Many researchers have contributed to creating Quantum Key Distribution (QKD) since the first protocol BB84 was proposed in 1984. One of the crucial problems in QKD is to guarantee its security with finite-key lengths by Privacy Amplification (PA). However, finite-key analyses show a trade-off between the security of BB84 and the secure key rates. This study analyses two examples to show concrete trade-offs. Furthermore, even though the QKD keys have been perceived to be arbitrarily secure, this study shows a fundamental limitation in the security of the keys by connecting Leftover Hash Lemma and Guessing Secrecy on the QKD keys.

Access logs may offer service providers a lot of information about specific users. Depending on the type of the service offers, the operator is capable of obtaining the user’s IP, location, communication habits, device information and so on. In this paper, we analyze a sample instant messenger service that is operating for a certain period of time. In our sandbox, we gathered enough data to correlate user communication habits with their localization, and even contacts. We show how seriously metadata may impact the user’s privacy and make some recommendations about mitigating the quantity of data collected in connection with this type of services.

This text contains an analysis of the ways in which men and women engage in selected hospitality practices, including such questions as the feminine transmis sion of hospitality patterns, the division of responsibilities in preparing for guests, and places for meeting socially (at home and outside the home). On the basis of material gathered by the team of the Archive of Research on Everyday Life, the author finds numerous paradoxes and inconsistencies between women’s beliefs and their behaviors. In attempting a theoretical explanation, reference is made to the ideas of Pierre Bourdieu, Jean-Claude Kaufmann, Harriet Bjerrum Nielsen, and Monica Rudberg. Analysis leads to the conclusion that the multiple and time-con suming responsibilities associated with receiving guests mostly fall to women and thus contribute to their ability to sustain symbolic power over the home space. Consequently, hospitality perpetuates the traditional division into what is public and considered “masculine” and what is private or “feminine.”

The Kirchhoff-law-Johnson-noise (KLJN) scheme is a statistical/physical secure key exchange system based on the laws of classical statistical physics to provide unconditional security. We used the LTSPICE industrial cable and circuit simulator to emulate one of the major active (invasive) attacks, the current injection attack, against the ideal and a practical KLJN system, respectively. We show that two security enhancement techniques, namely, the instantaneous voltage/current comparison method, and a simple privacy amplification scheme, independently and effectively eliminate the information leak and successfully preserve the system’s unconditional security.

This paper aims to provide a high-level overview of practical approaches to machine-learning respecting the privacy and confidentiality of customer information, which is called Privacy-Preserving Machine Learning. First, the security approaches in offline-learning privacy methods are assessed. Those focused on modern cryptographic methods, such as Homomorphic Encryption and Secure Multi-Party Computation, as well as on dedicated combined hardware and software platforms like Trusted Execution Environment - Intel® Software Guard Extensions (Intel® SGX). Combining the security approaches with different machine learning architectures leads to our Proof of Concept in which the accuracy and speed of the security solutions will be examined. The next step was exploring and comparing the Open-Source Python-based solutions for PPML. Four solutions were selected from almost 40 separate, state-of-the-art systems: SyMPC, TF-Encrypted, TenSEAL, and Gramine. Three different Neural Network architectures were designed to show different libraries’ capabilities. The POC solves the image classification problem based on the MNIST dataset. As the computational results show, the accuracy of all considered secure approaches is similar. The maximum difference between non-secure and secure flow does not exceed 1.2%. In terms of secure computations, the most effective Privacy-Preserving Machine Learning library is based on Trusted Execution Environment, followed by Secure Multi-Party Computation and Homomorphic Encryption. However, most of those are at least 1000 times slower than the nonsecure evaluation. Unfortunately, it is not acceptable for a realworld scenario. Future work could combine different security approaches, explore other new and existing state-of-the-art libraries or implement support for hardware-accelerated secure computation.

The article asks the questions:
– How far can the authorities interfere with freedom of speech/freedom of scientific research? By what means and how can one effectively defend oneself against direct and indirect interference and manipulation?
– Can it be punished if someone considers the results of research to violate his or her personal rights (an open catalog: e.g. good name, cult of the deceased, or even “the right to national identity and pride”)? Is it then possible to demand withdrawal/correction of the scientist's findings or compensation?
Today, threats to the freedom of scientific research are made not so much by censoring science as by threatening the autonomy of universities; controlling the conditions of doing science (its dissemination); discouraging certain topics; self-censorship caused by a chilling effect. This is dangerous in flawed democracies, where no attention is paid to pluralism in the exercise of freedom and to ensuring some minimum protection of minority interests and proclaimed views. And at the same time in poor countries, where little resources are allocated to science, which induces the phenomenon of “chasing away from the bowl” and “rewarding with a better bowl”. Money allocated to science is a very effective means of both promoting and eliminating views. The existence of this phenomenon increases the perceived threat to freedom, even without explicitly encroaching on it (the chilling effect). Freedom of speech, freedom of scientific research are exposed to a specific threat conducted on attacks and an attempt to limit or even eliminate them – paradoxically – in the name of allegedly threatened pluralism of ideas and views. In this situation, the attackers use the idea of protecting individual freedom for expansive purposes. Not in the name of freedom of expression of one's own axiology, but in the name of forbidding this expression to others.

Federated Learning is an upcoming concept used widely in distributed machine learning. Federated learning (FL) allows a large number of users to learn a single machine learning model together while the training data is stored on individual user devices. Nonetheless, federated learning lessens threats to data privacy. Based on iterative model averaging, our study suggests a feasible technique for the federated learning of deep networks with improved security and privacy. We also undertake a thorough empirical evaluation while taking various FL frameworks and averaging algorithms into consideration. Secure Multi Party Computation, Secure Aggregation, and Differential Privacy are implemented to improve the security and privacy in a federated learning environment. In spite of advancements, concerns over privacy remain in FL, as the weights or parameters of a trained model may reveal private information about the data used for training. Our work demonstrates that FL can be prone to label-flipping attack and a novel method to prevent label-flipping attack has been proposed. We compare standard federated model aggregation and optimization methods, FedAvg and FedProx using benchmark data sets. Experiments are implemented in two different FL frameworks - Flower and PySyft and the results are analysed. Our experiments confirm that classification accuracy increases in FL framework over a centralized model and the model performance is better after adding all the security and privacy algorithms. Our work has proved that deep learning models perform well in FL and also is secure.

The paper presents the analysis of the Commercial Off-The-Shelf (COTS) software regarding the ability to be used in audio steganography techniques. Such methods are a relatively new tool for hiding and transmitting crucial information, also being used by hackers. In the following work, the publicly available software dedicated to audio steganography is examined. The aim was to provide the general operating model of the information processing in the steganographic effort. The embedding method was analyzed for each application, providing interesting insights and allowing classifying the methods. The results prove that it is possible to detect the hidden message within the specific audio file and identify the technique that was used to create it. This may be exploited further during the hacking attack detection and prevention.

We analyze the Google-Apple exposure notification mechanism designed by the Apple-Google consortium and deployed on a large number of Corona-warn apps. At the time of designing it, the most important issue was time-to-market and strict compliance with the privacy protection rules of GDPR. This resulted in a plain but elegant scheme with a high level of privacy protection. In this paper we go into details and propose some extensions of the original design addressing practical issues. Firstly, we point to the danger of a malicious cryptographic random number generator (CRNG) and resulting possibility of unrestricted user tracing. We propose an update that enables verification of unlinkability of pseudonymous identifiers directly by the user. Secondly, we show how to solve the problem of verifying the “same household” situation justifying exempts from distancing rules. We present a solution with MIN-sketches based on rolling proximity identifiers from the Apple-Google scheme. Thirdly, we examine the strategies for revealing temporary exposure keys. We have detected some unexpected phenomena regarding the number of keys for unbalanced binary trees of a small size. These observations may be used in case that the size of the lists of diagnosis keys has to be optimized.