Conference:46th IEEE Symposium on Security and Privacy
CCF level:CCF A
Categories:network and information security
Year:2025
Conference time:MAY 12-15, 2025 AT THE HYATT REGENCY SAN FRANCISCO, SAN FRANCISCO, CA
5
Title:
BPSniff: Continuously Surveilling Private Blood Pressure Information in the Metaverse via Unrestricted Inbuilt Motion Sensors
BPSniff:通过不受限制的内置运动传感器持续监视元宇宙中的私人血压信息
Authors:
Zhengkun Ye, Temple University
Ahmed Tanvir Mahdad, Texas A&M University, College Station
Yan Wang, Temple University
Cong Shi, New Jersey Institute of Technology
Yingying Chen, Rutgers University
Nitesh Saxena, Texas A&M University, College Station
Abstract:
Blood pressure (BP) is one of the most essential biomarkers for various diseases. It is considered protected health information under HIPAA and usually needs the user's consent for access. In this work, we uncover an insidious privacy breach in metaverse usage: private BP information can be covertly obtained from unrestricted motion sensors in virtual reality (VR) headsets. The insight is that the motion sensors can capture the subtle vibrations induced by the blood waves in the major arteries. Such vibrations are highly correlated with users' cardiac cycles and BP. As adversaries can continuously obtain motion sensor data from VR headsets without users' consent, they can derive and collect users' BP information in metaverse apps or websites, leading to more severe consequences, such as discrimination, exploitation, and targeted harassment. To demonstrate this severe privacy leakage in the metaverse, we develop a practical attack, BPSniff, which can reconstruct fine-grained blood flow patterns and derive BP based on motion sensor data from users' VR headsets. BPSniff is the first practical attack revealing the BP leakage in the metaverse without using dedicated equipment. Unlike previous mobile sensing approaches that require user-specific calibration, BPSniff bypasses this constraint, enabling truly stealthy passive BP attacks at scale. Our attack first employs a variational autoencoder to reconstruct high-fidelity blood flow patterns from VR headset motion sensor data. We then develop an Adam-optimized long short-term memory (LSTM) regression model that leverages BP-related fiducial features from successive blood flow patterns to continuously estimate the user's BP. We evaluate BPSniff through extensive experiments and a longitudinal study of 8 weeks involving 37 participants and two VR headset models. The results show that BPSniff can achieve low mean errors of 1.75 mmHg for systolic blood pressure (SBP) and 1.34 mmHg for diastolic blood pressure (DBP), which are comparable to commercial BP monitors and satisfy the standard (i.e., mean error <= 5.0 mmHg) specified by FDA's AAMI protocol.
血压 (BP) 是各种疾病最重要的生物标志物之一。根据 HIPAA,血压被视为受保护的健康信息,通常需要用户同意才能访问。在这项工作中,我们发现了元宇宙使用中隐蔽的隐私泄露:私人血压信息可以从虚拟现实 (VR) 耳机中不受限制的运动传感器秘密获取。洞察是,运动传感器可以捕捉到主要动脉中血波引起的细微振动。这种振动与用户的心动周期和血压高度相关。由于对手可以在未经用户同意的情况下不断从 VR 耳机获取运动传感器数据,因此他们可以在元宇宙应用程序或网站中获取和收集用户的血压信息,从而导致更严重的后果,例如歧视、剥削和有针对性的骚扰。为了证明元宇宙中这种严重的隐私泄露,我们开发了一种实用攻击 BPSniff,它可以重建细粒度的血流模式并根据用户 VR 耳机中的运动传感器数据得出血压。 BPSniff 是第一个无需使用专用设备即可揭示元宇宙中 BP 泄漏的实际攻击。与以前需要用户特定校准的移动传感方法不同,BPSniff 绕过了这一限制,实现了真正隐秘的大规模被动 BP 攻击。我们的攻击首先采用变分自动编码器从 VR 耳机运动传感器数据中重建高保真血流模式。然后,我们开发了一个 Adam 优化的长短期记忆 (LSTM) 回归模型,该模型利用连续血流模式中与 BP 相关的基准特征来连续估计用户的血压。我们通过大量实验和一项为期 8 周的纵向研究对 BPSniff 进行了评估,研究对象包括 37 名参与者和两种 VR 耳机型号。结果表明,BPSniff 可实现收缩压(SBP)1.75 mmHg 的平均误差和舒张压(DBP)1.34 mmHg 的低误差,与商用血压监测仪相当,并满足 FDA 的 AAMI 协议规定的标准(即平均误差 <= 5.0 mmHg)。
链接:
https://www.computer.org/csdl/proceedings-article/sp/2025/223600a049/21B7QX0bxrG
6
Title:
Volatile and Persistent Memory for zkSNARKs via Algebraic Interactive Proofs
通过代数交互证明实现 zkSNARK 的易失性和持久性内存
Authors:
Alex Ozdemir, Stanford
Evan Laufer, Stanford
Dan Boneh, Stanford
Abstract:
In verifiable outsourcing, an untrusted server runs an expensive computation and produces a succinct proof (called a SNARK) of the results. In many scenarios, the computation accesses a RAM that the server maintains a commitment to (persistent RAM) or that is initially zero (volatile RAM). But, SNARKs for such scenarios are limited by the high overheads associated with existing techniques for RAM checking. We develop new proofs about volatile, persistent, and sparse persistent RAM that reduce SNARK proving times. Our results include both asymptotic and concrete improvements--- including a proving time reduction of up to 51.3× for persistent RAM. Along the way, we apply two tools that may be of independent interest. First, we generalize an existing construction to convert any algebraic interactive proof (AIP) into a SNARK. An AIP is a public-coin, non-succinct, interactive proof with a verifier that is an arithmetic circuit. Second, we apply Bézout's identity for polynomials to construct new AIPs for uniqueness and disjointness. These are useful for showing the independence of accesses to different addresses.
在可验证外包中,不受信任的服务器运行昂贵的计算并生成结果的简洁证明(称为 SNARK)。在许多情况下,计算访问服务器维持承诺的 RAM(持久性 RAM)或最初为零的 RAM(易失性 RAM)。但是,此类场景的 SNARK 受到与现有 RAM 检查技术相关的高开销的限制。我们开发了关于易失性、持久性和稀疏持久性 RAM 的新证明,以减少 SNARK 证明时间。我们的结果包括渐近和具体的改进——包括持久性 RAM 的证明时间减少高达 51.3 倍。在此过程中,我们应用了两个可能具有独立兴趣的工具。首先,我们概括现有构造以将任何代数交互式证明 (AIP) 转换为 SNARK。AIP 是一种公共硬币、非简洁的交互式证明,其验证器是算术电路。其次,我们应用贝祖多项式恒等式来构造新的 AIP,以表示唯一性和不相交性。这些 AIP 有助于显示对不同地址的访问的独立性。
链接:
https://www.computer.org/csdl/proceedings-article/sp/2025/223600a054/21B7R0YQXtK
7
Title:
Phecda: Post-Quantum Transparent zkSNARKs from Improved Polynomial Commitment and VOLE-in-the-Head with Application in Publicly Verifiable AES
Phecda:基于改进的多项式承诺和 VOLE-in-the-Head 的后量子透明 zkSNARK 及其在可公开验证的 AES 中的应用
Authors:
Changchang Ding, Indiana University, Bloomington
Yan Huang, Indiana University, Bloomington
Abstract:
We propose Phecda, a new framework to produce quantum-resistant transparent zkSNARKs in the Random Oracle Model. Phecda features a novel multi-linear polynomial commitment scheme and a novel VOLE-in-the-Head zero- knowledge argument, offering a versatile solution for verifying many real-world computations. In particular, we invent a novel AES verification circuit, which, combined with Phecda, allows to verify 1024 blocks of AES in the counter-mode in 10ms using a single-thread program running on a Linux PC.
我们提出了 Phecda,这是一种在随机预言模型中生成抗量子透明 zkSNARK 的新框架。Phecda 具有新颖的多线性多项式承诺方案和新颖的 VOLE-in-the-Head 零知识论证,为验证许多现实世界的计算提供了通用的解决方案。特别是,我们发明了一种新颖的 AES 验证电路,与 Phecda 结合使用,允许使用在 Linux PC 上运行的单线程程序在 10ms 内以计数器模式验证 1024 个 AES 块。
链接:
https://www.computer.org/csdl/proceedings-article/sp/2025/223600a055/21B7R1Oem1q
8
Title:
Zero-Knowledge Location Privacy via Accurate Floating-Point SNARKs
通过精确浮点 SNARK 实现零知识位置隐私
Authors:
Jens Ernstberger, Technical University of Munich, Germany
Chengru Zhang, The University of Hong Kong, Hong Kong
Luca Ciprian, Technical University of Munich, Germany
Philipp Jovanovic, University College London, United Kingdom
Sebastian Steinhorst, Technical University of Munich, Germany
Abstract:
We introduce Zero-Knowledge Location Privacy (ZKLP), enabling users to prove to third parties that they are within a specified geographical region while not disclosing their exact location. ZKLP supports varying levels of granularity, allowing for customization depending on the use case. To realize ZKLP, we introduce the first set of Zero-Knowledge Proof (ZKP) circuits that are fully compliant to the IEEE 754 standard for floating-point arithmetic. Our results demonstrate that our floating point circuits amortize efficiently, requiring only 64 constraints per operation for 2^15 single-precision floating-point multiplications. We utilize our floating point implementation to realize the ZKLP paradigm. In comparison to a baseline, we find that our optimized implementation has 15.9x less constraints utilizing single precision floating-point values, and 12.2x less constraints when utilizing double precision floating-point values. We demonstrate the practicability of ZKLP by building a protocol for privacy preserving peer-to-peer proximity testing — Alice can test if she is close to Bob by receiving a single message, without either party revealing any other information about their location. In such a setting, Bob can create a proof of (non-)proximity in 0.26 s, whereas Alice can verify her distance to about 470 peers per second.
我们引入了零知识位置隐私 (ZKLP),使用户能够向第三方证明他们位于指定的地理区域内,同时又不泄露其确切位置。ZKLP 支持不同级别的粒度,允许根据用例进行自定义。为了实现 ZKLP,我们引入了第一组完全符合浮点算法 IEEE 754 标准的零知识证明 (ZKP) 电路。我们的结果表明,我们的浮点电路摊销效率高,对于 2^15 单精度浮点乘法,每个操作只需要 64 个约束。我们利用浮点实现来实现 ZKLP 范式。与基线相比,我们发现我们的优化实现在使用单精度浮点值时约束减少了 15.9 倍,在使用双精度浮点值时约束减少了 12.2 倍。我们通过构建一个隐私保护的点对点邻近度测试协议来证明 ZKLP 的实用性——Alice 可以通过接收一条消息来测试她是否靠近 Bob,而无需任何一方透露有关其位置的任何其他信息。在这种情况下,Bob 可以在 0.26 秒内创建(非)邻近度证明,而 Alice 每秒可以验证她与大约 470 个对等点的距离。
链接:
https://www.computer.org/csdl/proceedings-article/sp/2025/223600a057/21B7R3HsGK4