Privacy preservation has recently received considerable attention in location-based services (LBSs). A large number of location cloaking algorithms have been proposed for protecting the location privacy of mobile us...Privacy preservation has recently received considerable attention in location-based services (LBSs). A large number of location cloaking algorithms have been proposed for protecting the location privacy of mobile users. However, most existing cloaking approaches assume that mobile users are trusted. And exact locations are required to protect location privacy, which is exactly the information mobile users want to hide. In this paper, we propose a p-anti-conspiration privacy model to anonymize over semi-honest users. Further- more, two k*NNG-based cloaking algorithms, vk*NNCA and ek*NNCA, are proposed to protect location privacy without exact locations. The efficiency and effectiveness of the pro- posed algorithms are validated by a series of carefully designed experiments. The experimental results show that the price paid for location privacy protection without exact locations is small.展开更多
The popularization of intelligent healthcare devices and big data analytics significantly boosts the development of Smart Healthcare Networks(SHNs).To enhance the precision of diagnosis,different participants in SHNs ...The popularization of intelligent healthcare devices and big data analytics significantly boosts the development of Smart Healthcare Networks(SHNs).To enhance the precision of diagnosis,different participants in SHNs share health data that contain sensitive information.Therefore,the data exchange process raises privacy concerns,especially when the integration of health data from multiple sources(linkage attack)results in further leakage.Linkage attack is a type of dominant attack in the privacy domain,which can leverage various data sources for private data mining.Furthermore,adversaries launch poisoning attacks to falsify the health data,which leads to misdiagnosing or even physical damage.To protect private health data,we propose a personalized differential privacy model based on the trust levels among users.The trust is evaluated by a defined community density,while the corresponding privacy protection level is mapped to controllable randomized noise constrained by differential privacy.To avoid linkage attacks in personalized differential privacy,we design a noise correlation decoupling mechanism using a Markov stochastic process.In addition,we build the community model on a blockchain,which can mitigate the risk of poisoning attacks during differentially private data transmission over SHNs.Extensive experiments and analysis on real-world datasets have testified the proposed model,and achieved better performance compared with existing research from perspectives of privacy protection and effectiveness.展开更多
This paper addresses a special and imperceptible class of privacy,called implicit privacy.In contrast to traditional(explicit)privacy,implicit privacy has two essential prop-erties:(1)It is not initially defined as a ...This paper addresses a special and imperceptible class of privacy,called implicit privacy.In contrast to traditional(explicit)privacy,implicit privacy has two essential prop-erties:(1)It is not initially defined as a privacy attribute;(2)it is strongly associated with privacy attributes.In other words,attackers could utilize it to infer privacy attributes with a certain probability,indirectly resulting in the disclosure of private information.To deal with the implicit privacy disclosure problem,we give a measurable definition of implicit privacy,and propose an ex-ante implicit privacy-preserving framework based on data generation,called IMPOSTER.The framework consists of an implicit privacy detection module and an implicit privacy protection module.The former uses normalized mutual information to detect implicit privacy attributes that are strongly related to traditional privacy attributes.Based on the idea of data generation,the latter equips the Generative Adversarial Network(GAN)framework with an additional discriminator,which is used to eliminate the association between traditional privacy attributes and implicit ones.We elaborate a theoretical analysis for the convergence of the framework.Experiments demonstrate that with the learned gen-erator,IMPOSTER can alleviate the disclosure of implicit privacy while maintaining good data utility.展开更多
Various solutions have been proposed to enable mobile users to access location-based services while preserving their location privacy. Some of these solutions are based on a centralized architecture with the participa...Various solutions have been proposed to enable mobile users to access location-based services while preserving their location privacy. Some of these solutions are based on a centralized architecture with the participation of a trustworthy third party, whereas some other approaches are based on a mobile peer-to-peer (P2P) architecture. The former approaches suffer from the scalability problem when networks grow large, while the latter have to endure either low anonymization success rates or high communication overheads. To address these issues, this paper deals with an enhanced dual-active spatial cloaking algorithm (EDA) for preserving location privacy in mobile P2P networks. The proposed EDA allows mobile users to collect and actively disseminate their location information to other users. Moreover, to deal with the challenging characteristics of mobile P2P networks, e.g., constrained network resources and user mobility, EDA enables users (1) to perform a negotiation process to minimize the number of duplicate locations to be shared so as to significantly reduce the communication overhead among users, (2) to predict user locations based on the latest available information so as to eliminate the inaccuracy problem introduced by using some out-of-date locations, and (3) to use a latest-record-highest-priority (LRHP) strategy to reduce the probability of broadcasting fewer useful locations. Extensive simulations are conducted for a range of P2P network scenarios to evaluate the performance of EDA in comparison with the existing solutions. Experimental results demonstrate that the proposed EDA can improve the performance in terms of anonymity and service time with minimized communication overhead.展开更多
Data security is one of the leading concerns and primary challenges for cloud computing. This issue is getting more and more serious with the development of cloud computing. However, the existing privacy-preserving da...Data security is one of the leading concerns and primary challenges for cloud computing. This issue is getting more and more serious with the development of cloud computing. However, the existing privacy-preserving data sharing techniques either fail to prevent the leakage of privacy or incur huge amounts of information loss. In this paper, we propose a novel technique, termed as linking-based anonymity model, which achieves K-anonymity with quasi-identifiers groups (QI-groups) having a size less than K. In the meanwhile, a semi-homogenous generalization is introduced to be against the attack incurred by homogenous generalization. To implement linking-based anonymization model, we propose a simple yet efficient heuristic local recoding method. Extensive experiments on real datasets are also conducted to show that the utility has been significantly improved by our approach compared with the state-of-the-art methods.展开更多
In this paper, we focus on Elliptic Curve Cryptography based approach for Secure Multiparty Computation (SMC) problem. Widespread proliferation of data and the growth of communication technologies have enabled collabo...In this paper, we focus on Elliptic Curve Cryptography based approach for Secure Multiparty Computation (SMC) problem. Widespread proliferation of data and the growth of communication technologies have enabled collaborative computations among parties in distributed scenario. Preserving privacy of data owned by parties is crucial in such scenarios. Classical approach to SMC is to perform computation using Trusted Third Party (TTP). However, in practical scenario, TTPs are hard to achieve and it is imperative to eliminate TTP in SMC. In addition, existing solutions proposed for SMC use classical homomorphic encryption schemes such as RSA and Paillier. Due to the higher cost incurred by such cryptosystems, the resultant SMC protocols are not scalable. We propose Elliptic Curve Cryptography (ECC) based approach for SMC that is scalable in terms of computational and communication cost and avoids TTP. In literature, there do exist various ECC based homomorphic schemes and it is imperative to investigate and analyze these schemes in order to select the suitable for a given application. In this paper, we empirically analyze various ECC based homomorphic encryption schemes based on performance metrics such as computational cost and communication cost. We recommend an efficient algorithm amongst several selected ones, that offers security with lesser overheads and can be applied in any application demanding privacy.展开更多
In recent years,mobile Internet technology and location based services have wide application.Application providers and users have accumulated huge amount of trajectory data.While publishing and analyzing user trajecto...In recent years,mobile Internet technology and location based services have wide application.Application providers and users have accumulated huge amount of trajectory data.While publishing and analyzing user trajectory data have brought great convenience for people,the disclosure risks of user privacy caused by the trajectory data publishing are also becoming more and more prominent.Traditional k-anonymous trajectory data publishing technologies cannot effectively protect user privacy against attackers with strong background knowledge.For privacy preserving trajectory data publishing,we propose a differential privacy based(k-Ψ)-anonymity method to defend against re-identification and probabilistic inference attack.The proposed method is divided into two phases:in the first phase,a dummy-based(k-Ψ)-anonymous trajectory data publishing algorithm is given,which improves(k-δ)-anonymity by considering changes of thresholdδon different road segments and constructing an adaptive threshold setΨthat takes into account road network information.In the second phase,Laplace noise regarding distance of anonymous locations under differential privacy is used for trajectory perturbation of the anonymous trajectory dataset outputted by the first phase.Experiments on real road network dataset are performed and the results show that the proposed method improves the trajectory indistinguishability and achieves good data utility in condition of preserving user privacy.展开更多
This paper addresses a special and imperceptible class of privacy,called implicit privacy.In contrast to traditional(explicit)privacy,implicit privacy has two essential properties:(1)It is not initially de ned as a pr...This paper addresses a special and imperceptible class of privacy,called implicit privacy.In contrast to traditional(explicit)privacy,implicit privacy has two essential properties:(1)It is not initially de ned as a privacy attribute;(2)it is strongly associated with privacy attributes.In other words,attackers could utilize it to infer privacy attributes with a certain probability,indirectly resulting in the disclosure of private information.To deal with the implicit privacy disclosure problem,we give a measurable de nition of implicit privacy,and propose an ex-ante implicit privacy-preserving framework based on data generation,called IMPOSTER.The framework consists of an implicit privacy detection module and an implicit privacy protection module.The former uses normalized mutual information to detect implicit privacy attributes that are strongly related to traditional privacy attributes.Based on the idea of data generation,the latter equips the Generative Adversarial Network(GAN)framework with an additional discriminator,which is used to eliminate the association between traditional privacy attributes and implicit ones.We elaborate a theoretical analysis for the convergence of the framework.Experiments demonstrate that with the learned generator,IMPOSTER can alleviate the disclosure of implicit privacy while maintaining good data utility.展开更多
基金This research was partially supported by the grant from the Hebei Education Department (Q2012131 and SKZD2011113), and the National Natural Science Foundation of China (Grant No. 61070055).
文摘Privacy preservation has recently received considerable attention in location-based services (LBSs). A large number of location cloaking algorithms have been proposed for protecting the location privacy of mobile users. However, most existing cloaking approaches assume that mobile users are trusted. And exact locations are required to protect location privacy, which is exactly the information mobile users want to hide. In this paper, we propose a p-anti-conspiration privacy model to anonymize over semi-honest users. Further- more, two k*NNG-based cloaking algorithms, vk*NNCA and ek*NNCA, are proposed to protect location privacy without exact locations. The efficiency and effectiveness of the pro- posed algorithms are validated by a series of carefully designed experiments. The experimental results show that the price paid for location privacy protection without exact locations is small.
基金supported by the National Key Research and Development Program of China(No.2021YFF0900400).
文摘The popularization of intelligent healthcare devices and big data analytics significantly boosts the development of Smart Healthcare Networks(SHNs).To enhance the precision of diagnosis,different participants in SHNs share health data that contain sensitive information.Therefore,the data exchange process raises privacy concerns,especially when the integration of health data from multiple sources(linkage attack)results in further leakage.Linkage attack is a type of dominant attack in the privacy domain,which can leverage various data sources for private data mining.Furthermore,adversaries launch poisoning attacks to falsify the health data,which leads to misdiagnosing or even physical damage.To protect private health data,we propose a personalized differential privacy model based on the trust levels among users.The trust is evaluated by a defined community density,while the corresponding privacy protection level is mapped to controllable randomized noise constrained by differential privacy.To avoid linkage attacks in personalized differential privacy,we design a noise correlation decoupling mechanism using a Markov stochastic process.In addition,we build the community model on a blockchain,which can mitigate the risk of poisoning attacks during differentially private data transmission over SHNs.Extensive experiments and analysis on real-world datasets have testified the proposed model,and achieved better performance compared with existing research from perspectives of privacy protection and effectiveness.
基金supported in part by the National Key Research and Development Program of China under Grant 2018YFB2100801in part by the National Natural Science Foundation of China(NSFC)under Grant 61972287in part by the Fundamental Research Funds for the Central Universities under Grant 22120210524.
文摘This paper addresses a special and imperceptible class of privacy,called implicit privacy.In contrast to traditional(explicit)privacy,implicit privacy has two essential prop-erties:(1)It is not initially defined as a privacy attribute;(2)it is strongly associated with privacy attributes.In other words,attackers could utilize it to infer privacy attributes with a certain probability,indirectly resulting in the disclosure of private information.To deal with the implicit privacy disclosure problem,we give a measurable definition of implicit privacy,and propose an ex-ante implicit privacy-preserving framework based on data generation,called IMPOSTER.The framework consists of an implicit privacy detection module and an implicit privacy protection module.The former uses normalized mutual information to detect implicit privacy attributes that are strongly related to traditional privacy attributes.Based on the idea of data generation,the latter equips the Generative Adversarial Network(GAN)framework with an additional discriminator,which is used to eliminate the association between traditional privacy attributes and implicit ones.We elaborate a theoretical analysis for the convergence of the framework.Experiments demonstrate that with the learned gen-erator,IMPOSTER can alleviate the disclosure of implicit privacy while maintaining good data utility.
基金Project (No. MOE-INTEL-11-06) supported by the MOE-Intel IT Research Fund of China
文摘Various solutions have been proposed to enable mobile users to access location-based services while preserving their location privacy. Some of these solutions are based on a centralized architecture with the participation of a trustworthy third party, whereas some other approaches are based on a mobile peer-to-peer (P2P) architecture. The former approaches suffer from the scalability problem when networks grow large, while the latter have to endure either low anonymization success rates or high communication overheads. To address these issues, this paper deals with an enhanced dual-active spatial cloaking algorithm (EDA) for preserving location privacy in mobile P2P networks. The proposed EDA allows mobile users to collect and actively disseminate their location information to other users. Moreover, to deal with the challenging characteristics of mobile P2P networks, e.g., constrained network resources and user mobility, EDA enables users (1) to perform a negotiation process to minimize the number of duplicate locations to be shared so as to significantly reduce the communication overhead among users, (2) to predict user locations based on the latest available information so as to eliminate the inaccuracy problem introduced by using some out-of-date locations, and (3) to use a latest-record-highest-priority (LRHP) strategy to reduce the probability of broadcasting fewer useful locations. Extensive simulations are conducted for a range of P2P network scenarios to evaluate the performance of EDA in comparison with the existing solutions. Experimental results demonstrate that the proposed EDA can improve the performance in terms of anonymity and service time with minimized communication overhead.
基金This work was supported in part by the National Natural Science Foundation of China under Grant Nos. U1509213, 61672303, 61370080, the Postdoctoral Science Foundation of China under Grant No. 2013M540323, and the Shanghai Municipal Science and Technology Commission Project under Grant No. 16DZ1100200.
文摘Data security is one of the leading concerns and primary challenges for cloud computing. This issue is getting more and more serious with the development of cloud computing. However, the existing privacy-preserving data sharing techniques either fail to prevent the leakage of privacy or incur huge amounts of information loss. In this paper, we propose a novel technique, termed as linking-based anonymity model, which achieves K-anonymity with quasi-identifiers groups (QI-groups) having a size less than K. In the meanwhile, a semi-homogenous generalization is introduced to be against the attack incurred by homogenous generalization. To implement linking-based anonymization model, we propose a simple yet efficient heuristic local recoding method. Extensive experiments on real datasets are also conducted to show that the utility has been significantly improved by our approach compared with the state-of-the-art methods.
文摘In this paper, we focus on Elliptic Curve Cryptography based approach for Secure Multiparty Computation (SMC) problem. Widespread proliferation of data and the growth of communication technologies have enabled collaborative computations among parties in distributed scenario. Preserving privacy of data owned by parties is crucial in such scenarios. Classical approach to SMC is to perform computation using Trusted Third Party (TTP). However, in practical scenario, TTPs are hard to achieve and it is imperative to eliminate TTP in SMC. In addition, existing solutions proposed for SMC use classical homomorphic encryption schemes such as RSA and Paillier. Due to the higher cost incurred by such cryptosystems, the resultant SMC protocols are not scalable. We propose Elliptic Curve Cryptography (ECC) based approach for SMC that is scalable in terms of computational and communication cost and avoids TTP. In literature, there do exist various ECC based homomorphic schemes and it is imperative to investigate and analyze these schemes in order to select the suitable for a given application. In this paper, we empirically analyze various ECC based homomorphic encryption schemes based on performance metrics such as computational cost and communication cost. We recommend an efficient algorithm amongst several selected ones, that offers security with lesser overheads and can be applied in any application demanding privacy.
基金supported by the Fundamental Research Funds for the Central Universities(No.GK201906009)CERNET Innovation Project(No.NGII20190704)Science and Technology Program of Xi’an City(No.2019216914GXRC005CG006-GXYD5.2).
文摘In recent years,mobile Internet technology and location based services have wide application.Application providers and users have accumulated huge amount of trajectory data.While publishing and analyzing user trajectory data have brought great convenience for people,the disclosure risks of user privacy caused by the trajectory data publishing are also becoming more and more prominent.Traditional k-anonymous trajectory data publishing technologies cannot effectively protect user privacy against attackers with strong background knowledge.For privacy preserving trajectory data publishing,we propose a differential privacy based(k-Ψ)-anonymity method to defend against re-identification and probabilistic inference attack.The proposed method is divided into two phases:in the first phase,a dummy-based(k-Ψ)-anonymous trajectory data publishing algorithm is given,which improves(k-δ)-anonymity by considering changes of thresholdδon different road segments and constructing an adaptive threshold setΨthat takes into account road network information.In the second phase,Laplace noise regarding distance of anonymous locations under differential privacy is used for trajectory perturbation of the anonymous trajectory dataset outputted by the first phase.Experiments on real road network dataset are performed and the results show that the proposed method improves the trajectory indistinguishability and achieves good data utility in condition of preserving user privacy.
基金the National Key Research and Development Program of China under Grant 2018YFB2100801in part by the National Natural Science Foundation of China(NSFC)under Grant 61972287in part by the Fundamental Research Funds for the Central Universities under Grant 22120210524.
文摘This paper addresses a special and imperceptible class of privacy,called implicit privacy.In contrast to traditional(explicit)privacy,implicit privacy has two essential properties:(1)It is not initially de ned as a privacy attribute;(2)it is strongly associated with privacy attributes.In other words,attackers could utilize it to infer privacy attributes with a certain probability,indirectly resulting in the disclosure of private information.To deal with the implicit privacy disclosure problem,we give a measurable de nition of implicit privacy,and propose an ex-ante implicit privacy-preserving framework based on data generation,called IMPOSTER.The framework consists of an implicit privacy detection module and an implicit privacy protection module.The former uses normalized mutual information to detect implicit privacy attributes that are strongly related to traditional privacy attributes.Based on the idea of data generation,the latter equips the Generative Adversarial Network(GAN)framework with an additional discriminator,which is used to eliminate the association between traditional privacy attributes and implicit ones.We elaborate a theoretical analysis for the convergence of the framework.Experiments demonstrate that with the learned generator,IMPOSTER can alleviate the disclosure of implicit privacy while maintaining good data utility.
