DSI scientists present research at annual security symposium
DSI scientists from Imperial presented their research on privacy and client-side scanning at the 31st USENIX Security Symposium in Boston.
The USENIX Security Symposium is an annual conference that brings together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security and privacy of computer systems and networks.
This year, the 31st USENIX Symposium was held in Boston on 10-12 August 2022 and was split into many different thematic tracks, covering topics such as web security, software vulnerabilities, scanning and censorship, and smart homes.
The themes covered by Imperial’s Data Science Institute and the Department of Computing involved the topics of local differential privacy and client-side scanning, researched by Computational Privacy leader Dr Yves-Alexandre de Montjoye, PhD students Andrea Gadotti, Ana-Maria Cretu, Forent Guepin, and Shubham Jain, and researchers Florimond Houssiau and Meenatchi Sundaram Muthu Selva Annamalai, some of which attended the event.
Differential privacy and client-side security
Big data has enabled us to tackle the greatest challenges in medicine, physics, and engineering—but it comes with its own ethical pitfalls, including huge threats to privacy. These privacy issues are key challenges being studied by Imperial’s researchers.
PhD student in Computational Privacy, Andrea Gadotti presented a paper at the symposium on pool interference attacks against Apple’s Count Mean Sketch as part of the differential privacy theme. Local differential privacy refers to a system for safely collecting behavioral data.
Their results show that pool interference attacks are a concern for data protected by local differential privacy mechanisms, emphasizing the need for additional technical safeguards and the need for more research on how to apply local differential privacy for multiple collections.
Similarly, PhD student in Computational Privacy Ana Maria Cretu presented her recent paper on evaluating the robustness of perceptual hashing-based client-side scanning systems - a mechanism of scanning data that has recently been proposed by tech companies and governments as a solution to detect illegal content in end-to-end encryption communications.
In the paper and accompanying talk, the team demonstrated that current mechanisms of detecting illegal content, known as perceptual hashing, do not work sufficiently and could be easily bypassed by illegal attackers online who aim to evade detection.
Their results show that 99.9% of images were able to successfully bypass the system undetected whilst preserving the content of the image, shedding serious doubts on the robustness of perceptual hashing and scanning mechanisms currently proposed by governments and researchers around the world.
To find out more about their findings, read this Imperial News Story.
The USENIX Association
The USENIX Association is a non-profit organization, dedicated to supporting the advanced computing systems communities and furthering the reach of innovative research.
Since 1975, USENIX has brought together the community of engineers, system administrators, SREs, researchers, and technicians working on the cutting edge of the computing world.
USENIX conferences such as that held in Boston last week, have become the essential meeting grounds for the presentation and discussion of the most advanced information on the development of all aspects of computing systems.
Article text (excluding photos or graphics) © Imperial College London.
Photos and graphics subject to third party copyright used with permission or © Imperial College London.