigs, Joern; Kabitzsch, Klaus (2014). "Detecting Activities of Daily Living with Smart Meters". Ambient Assisted Living. Advanced Technologies and Societal Change. pp. 143–160. doi:10.1007/978-3-642-37988-8_10. ISBN   978-3-642-37987-1. ISSN   2191-6853.
  11. Sankar, Lalitha; Rajagopalan, S.R.; Mohajer, Soheil; Poor, H.V. (2013). "Smart Meter Privacy: A Theoretical Framework". IEEE Transactions on Smart Grid. 4 (2): 837–846. doi:10.1109/TSG.2012.2211046. ISSN   1949-3053. S2CID   13471323.
  12. Kröger, Jacob Leon; Lutz, Otto Hans-Martin; Raschke, Philip (2020). "Privacy Implications of Voice and Speech Analysis – Information Disclosure by Inference". Privacy and Identity Management. Data for Better Living: AI and Privacy. IFIP Advances in Information and Communication Technology. Vol. 576. pp. 242–258. doi: 10.1007/978-3-030-42504-3_16 . ISBN   978-3-030-42503-6. ISSN   1868-4238.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.