Start main content

Research

Research Themes

As the legislation and regulation of data security and privacy become more stringent than ever, all companies that build or use smart or AI-driven systems are now facing extremely difficult time in complying with laws, policies, and industrial standards in countries and jurisdictions worldwide. In 2019, Meta (then Facebook) was fined 50 billion US dollars by Federal Trade Commission for not safeguarding 87 million users’ privacy against third-party app developers [1]. In summer 2021, Amazon was fined by Luxembourg authorities €746 million (equiv. $877 million US dollars) for breaches of GDPR, the General Data Protection Regulation in EU. More recently in July 2022, Didi Global 滴滴出行 was fined 8.026 billion yuan (equiv. $1.19 billion US dollars) by the Cyberspace Administration of China because the company violated the nations’ network security law, data security law, and personal information protection law [2].

Even thee IT giants cannot guarantee security and privacy perfectly to comply with all legislations, laws, and industrial standards, it is eminent that it is even challenging, if not impossible at all, for small and medium-sized enterprises (SMEs) to

comply with them too. As such, security and privacy are now imposing immediate threats to the development and innovation of global smart system industry.

On the other hand, the security and privacy technologies with high efficiency and low costs are ever-evolving in the research community. As shown in Figure 1 below, there are at least four cutting-edge fields of technologies that can greatly enhance the security and privacy landscape for smart systems, namely, (i) hardware-assisted encryption, (ii) zero-knowledge proof, (iii) differential privacy, and (iv) fraud/intrusion detection.

picture01  

Fig. 1 Fields of security and privacy technologies for next-generation smart systems


Hardware-assisted Encryption

This is the field of research that supports data to be persistent, queried, and analyzed in an encrypted form, protecting against eavesdropping in the operating system or communication channel. Hardware-assisted database encryption such as Trusted Execution Environments (TEE) — Intel SGX and ARM TrustZone can now efficiently perform such encryption and query over 100 times faster than software-based solutions [3].

Zero-knowledge Proof

This is the field of research that securely authenticates, authorizes, or identifies a user or an identity without compromising the user’s privacy other than the (quasi-)identifier. The field includes various techniques such as privacy-preserving biometrics [4], oblivious transfer, and homomorphic encryption [5].

Differential Privacy

This is the field of privacy-preserving data collection and statistics estimation with guaranteed individual deniability. Various differential privacy techniques have already been devised and employed in many Internet systems, such as Emoji and Safari usage data in Apple iOS, email reply suggestion in Microsoft Outlook, population numbers in US Census 2020 [6], and recently the mobility tracing during COVID-19 pandemic. 

Fraud/intrusion Detection

This is the field of the continuous monitoring and detection of abnormal access, transaction, and operation in smart subsystems such as actuator, controller, and sensors. Recent advances in machine learning and federated learning technologies have significantly improve the efficiency and accuracy of traditional fraud/intrusion detection [7].

To conclude, the research center aims to bridge between security and privacy technologies and industrial and legal needs in next-generation smart systems. On one hand, the adoption of cutting-edge security and privacy technologies, such as hardware-assisted cryptography and differential privacy, empower businesses to comply with legal obligations and industrial standards with affordable costs. On the other hand, the true needs from smart system industries, such as intelligent transportation system and AI robots, in turn drive security and privacy research to the next generation.

 

References

[1] David Shepardson. “Facebook to pay record $5 billion U.S. fine over privacy; faces antitrust probe.” Reuters, July 24, 2019.

[2] 国家互联网信息办公室.“对滴滴全球股份有限公司依法作出网络安全审查相关行政处罚的决定.” http://www.cac.gov.cn/2022-07/21/c_1660021534306352.htm, July 2022.

[3] Laura Martinez. “Powering Confidential Computing with Intel® SGX.” https://www.intel.com/content/www/us/en/partner-alliance/sales-enablement/topic/resource/article/powering-confidential-computing-with-sgx.html

[4] Zhang Rui; Zheng Yan. “A Survey on Biometric Authentication: Toward Secure and Privacy-Preserving Identification.” IEEE Access, Dec 2018.

[5] K. Balasubramanian and J. Mathanan. “Homomorphic Encryption Schemes: A Survey.” Algorithmic Strategies for Solving Complex Problems in Cryptography, IGI Global, 2018.

[6]  J. Mervis. “Can a set of equations keep U.S. census data private?” Science, Jan 2019.

[7] S. K. Lo , Q. Lu , C. Wang , H. Paik , and L. Zhu. “A Systematic Literature Review on Federated Machine Learning: From a Software Engineering Perspective.” ACM Computing Surveys, Volume 54, Issue 5, pp 1–39, June 2022

 

We use Cookies to give you a better experience on our website. By continuing to browse the site without changing your privacy settings, you are consenting to our use of Cookies. For more information, please see our Privacy Policy Statement.

Your browser is not the latest version. If you continue to browse our website, Some pages may not function properly.

You are recommended to upgrade to a newer version or switch to a different browser. A list of the web browsers that we support can be found here