Pierluigi Failla

Università degli Studi di Siena, Siena, Tuscany, Italy

Are you Pierluigi Failla?

Claim your profile

Publications (15)1.9 Total impact

  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Privacy protection is a crucial problem in many biomedical signal processing applications. For this reason, particular attention has been given to the use of secure multiparty computation techniques for processing biomedical signals, whereby nontrusted parties are able to manipulate the signals although they are encrypted. This paper focuses on the development of a privacy preserving automatic diagnosis system whereby a remote server classifies a biomedical signal provided by the client without getting any information about the signal itself and the final result of the classification. Specifically, we present and compare two methods for the secure classification of electrocardiogram (ECG) signals: the former based on linear branching programs (a particular kind of decision tree) and the latter relying on neural networks. The paper deals with all the requirements and difficulties related to working with data that must stay encrypted during all the computation steps, including the necessity of working with fixed point arithmetic with no truncation while guaranteeing the same performance of a floating point implementation in the plain domain. A highly efficient version of the underlying cryptographic primitives is used, ensuring a good efficiency of the two proposed methods, from both a communication and computational complexity perspectives. The proposed systems prove that carrying out complex tasks like ECG classification in the encrypted domain efficiently is indeed possible in the semihonest model, paving the way to interesting future applications wherein privacy of signal owners is protected by applying high security standards.
    IEEE Transactions on Information Forensics and Security 07/2011; · 1.90 Impact Factor
  • Pierluigi Failla, Mauro Barni, Riccardo Lazzeretti
    01/2011;
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Abstract - In this paper we consider the problem of Radar Specific Emitter Identification (SEI) with the aim of distinguishing among several transmitting sources of the same kind which is a very hot topic in the device forensic field. At the design stage, we introduce a classification technique based on some suitable features evaluated from the cumulants of the signal emitted by the radar system. The devised features share some invariance properties which make them very attractive for the SEI problem. Hence, we use them as the input to a K-Nearest Neighbor (KNN) classifier which performs the assignment of the emitter to a specific class. At the analysis stage, we assess the performance of the new system on a real dataset containing radar signals from three identical airborne emitters. The results highlight that a satisfactory classification performance is achieved.
    WIFS 2011; 01/2011
  • Source
    Pierluigi Failla, Mauro Barni
    [Show abstract] [Hide abstract]
    ABSTRACT: In this paper we address a privacy preserving version of the well known Gram-Schmidt orthogonalization procedure. Specifically, we propose a building block for secure multiparty computation, that is able to orthogonalize a set of componentwise encrypted vectors. Our setting is the following: Bob needs to compute this orthogonalization on some vectors encrypted with the public key of Alice. Hence, our intent is not to propose a stand-alone protocol to solve a specific scenario or a specific application, but rather to develop a sub-protocol to be embedded in more complex algorithms or protocols where the vectors to be orthogonalized can be the result of previous computations. We show that our protocol is secure in the honest but curious model and evaluate its computation complexity. KeywordsSecure multi-party computation-Homomorphic cryptography
    12/2010: pages 93-103;
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: We describe a privacy-preserving system where a server can classify an electrocardiogram (ECG) signal without learning any information about the ECG signal and the client is prevented from gaining knowledge about the classification algorithm used by the server. The system relies on the concept of linear branching programs (LBP) and a recently proposed cryptographic protocol for secure evaluation of private LBPs. We study the trade-off between signal representation accuracy and system complexity both from practical and theoretical perspective. As a result, the inputs to the system are represented with the minimum number of bits ensuring the same classification accuracy of a plain implementation. We show how the overall system complexity can be strongly reduced by modifying the original ECG classification algorithm. Two alternatives of the underlying cryptographic protocol are implemented and their corresponding complexities are analyzed to show suitability of our system in real-life applications for current and future security levels.
    Information Forensics and Security, 2009. WIFS 2009. First IEEE International Workshop on; 01/2010
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Abstract. The privacy protection of the biometric data is an important research topic, especially in the case of distributed biometric systems. In this scenario, it is very important to guarantee that biometric data cannot be steeled by anyone, and that the biometric clients are unable to gather any information different from the single user verification/identification. In a biometric system with high level of privacy compliance, also the server that processes the biometric matching should not learn anything on the database and it should be impossible for the server to exploit the resulting matching values in order to extract any knowledge about the user presence or behavior. Within this conceptual framework, in this paper we propose a novel complete demonstrator based on a distributed biometric system that is capable to protect the privacy of the individuals by exploiting cryptosystems. The implemented system computes the matching task in the encrypted domain by exploiting homomorphic encryption and using Fingercode templates. The paper describes the design methodology of the demonstrator and the obtained results. The demonstrator has been fully implemented and tested in real applicative conditions. Experimental results show that this method is feasible and the obtained accuracy and computational times are satisfactory.
    IEEE BTAS 2010; 01/2010
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Abstract. We present a privacy preserving protocol for fingerprint based authentication. We consider a scenario where a client equipped with a fingerprint reader is interested into learning if the acquired fingerprint belongs to the database of authorized entities managed by a server. For security, it is required that the client does not learn anything on the database and the server should not get any information about the requested biometry and the outcome of the matching process. The proposed protocol follows a multi-party computation approach and makes extensive use of homomorphic encryption as underlying cryptographic primitive. To keep the protocol complexity as low as possible, a particular representation of fingerprint images, named Fingercode, is adopted. Although the previous works on privacy-preserving biometric identification focus on selecting the best matching identity in the database, our main solution is a generic identification protocol and it allows to select and report all the enrolled identities whose distance to the user's fingercode is under a given threshold. Variants for simple authentication purposes are provided. Our protocols gain a notable bandwidth saving (about 25 - 39%) if compared with the best previous work [1] and its computational complexity is still low and suitable for practical applications. Moreover, even if such protocols are presented in the context of a fingerprint based system, they can be generalized to any biometric system that shares the same matching methodology, namely distance computation and thresholding.
    ACM MMsec 2010; 01/2010
  • [Show abstract] [Hide abstract]
    ABSTRACT: The privacy protection of the biometric data is an important research topic, especially in the case of distributed biometric systems. In this scenario, it is very important to guarantee that biometric data cannot be steeled by anyone, and that the biometric clients are unable to gather any information different from the single user verification/identification. In a biométrie system with high level of privacy compliance, also the server that processes the biométrie matching should not learn anything on the database and it should be impossible for the server to exploit the resulting matching values in order to extract any knowledge about the user presence or behavior. Within this conceptual framework, in this paper we propose a novel complete demonstrator based on a distributed biométrie system that is capable to protect the privacy of the individuals by exploiting cryptosystems. The implemented system computes the matching task in the encrypted domain by exploiting homomorphic encryption and using Fingercode templates. The paper describes the design methodology of the demonstrator and the obtained results. The demonstrator has been fully implemented and tested in real applicative conditions. Experimental results show that this method is feasible in the cases where the privacy of the data is more important than the accuracy of the system and the obtained computational time is satisfactory.
    Biometrics: Theory Applications and Systems (BTAS), 2010 Fourth IEEE International Conference on; 01/2010
  • Source
    Pierluigi Failla
    01/2010, Degree: Summa cum laude, Supervisor: Mauro Barni
  • Source
    P. Failla
    [Show abstract] [Hide abstract]
    ABSTRACT: In this paper, we consider a scenario in which two parties are interested to find, in secure multiparty computation, the shortest path in a public graph. In particular, we consider the case in which, Alice knows the weights on the edges of the graph, Bob knows an heuristic to find the best path and together they want to discover the walk between two given nodes in privacy preserving way. We present a novel technique to enforce a version of the A^* algorithm that is able to work on encrypted data in the above setting and we prove it to be secure in the honest but curious model. Our protocol achieves the goal of finding the shortest path in a public graph protecting respectively: the weights and the heuristic when those own to different parties.
    SecurWare 2010; 01/2010
  • Source
    Pierluigi Failla, Yagiz Sutcu, Mauro Barni
    [Show abstract] [Hide abstract]
    ABSTRACT: Abstract. The fuzzy commitment approach has gained popularity as a way to protect biometric data used for identity verification of authentication. As it has been show recently, though, the use of fuzzy commitment is unavoidably linked to some leakage of information regarding the biometric template. An additional problem typical of authentication systems is that the user may want to protect his privacy, that is it would be desirable that the server only verifies whether the biometric template provided by the user is contained within the list of registered users without that the particular identity of the user accessing the system is revealed. The e-sketch protocol proposed in this paper, solves the above two problems by resorting to tools from Multi Party Computation relying on the additively homomorphic property of the underlying cryptosystem (e.e. the Pailler's cryptosystem). The security and the complexity of the proposed protocol are discussed.
    ACM MMsec 2010; 01/2010
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: We describe a privacy-preserving system where a server can classify an ElectroCardioGram (ECG) signal without learning any information about the ECG signal and the client is prevented from gaining knowledge about the classification algorithm used by the server. The system relies on the concept of Linear Branching Programs (LBP) and a recently proposed cryptographic protocol for secure evaluation of private LBPs. We study the trade-off between signal representation accuracy and system complexity both from practical and theoretical perspective. We show how the overall system complexity can be strongly reduced by modifying the original ECG classification algorithm. Two alternatives of the underlying cryptographic protocol are implemented and their corresponding complexities are analyzed to show suitability of our system in real-life applications for current and future security levels.
    SPEED 2009 Workshop at CHES 2009; 01/2009
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Diagnostic and classification algorithms play an important role in data analysis, with ap- plications in areas such as health care, fault diagnostics, or benchmarking. Branching programs (BP) is a popular representation model for describing the underlying classification/diagnostics algorithms. Typical application scenarios involve a client who provides data and a service provider (server) whose diagnostic program is run on client's data. Both parties need to keep their inputs private. We present new, more ecient privacy-protecting protocols for remote evaluation of such classifica- tion/diagnostic programs. In addition to eciency improvements, we generalize previous solutions - we securely evaluate private linear branching programs (LBP), a useful generalization of BP that we introduce. We show practicality of our solutions: we apply our protocols to the privacy-preserving clas- sification of medical ElectroCardioGram (ECG) signals and present implementation results. Finally, we discover and fix a subtle security weakness of the most recent remote diagnostic proposal, which allowed malicious clients to learn partial information about the program.
    IACR Cryptology ePrint Archive. 01/2009; 2009.
  • Source
    Computer Security - ESORICS 2009, 14th European Symposium on Research in Computer Security, Saint-Malo, France, September 21-23, 2009. Proceedings; 01/2009
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Diagnostic and classification algorithms play an important role in data analysis, with applications in areas such as health care, fault diagnostics, or benchmarking. Branching programs (BP) is a popular representation model for describing the underlying classification/diagnostics algorithms. Typical application scenarios involve a client who provides data and a service provider (server) whose diagnostic program is run on client’s data. Both parties need to keep their inputs private. We present new, more efficient privacy-protecting protocols for remote evaluation of such classification/diagnostic programs. In addition to efficiency improvements, we generalize previous solutions – we securely evaluate private linear branching programs (LBP), a useful generalization of BP that we introduce. We show practicality of our solutions: we apply our protocols to the privacy-preserving classification of medical ElectroCardioGram (ECG) signals and present implementation results. Finally, we discover and fix a subtle security weakness of the most recent remote diagnostic proposal, which allowed malicious clients to learn partial information about the program.
    01/1970: pages 424-439;