rss_2.0Computer Sciences FeedSciendo RSS Feed for Computer Scienceshttps://www.sciendo.com/subject/COhttps://www.sciendo.comComputer Sciences Feedhttps://www.sciendo.com/subjectImages/Computer_Sciences.jpg700700Detection of periodic displacements of shell structures with edges using spline surfaces, meshes and point cloudshttps://sciendo.com/article/10.2478/rgg-2021-0005<abstract> <title style='display:none'>Abstract</title> <p>This research paper tackles the problem of determining displacements of complex-shaped shell structures, measured periodically using laser scanning. Point clouds obtained during different measurement epochs can be compared with each other directly or they can be converted into continuous models in the form of a triangle mesh or smooth patches (spline functions). The accuracy of the direct comparison of point clouds depends on the scanning density, while the accuracy of comparing the point cloud to the model depends on approximation errors that are formed during its creation. Modelling using triangle meshes flattens the local structure of the object compared to the spline model. However, if the shell has edges in its structure, their exact representation by spline models is impossible due to the undulations of functions along them. Edges can also be distorted by the mesh model by their chamfering with transverse triangles. These types of surface modelling errors can lead to the generation of pseudo-deformation of the structure, which is difficult to distinguish from real deformation. In order to assess the possibility of correct determination of deformation using the above-mentioned methods, laser scanning of a complex shell structure in two epochs was performed. Then, modelling and comparison of the results of periodic measurements were carried out. As a result of the research, advantages and disadvantages of each method were identified. It was noticed that none of the methods made it possible to correctly represent all deformations while suppressing pseudo-deformation. However, the combination of their best qualities made it possible to determine the actual deformation of the structure.</p> </abstract>ARTICLE2021-12-17T00:00:00.000+00:00The method of detection and localization of configuration defects in geodetic networks by means of Tikhonov regularizationhttps://sciendo.com/article/10.2478/rgg-2021-0004<abstract> <title style='display:none'>Abstract</title> <p>In adjusted geodetic networks, cases of local configuration defects (defects in the geometric structure of the network due to missing data or errors in point numbering) can be encountered, which lead to the singularity of the normal equation system in the least-squares procedure. Numbering errors in observation sets cause the computer program to define the network geometry incorrectly. Another cause of a defect may be accidental omission of certain data records, causing local indeterminacy or lowering of local reliability rates in a network. Obviously, the problem of a configuration defect may be easily detectable in networks with a small number of points. However, it becomes a real problem in large networks, where manual checking of all data becomes a very expensive task. The paper presents a new strategy for the detection of configuration defects with the use of the Tikhonov regularization method. The method was implemented in 1992 in the GEONET system (<ext-link ext-link-type="uri" xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="http://www.geonet.net.pl">www.geonet.net.pl</ext-link>).</p> </abstract>ARTICLE2021-12-17T00:00:00.000+00:00Determining the area corrections affecting the map areas in GIS applicationshttps://sciendo.com/article/10.2478/rgg-2021-0003<abstract> <title style='display:none'>Abstract</title> <p>Nowadays, there are many area-based Geographic Information Systems (GIS) applications such as real estate valuation, land tax, farming support and cost–benefit analysis. Areas used in such applications are calculated by means of two-dimensional plane geometry. However, the computed area value is not the exact area value in the terrain. In order to calculate the exact area value of a parcel, area corrections due to various factors must be taken into account. These factors are selection of projection, slope of the terrain, elevation of the terrain and scale of the map. Selection of projection and slope of terrain are available; elevation of the terrain and scale of map are not available in all GIS software. In this study, the effect of area corrections on the area value calculated from the map is examined with sample applications and the results are presented to the GIS users. According to the results, GIS users should select the equal area projection. In addition, scale of map, elevation and slope of terrain should be taken into account in the area calculation where land measurements are not possible.</p> </abstract>ARTICLE2021-12-11T00:00:00.000+00:00Proposed single-zone map projection system for Turkeyhttps://sciendo.com/article/10.2478/rgg-2021-0006<abstract> <title style='display:none'>Abstract</title> <p>The coordinate base of the maps or sheets produced is the Universal Transversal Mercator (UTM) conformal projection, and it is not possible to work in a single coordinate system in Turkey. Therefore, a transition from UTM to other conformal projections is required. For the countries extending in an east–west UTM zone width like Turkey, composite projection (CP), a double standard paralleling Lambert Conformal Conic (LCC) and double map projections (DP) are used widely. However, this process causes increase in working load and processing errors by users. This study aims to determine a common projection system that can be used in the whole country. In this context, a composite projection from UTM and LCC projection has been defined for the first time. According to the results obtained, map projection CP with the least distortion values in both east–west and north–south directions has been chosen. With the CP selection, a single coordinate system has been determined for medium- and large-scale maps. Projection correction formulas, scale factor and false origin have been determined for map coordinates in CP. These distortions are obtained with a difference of less than 1 cm for 1 km long sides and less than 0.003″ for the azimuth value of this side, when the correction formulas are used.</p> </abstract>ARTICLE2022-01-03T00:00:00.000+00:00Validation of the accuracy of geodetic automated measurement system based on GNSS platform for continuous monitoring of surface movements in post-mining areashttps://sciendo.com/article/10.2478/rgg-2021-0007<abstract> <title style='display:none'>Abstract</title> <p>The problem involving the monitoring of surface ground movements in post-mining areas is particularly important during the period of mine closures. During or after flooding of a mine, mechanical properties of the rock mass may be impaired, and this may trigger subsidence, surface landslides, uplift, sinkholes or seismic activity. It is, therefore, important to examine and select updating methods and plans for long-term monitoring of post-mining areas to mitigate seismic hazards or surface deformation during and after mine closure. The research assumed the implementation of continuous monitoring of surface movements using the Global Navigation Satellite System (GNSS) in the area of a closed hard coal mine ‘Kazimierz-Juliusz’, located in Poland. In order to ensure displacement measurement results with the accuracy of several millimetres, the accuracy of multi-GNSS observations carried out in real time as a combination of four global navigation systems, Global Positioning System (GPS), Globalnaja Navigacionnaja Sputnikova Sistema (GLONASS), Galileo and BeiDou, was determined. The article presents the results of empirical research conducted at four reference points. The test observations were made in variants comprising measurements based on: GPS, GPS and GLONASS systems, GPS, GLONASS and Galileo systems, GPS, GLONASS, Galileo and BeiDou systems. For each adopted solution, daily measurement sessions were performed using the RTK technique. The test results were subjected to accuracy analyses. Based on the obtained results, it was found that GNSS measurements should be carried out with the use of three navigation systems (GPS, GLONASS, Galileo), as an optimal solution for the needs of continuous geodetic monitoring in the area of the study.</p> </abstract>ARTICLE2021-12-30T00:00:00.000+00:00Editors’ Introductionhttps://sciendo.com/article/10.2478/popets-2022-0001ARTICLE2021-11-20T00:00:00.000+00:00Proof-of-Vax: Studying User Preferences and Perception of Covid Vaccination Certificateshttps://sciendo.com/article/10.2478/popets-2022-0016<abstract> <title style='display:none'>Abstract</title> <p>Digital tools play an important role in fighting the current global COVID-19 pandemic. We conducted a representative online study in Germany on a sample of 599 participants to evaluate the user perception of vaccination certificates. We investigated five different variants of vaccination certificates based on deployed and planned designs in a between-group design, including paper-based and app-based variants. Our main results show that the willingness to use and adopt vaccination certificates is generally high. Overall, paper-based vaccination certificates were favored over app-based solutions. The willingness to use digital apps decreased significantly by a higher disposition to privacy and increased by higher worries about the pandemic and acceptance of the coronavirus vaccination. Vaccination certificates resemble an interesting use case for studying privacy perceptions for health-related data. We hope that our work will educate the currently ongoing design of vaccination certificates, give us deeper insights into the privacy of health-related data and apps, and prepare us for future potential applications of vaccination certificates and health apps in general.</p> </abstract>ARTICLE2021-11-20T00:00:00.000+00:00(∈, δ)-Indistinguishable Mixing for Cryptocurrencieshttps://sciendo.com/article/10.2478/popets-2022-0004<abstract> <title style='display:none'>Abstract</title> <p>We propose a new theoretical approach for building anonymous mixing mechanisms for cryptocurrencies. Rather than requiring a fully uniform permutation during mixing, we relax the requirement, insisting only that neighboring permutations are similarly likely. This is defined formally by borrowing from the definition of differential privacy. This relaxed privacy definition allows us to greatly reduce the amount of interaction and computation in the mixing protocol. Our construction achieves <italic>O</italic>(<italic>n·</italic>polylog(<italic>n</italic>)) computation time for mixing <italic>n</italic> addresses, whereas all other mixing schemes require <italic>O</italic>(<italic>n</italic><sup>2</sup>) total computation across all parties. Additionally, we support a smooth tolerance of fail-stop adversaries and do not require any trusted setup. We analyze the security of our generic protocol under the UC framework, and under a stand-alone, game-based definition. We finally describe an instantiation using ring signatures and confidential transactions.</p> </abstract>ARTICLE2021-11-20T00:00:00.000+00:00AriaNN: Low-Interaction Privacy-Preserving Deep Learning via Function Secret Sharinghttps://sciendo.com/article/10.2478/popets-2022-0015<abstract> <title style='display:none'>Abstract</title> <p>We propose A<sc>ria</sc>NN, a low-interaction privacy-preserving framework for private neural network training and inference on sensitive data.</p> <p>Our semi-honest 2-party computation protocol (with a trusted dealer) leverages function secret sharing, a recent lightweight cryptographic protocol that allows us to achieve an efficient online phase. We design optimized primitives for the building blocks of neural networks such as ReLU, MaxPool and BatchNorm. For instance, we perform private comparison for ReLU operations with a single message of the size of the input during the online phase, and with preprocessing keys close to 4<italic>×</italic> smaller than previous work. Last, we propose an extension to support <italic>n</italic>-party private federated learning.</p> <p>We implement our framework as an extensible system on top of PyTorch that leverages CPU and GPU hardware acceleration for cryptographic and machine learning operations. We evaluate our end-to-end system for private inference between distant servers on standard neural networks such as AlexNet, VGG16 or ResNet18, and for private training on smaller networks like LeNet. We show that computation rather than communication is the main bottleneck and that using GPUs together with reduced key size is a promising solution to overcome this barrier.</p> </abstract>ARTICLE2021-11-20T00:00:00.000+00:00OmniCrawl: Comprehensive Measurement of Web Tracking With Real Desktop and Mobile Browsershttps://sciendo.com/article/10.2478/popets-2022-0012<abstract> <title style='display:none'>Abstract</title> <p>Over half of all visits to websites now take place in a mobile browser, yet the majority of web privacy studies take the vantage point of desktop browsers, use emulated mobile browsers, or focus on just a single mobile browser instead. In this paper, we present a comprehensive web-tracking measurement study on mobile browsers and privacy-focused mobile browsers. Our study leverages a new web measurement infrastructure, OmniCrawl, which we develop to drive browsers on desktop computers and smartphones located on two continents. We capture web tracking measurements using 42 different non-emulated browsers simultaneously. We find that the third-party advertising and tracking ecosystem of mobile browsers is more similar to that of desktop browsers than previous findings suggested. We study <italic>privacy-focused</italic> browsers and find their protections differ significantly and in general are less for lower-ranked sites. Our findings also show that common methodological choices made by web measurement studies, such as the use of emulated mobile browsers and Selenium, can lead to website behavior that deviates from what actual users experience.</p> </abstract>ARTICLE2021-11-20T00:00:00.000+00:00Polymath: Low-Latency MPC via Secure Polynomial Evaluations and Its Applicationshttps://sciendo.com/article/10.2478/popets-2022-0020<abstract> <title style='display:none'>Abstract</title> <p>While the practicality of secure multi-party computation (MPC) has been extensively analyzed and improved over the past decade, we are hitting the limits of efficiency with the traditional approaches of representing the computed functionalities as generic arithmetic or Boolean circuits. This work follows the design principle of identifying and constructing fast and provably-secure MPC protocols to evaluate useful high-level algebraic abstractions; thus, improving the efficiency of all applications relying on them. We present Polymath, a constant-round secure computation protocol suite for the secure evaluation of (multi-variate) polynomials of scalars and matrices, functionalities essential to numerous data-processing applications. Using precise natural precomputation and high-degree of parallelism prevalent in the modern computing environments, Polymath can make latency of secure polynomial evaluations of scalars and matrices independent of polynomial degree and matrix dimensions.</p> <p>We implement our protocols over the HoneyBadgerMPC library and apply it to two prominent secure computation tasks: privacy-preserving evaluation of decision trees and privacy-preserving evaluation of Markov processes. For the decision tree evaluation problem, we demonstrate the feasibility of evaluating high-depth decision tree models in a general <italic>n</italic>-party setting. For the Markov process application, we demonstrate that Poly-math can compute large powers of transition matrices with better online time and less communication.</p> </abstract>ARTICLE2021-11-20T00:00:00.000+00:00From “Onion Not Found” to Guard Discoveryhttps://sciendo.com/article/10.2478/popets-2022-0026<abstract> <title style='display:none'>Abstract</title> <p>We present a novel web-based attack that identifies a Tor user’s guard in a matter of seconds. Our attack is low-cost, fast, and stealthy. It requires only a moderate amount of resources and can be deployed by website owners, third-party script providers, and malicious exits—if the website traffic is unencrypted. The attack works by injecting resources from non-existing onion service addresses into a webpage. Upon visiting the attack webpage with Tor Browser, the victim’s Tor client creates many circuits to look up the non-existing addresses. This allows middle relays controlled by the adversary to detect the distinctive traffic pattern of the “404 Not Found” lookups and identify the victim’s guard. We evaluate our attack with extensive simulations and live Tor network measurements, taking a range of victim machine, network, and geolocation configurations into account. We find that an adversary running a small number of HSDirs and providing 5 % of Tor’s relay bandwidth needs 12.06 seconds to identify the guards of 50 % of the victims, while it takes 22.01 seconds to discover 90 % of the victims’ guards. Finally, we evaluate a set of countermeasures against our attack including a defense that we develop based on a token bucket and the recently proposed Vanguards-lite defense in Tor.</p> </abstract>ARTICLE2021-11-20T00:00:00.000+00:00MLEFlow: Learning from History to Improve Load Balancing in Torhttps://sciendo.com/article/10.2478/popets-2022-0005<abstract> <title style='display:none'>Abstract</title> <p>Tor has millions of daily users seeking privacy while browsing the Internet. It has thousands of relays to route users’ packets while anonymizing their sources and destinations. Users choose relays to forward their traffic according to probability distributions published by the <italic>Tor authorities</italic>. The authorities generate these probability distributions based on estimates of the capacities of the relays. They compute these estimates based on the bandwidths of probes sent to the relays. These estimates are necessary for better load balancing. Unfortunately, current methods fall short of providing accurate estimates leaving the network underutilized and its capacities unfairly distributed between the users’ paths. We present <italic>MLEFlow</italic>, a maximum likelihood approach for estimating relay capacities for optimal load balancing in Tor. We show that <italic>MLEFlow</italic> generalizes a version of Tor capacity estimation, <italic>TorFlow</italic>-<italic>P</italic>, by making better use of measurement history. We prove that the mean of our estimate converges to a small interval around the actual capacities, while the variance converges to zero. We present two versions of <italic>MLEFlow</italic>: <italic>MLEFlow</italic>-<italic>CF</italic>, a closed-form approximation of the MLE and <italic>MLEFlow</italic>-<italic>Q</italic>, a discretization and iterative approximation of the MLE which can account for noisy observations. We demonstrate the practical benefits of <italic>MLEFlow</italic> by simulating it using a flow-based Python simulator of a full Tor network and packet-based Shadow simulation of a scaled down version. In our simulations <italic>MLEFlow</italic> provides significantly more accurate estimates, which result in improved user performance, with median download speeds increasing by 30%.</p> </abstract>ARTICLE2021-11-20T00:00:00.000+00:00If This Then That : Exploring users’ concerns with IFTTT appletshttps://sciendo.com/article/10.2478/popets-2022-0009<abstract> <title style='display:none'>Abstract</title> <p>End users are increasingly using trigger-action platforms like <italic>If-This-Then-That</italic> (IFTTT) to create applets to connect smart-home devices and services. However, there are inherent implicit risks in using such applets—even non-malicious ones—as sensitive information may leak through their use in certain contexts (<italic>e.g.,</italic> where the device is located, who can observe the resultant action). This work aims to understand to what extent end users can assess this implicit risk. More importantly we explore whether usage context makes a difference in end-users’ perception of such risks. Our work complements prior work that has identified the impact of usage context on expert evaluation of risks in IFTTT by focusing the impact of usage context on end-users’ risk perception. Through a Mechanical Turk survey of 386 participants on 49 smart-home IFTTT applets, we found that participants have a nuanced view of contextual factors and that different values for contextual factors impact end-users’ risk perception differently. Further, our findings show that nudging the participants to think about different usage contexts led them to think deeper about the associated risks and raise their concern scores.</p> </abstract>ARTICLE2021-11-20T00:00:00.000+00:00Personal information inference from voice recordings: User awareness and privacy concernshttps://sciendo.com/article/10.2478/popets-2022-0002<abstract> <title style='display:none'>Abstract</title> <p>Through voice characteristics and manner of expression, even seemingly benign voice recordings can reveal sensitive attributes about a recorded speaker (e. g., geographical origin, health status, personality). We conducted a nationally representative survey in the UK (n = 683, 18–69 years) to investigate people’s awareness about the inferential power of voice and speech analysis. Our results show that – while awareness levels vary between different categories of inferred information – there is generally low awareness across all participant demographics, even among participants with professional experience in computer science, data mining, and IT security. For instance, only 18.7% of participants are at least somewhat aware that physical and mental health information can be inferred from voice recordings. Many participants have rarely (28.4%) or never (42.5%) even thought about the possibility of personal information being inferred from speech data. After a short educational video on the topic, participants express only moderate privacy concern. However, based on an analysis of open text responses, unconcerned reactions seem to be largely explained by knowledge gaps about possible data misuses. Watching the educational video lowered participants’ intention to use voice-enabled devices. In discussing the regulatory implications of our findings, we challenge the notion of “informed consent” to data processing. We also argue that inferences about individuals need to be legally recognized as personal data and protected accordingly.</p> </abstract>ARTICLE2021-11-20T00:00:00.000+00:00Disparate Vulnerability to Membership Inference Attackshttps://sciendo.com/article/10.2478/popets-2022-0023<abstract> <title style='display:none'>Abstract</title> <p>A membership inference attack (MIA) against a machine-learning model enables an attacker to determine whether a given data record was part of the model’s training data or not. In this paper, we provide an in-depth study of the phenomenon of <italic>disparate vulnerability</italic> against MIAs: unequal success rate of MIAs against different population subgroups. We first establish necessary and sufficient conditions for MIAs to be prevented, both on average and for population subgroups, using a notion of distributional generalization. Second, we derive connections of disparate vulnerability to algorithmic fairness and to differential privacy. We show that fairness can only prevent disparate vulnerability against limited classes of adversaries. Differential privacy bounds disparate vulnerability but can significantly reduce the accuracy of the model. We show that estimating disparate vulnerability by naïvely applying existing attacks can lead to overestimation. We then establish which attacks are suitable for estimating disparate vulnerability, and provide a statistical framework for doing so reliably. We conduct experiments on synthetic and real-world data finding significant evidence of disparate vulnerability in realistic settings.</p> </abstract>ARTICLE2021-11-20T00:00:00.000+00:00Circuit-PSI With Linear Complexity via Relaxed Batch OPPRFhttps://sciendo.com/article/10.2478/popets-2022-0018<abstract> <title style='display:none'>Abstract</title> <p>In 2-party Circuit-based Private Set Intersection (Circuit-PSI), <italic>P</italic><sub>0</sub> and <italic>P</italic><sub>1</sub> hold sets S<sub>0</sub> and S<sub>1</sub> respectively and wish to securely compute a function <italic>f</italic> over the set S<sub>0</sub> ∩ S<sub>1</sub> (e.g., cardinality, sum over associated attributes, or threshold intersection). Following a long line of work, Pinkas <italic>et al.</italic> (PSTY, Eurocrypt 2019) showed how to construct a concretely efficient Circuit-PSI protocol with linear communication complexity. However, their protocol requires super-linear computation.</p> <p>In this work, we construct concretely efficient Circuit-PSI protocols with linear computational and communication cost. Further, our protocols are more performant than the state-of-the-art, PSTY – we are ≈ 2.3<italic>×</italic> more communication efficient and are up to 2.8<italic>×</italic> faster. We obtain our improvements through a new primitive called <italic>Relaxed Batch Oblivious Programmable Pseudorandom Functions</italic> (RB-OPPRF) that can be seen as a strict generalization of Batch OPPRFs that were used in PSTY. This primitive could be of independent interest.</p> </abstract>ARTICLE2021-11-20T00:00:00.000+00:00Differentially private partition selectionhttps://sciendo.com/article/10.2478/popets-2022-0017<abstract> <title style='display:none'>Abstract</title> <p>Many data analysis operations can be expressed as a GROUP BY query on an unbounded set of partitions, followed by a per-partition aggregation. To make such a query differentially private, adding noise to each aggregation is not enough: we also need to make sure that the set of partitions released is also differentially private.</p> <p>This problem is not new, and it was recently formally introduced as <italic>differentially private set union</italic> [14]. In this work, we continue this area of study, and focus on the common setting where each user is associated with a single partition. In this setting, we propose a simple, <italic>optimal</italic> differentially private mechanism that maximizes the number of released partitions. We discuss implementation considerations, as well as the possible extension of this approach to the setting where each user contributes to a fixed, small number of partitions.</p> </abstract>ARTICLE2021-11-20T00:00:00.000+00:00Toward Uncensorable, Anonymous and Private Access Over Satoshi Blockchainshttps://sciendo.com/article/10.2478/popets-2022-0011<abstract> <title style='display:none'>Abstract</title> <p>Providing unrestricted access to sensitive content such as news and software is difficult in the presence of adaptive and resourceful surveillance and censoring adversaries. In this paper we leverage the distributed and resilient nature of commercial Satoshi blockchains to develop the first provably secure, censorship resistant, cost-efficient storage system with anonymous and private access, built on top of commercial cryptocurrency transactions. We introduce max-rate transactions, a practical construct to persist data of arbitrary size entirely in a Satoshi blockchain. We leverage max-rate transactions to develop UWeb, a blockchain-based storage system that charges publishers to self-sustain its decentralized infrastructure. UWeb organizes blockchain-stored content for easy retrieval, and enables clients to store and access content with provable anonymity, privacy and censorship resistance properties.</p> <p>We present results from UWeb experiments with writing 268.21 MB of data into the live Litecoin blockchain, including 4.5 months of live-feed BBC articles, and 41 censorship resistant tools. The max-rate writing throughput (183 KB/s) and blockchain utilization (88%) exceed those of state-of-the-art solutions by 2-3 orders of magnitude and broke Litecoin’s record of the daily average block size. Our simulations with up to 3,000 concurrent UWeb writers confirm that UWeb does not impact the confirmation delays of financial transactions.</p> </abstract>ARTICLE2021-11-20T00:00:00.000+00:00Privacy-preserving FairSwap: Fairness and privacy interplayhttps://sciendo.com/article/10.2478/popets-2022-0021<abstract> <title style='display:none'>Abstract</title> <p>Fair exchange protocols are among the most important cryptographic primitives in electronic commerce. A basic fair exchange protocol requires that two parties who want to exchange their digital items either receive what they have been promised, or lose nothing. Privacy of fair exchange requires that no one else (other than the two parties) learns anything about the items. Fairness and privacy have been considered as two distinct properties of an exchange protocol. In this paper, we show that subtle ways of leaking the exchange item to the third parties affect fairness in fair exchange protocols when the item is confidential. Our focus is on Fair-Swap, a recently proposed fair exchange protocol that uses a smart contract for dispute resolution, has proven security in UC (Universal Composability) framework, and provides privacy when both parties are honest. We demonstrate, however, that FairSwap’s dispute resolution protocol leaks information to the public and this leakage provides opportunities for the dishonest parties to influence the protocol’s fairness guarantee. We then propose an efficient privacy-enhanced version of Fair-Swap, prove its security and give an implementation and performance evaluation of our proposed system. Our privacy enhancement uses circuit randomization, and we prove its security and privacy in an extension of universal composability model for non-monolithic adversaries that would be of independent interest.</p> </abstract>ARTICLE2021-11-20T00:00:00.000+00:00en-us-1