-
PAN-DOMAIN: Privacy-preserving Sharing and Auditing of Infection Identifier Matching
Authors:
William Abramson,
William J. Buchanan,
Sarwar Sayeed,
Nikolaos Pitropakis,
Owen Lo
Abstract:
The spread of COVID-19 has highlighted the need for a robust contact tracing infrastructure that enables infected individuals to have their contacts traced, and followed up with a test. The key entities involved within a contact tracing infrastructure may include the Citizen, a Testing Centre (TC), a Health Authority (HA), and a Government Authority (GA). Typically, these different domains need to…
▽ More
The spread of COVID-19 has highlighted the need for a robust contact tracing infrastructure that enables infected individuals to have their contacts traced, and followed up with a test. The key entities involved within a contact tracing infrastructure may include the Citizen, a Testing Centre (TC), a Health Authority (HA), and a Government Authority (GA). Typically, these different domains need to communicate with each other about an individual. A common approach is when a citizen discloses his personally identifiable information to both the HA a TC, if the test result comes positive, the information is used by the TC to alert the HA. Along with this, there can be other trusted entities that have other key elements of data related to the citizen. However, the existing approaches comprise severe flaws in terms of privacy and security. Additionally, the aforementioned approaches are not transparent and often being questioned for the efficacy of the implementations. In order to overcome the challenges, this paper outlines the PAN-DOMAIN infrastructure that allows for citizen identifiers to be matched amongst the TA, the HA and the GA. PAN-DOMAIN ensures that the citizen can keep control of the mapping between the trusted entities using a trusted converter, and has access to an audit log.
△ Less
Submitted 6 December, 2021;
originally announced December 2021.
-
Identifying Roles, Requirements and Responsibilities in Trustworthy AI Systems
Authors:
Iain Barclay,
Will Abramson
Abstract:
Artificial Intelligence (AI) systems are being deployed around the globe in critical fields such as healthcare and education. In some cases, expert practitioners in these domains are being tasked with introducing or using such systems, but have little or no insight into what data these complex systems are based on, or how they are put together. In this paper, we consider an AI system from the doma…
▽ More
Artificial Intelligence (AI) systems are being deployed around the globe in critical fields such as healthcare and education. In some cases, expert practitioners in these domains are being tasked with introducing or using such systems, but have little or no insight into what data these complex systems are based on, or how they are put together. In this paper, we consider an AI system from the domain practitioner's perspective and identify key roles that are involved in system deployment. We consider the differing requirements and responsibilities of each role, and identify a tension between transparency and privacy that needs to be addressed so that domain practitioners are able to intelligently assess whether a particular AI system is appropriate for use in their domain.
△ Less
Submitted 15 June, 2021;
originally announced June 2021.
-
Syft 0.5: A Platform for Universally Deployable Structured Transparency
Authors:
Adam James Hall,
Madhava Jay,
Tudor Cebere,
Bogdan Cebere,
Koen Lennart van der Veen,
George Muraru,
Tongye Xu,
Patrick Cason,
William Abramson,
Ayoub Benaissa,
Chinmay Shah,
Alan Aboudib,
Théo Ryffel,
Kritika Prakash,
Tom Titcombe,
Varun Kumar Khare,
Maddie Shang,
Ionesio Junior,
Animesh Gupta,
Jason Paumier,
Nahua Kang,
Vova Manannikov,
Andrew Trask
Abstract:
We present Syft 0.5, a general-purpose framework that combines a core group of privacy-enhancing technologies that facilitate a universal set of structured transparency systems. This framework is demonstrated through the design and implementation of a novel privacy-preserving inference information flow where we pass homomorphically encrypted activation signals through a split neural network for in…
▽ More
We present Syft 0.5, a general-purpose framework that combines a core group of privacy-enhancing technologies that facilitate a universal set of structured transparency systems. This framework is demonstrated through the design and implementation of a novel privacy-preserving inference information flow where we pass homomorphically encrypted activation signals through a split neural network for inference. We show that splitting the model further up the computation chain significantly reduces the computation time of inference and the payload size of activation signals at the cost of model secrecy. We evaluate our proposed flow with respect to its provision of the core structural transparency principles.
△ Less
Submitted 27 April, 2021; v1 submitted 26 April, 2021;
originally announced April 2021.
-
Privacy and Trust Redefined in Federated Machine Learning
Authors:
Pavlos Papadopoulos,
Will Abramson,
Adam J. Hall,
Nikolaos Pitropakis,
William J. Buchanan
Abstract:
A common privacy issue in traditional machine learning is that data needs to be disclosed for the training procedures. In situations with highly sensitive data such as healthcare records, accessing this information is challenging and often prohibited. Luckily, privacy-preserving technologies have been developed to overcome this hurdle by distributing the computation of the training and ensuring th…
▽ More
A common privacy issue in traditional machine learning is that data needs to be disclosed for the training procedures. In situations with highly sensitive data such as healthcare records, accessing this information is challenging and often prohibited. Luckily, privacy-preserving technologies have been developed to overcome this hurdle by distributing the computation of the training and ensuring the data privacy to their owners. The distribution of the computation to multiple participating entities introduces new privacy complications and risks. In this paper, we present a privacy-preserving decentralised workflow that facilitates trusted federated learning among participants. Our proof-of-concept defines a trust framework instantiated using decentralised identity technologies being developed under Hyperledger projects Aries/Indy/Ursa. Only entities in possession of Verifiable Credentials issued from the appropriate authorities are able to establish secure, authenticated communication channels authorised to participate in a federated learning workflow related to mental health data.
△ Less
Submitted 30 March, 2021; v1 submitted 29 March, 2021;
originally announced March 2021.
-
Trust-by-Design: Evaluating Issues and Perceptions within Clinical Passporting
Authors:
Will Abramson,
Nicole E. van Deursen,
William J Buchanan
Abstract:
A substantial administrative burden is placed on healthcare professionals as they manage and progress through their careers. Identity verification, pre-employment screening and appraisals: the bureaucracy associated with each of these processes takes precious time out of a healthcare professional's day. Time that could have been spent focused on patient care. In the midst of the COVID-19 crisis, i…
▽ More
A substantial administrative burden is placed on healthcare professionals as they manage and progress through their careers. Identity verification, pre-employment screening and appraisals: the bureaucracy associated with each of these processes takes precious time out of a healthcare professional's day. Time that could have been spent focused on patient care. In the midst of the COVID-19 crisis, it is more important than ever to optimize these professionals' time. This paper presents the synthesis of a design workshop held at the Royal College of Physicians of Edinburgh (RCPE) and subsequent interviews with healthcare professionals. The main research question posed is whether these processes can be re-imagined using digital technologies, specifically Self-Sovereign Identity? A key contribution in the paper is the development of a set of user-led requirements and design principles for identity systems used within healthcare. These are then contrasted with the design principles found in the literature. The results of this study confirm the need and potential of professionalising identity and credential management throughout a healthcare professional's career.
△ Less
Submitted 26 June, 2020;
originally announced June 2020.
-
A Distributed Trust Framework for Privacy-Preserving Machine Learning
Authors:
Will Abramson,
Adam James Hall,
Pavlos Papadopoulos,
Nikolaos Pitropakis,
William J Buchanan
Abstract:
When training a machine learning model, it is standard procedure for the researcher to have full knowledge of both the data and model. However, this engenders a lack of trust between data owners and data scientists. Data owners are justifiably reluctant to relinquish control of private information to third parties. Privacy-preserving techniques distribute computation in order to ensure that data r…
▽ More
When training a machine learning model, it is standard procedure for the researcher to have full knowledge of both the data and model. However, this engenders a lack of trust between data owners and data scientists. Data owners are justifiably reluctant to relinquish control of private information to third parties. Privacy-preserving techniques distribute computation in order to ensure that data remains in the control of the owner while learning takes place. However, architectures distributed amongst multiple agents introduce an entirely new set of security and trust complications. These include data poisoning and model theft. This paper outlines a distributed infrastructure which is used to facilitate peer-to-peer trust between distributed agents; collaboratively performing a privacy-preserving workflow. Our outlined prototype sets industry gatekeepers and governance bodies as credential issuers. Before participating in the distributed learning workflow, malicious actors must first negotiate valid credentials. We detail a proof of concept using Hyperledger Aries, Decentralised Identifiers (DIDs) and Verifiable Credentials (VCs) to establish a distributed trust architecture during a privacy-preserving machine learning experiment. Specifically, we utilise secure and authenticated DID communication channels in order to facilitate a federated learning workflow related to mental health care data.
△ Less
Submitted 3 June, 2020;
originally announced June 2020.
-
Performance Analysis of TLS for Quantum Robust Cryptography on a Constrained Device
Authors:
Jon Barton,
William J Buchanan,
Nikolaos Pitropakis,
Sarwar Sayeed,
Will Abramson
Abstract:
Advances in quantum computing make Shor's algorithm for factorising numbers ever more tractable. This threatens the security of any cryptographic system which often relies on the difficulty of factorisation. It also threatens methods based on discrete logarithms, such as with the Diffie-Hellman key exchange method. For a cryptographic system to remain secure against a quantum adversary, we need to…
▽ More
Advances in quantum computing make Shor's algorithm for factorising numbers ever more tractable. This threatens the security of any cryptographic system which often relies on the difficulty of factorisation. It also threatens methods based on discrete logarithms, such as with the Diffie-Hellman key exchange method. For a cryptographic system to remain secure against a quantum adversary, we need to build methods based on a hard mathematical problem, which are not susceptible to Shor's algorithm and which create Post Quantum Cryptography (PQC). While high-powered computing devices may be able to run these new methods, we need to investigate how well these methods run on limited powered devices. This paper outlines an evaluation framework for PQC within constrained devices, and contributes to the area by providing benchmarks of the front-running algorithms on a popular single-board low-power device.
△ Less
Submitted 7 February, 2022; v1 submitted 20 September, 2019;
originally announced December 2019.