Saleem Bhatti, Computer Science, University of St Andrews, UK.  

Privacy

As more of the global population use digital systems in their daily lives, so it is increasingly important to consider the privacy of our data. However, this is not as simple as "just encrypting" everything we send and receive online. We need to consider the algorithms and protocols used for communication, as well as data items we cannot hide because they are needed for correct operation of communications and systems — the data in the control and management planes of the communication architecture.

This work looks at various aspects of communication protocol architecture and systems, with the aim of improving the privacy of the data and systems within the constraints of current operational requirements. This includes the existence of legacy systems, and constraints on existing infrastructure for deployment.


G. T. Haywood, S. N. Bhatti. Defence against side-channel attacks for encrypted network communication using multiple paths. Cryptography, vol. 8, no. 2, pages 1-26. May 2024.
| URL | .bib | 10.3390/cryptography8020022 |   abstract As more network communication is encrypted to provide data privacy for users, attackers are focusing their attention on traffic analysis methods for side-channel attacks on user privacy. These attacks exploit patterns in particular features of communication flows such as interpacket timings and packet sizes. Unsupervised machine learning approaches, such as Hidden Markov Models (HMMs), can be trained on unlabelled data to estimate these flow attributes from an exposed packet flow, even one that is encrypted, so it is highly feasible for an eavesdropper to perform this attack. Traditional defences try to protect specific side channels by modifying the packet transmission for the flow, e.g., by adding redundant information (padding of packets or use of junk packets) and perturbing packet timings (e.g., artificially delaying packet transmission at the sender). Such defences incur significant overhead and impact application-level performance metrics, such as latency, throughput, end-to-end delay, and jitter. Furthermore, these mechanisms can be complex, often ineffective, and are not general solutions—a new profile must be created for every application, which is an infeasible expectation to place on software developers. We show that an approach exploiting multipath communication can be effective against HMM-based traffic analysis. After presenting the core analytical background, we demonstrate the efficacy of this approach with a number of diverse, simulated traffic flows. Based on the results, we define some simple design rules for software developers to adopt in order to exploit the mechanism we describe, including a critical examination of existing communication protocol behavior.
S. N. Bhatti, G. Haywood, R. Yanagida. End-to-End Privacy for Identity & Location with IP. NIPAA-21 - 2nd Workshop on New Internetworking Protocols, Architecture and Algorithms (ICNP 2021). Virtual event (COVID-19). Nov 2021.
| PDF | .bib | 10.1109/ICNP52444.2021.9651909 |   abstract We describe protocol features to provide both Identity Privacy and Location Privacy at the network layer that are truly end-to-end, strengthening the trust model by constraining the boundary of trust to only the communicating parties. We show that Identity Privacy and Location Privacy can be provided by changing only the addressing model, whilst still remaining compatible with IPv6. Using the Identifier-Locator Network Protocol (ILNP), it is possible to use ephemeral end-system ILNP Node Identity (NID) values to improve identity privacy. Using the ILNP Locator values with dynamic bindings, it is possible to use multiple IPv6 routing prefixes as network Locator (L64) values to provide (topological) location privacy. This is achieved: (a) whilst maintaining end-to-end state for transport protocols, without proxies, tunnels, or gateways at the transport layer or application layer; and (b) without the use of cryptographic techniques, so performance is not impacted.
C. Khorakhun, S. N. Bhatti. Wellbeing as a proxy for a mHealth study. QSPH 2014 - IEEE Wkshp. The Role of Quantified Self for Personal Healthcare. Belfast, UK. Nov 2014.
| PDF | .bib | 10.1109/BIBM.2014.6999286 |   abstract The quantified-self is a key enabler for mHealth. We propose that a wellbeing remote monitoring scenario can act as a suitable proxy for mHealth monitoring by the use of an online social network (OSN). We justify our position by discussing the parallelism in the scenario between purpose-driven wellbeing and mHealth scenarios. The similarity between these two scenarios in terms of privacy and data sharing is discussed. By using such a proxy, some of the legal and ethical complexity can be removed from experimentation on new technologies and systems for mHealth. This enables technology researchers to carry out investigation and focus on testing new technologies, system interactions as well as security and privacy in healthcare in pre- clinical experiments, without loss of context. The analogy between two purpose-driven scenarios, i.e. fitness monitoring in wellbeing scenario and remote monitoring in mHealth, is discussed in terms of a practical example: we present a prototype using a wellbeing device -- Fitbit -- and an open source online social media platform (OSMP) -- Diaspora.
C. Khorakhun, S. N. Bhatti. Using Online Social Media Platforms for Ubiquitous, Personal Health Monitoring. HealthCom 2014 - 16th IEEE Intl. Conf. e-Health Networking, Applications and Services. Natal, BR. Oct 2014.
| PDF | .bib | 10.1109/HealthCom.2014.7001856 |   abstract We propose the use of an open and publicly accessible online social media platform (OSMP) as a key component for ubiquitous and personal remote health monitoring. Remote monitoring is an essential part of future mHealth systems for the delivery of personal healthcare allowing the collection of personal bio-data outside clinical environments. Previous mHealth projects focused on building private and custom platforms using closed architectures, which have a high cost for implementation, take a long time to develop, and may provide limited access and usability. By exploiting existing and publicly accessible infrastructure using an OSMP, initial costs can be reduced, at the same time as allowing fast and flexible application development at scale, whilst presenting users with interfaces and interactions that they are familiar with. We survey and discuss suitability of OSMPs in terms of functionality, performance and the key challenge in ensuring appropriate levels of security and privacy.
C. Khorakhun, S. N. Bhatti. Remote Health Monitoring Using Online Social Media Systems. WMNC 2013 - IFIP/IEEE Joint Wireless and Mobile Networking Conference. Dubai, UAE. Apr 2013.
| PDF | .bib | 10.1109/WMNC.2013.6548953 |   abstract Remote monitoring is considered an essential part of future eHealth systems to enable the delivery of healthcare outside clinical sites at reduced cost, while improving quality of patient care. We examine the use of online social networks for remote health monitoring. By exploiting the existing infrastructure, initial costs can be reduced and fast application development is possible. Facebook is used as an example platform: as a platform allowing user-defined applications, development is flexible and can be arranged quickly to suit different requirements of patients and health professionals. We analyse the general requirements of a remote monitoring scenario and the process of building and using a Facebook application to meet these requirements. Four different access viewpoints are implemented to suit the requirements of each user in our example scenario to form a carer network: the patient, the doctor in charge, professional carers, and family members of the patient. The suitability of the application is analysed including security and privacy issues. We conclude that online social media systems could offer a suitable platform for developing certain types of remote monitoring capability.
M. Rogers, S. N. Bhatti. Private Peer-to-Peer Networks. Handbook of Peer-to-Peer Networking (Springer US), pages 813-828. Mar 2010.
| PDF | .bib | 10.1007/978-0-387-09751-0_28 |   abstract This chapter offers a survey of the emerging field of private peer-to-peer networks, which can be defined as internet overlays in which the resources and infrastructure are provided by the users, and which new users may only join by personal invitation. The last few years have seen rapid developments in this field. We describe deployed systems, classify them architecturally, and identify some technical and social tradeoffs in the design of private peer-to-peer networks.
M. Rogers, S. N. Bhatti. How to Disappear Completely: A Survey of Private Peer-to-Peer Networks. SPACE 2007 - 1st Intl. Workshop Sustaining Privacy in Autonomous Collaborative Environments. Bronswick, New Monkton, Canada. Jul 2007.
| PDF | .bib |   abstract This paper offers a survey of the emerging field of private peer-to-peer networks, which can be defined as internet overlays in which the resources and infrastructure are provided by the users, and new users may only join by personal invitation. The last few years have seen rapid developments in this field, many of which have not previously been described in the research literature. We describe deployed systems, classify them architecturally, and identify some technical and social tradeoffs in the design of private peer-to-peer networks.