Periodic Reporting for period 2 - PriMa (Privacy Matters)
Reporting period: 2022-01-01 to 2023-12-31
1. To train 14 creative, entrepreneurial, and innovative researchers as privacy protection experts.
2. To contribute to a full understanding of the multidisciplinary nature of privacy protection in a digitalised society.
3. To contribute to the development of solutions that address this important societal challenge.
• Several literature studies on privacy vulnerabilities in various domains (e.g. biometric data, mobile-sensor data, medical data, the Internet of Things, and E-learning) have been performed. In these studies, the problems of privacy leakage as well as those of deliberate attacks on systems were studied. Besides these technical studies the problem was also addressed from a legal perspective.
• In addition to the studies mentioned above, experiments were run to identify and quantify privacy risks in realistic cases.
• For these experiments various systems were designed that mimic current and future privacy sensitive data processing, e.g. a biometric system for continuous user authentication based on data acquired through the interaction of the user with mobiles devices.
• New measures that quantify privacy leakage were proposed and will be evaluated.
Privacy and Protection
• Literature studies on privacy protection have been performed in the following domains: facial privacy protection by identity obfuscation and by encryption of biometric data; privacy protection for keystroke dynamics; privacy protection for E-learning, E-banking, and E-health. Where necessary, these studies were supported by experiments.
• Research has been done on new privacy protection methods for the above domains. This research has resulted in (1) a protocol for keystroke dynamics for authentication under encryption, and (2) new computationally efficient methods for face recognition under encryption. The value of these contributions lies in the fact that biometric data (keystroke and face) can be stored and processed under encryption, thus revealing no personal information that is present in this data.
• New concepts for detecting and mitigating leakage of personal data in software are being developed.
Impact assessment of Privacy Protection
• In this work package the focus is on the impact of privacy protection in virtual reality applications and in the combination of biometric recognition and blockchain technologies. In the latter domain the focus is on the legal aspects.
• In the virtual reality domain interpersonal trust between users and avatars is studied in various ways. For that purpose, a social virtual reality prototype was built with basic functionalities for integrating and evaluating privacy protection measures as well as conducting user and usability studies.
• Experiments were set up for the measurements of trustworthiness between users and avatars.
Analysis of Privacy Risks
• New measures that quantify privacy leakage have been proposed.
Privacy and Protection
• New privacy protection methods have been developed. The value lies in the fact that biometric data (keystroke, face, gait and other) can be stored and processed under encryption, thus revealing no personal information that is present in this data. They consist of (1) a protocol for keystroke dynamics for authentication under encryption; (2) new computationally efficient methods for face recognition under encryption; (3) a new approach, GaitPrivacyON, to address the issue of privacy protection for gate recognition; (4) using face morphing as a transformation function for biometric template protection.
• New concepts for detecting and mitigating leakage of personal data in software have been developed.
• New improved methods for changing the area around the eyes in order to obfuscate identity in facial images.
Impact assessment of Privacy Protection
• A social virtual reality prototype with basic functionalities for integrating and evaluating privacy protection measures as well as conducting user and usability studies.
Expected results
Analysis of Privacy Risks
• Novel methods and metrics that quantify privacy leakage in various domains.
Privacy and Protection
• Novel methods for identity obfuscation for faces that hide identity successfully with low noticeability.
• Novel methods for privacy preserving continuous authentication based on multimodal behavioral biometrics, including keystroke dynamics and touch dynamics for continuous authentication in the cloud. Moreover, we also aim to utilized behavioral biometrics in combination with context-aware authentication
• Novel methods for privacy protection for Federated Learning.
• Further optimization of face recognition under encryption, aiming at (1) faster methods and smaller template size; (2) authenticated key agreement scheme where a client and a server register only once; (3) rendering it suitable for identification (1:N comparison) in the post-quantum setting.
• Novel methods for privacy protection in the domains of E-learning, E-banking, and E-health.
• Novel methods for the detection and mitigation of leakage of sensitive information in software.
Impact assessment of Privacy Protection
• A valid and reliable paradigm for measuring interpersonal trust between virtual social interaction partners.
• A subjective interpersonal trust scale towards an avatar in virtual reality.
• An extended social virtual reality prototype with basic functionalities for integrating and evaluating privacy protection measures as well as conducting user and usability studies.
• A technical analysis of biometric identification systems and blockchain-based identity management systems in relation to Self-Sovereign Identity.
Potential impacts
These developments will impact academic research by advancing the state of the art and introducing novel approaches and concepts. It will impact industrial R&D through transfer via secondments and introducing novel approaches and concepts that can be picked up for the development of advanced privacy protection products. Through publications in popular magazines, websites and blogs it will create public awareness of privacy issues. Our results have the potential to directly impact governmental policy and industrial standards.