Muhammad Naveed scite author profile

Abstract-Dynamic Searchable Symmetric Encryption allows a client to store a dynamic collection of encrypted documents with a server, and later quickly carry out keyword searches on these encrypted documents, while revealing minimal information to the server. In this paper we present a new dynamic SSE scheme that is simpler and more efficient than existing schemes while revealing less information to the server than prior schemes, achieving fully adaptive security against honest-but-curious servers.We implemented a prototype of our scheme and demonstrated its efficiency on datasets from prior work. Apart from its concrete efficiency, our scheme is also simpler: in particular, it does not require the server to support any operation other than upload and download of data. Thus the server in our scheme can be based solely on a cloud storage service, rather than a cloud computation service as well, as in prior work.In building our dynamic SSE scheme, we introduce a new primitive called Blind Storage, which allows a client to store a set of files on a remote server in such a way that the server does not learn how many files are stored, or the lengths of the individual files; as each file is retrieved, the server learns about its existence (and can notice the same file being downloaded subsequently), but the file's name and contents are not revealed. This is a primitive with several applications other than SSE, and is of independent interest.

show abstract

Privacy in the Genomic Era

Naveed

et al. 2015

View full text Add to dashboard Cite

Genome sequencing technology has advanced at a rapid pace and it is now possible to generate highly-detailed genotypes inexpensively. The collection and analysis of such data has the potential to support various applications, including personalized medical services. While the benefits of the genomics revolution are trumpeted by the biomedical community, the increased availability of such data has major implications for personal privacy; notably because the genome has certain essential features, which include (but are not limited to) (i) an association with traits and certain diseases, (ii) identification capability (e.g., forensics), and (iii) revelation of family relationships. Moreover, direct-to-consumer DNA testing increases the likelihood that genome data will be made available in less regulated environments, such as the Internet and for-profit companies. The problem of genome data privacy thus resides at the crossroads of computer science, medicine, and public policy. While the computer scientists have addressed data privacy for various data types, there has been less attention dedicated to genomic data. Thus, the goal of this paper is to provide a systematization of knowledge for the computer science community. In doing so, we address some of the (sometimes erroneous) beliefs of this field and we report on a survey we conducted about genome data privacy with biomedical specialists. Then, after characterizing the genome privacy problem, we review the state-of-the-art regarding privacy attacks on genomic data and strategies for mitigating such attacks, as well as contextualizing these attacks from the perspective of medicine and public policy. This paper concludes with an enumeration of the challenges for genome data privacy and presents a framework to systematize the analysis of threats and the design of countermeasures as the field moves forward.

show abstract

Leakage-Abuse Attacks against Order-Revealing Encryption

et al. 2017

View full text Add to dashboard Cite

Inside Job: Understanding and Mitigating the Threat of External Device Mis-Bonding on Android

Naveed

Zhou

Demetriou

et al. 2014

View full text Add to dashboard Cite

Abstract-Today's smartphones can be armed with many types of external devices, such as medical devices and credit card readers, that enrich their functionality and enable them to be used in application domains such as healthcare and retail. This new development comes with new security and privacy challenges. Existing phone-based operating systems, Android in particular, are not ready for protecting authorized use of these external devices: indeed, any app on an Android phone that acquires permission to utilize communication channels like Bluetooth and Near Field Communications is automatically given the access to devices communicating with the phone on these channels.In this paper, we present the first study on this new security issue, which we call external Device Mis-Bonding or DMB, under the context of Bluetooth-enabled Android devices. Our research shows that this problem is both realistic and serious: oftentimes an unauthorized app can download sensitive user data from an Android device and also help the adversary to deploy a spoofed device that injects fake data into the original device's official app on the phone. Specifically, we performed an in-depth analysis on four popular health/medical devices that collect sensitive user information and successfully built end-toend attacks that stealthily gathered sensitive user data and fed arbitrary information into the user's health/medical account, using nothing but Bluetooth permissions and public information disclosed by the phone. Our further study of 68 relevant deviceusing apps from Google Play confirms that the vast majority of the devices on the market are vulnerable to this new threat. To defend against it, we developed the first OS-level protection, called Dabinder. Our approach automatically generates secure bonding policies between a device and its official app, and enforces them when an app attempts to establish Bluetooth connections with a device and unpair the phone from the device (for resetting the Bluetooth link key). Our evaluation shows that this new technique effectively thwarts the DMB attacks and incurs only a negligible impact on the phone's normal operations.

show abstract

Comprehensive review on the molecular genetics of autosomal recessive primary microcephaly (MCPH)

et al. 2018

View full text Add to dashboard Cite

Primary microcephaly (MCPH) is an autosomal recessive sporadic neurodevelopmental ailment with a trivial head size characteristic that is below 3-4 standard deviations. MCPH is the smaller upshot of an architecturally normal brain; a significant decrease in size is seen in the cerebral cortex. At birth MCPH presents with non-progressive mental retardation, while secondary microcephaly (onset after birth) presents with and without other syndromic features. MCPH is a neurogenic mitotic syndrome nevertheless pretentious patients demonstrate normal neuronal migration, neuronal apoptosis and neural function. Eighteen MCPH loci (MCPH1-MCPH18) have been mapped to date from various populations around the world and contain the following genes: Microcephalin, WDR62, CDK5RAP2, CASC5, ASPM, CENPJ, STIL, CEP135, CEP152, ZNF335, PHC1, CDK6, CENPE, SASS6, MFSD2A, ANKLE2, CIT and WDFY3, clarifying our understanding about the molecular basis of microcephaly genetic disorder. It has previously been reported that phenotype disease is caused by MCB gene mutations and the causes of this phenotype are disarrangement of positions and organization of chromosomes during the cell cycle as a result of mutated DNA, centriole duplication, neurogenesis, neuronal migration, microtubule dynamics, transcriptional control and the cell cycle checkpoint having some invisible centrosomal process that can manage the number of neurons that are produced by neuronal precursor cells. Furthermore, researchers inform us about the clinical management of families that are suffering from MCPH. Establishment of both molecular understanding and genetic advocating may help to decrease the rate of this ailment. This current review study examines newly identified genes along with previously identified genes involved in autosomal recessive MCPH.

show abstract

Protease—A Versatile and Ecofriendly Biocatalyst with Multi-Industrial Applications: An Updated Review

et al. 2020

View full text Add to dashboard Cite

The Peril of Fragmentation: Security Hazards in Android Device Driver Customizations

Zhou

Lee

Zhang

et al. 2014

View full text Add to dashboard Cite

Abstract-Android phone manufacturers are under the perpetual pressure to move quickly on their new models, continuously customizing Android to fit their hardware. However, the security implications of this practice are less known, particularly when it comes to the changes made to Android's Linux device drivers, e.g., those for camera, GPS, NFC etc. In this paper, we report the first study aimed at a better understanding of the security risks in this customization process. Our study is based on ADDICTED, a new tool we built for automatically detecting some types of flaws in customized driver protection. Specifically, on a customized phone, ADDICTED performs dynamic analysis to correlate the operations on a security-sensitive device to its related Linux files, and then determines whether those files are under-protected on the Linux layer by comparing them with their counterparts on an official Android OS. In this way, we can detect a set of likely security flaws on the phone. Using the tool, we analyzed three popular phones from Samsung, identified their likely flaws and built end-to-end attacks that allow an unprivileged app to take pictures and screenshots, and even log the keys the user enters through touchscreen. Some of those flaws are found to exist on over a hundred phone models and affect millions of users. We reported the flaws and helped the manufacturers fix those problems. We further studied the security settings of device files on 2423 factory images from major phone manufacturers, discovered over 1,000 vulnerable images and also gained insights about how they are distributed across different Android versions, carriers and countries.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

334 Leonard St

Brooklyn, NY 11211

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Muhammad Naveed

Inference Attacks on Property-Preserving Encrypted Databases

Dynamic Searchable Encryption via Blind Storage

Privacy in the Genomic Era

Leakage-Abuse Attacks against Order-Revealing Encryption

Inside Job: Understanding and Mitigating the Threat of External Device Mis-Bonding on Android

Comprehensive review on the molecular genetics of autosomal recessive primary microcephaly (MCPH)

Protease—A Versatile and Ecofriendly Biocatalyst with Multi-Industrial Applications: An Updated Review

The Peril of Fragmentation: Security Hazards in Android Device Driver Customizations

Contact Info

Product

Resources

About