Biblio

Geo-social applications deal with constantly sharing user's current geographic information in terms of location (Latitude and Longitude). Such application can be used by many people to get information about their surrounding with the help of their friend's locations and their recommendations. But without any privacy protection, these systems can be easily misused by tracking the users. We are proposing Error Based Transformation (ERB) approach for location transformation which provides significantly improved location privacy without adding uncertainty in to query results or relying on strong assumptions about server security. The key insight is to apply secure user-specific, distance-preserving coordinate transformations to all location data shared with the server. Only the friends of a user can get exact co-ordinates by applying inverse transformation with secret key shared with them. Servers can evaluate all location queries correctly on transformed data. ERB privacy mechanism guarantee that servers are unable to see or infer actual location data from the transformed data. ERB privacy mechanism is successful against a powerful adversary model where prototype measurements used to show that it provides with very little performance overhead making it suitable for today's mobile device.

Geo-social applications deal with constantly sharing user's current geographic information in terms of location (Latitude and Longitude). Such application can be used by many people to get information about their surrounding with the help of their friend's locations and their recommendations. But without any privacy protection, these systems can be easily misused by tracking the users. We are proposing Error Based Transformation (ERB) approach for location transformation which provides significantly improved location privacy without adding uncertainty in to query results or relying on strong assumptions about server security. The key insight is to apply secure user-specific, distance-preserving coordinate transformations to all location data shared with the server. Only the friends of a user can get exact co-ordinates by applying inverse transformation with secret key shared with them. Servers can evaluate all location queries correctly on transformed data. ERB privacy mechanism guarantee that servers are unable to see or infer actual location data from the transformed data. ERB privacy mechanism is successful against a powerful adversary model where prototype measurements used to show that it provides with very little performance overhead making it suitable for today's mobile device.

With the development of cloud computing, cloud workflow systems are widely accepted by more and more enterprises and individuals (namely tenants). There exists mass tenant workflow instances running in cloud workflow systems. How to implement the three-level (i.e., data, performance, execution ) isolation and privacy protection among these tenant workflow instances is challenging. To address this issue, this paper presents a novel cloud workflow model supporting multi-tenants with privacy protection. With the presented model, a framework of cloud workflow engine based on the extended jBPM4 is proposed by adopting layered management thought, virtualization technology and sandbox mechanism. By extending the jBPM4 (java Business Process Management) engine, the prototype system of the proposed cloud workflow engine is implemented and applied in the ceramic cloud service platform (denoted as CCSP). The application effect demonstrates that our proposal can be used to implement the three-level isolation and privacy protection between mass various tenant workflow instances in cloud workflow systems.

With the rapid development of the contemporary society, wide use of smart phone and vehicle sensing devices brings a huge influence on the extensive data collection. Network coding can only provide weak security privacy protection. Aiming at weak secure feature of network coding, this paper proposes an information transfer mechanism, Weak Security Network Coding with Homomorphic Encryption (HE-WSNC), and it is integrated into routing policy. In this mechanism, a movement model is designed, which allows information transmission process under Wi-Fi and Bluetooth environment rather than consuming 4G data flow. Not only does this application reduce the cost, but also improve reliability of data transmission. Moreover, it attracts more users to participate.

Today, Smartphone is a necessary device for people connected to the Internet world. But user privacy and security are still playing important roles in the usage of mobile devices. The user was asked to enter related characters, numbers or drawing a simple graphic on the touch screen as passwords for unlocking the screensaver. Although it could provide the user with a simple and convenient security authentication mechanism, the process is hard to protect against the privacy information leakage under the strict security policy. Nowadays, various keypad lock screen Apps usually provides different type of schemes in unlocking the mobile device screen, such as simple-customized pattern, swipe-to-unlock with a static image and so on. But the vulnerability could provide a chance to hijacker to find out the leakage of graphic pattern information that influences in user information privacy and security.This paper proposes a new graphic pattern authentication mechanism to enhance the strength of that in the keypad lock screen Apps. It integrates random digital graphics and handwriting graphic input track recognition technologies to provide better and more diverse privacy protection and reduce the risk of vulnerability. The proposed mechanism is based on two factor identification scheme. First of all, it randomly changes digital graphic position based on unique passwords every time to increase the difficulty of the stealer's recording. Second, the input track of handwriting graphics is another identification factor for enhancing the complex strength of user authentication as well.

Protecting privacy of individuals is a basic right, which has to be considered in our data-centered society in which new technologies emerge rapidly. To preserve the privacy of individuals de-identifying technologies have been developed including pseudonymization, personal privacy anonymization, and privacy models. Each having several variations with different properties and contexts which poses the challenge for the proper selection and application of de-identification methods. We tackle this challenge proposing a policy-based de-identification test framework for a systematic approach to experimenting and evaluation of various combinations of methods and their interplay. Evaluation of the experimental results regarding performance and utility is considered within the framework. We propose a domain-specific language, expressing the required complex configuration options, including data-set, policy generator, and various de-identification methods.

In this paper, we leverage previous work in the Identity Ecosystem, a Bayesian network mathematical representation of a person's identity, to create a framework to evaluate identity protection systems. Information dynamic is considered and a protection game is formed given that the owner and the attacker both gain some level of control over the status of other PII within the dynamic Identity Ecosystem. We present a policy iteration algorithm to solve the optimal policy for the game and discuss its convergence. Finally, an evaluation and comparison of identity protection strategies is provided given that an optimal policy is used against different protection policies. This study is aimed to understand the evolutionary process of identity theft and provide a framework for evaluating different identity protection strategies and future privacy protection system.

The applications of Radio Frequency Identification (RFID) technology has been rapidly developed to be used in different fields that require automatic identification of objects and managing information. The advantage of employing RFID systems is to facilitate automatic identification of objects from distance without any interaction with tagged objects and without using a line of sight as compared with barcode. However, security and privacy constitute a challenge to RFID system as RFID systems use the wireless communication. Many researchers have introduced elliptical curve cryptographic (ECC) solutions to the security and privacy in RFID system as an ideal cryptosystem to be implemented with RFID technology. However, most of these solutions do not have provide adequate protection. Moreover, in terms of integrity and confidentiality level, most of these authentication protocols still vulnerable to some of security and privacy attacks. Based on these facts, this paper proposes a mutual authentication protocol that aims at enhancing an existing RFID authentication protocol that suffers from tracking attack and man-in-the-middle attack (MITM). The enhancement is accomplished by improving the security and privacy level against MITM, tracking attack and other related attacks. The proposed protocol is dependent on use the elliptical curve version of Schnorr identification protocol in combination with Keccak hash function. This combination leads to enhance the confidentiality and integrity level of the RFID authentication system and increase the privacy protection.

The smart grid aims to improve the efficiency, reliability and safety of the electric system via modern communication system, it's necessary to utilize cloud computing to process and store the data. In fact, it's a promising paradigm to integrate smart grid into cloud computing. However, access to cloud computing system also brings data security issues. This paper focuses on the protection of user privacy in smart meter system based on data combination privacy and trusted third party. The paper demonstrates the security issues for smart grid communication system and cloud computing respectively, and illustrates the security issues for the integration. And we introduce data chunk storage and chunk relationship confusion to protect user privacy. We also propose a chunk information list system for inserting and searching data.

Processing smart grid data for analytics purposes brings about a series of privacy-related risks. In order to allow for the most suitable mitigation strategies, reasonable privacy risks need to be addressed by taking into consideration the perspective of each smart grid stakeholder separately. In this context, we use the notion of privacy concerns to reflect potential privacy risks from the perspective of different smart grid stakeholders. Privacy concerns help to derive privacy goals, which we represent using the goals structuring notation. Thus represented goals can more comprehensibly be addressed through technical and non-technical strategies and solutions. The thread of argumentation - from concerns to goals to strategies and solutions - is presented in form of a privacy case, which is analogous to the safety case used in the automotive domain. We provide an exemplar privacy case for the smart grid developed as part of the Aspern Smart City Research project.

Recently, several health care wearable devices which can intervene in health and collect personal health data have emerged in the medical market. Although health care wearable devices promote the integration of multi-layer medical resources and bring new ways of health applications for users, it is inevitable that some problems will be brought. This is mainly manifested in the safety protection of medical and health data and the protection of user's privacy. From the users' point of view, the irrational use of medical and health data may bring psychological and physical negative effects to users. From the government's perspective, it may be sold by private businesses in the international arena and threaten national security. The most direct precaution against the problem is users' initiative. For better understanding, a research model is designed by the following five aspects: Security knowledge (SK), Security attitude (SAT), Security practice (SP), Security awareness (SAW) and Security conduct (SC). To verify the model, structural equation analysis which is an empirical approach was applied to examine the validity and all the results showed that SK, SAT, SP, SAW and SC are important factors affecting users' data security and privacy protection awareness.

With the rapid development of Internet of Things applications, the power Internet of Things technologies and applications covering the various production links of the power grid "transmission, transmission, transformation, distribution and use" are becoming more and more popular, and the terminal, network and application security risks brought by them are receiving more and more attention. Combined with the architecture and risk of power Internet of Things, this paper first proposes the overall security protection technology system and strategy for power Internet of Things; then analyzes terminal identity authentication and authority control, edge area autonomy and data transmission protection, and application layer cloud fog security management. And the whole process real-time security monitoring; Finally, through the analysis of security risks and protection, the technical difficulties and directions for the security protection of the Internet of Things are proposed.

How to protect users' private data during network data mining has become a hot issue in the fields of big data and network information security. Most current researches on differential privacy k-means clustering algorithms focus on optimizing the selection of initial centroids. However, the traditional privacy budget allocation has the problem that the random noise becomes too large as the number of iterations increases, which will reduce the performance of data clustering. To solve the problem, we improved the way of privacy budget allocation in differentially private clustering algorithm DPk-means, and proposed APDPk-means, a new differential privacy clustering algorithm based on arithmetic progression privacy budget allocation. APDPk-means decomposes the total privacy budget into a decreasing arithmetic progression, allocating the privacy budgets from large to small in the iterative process, so as to ensure the rapid convergence in early iteration. The experiment results show that compared with the other differentially private k-means algorithms, APDPk-means has better performance in availability and quality of the clustering result under the same level of privacy protection.

Analyzing clustering results may lead to the privacy disclosure issue in big data mining. In this paper, we put forward a differential privacy-based protecting data preprocessing method for distance-based clustering. Firstly, the data distortion technique differential privacy is used to prevent the distances in distance-based clustering from disclosing the relationships. Differential privacy may affect the clustering results while protecting privacy. Then an adaptive privacy budget parameter adjustment mechanism is applied for keeping the balance between the privacy protection and the clustering results. By solving the maximum and minimum problems, the differential privacy budget parameter can be obtained for different clustering algorithms. Finally, we conduct extensive experiments to evaluate the performance of our proposed method. The results demonstrate that our method can provide privacy protection with precise clustering results.

Data have become an important asset for analysis and behavioral prediction, especially correlations between data. Privacy protection has aroused academic and social concern given the amount of personal sensitive information involved in data. However, existing works assume that the records are independent of each other, which is unsuitable for associated data. Many studies either fail to achieve privacy protection or lead to excessive loss of information while applying data correlations. Differential privacy, which achieves privacy protection by injecting random noise into the statistical results given the correlation, will improve the background knowledge of adversaries. Therefore, this paper proposes an information entropy differential privacy solution for correlation data privacy issues based on rough set theory. Under the solution, we use rough set theory to measure the degree of association between attributes and use information entropy to quantify the sensitivity of the attribute. The information entropy difference privacy is achieved by clustering based on the correlation and adding personalized noise to each cluster while preserving the correlations between data. Experiments show that our algorithm can effectively preserve the correlation between the attributes while protecting privacy.

Today's extensive use of Internet creates huge volumes of data by users in both client and server sides. Normally users don't want to store all the data in local as well as keep archive in the server. For some unwanted data, such as trash, cache and private data, needs to be deleted periodically. Explicit deletion could be applied to the local data, while it is a troublesome job. But there is no transparency to users on the personal data stored in the server. Since we have no knowledge of whether they're cached, copied and archived by the third parties, or sold by the service provider. Our research seeks to provide an automatic data sanitization system to make data could be self-destructing. Specifically, we give data a life cycle, which would be erased automatically when at the end of its life, and the destroyed data cannot be recovered by any effort. In this paper, we present FlashGhost, which is a system that meets this challenge through a novel integration of cryptography techniques with the frequent colliding hash table. In this system, data will be unreadable and rendered unrecoverable by overwriting multiple times after its validity period has expired. Besides, the system reliability is enhanced by threshold cryptography. We also present a mathematical model and verify it by a number of experiments, which demonstrate theoretically and experimentally our system is practical to use and meet the data auto-sanitization goal described above.

The public key infrastructure (PKI) based authentication protocol provides the basic security services for vehicular ad-hoc networks (VANETs). However, trust and privacy are still open issues due to the unique characteristics of vehicles. It is crucial for VANETs to prevent internal vehicles from broadcasting forged messages while simultaneously protecting the privacy of each vehicle against tracking attacks. In this paper, we propose a blockchain-based anonymous reputation system (BARS) to break the linkability between real identities and public keys to preserve privacy. The certificate and revocation transparency is implemented efficiently using two blockchains. We design a trust model to improve the trustworthiness of messages relying on the reputation of the sender based on both direct historical interactions and indirect opinions about the sender. Experiments are conducted to evaluate BARS in terms of security and performance and the results show that BARS is able to establish distributed trust management, while protecting the privacy of vehicles.

The Android mobile platform supports billions of devices across more than 190 countries around the world. This popularity coupled with user data collection by Android apps has made privacy protection a well-known challenge in the Android ecosystem. In practice, app producers provide privacy policies disclosing what information is collected and processed by the app. However, it is difficult to trace such claims to the corresponding app code to verify whether the implementation is consistent with the policy. Existing approaches for privacy policy alignment focus on information directly accessed through the Android platform (e.g., location and device ID), but are unable to handle user input, a major source of private information. In this paper, we propose a novel approach that automatically detects privacy leaks of user-entered data for a given Android app and determines whether such leakage may violate the app's privacy policy claims. For evaluation, we applied our approach to 120 popular apps from three privacy-relevant app categories: finance, health, and dating. The results show that our approach was able to detect 21 strong violations and 18 weak violations from the studied apps.

The rapid development of the Internet of Things (IoT) results in generating massive amounts of data. Significant portions of these data are sensitive since they reflect (directly or indirectly) peoples' behaviors, interests, lifestyles, etc. Protecting sensitive IoT data from privacy violations is a challenge since these data need to be communicated, processed, analyzed, and stored by public networks, servers, and clouds; most of them are untrusted parties for data owners. We propose a solution for protecting sensitive IoT data called Policy Enforcement Fog Module (PEFM). The major task of the PEFM solution is mandatory enforcement of privacy policies for sensitive IoT data-wherever these data are accessed throughout their entire lifecycle. The key feature of PEFM is its placement within the fog computing infrastructure, which assures that PEFM operates as closely as possible to data sources within the edge. PEFM enforces policies directly for local IoT applications. In contrast, for remote applications, PEFM provides a self-protecting mechanism based on creating and disseminating Active Data Bundles (ADBs). ADBs are software constructs bundling inseparably sensitive data, their privacy policies, and an execution engine able to enforce privacy policies. To prove effectiveness and efficiency of the proposed module, we developed a smart home proof-of-concept scenario. We investigate privacy threats for sensitive IoT data. We run simulation experiments, based on network calculus, for testing performance of the PEFM controls for different network configurations. The results of the simulation show that-even with using from 1 to 5 additional privacy policies for improved data privacy-penalties in terms of execution time and delay are reasonable (approx. 12-15% and 13-19%, respectively). The results also show that PEFM is scalable regarding the number of the real-time constraints for real-time IoT applications.

This article describes a privacy policy framework that can represent and reason about complex privacy policies. By using a Common Data Model together with a formal shareability theory, this framework enables the specification of expressive policies in a concise way without burdening the user with technical details of the underlying formalism. We also build a privacy policy decision engine that implements the framework and that has been deployed as the policy decision point in a novel enterprise privacy prototype system. Our policy decision engine supports two main uses: (1) interfacing with user interfaces for the creation, validation, and management of privacy policies; and (2) interfacing with systems that manage data requests and replies by coordinating privacy policy engine decisions and access to (encrypted) databases using various privacy enhancing technologies.

In the smart grid, residents' electricity usage needs to be periodically measured and reported for the purpose of better energy management. At the same time, real-time collection of residents' electricity consumption may unfavorably incur privacy leakage, which has motivated the research on privacy-preserving aggregation of electricity readings. Most previous studies either rely on a trusted third party (TTP) or suffer from expensive computation. In this paper, we first reveal the privacy flaws of a very recent scheme pursing privacy preservation without relying on the TTP. By presenting concrete attacks, we show that this scheme has failed to meet the design goals. Then, for better privacy protection, we construct a new scheme called PMDA, which utilizes Shamir's secret sharing to allow smart meters to negotiate aggregation parameters in the absence of a TTP. Using only lightweight cryptography, PMDA efficiently supports multi-functional aggregation of the electricity readings, and simultaneously preserves residents' privacy. Theoretical analysis is provided with regard to PMDA's security and efficiency. Moreover, experimental data obtained from a prototype indicates that our proposal is efficient and feasible for practical deployment.

Fully homomorphic encryption (FHE) makes it easier for cloud computing to be consistent with privacy. But the efficiency of existing FHE schemes is still far from the actual needs. The main cause is that most of existing FHE schemes are single-bit encryption. Hiromasa, Abe and Okamoto (PKC 2015) reached the major milestone by constructing the first fully homomorphic encryption (FHE) scheme that encrypted message matrices (with single-bit matrices components) and supported homomorphic matrix addition and multiplication. In this paper, we propose a more efficient variant of Hiromasa, Abe and Okamoto with a lower factor noise-expansion factor for homomorphic multiplication from $\Theta$(poly(n)) to $\Theta$(1) and multi-bit matrices components.

We design a Practical and Privacy-Aware Truth Discovery (PPATD) approach in mobile crowd sensing systems, which supports users to go offline at any time while still achieving practical efficiency under working process. More notably, our PPATD is the first solution under single server setting to resolve the problem that users must be online at all times during the truth discovery. Moreover, we design a double-masking with one-time pads protocol to further ensure the strong security of users' privacy even if there is a collusion between the cloud server and multiple users.

To prevent users' privacy from leakage, more and more mobile devices employ biometric-based authentication approaches, such as fingerprint, face recognition, voiceprint authentications, etc., to enhance the privacy protection. However, these approaches are vulnerable to replay attacks. Although state-of-art solutions utilize liveness verification to combat the attacks, existing approaches are sensitive to ambient environments, such as ambient lights and surrounding audible noises. Towards this end, we explore liveness verification of user authentication leveraging users' lip movements, which are robust to noisy environments. In this paper, we propose a lip reading-based user authentication system, LipPass, which extracts unique behavioral characteristics of users' speaking lips leveraging build-in audio devices on smartphones for user authentication. We first investigate Doppler profiles of acoustic signals caused by users' speaking lips, and find that there are unique lip movement patterns for different individuals. To characterize the lip movements, we propose a deep learning-based method to extract efficient features from Doppler profiles, and employ Support Vector Machine and Support Vector Domain Description to construct binary classifiers and spoofer detectors for user identification and spoofer detection, respectively. Afterwards, we develop a binary tree-based authentication approach to accurately identify each individual leveraging these binary classifiers and spoofer detectors with respect to registered users. Through extensive experiments involving 48 volunteers in four real environments, LipPass can achieve 90.21% accuracy in user identification and 93.1% accuracy in spoofer detection.

Currently, when companies conduct risk analysis of own networks and systems, it is common to outsource risk analysis to third-party experts. At that time, the company passes the information used for risk analysis including confidential information such as network configuration to third-party expert. It raises the risk of leakage and abuse of confidential information. Therefore, a method of risk analysis by using secure computation without passing confidential information of company has been proposed. Although Liu's method have firstly achieved secure risk analysis method using multiparty computation and attack tree analysis, it has several problems to be practical. In this paper, improvement of secure risk analysis method is proposed. It can dynamically reduce compilation time, enhance scale of target network and system without increasing execution time. Experimental work is carried out by prototype implementation. As a result, we achieved improved performance in compile time and enhance scale of target with equivalent performance on execution time.