The increasing reliance on interconnected Internet of Things(IoT)devices has amplified the demand for robust anonymization strategies to protect device identities and ensure secure communication.However,traditional an...The increasing reliance on interconnected Internet of Things(IoT)devices has amplified the demand for robust anonymization strategies to protect device identities and ensure secure communication.However,traditional anonymization methods for IoT networks often rely on static identity models,making them vulnerable to inference attacks through long-term observation.Moreover,these methods tend to sacrifice data availability to protect privacy,limiting their practicality in real-world applications.To overcome these limitations,we propose a dynamic device identity anonymization framework using Moving Target Defense(MTD)principles implemented via Software-Defined Networking(SDN).In our model,the SDN controller periodically reconfigures the network addresses and routes of IoT devices using a constraint-aware backtracking algorithmthat constructs new virtual topologies under connectivity and performance constraints.This address-hopping scheme introduces continuous unpredictability at the network layer dynamically changing device identifiers,routing paths,and even network topology which thwarts attacker reconnaissance while preserving normal communication.Experimental results demonstrate that our approach significantly reduces device identity exposure and scan success rates for attackers compared to static networks.Moreover,the dynamic schememaintains high data availability and network performance.Under attack conditions it reduced average communication delay by approximately 60% vs.an unprotected network,with minimal overhead on system resources.展开更多
Participatory sensing systems are designed to enable community people to collect, analyze, and share information for their mutual benefit in a cost-effective way. The apparently insensitive information transmitted in ...Participatory sensing systems are designed to enable community people to collect, analyze, and share information for their mutual benefit in a cost-effective way. The apparently insensitive information transmitted in plaintext through the inexpensive infrastructure can be used by an eavesdrop-per to infer some sensitive information and threaten the privacy of the partic-ipating users. Participation of users cannot be ensured without assuring the privacy of the participants. Existing techniques add some uncertainty to the actual observation to achieve anonymity which, however, diminishes data quality/utility to an unacceptable extent. The subset-coding based anonymiza-tion technique, DGAS [LCN 16] provides the desired level of privacy. In this research, our objective is to overcome this limitation and design a scheme with broader applicability. We have developed a computationally efficient sub-set-coding scheme and also present a multi-dimensional anonymization tech-nique that anonymizes multiple properties of user observation, e.g. both loca-tion and product association of an observer in the context of consumer price sharing application. To the best of our knowledge, it is the first work which supports multi-dimensional anonymization in PSS. This paper also presents an in-depth analysis of adversary threats considering collusion of adversaries and different report interception patterns. Theoretical analysis, comprehensive simulation, and Android prototype based experiments are carried out to estab-lish the applicability of the proposed scheme. Also, the adversary capability is simulated to prove our scheme’s effectiveness against privacy risk.展开更多
In the era of big data,the growing number of real-time data streams often contains a lot of sensitive privacy information.Releasing or sharing this data directly without processing will lead to serious privacy informa...In the era of big data,the growing number of real-time data streams often contains a lot of sensitive privacy information.Releasing or sharing this data directly without processing will lead to serious privacy information leakage.This poses a great challenge to conventional privacy protection mechanisms(CPPM).The existing data partitioning methods ignore the number of data replications and information exchanges,resulting in complex distance calculations and inefficient indexing for high-dimensional data.Therefore,CPPM often fails to meet the stringent requirements of efficiency and reliability,especially in dynamic spatiotemporal environments.Addressing this concern,we proposed the Principal Component Enhanced Vantage-point tree(PEV-Tree),which is an enhanced data structure based on the idea of dimension reduction,and constructed a Distributed Spatio-Temporal Privacy Preservation Mechanism(DST-PPM)on it.In this work,principal component analysis and the vantage tree are used to establish the PEV-Tree.In addition,we designed three distributed anonymization algorithms for data streams.These algorithms are named CK-AA,CL-DA,and CT-CA,fulfill the anonymization rules of K-Anonymity,L-Diversity,and T-Closeness,respectively,which have different computational complexities and reliabilities.The higher the complexity,the lower the risk of privacy leakage.DST-PPM can reduce the dimension of high-dimensional information while preserving data characteristics and dividing the data space into vantage points based on distance.It effectively enhances the data processing workflow and increases algorithmefficiency.To verify the validity of the method in this paper,we conducted empirical tests of CK-AA,CL-DA,and CT-CA on conventional datasets and the PEV-Tree,respectively.Based on the big data background of the Internet of Vehicles,we conducted experiments using artificial simulated on-board network data.The results demonstrated that the operational efficiency of the CK-AA,CL-DA,and CT-CA is enhanced by 15.12%,24.55%,and 52.74%,respectively,when deployed on the PEV-Tree.Simultaneously,during homogeneity attacks,the probabilities of information leakage were reduced by 2.31%,1.76%,and 0.19%,respectively.Furthermore,these algorithms showcased superior utility(scalability)when executed across PEV-Trees of varying scales in comparison to their performance on conventional data structures.It indicates that DST-PPM offers marked advantages over CPPM in terms of efficiency,reliability,and scalability.展开更多
With the advancing of location-detection technologies and the increasing popularity of mobile phones and other location-aware devices,trajectory data is continuously growing.While large-scale trajectories provide oppo...With the advancing of location-detection technologies and the increasing popularity of mobile phones and other location-aware devices,trajectory data is continuously growing.While large-scale trajectories provide opportunities for various applications,the locations in trajectories pose a threat to individual privacy.Recently,there has been an interesting debate on the reidentifiability of individuals in the Science magazine.The main finding of Sánchez et al.is exactly opposite to that of De Montjoye et al.,which raises the first question:"what is the true situation of the privacy preservation for trajectories in terms of reidentification?''Furthermore,it is known that anonymization typically causes a decline of data utility,and anonymization mechanisms need to consider the trade-off between privacy and utility.This raises the second question:"what is the true situation of the utility of anonymized trajectories?''To answer these two questions,we conduct a systematic experimental study,using three real-life trajectory datasets,five existing anonymization mechanisms(i.e.,identifier anonymization,grid-based anonymization,dummy trajectories,k-anonymity andε-differential privacy),and two practical applications(i.e.,travel time estimation and window range queries).Our findings reveal the true situation of the privacy preservation for trajectories in terms of reidentification and the true situation of the utility of anonymized trajectories,and essentially close the debate between De Montjoye et al.and Sánchez et al.To the best of our knowledge,this study is among the first systematic evaluation and analysis of anonymized trajectories on the individual privacy in terms of unicity and on the utility in terms of practical applications.展开更多
The prevalence of missing values in the data streams collected in real environments makes them impossible to ignore in the privacy preservation of data streams.However,the development of most privacy preservation meth...The prevalence of missing values in the data streams collected in real environments makes them impossible to ignore in the privacy preservation of data streams.However,the development of most privacy preservation methods does not consider missing values.A few researches allow them to participate in data anonymization but introduce extra considerable information loss.To balance the utility and privacy preservation of incomplete data streams,we present a utility-enhanced approach for Incomplete Data strEam Anonymization(IDEA).In this approach,a slide-window-based processing framework is introduced to anonymize data streams continuously,in which each tuple can be output with clustering or anonymized clusters.We consider the dimensions of attribute and tuple as the similarity measurement,which enables the clustering between incomplete records and complete records and generates the cluster with minimal information loss.To avoid the missing value pollution,we propose a generalization method that is based on maybe match for generalizing incomplete data.The experiments conducted on real datasets show that the proposed approach can efficiently anonymize incomplete data streams while effectively preserving utility.展开更多
Taxation,the primary source of fiscal revenue,has profound implications in guiding resource allocation,promoting economic growth,adjusting social wealth distribution,and enhancing cultural influence.The development of...Taxation,the primary source of fiscal revenue,has profound implications in guiding resource allocation,promoting economic growth,adjusting social wealth distribution,and enhancing cultural influence.The development of e-taxation provides a enhanced security for taxation,but it still faces the risk of inefficiency and tax data leakage.As a decentralized ledger,blockchain provides an effective solution for protecting tax data and avoiding tax-related errors and fraud.The introduction of blockchain into e-taxation protocols can ensure the public verification of taxes.However,balancing taxpayer identity privacy with regulation remains a challenge.In this paper,we propose a blockchain-based anonymous and regulatory e-taxation protocol.This protocol ensures the supervision and tracking of malicious taxpayers while maintaining honest taxpayer identity privacy,reduces the storage needs for public key certificates in the public key infrastructure,and enables selfcertification of taxpayers’public keys and addresses.We formalize the security model of unforgeability for transactions,anonymity for honest taxpayers,and traceability for malicious taxpayers.Security analysis shows that the proposed protocol satisfies unforgeability,anonymity,and traceability.The experimental results of time consumption show that the protocol is feasible in practical applications.展开更多
Attribute-based encryption(ABE)is a cryptographic framework that provides flexible access control by allowing encryption based on user attributes.ABE is widely applied in cloud storage,file sharing,e-Health,and digita...Attribute-based encryption(ABE)is a cryptographic framework that provides flexible access control by allowing encryption based on user attributes.ABE is widely applied in cloud storage,file sharing,e-Health,and digital rightsmanagement.ABE schemes rely on hard cryptographic assumptions such as pairings and others(pairingfree)to ensure their security against external and internal attacks.Internal attacks are carried out by authorized users who misuse their access to compromise security with potentially malicious intent.One common internal attack is the attribute collusion attack,in which users with different attribute keys collaborate to decrypt data they could not individually access.This paper focuses on the ciphertext-policy ABE(CP-ABE),a type of ABE where ciphertexts are produced with access policies.Our firstwork is to carry out the attribute collusion attack against several existing pairingfree CP-ABE schemes.As a main contribution,we introduce a novel attack,termed the anonymous key-leakage attack,concerning the context in which users could anonymously publish their secret keys associated with certain attributes on public platforms without the risk of detection.This kind of internal attack has not been defined or investigated in the literature.We then show that several prominent pairing-based CP-ABE schemes are vulnerable to this attack.We believe that this work will contribute to helping the community evaluate suitable CP-ABE schemes for secure deployment in real-life applications.展开更多
Dynamic publishing of social network graphs offers insights into user behavior but brings privacy risks, notably re-identification attacks on evolving data snapshots. Existing methods based on -anonymity can mitigate ...Dynamic publishing of social network graphs offers insights into user behavior but brings privacy risks, notably re-identification attacks on evolving data snapshots. Existing methods based on -anonymity can mitigate these attacks but are cumbersome, neglect dynamic protection of community structure, and lack precise utility measures. To address these challenges, we present a dynamic social network graph anonymity scheme with community structure protection (DSNGA-CSP), which achieves the dynamic anonymization process by incorporating community detection. First, DSNGA-CSP categorizes communities of the original graph into three types at each timestamp, and only partitions community subgraphs for a specific category at each updated timestamp. Then, DSNGA-CSP achieves intra-community and inter-community anonymization separately to retain more of the community structure of the original graph at each timestamp. It anonymizes community subgraphs by the proposed novel -composition method and anonymizes inter-community edges by edge isomorphism. Finally, a novel information loss metric is introduced in DSNGA-CSP to precisely capture the utility of the anonymized graph through original information preservation and anonymous information changes. Extensive experiments conducted on five real-world datasets demonstrate that DSNGA-CSP consistently outperforms existing methods, providing a more effective balance between privacy and utility. Specifically, DSNGA-CSP shows an average utility improvement of approximately 30% compared to TAKG and CTKGA for three dynamic graph datasets, according to the proposed information loss metric IL.展开更多
The rapid development of the industrial internet of things(IIoT)has brought huge benefits to factories equipped with IIoT technology,each of which represents an IIoT domain.More and more domains are choosing to cooper...The rapid development of the industrial internet of things(IIoT)has brought huge benefits to factories equipped with IIoT technology,each of which represents an IIoT domain.More and more domains are choosing to cooperate with each other to produce better products for greater profits.Therefore,in order to protect the security and privacy of IIoT devices in cross-domain communication,lots of cross-domain authentication schemes have been proposed.However,most schemes expose the domain to which the IIoT device belongs,or introduce a single point of failure in multi-domain cooperation,thus introducing unpredictable risks to each domain.We propose a more secure and efficient domain-level anonymous cross-domain authentication(DLCA)scheme based on alliance blockchain.The proposed scheme uses group signatures with decentralized tracing technology to provide domain-level anonymity to each IIoT device and allow the public to trace the real identity of the malicious pseudonym.In addition,DLCA takes into account the limited resource characteristics of IIoT devices to design an efficient cross-domain authentication protocol.Security analysis and performance evaluation show that the proposed scheme can be effectively used in the cross-domain authentication scenario of industrial internet of things.展开更多
With the increase in IoT(Internet of Things)devices comes an inherent challenge of security.In the world today,privacy is the prime concern of every individual.Preserving one’s privacy and keeping anonymity throughou...With the increase in IoT(Internet of Things)devices comes an inherent challenge of security.In the world today,privacy is the prime concern of every individual.Preserving one’s privacy and keeping anonymity throughout the system is a desired functionality that does not come without inevitable trade-offs like scalability and increased complexity and is always exceedingly difficult to manage.The challenge is keeping confidentiality and continuing to make the person innominate throughout the system.To address this,we present our proposed architecture where we manage IoT devices using blockchain technology.Our proposed architecture works on and off blockchain integrated with the closed-circuit television(CCTV)security camera fixed at the rental property.In this framework,the CCTV security camera feed is redirected towards the owner and renter based on the smart contract conditions.One entity(owner or renter)can see the CCTV security camera feed at one time.There is no third-party dependence except for the CCTV security camera deployment phase.Our contributions include the proposition of framework architecture,a novel smart contract algorithm,and the modification to the ring signatures leveraging an existing cryptographic technique.Analyses are made based on different systems’security and key management areas.In an empirical study,our proposed algorithm performed better in key generation,proof generation,and verification times.By comparing similar existing schemes,we have shown the proposed architectures’advantages.Until now,we have developed this system for a specific area in the real world.However,this system is scalable and applicable to other areas like healthcare monitoring systems,which is part of our future work.展开更多
Zero trust architecture is an end-to-end approach for server resources and data security which contains identity authentication,access control,dynamic evaluation,and so on.This work focuses on authentication technolog...Zero trust architecture is an end-to-end approach for server resources and data security which contains identity authentication,access control,dynamic evaluation,and so on.This work focuses on authentication technology in the zero trust network.In this paper,a Traceable Universal Designated Verifier Signature(TUDVS) is used to construct a privacy-preserving authentication scheme for zero trust architecture.Specifically,when a client requests access to server resources,we want to protect the client's access privacy which means that the server administrator cannot disclose the client's access behavior to any third party.In addition,the security of the proposed scheme is proved and its efficiency is analyzed.Finally,TUDVS is applied to the single packet authorization scenario of the zero trust architecture to prove the practicability of the proposed scheme.展开更多
The“Momo Army”is an anonymous group on social media platforms like Douban and Xiaohongshu.It uses similar avatars and nicknames to demonstrate collective identity and engage in group interactions.This group rapidly ...The“Momo Army”is an anonymous group on social media platforms like Douban and Xiaohongshu.It uses similar avatars and nicknames to demonstrate collective identity and engage in group interactions.This group rapidly forms a strong network of interaction,establishing stable group relationships,and achieving digital invisibility.However,anonymous groups conceal anonymous violence and cyberbullying,negatively affecting individuals and society.This study will explore the reasons for the emergence of such groups,self-presented characteristics of their group members,and social impacts.It will conduct in-depth research and analysis through participant observation and interviews.展开更多
This paper aims to find a practical way of quantitatively representing the privacy of network data. A method of quantifying the privacy of network data anonymization based on similarity distance and entropy in the sce...This paper aims to find a practical way of quantitatively representing the privacy of network data. A method of quantifying the privacy of network data anonymization based on similarity distance and entropy in the scenario involving multiparty network data sharing with Trusted Third Party (TTP) is proposed. Simulations are then conducted using network data from different sources, and show that the measurement indicators defined in this paper can adequately quantify the privacy of the network. In particular, it can indicate the effect of the auxiliary information of the adversary on privacy.展开更多
As technology develops,the amount of information being used has increased a lot.Every company learns big data to provide customized services with its customers.Accordingly,collecting and analyzing data of the data sub...As technology develops,the amount of information being used has increased a lot.Every company learns big data to provide customized services with its customers.Accordingly,collecting and analyzing data of the data subject has become one of the core competencies of the companies.However,when collecting and using it,the authority of the data subject may be violated.The data often identifies its subject by itself,and even if it is not a personal information that infringes on an individual’s authority,the moment it is connected,it becomes important and sensitive personal information that we have never thought of.Therefore,recent privacy regulations such as GDPR(GeneralData ProtectionRegulation)are changing to guarantee more rights of the data subjects.To use data effectively without infringing on the rights of the data subject,the concept of de-identification has been created.Researchers and companies can make personal information less identifiable through appropriate de-identification/pseudonymization and use the data for the purpose of statistical research.De-identification/pseudonymization techniques have been studied a lot,but it is difficult for companies and researchers to know how to de-identify/pseudonymize data.It is difficult to clearly understand how and to what extent each organization should take deidentification measures.Currently,each organization does not systematically analyze and conduct the situation but only takes minimal action while looking at the guidelines distributed by each country.We solved this problem from the perspective of risk management.Several steps are required to secure the dataset starting from pre-processing to releasing the dataset.We can analyze the dataset,analyze the risk,evaluate the risk,and treat the risk appropriately.The outcomes of each step can then be used to take appropriate action on the dataset to eliminate or reduce its risk.Then,we can release the dataset under its own purpose.These series of processes were reconstructed to fit the current situation by analyzing various standards such as ISO/IEC(International Organization for Standardization/International Electrotechnical Commission)20889,NIST IR(National Institute of Standards and Technology Interagency Reports)8053,NIST SP(National Institute of Standards and Technology Special Publications)800-188,and ITU-T(International Telecommunications Union-Telecommunication)X.1148.We propose an integrated framework based on situational awareness model and risk management model.We found that this framework can be specialized for multiple domains,and it is useful because it is based on a variety of case and utility-based ROI calculations.展开更多
Developing a privacy-preserving data publishing algorithm that stops individuals from disclosing their identities while not ignoring data utility remains an important goal to achieve.Because finding the trade-off betw...Developing a privacy-preserving data publishing algorithm that stops individuals from disclosing their identities while not ignoring data utility remains an important goal to achieve.Because finding the trade-off between data privacy and data utility is an NP-hard problem and also a current research area.When existing approaches are investigated,one of the most significant difficulties discovered is the presence of outlier data in the datasets.Outlier data has a negative impact on data utility.Furthermore,k-anonymity algorithms,which are commonly used in the literature,do not provide adequate protection against outlier data.In this study,a new data anonymization algorithm is devised and tested for boosting data utility by incorporating an outlier data detection mechanism into the Mondrian algorithm.The connectivity-based outlier factor(COF)algorithm is used to detect outliers.Mondrian is selected because of its capacity to anonymize multidimensional data while meeting the needs of real-world data.COF,on the other hand,is used to discover outliers in high-dimensional datasets with complicated structures.The proposed algorithm generates more equivalence classes than the Mondrian algorithm and provides greater data utility than previous algorithms based on k-anonymization.In addition,it outperforms other algorithms in the discernibility metric(DM),normalized average equivalence class size(Cavg),global certainty penalty(GCP),query error rate,classification accuracy(CA),and F-measure metrics.Moreover,the increase in the values of theGCPand error ratemetrics demonstrates that the proposed algorithm facilitates obtaining higher data utility by grouping closer data points when compared to other algorithms.展开更多
Publishing big data and making it accessible to researchers is important for knowledge building as it helps in applying highly efficient methods to plan,conduct,and assess scientific research.However,publishing and pr...Publishing big data and making it accessible to researchers is important for knowledge building as it helps in applying highly efficient methods to plan,conduct,and assess scientific research.However,publishing and processing big data poses a privacy concern related to protecting individuals’sensitive information while maintaining the usability of the published data.Several anonymization methods,such as slicing and merging,have been designed as solutions to the privacy concerns for publishing big data.However,the major drawback of merging and slicing is the random permutation procedure,which does not always guarantee complete protection against attribute or membership disclosure.Moreover,merging procedures may generatemany fake tuples,leading to a loss of data utility and subsequent erroneous knowledge extraction.This study therefore proposes a slicingbased enhanced method for privacy-preserving big data publishing while maintaining the data utility.In particular,the proposed method distributes the data into horizontal and vertical partitions.The lower and upper protection levels are then used to identify the unique and identical attributes’values.The unique and identical attributes are swapped to ensure the published big data is protected from disclosure risks.The outcome of the experiments demonstrates that the proposed method could maintain data utility and provide stronger privacy preservation.展开更多
Recently,many data anonymization methods have been proposed to protect privacy in the applications of data mining.But few of them have considered the threats from user's priori knowledge of data patterns.To solve ...Recently,many data anonymization methods have been proposed to protect privacy in the applications of data mining.But few of them have considered the threats from user's priori knowledge of data patterns.To solve this problem,a flexible method was proposed to randomize the dataset,so that the user could hardly obtain the sensitive data even knowing data relationships in advance.The method also achieves a high level of accuracy in the mining process as demonstrated in the experiments.展开更多
Irreproducibility of research causes a major concern in academia.This concern affects all study designs regardless of scientific fields.Without testing the reproducibility and replicability it is almost impossible to ...Irreproducibility of research causes a major concern in academia.This concern affects all study designs regardless of scientific fields.Without testing the reproducibility and replicability it is almost impossible to repeat the research and to gain the same or similar results.In addition,irreproducibility limits the translation of research findings into practice where the same results are expected.To find the solutions,the Interacademy Partnership for Health gathered academics from established networks of science,medicine and engineering around a table to introduce seven strategies that can enhance the reproducibility:pre-registration,open methods,open data,collaboration,automation,reporting guidelines,and post-publication reviews.The current editorial discusses the generalisability and practicality of these strategies to systematic reviews and claims that systematic reviews have even a greater potential than other research designs to lead the movement toward the reproducibility of research.Moreover,I discuss the potential of reproducibility,on the other hand,to upgrade the systematic review from review to research.Furthermore,there are references to the successful and ongoing practices from collaborative efforts around the world to encourage the systematic reviewers,the journal editors and publishers,the organizations linked to evidence synthesis,and the funders and policy makers to facilitate this movement and to gain the public trust in research.展开更多
Biological residual materials can be obtained from surgical activities or from pathological waste material collected for analysis and stored in formalin. This material can be stored in biobanks with the purpose of fut...Biological residual materials can be obtained from surgical activities or from pathological waste material collected for analysis and stored in formalin. This material can be stored in biobanks with the purpose of future research. Formalin-fixed tissue and also formalin-fixed paraffin embedded tissues are not suitable for all kinds of genetic studies on DNA or RNA, as formalin solution is well known for damaging nucleic acids. Therefore, for the purpose of conducting genetic studies, samples should be frozen in order to maintain a good quality of DNA/RNA over time Biobanks, in which waste samples are frozen, are undoubtedly expensive to maintain; however, it could be useful and important to consider their possible implication in particular research, regarding for example the tumor cells growth process, or when the procurement of samples is difficult. Regarding the relationship between informed consent and tissue collection, storage and research, two choices are possible: irreversible or reversible sample anonymization. These procedures involve different approaches and possible solutions that we will seek to define. Also, an important ethical aspect in regard to the role of biobanks is encouraging sample donation. For donors, seeing human sample being kept rather than discarded and seeing them become useful for research highlight the importance of the human body and improve the attitude towards donation. This process might also facilitate the giving of informed consent more trustfully and willingly.展开更多
基金supported by the National Key Research and Development Program of China(Project No.2022YFB3104300).
文摘The increasing reliance on interconnected Internet of Things(IoT)devices has amplified the demand for robust anonymization strategies to protect device identities and ensure secure communication.However,traditional anonymization methods for IoT networks often rely on static identity models,making them vulnerable to inference attacks through long-term observation.Moreover,these methods tend to sacrifice data availability to protect privacy,limiting their practicality in real-world applications.To overcome these limitations,we propose a dynamic device identity anonymization framework using Moving Target Defense(MTD)principles implemented via Software-Defined Networking(SDN).In our model,the SDN controller periodically reconfigures the network addresses and routes of IoT devices using a constraint-aware backtracking algorithmthat constructs new virtual topologies under connectivity and performance constraints.This address-hopping scheme introduces continuous unpredictability at the network layer dynamically changing device identifiers,routing paths,and even network topology which thwarts attacker reconnaissance while preserving normal communication.Experimental results demonstrate that our approach significantly reduces device identity exposure and scan success rates for attackers compared to static networks.Moreover,the dynamic schememaintains high data availability and network performance.Under attack conditions it reduced average communication delay by approximately 60% vs.an unprotected network,with minimal overhead on system resources.
文摘Participatory sensing systems are designed to enable community people to collect, analyze, and share information for their mutual benefit in a cost-effective way. The apparently insensitive information transmitted in plaintext through the inexpensive infrastructure can be used by an eavesdrop-per to infer some sensitive information and threaten the privacy of the partic-ipating users. Participation of users cannot be ensured without assuring the privacy of the participants. Existing techniques add some uncertainty to the actual observation to achieve anonymity which, however, diminishes data quality/utility to an unacceptable extent. The subset-coding based anonymiza-tion technique, DGAS [LCN 16] provides the desired level of privacy. In this research, our objective is to overcome this limitation and design a scheme with broader applicability. We have developed a computationally efficient sub-set-coding scheme and also present a multi-dimensional anonymization tech-nique that anonymizes multiple properties of user observation, e.g. both loca-tion and product association of an observer in the context of consumer price sharing application. To the best of our knowledge, it is the first work which supports multi-dimensional anonymization in PSS. This paper also presents an in-depth analysis of adversary threats considering collusion of adversaries and different report interception patterns. Theoretical analysis, comprehensive simulation, and Android prototype based experiments are carried out to estab-lish the applicability of the proposed scheme. Also, the adversary capability is simulated to prove our scheme’s effectiveness against privacy risk.
基金supported by the Natural Science Foundation of Sichuan Province(No.2024NSFSC1450)the Fundamental Research Funds for the Central Universities(No.SCU2024D012)the Science and Engineering Connotation Development Project of Sichuan University(No.2020SCUNG129).
文摘In the era of big data,the growing number of real-time data streams often contains a lot of sensitive privacy information.Releasing or sharing this data directly without processing will lead to serious privacy information leakage.This poses a great challenge to conventional privacy protection mechanisms(CPPM).The existing data partitioning methods ignore the number of data replications and information exchanges,resulting in complex distance calculations and inefficient indexing for high-dimensional data.Therefore,CPPM often fails to meet the stringent requirements of efficiency and reliability,especially in dynamic spatiotemporal environments.Addressing this concern,we proposed the Principal Component Enhanced Vantage-point tree(PEV-Tree),which is an enhanced data structure based on the idea of dimension reduction,and constructed a Distributed Spatio-Temporal Privacy Preservation Mechanism(DST-PPM)on it.In this work,principal component analysis and the vantage tree are used to establish the PEV-Tree.In addition,we designed three distributed anonymization algorithms for data streams.These algorithms are named CK-AA,CL-DA,and CT-CA,fulfill the anonymization rules of K-Anonymity,L-Diversity,and T-Closeness,respectively,which have different computational complexities and reliabilities.The higher the complexity,the lower the risk of privacy leakage.DST-PPM can reduce the dimension of high-dimensional information while preserving data characteristics and dividing the data space into vantage points based on distance.It effectively enhances the data processing workflow and increases algorithmefficiency.To verify the validity of the method in this paper,we conducted empirical tests of CK-AA,CL-DA,and CT-CA on conventional datasets and the PEV-Tree,respectively.Based on the big data background of the Internet of Vehicles,we conducted experiments using artificial simulated on-board network data.The results demonstrated that the operational efficiency of the CK-AA,CL-DA,and CT-CA is enhanced by 15.12%,24.55%,and 52.74%,respectively,when deployed on the PEV-Tree.Simultaneously,during homogeneity attacks,the probabilities of information leakage were reduced by 2.31%,1.76%,and 0.19%,respectively.Furthermore,these algorithms showcased superior utility(scalability)when executed across PEV-Trees of varying scales in comparison to their performance on conventional data structures.It indicates that DST-PPM offers marked advantages over CPPM in terms of efficiency,reliability,and scalability.
基金This work was partially supported by the National Natural Science Foundation of China under Grant Nos.61925203 and 62172024Beijing Advanced Innovation Center for Future Blockchain and Privacy Computing。
文摘With the advancing of location-detection technologies and the increasing popularity of mobile phones and other location-aware devices,trajectory data is continuously growing.While large-scale trajectories provide opportunities for various applications,the locations in trajectories pose a threat to individual privacy.Recently,there has been an interesting debate on the reidentifiability of individuals in the Science magazine.The main finding of Sánchez et al.is exactly opposite to that of De Montjoye et al.,which raises the first question:"what is the true situation of the privacy preservation for trajectories in terms of reidentification?''Furthermore,it is known that anonymization typically causes a decline of data utility,and anonymization mechanisms need to consider the trade-off between privacy and utility.This raises the second question:"what is the true situation of the utility of anonymized trajectories?''To answer these two questions,we conduct a systematic experimental study,using three real-life trajectory datasets,five existing anonymization mechanisms(i.e.,identifier anonymization,grid-based anonymization,dummy trajectories,k-anonymity andε-differential privacy),and two practical applications(i.e.,travel time estimation and window range queries).Our findings reveal the true situation of the privacy preservation for trajectories in terms of reidentification and the true situation of the utility of anonymized trajectories,and essentially close the debate between De Montjoye et al.and Sánchez et al.To the best of our knowledge,this study is among the first systematic evaluation and analysis of anonymized trajectories on the individual privacy in terms of unicity and on the utility in terms of practical applications.
基金supported by the National Natural Science Foundation of China (Nos. U19A2081 and 61802270)the Fundamental Research Funds for the Central Universities (No. 2020SCUNG129)。
文摘The prevalence of missing values in the data streams collected in real environments makes them impossible to ignore in the privacy preservation of data streams.However,the development of most privacy preservation methods does not consider missing values.A few researches allow them to participate in data anonymization but introduce extra considerable information loss.To balance the utility and privacy preservation of incomplete data streams,we present a utility-enhanced approach for Incomplete Data strEam Anonymization(IDEA).In this approach,a slide-window-based processing framework is introduced to anonymize data streams continuously,in which each tuple can be output with clustering or anonymized clusters.We consider the dimensions of attribute and tuple as the similarity measurement,which enables the clustering between incomplete records and complete records and generates the cluster with minimal information loss.To avoid the missing value pollution,we propose a generalization method that is based on maybe match for generalizing incomplete data.The experiments conducted on real datasets show that the proposed approach can efficiently anonymize incomplete data streams while effectively preserving utility.
文摘Taxation,the primary source of fiscal revenue,has profound implications in guiding resource allocation,promoting economic growth,adjusting social wealth distribution,and enhancing cultural influence.The development of e-taxation provides a enhanced security for taxation,but it still faces the risk of inefficiency and tax data leakage.As a decentralized ledger,blockchain provides an effective solution for protecting tax data and avoiding tax-related errors and fraud.The introduction of blockchain into e-taxation protocols can ensure the public verification of taxes.However,balancing taxpayer identity privacy with regulation remains a challenge.In this paper,we propose a blockchain-based anonymous and regulatory e-taxation protocol.This protocol ensures the supervision and tracking of malicious taxpayers while maintaining honest taxpayer identity privacy,reduces the storage needs for public key certificates in the public key infrastructure,and enables selfcertification of taxpayers’public keys and addresses.We formalize the security model of unforgeability for transactions,anonymity for honest taxpayers,and traceability for malicious taxpayers.Security analysis shows that the proposed protocol satisfies unforgeability,anonymity,and traceability.The experimental results of time consumption show that the protocol is feasible in practical applications.
文摘Attribute-based encryption(ABE)is a cryptographic framework that provides flexible access control by allowing encryption based on user attributes.ABE is widely applied in cloud storage,file sharing,e-Health,and digital rightsmanagement.ABE schemes rely on hard cryptographic assumptions such as pairings and others(pairingfree)to ensure their security against external and internal attacks.Internal attacks are carried out by authorized users who misuse their access to compromise security with potentially malicious intent.One common internal attack is the attribute collusion attack,in which users with different attribute keys collaborate to decrypt data they could not individually access.This paper focuses on the ciphertext-policy ABE(CP-ABE),a type of ABE where ciphertexts are produced with access policies.Our firstwork is to carry out the attribute collusion attack against several existing pairingfree CP-ABE schemes.As a main contribution,we introduce a novel attack,termed the anonymous key-leakage attack,concerning the context in which users could anonymously publish their secret keys associated with certain attributes on public platforms without the risk of detection.This kind of internal attack has not been defined or investigated in the literature.We then show that several prominent pairing-based CP-ABE schemes are vulnerable to this attack.We believe that this work will contribute to helping the community evaluate suitable CP-ABE schemes for secure deployment in real-life applications.
基金supported by the Natural Science Foundation of China(No.U22A2099)the Innovation Project of Guangxi Graduate Education(YCBZ2023130).
文摘Dynamic publishing of social network graphs offers insights into user behavior but brings privacy risks, notably re-identification attacks on evolving data snapshots. Existing methods based on -anonymity can mitigate these attacks but are cumbersome, neglect dynamic protection of community structure, and lack precise utility measures. To address these challenges, we present a dynamic social network graph anonymity scheme with community structure protection (DSNGA-CSP), which achieves the dynamic anonymization process by incorporating community detection. First, DSNGA-CSP categorizes communities of the original graph into three types at each timestamp, and only partitions community subgraphs for a specific category at each updated timestamp. Then, DSNGA-CSP achieves intra-community and inter-community anonymization separately to retain more of the community structure of the original graph at each timestamp. It anonymizes community subgraphs by the proposed novel -composition method and anonymizes inter-community edges by edge isomorphism. Finally, a novel information loss metric is introduced in DSNGA-CSP to precisely capture the utility of the anonymized graph through original information preservation and anonymous information changes. Extensive experiments conducted on five real-world datasets demonstrate that DSNGA-CSP consistently outperforms existing methods, providing a more effective balance between privacy and utility. Specifically, DSNGA-CSP shows an average utility improvement of approximately 30% compared to TAKG and CTKGA for three dynamic graph datasets, according to the proposed information loss metric IL.
文摘The rapid development of the industrial internet of things(IIoT)has brought huge benefits to factories equipped with IIoT technology,each of which represents an IIoT domain.More and more domains are choosing to cooperate with each other to produce better products for greater profits.Therefore,in order to protect the security and privacy of IIoT devices in cross-domain communication,lots of cross-domain authentication schemes have been proposed.However,most schemes expose the domain to which the IIoT device belongs,or introduce a single point of failure in multi-domain cooperation,thus introducing unpredictable risks to each domain.We propose a more secure and efficient domain-level anonymous cross-domain authentication(DLCA)scheme based on alliance blockchain.The proposed scheme uses group signatures with decentralized tracing technology to provide domain-level anonymity to each IIoT device and allow the public to trace the real identity of the malicious pseudonym.In addition,DLCA takes into account the limited resource characteristics of IIoT devices to design an efficient cross-domain authentication protocol.Security analysis and performance evaluation show that the proposed scheme can be effectively used in the cross-domain authentication scenario of industrial internet of things.
基金This work was supported by Institute of Information&Communications Technology Planning&Evaluation(IITP)under the Artificial Intelligence Convergence Innovation Human Resources Development(IITP-2023-RS-2023-00255968)Grantthe ITRC(Information Technology Research Center)Support Program(IITP-2021-0-02051)funded by theKorea government(MSIT).
文摘With the increase in IoT(Internet of Things)devices comes an inherent challenge of security.In the world today,privacy is the prime concern of every individual.Preserving one’s privacy and keeping anonymity throughout the system is a desired functionality that does not come without inevitable trade-offs like scalability and increased complexity and is always exceedingly difficult to manage.The challenge is keeping confidentiality and continuing to make the person innominate throughout the system.To address this,we present our proposed architecture where we manage IoT devices using blockchain technology.Our proposed architecture works on and off blockchain integrated with the closed-circuit television(CCTV)security camera fixed at the rental property.In this framework,the CCTV security camera feed is redirected towards the owner and renter based on the smart contract conditions.One entity(owner or renter)can see the CCTV security camera feed at one time.There is no third-party dependence except for the CCTV security camera deployment phase.Our contributions include the proposition of framework architecture,a novel smart contract algorithm,and the modification to the ring signatures leveraging an existing cryptographic technique.Analyses are made based on different systems’security and key management areas.In an empirical study,our proposed algorithm performed better in key generation,proof generation,and verification times.By comparing similar existing schemes,we have shown the proposed architectures’advantages.Until now,we have developed this system for a specific area in the real world.However,this system is scalable and applicable to other areas like healthcare monitoring systems,which is part of our future work.
基金supported in part by the National Natural Science Foundation of China(No.61702067)in part by the Natural Science Foundation of Chongqing(No.cstc2020jcyj-msxmX0343).
文摘Zero trust architecture is an end-to-end approach for server resources and data security which contains identity authentication,access control,dynamic evaluation,and so on.This work focuses on authentication technology in the zero trust network.In this paper,a Traceable Universal Designated Verifier Signature(TUDVS) is used to construct a privacy-preserving authentication scheme for zero trust architecture.Specifically,when a client requests access to server resources,we want to protect the client's access privacy which means that the server administrator cannot disclose the client's access behavior to any third party.In addition,the security of the proposed scheme is proved and its efficiency is analyzed.Finally,TUDVS is applied to the single packet authorization scenario of the zero trust architecture to prove the practicability of the proposed scheme.
文摘The“Momo Army”is an anonymous group on social media platforms like Douban and Xiaohongshu.It uses similar avatars and nicknames to demonstrate collective identity and engage in group interactions.This group rapidly forms a strong network of interaction,establishing stable group relationships,and achieving digital invisibility.However,anonymous groups conceal anonymous violence and cyberbullying,negatively affecting individuals and society.This study will explore the reasons for the emergence of such groups,self-presented characteristics of their group members,and social impacts.It will conduct in-depth research and analysis through participant observation and interviews.
基金supported by the National Key Basic Research Program of China (973 Program) under Grant No. 2009CB320505the Fundamental Research Funds for the Central Universities under Grant No. 2011RC0508+2 种基金the National Natural Science Foundation of China under Grant No. 61003282China Next Generation Internet Project "Research and Trial on Evolving Next Generation Network Intelligence Capability Enhancement"the National Science and Technology Major Project "Research about Architecture of Mobile Internet" under Grant No. 2011ZX03002-001-01
文摘This paper aims to find a practical way of quantitatively representing the privacy of network data. A method of quantifying the privacy of network data anonymization based on similarity distance and entropy in the scenario involving multiparty network data sharing with Trusted Third Party (TTP) is proposed. Simulations are then conducted using network data from different sources, and show that the measurement indicators defined in this paper can adequately quantify the privacy of the network. In particular, it can indicate the effect of the auxiliary information of the adversary on privacy.
文摘As technology develops,the amount of information being used has increased a lot.Every company learns big data to provide customized services with its customers.Accordingly,collecting and analyzing data of the data subject has become one of the core competencies of the companies.However,when collecting and using it,the authority of the data subject may be violated.The data often identifies its subject by itself,and even if it is not a personal information that infringes on an individual’s authority,the moment it is connected,it becomes important and sensitive personal information that we have never thought of.Therefore,recent privacy regulations such as GDPR(GeneralData ProtectionRegulation)are changing to guarantee more rights of the data subjects.To use data effectively without infringing on the rights of the data subject,the concept of de-identification has been created.Researchers and companies can make personal information less identifiable through appropriate de-identification/pseudonymization and use the data for the purpose of statistical research.De-identification/pseudonymization techniques have been studied a lot,but it is difficult for companies and researchers to know how to de-identify/pseudonymize data.It is difficult to clearly understand how and to what extent each organization should take deidentification measures.Currently,each organization does not systematically analyze and conduct the situation but only takes minimal action while looking at the guidelines distributed by each country.We solved this problem from the perspective of risk management.Several steps are required to secure the dataset starting from pre-processing to releasing the dataset.We can analyze the dataset,analyze the risk,evaluate the risk,and treat the risk appropriately.The outcomes of each step can then be used to take appropriate action on the dataset to eliminate or reduce its risk.Then,we can release the dataset under its own purpose.These series of processes were reconstructed to fit the current situation by analyzing various standards such as ISO/IEC(International Organization for Standardization/International Electrotechnical Commission)20889,NIST IR(National Institute of Standards and Technology Interagency Reports)8053,NIST SP(National Institute of Standards and Technology Special Publications)800-188,and ITU-T(International Telecommunications Union-Telecommunication)X.1148.We propose an integrated framework based on situational awareness model and risk management model.We found that this framework can be specialized for multiple domains,and it is useful because it is based on a variety of case and utility-based ROI calculations.
基金supported by the Scientific and Technological Research Council of Turkiye,under Project No.(122E670).
文摘Developing a privacy-preserving data publishing algorithm that stops individuals from disclosing their identities while not ignoring data utility remains an important goal to achieve.Because finding the trade-off between data privacy and data utility is an NP-hard problem and also a current research area.When existing approaches are investigated,one of the most significant difficulties discovered is the presence of outlier data in the datasets.Outlier data has a negative impact on data utility.Furthermore,k-anonymity algorithms,which are commonly used in the literature,do not provide adequate protection against outlier data.In this study,a new data anonymization algorithm is devised and tested for boosting data utility by incorporating an outlier data detection mechanism into the Mondrian algorithm.The connectivity-based outlier factor(COF)algorithm is used to detect outliers.Mondrian is selected because of its capacity to anonymize multidimensional data while meeting the needs of real-world data.COF,on the other hand,is used to discover outliers in high-dimensional datasets with complicated structures.The proposed algorithm generates more equivalence classes than the Mondrian algorithm and provides greater data utility than previous algorithms based on k-anonymization.In addition,it outperforms other algorithms in the discernibility metric(DM),normalized average equivalence class size(Cavg),global certainty penalty(GCP),query error rate,classification accuracy(CA),and F-measure metrics.Moreover,the increase in the values of theGCPand error ratemetrics demonstrates that the proposed algorithm facilitates obtaining higher data utility by grouping closer data points when compared to other algorithms.
基金This work was supported by Postgraduate Research Grants Scheme(PGRS)with Grant No.PGRS190360.
文摘Publishing big data and making it accessible to researchers is important for knowledge building as it helps in applying highly efficient methods to plan,conduct,and assess scientific research.However,publishing and processing big data poses a privacy concern related to protecting individuals’sensitive information while maintaining the usability of the published data.Several anonymization methods,such as slicing and merging,have been designed as solutions to the privacy concerns for publishing big data.However,the major drawback of merging and slicing is the random permutation procedure,which does not always guarantee complete protection against attribute or membership disclosure.Moreover,merging procedures may generatemany fake tuples,leading to a loss of data utility and subsequent erroneous knowledge extraction.This study therefore proposes a slicingbased enhanced method for privacy-preserving big data publishing while maintaining the data utility.In particular,the proposed method distributes the data into horizontal and vertical partitions.The lower and upper protection levels are then used to identify the unique and identical attributes’values.The unique and identical attributes are swapped to ensure the published big data is protected from disclosure risks.The outcome of the experiments demonstrates that the proposed method could maintain data utility and provide stronger privacy preservation.
文摘Recently,many data anonymization methods have been proposed to protect privacy in the applications of data mining.But few of them have considered the threats from user's priori knowledge of data patterns.To solve this problem,a flexible method was proposed to randomize the dataset,so that the user could hardly obtain the sensitive data even knowing data relationships in advance.The method also achieves a high level of accuracy in the mining process as demonstrated in the experiments.
文摘Irreproducibility of research causes a major concern in academia.This concern affects all study designs regardless of scientific fields.Without testing the reproducibility and replicability it is almost impossible to repeat the research and to gain the same or similar results.In addition,irreproducibility limits the translation of research findings into practice where the same results are expected.To find the solutions,the Interacademy Partnership for Health gathered academics from established networks of science,medicine and engineering around a table to introduce seven strategies that can enhance the reproducibility:pre-registration,open methods,open data,collaboration,automation,reporting guidelines,and post-publication reviews.The current editorial discusses the generalisability and practicality of these strategies to systematic reviews and claims that systematic reviews have even a greater potential than other research designs to lead the movement toward the reproducibility of research.Moreover,I discuss the potential of reproducibility,on the other hand,to upgrade the systematic review from review to research.Furthermore,there are references to the successful and ongoing practices from collaborative efforts around the world to encourage the systematic reviewers,the journal editors and publishers,the organizations linked to evidence synthesis,and the funders and policy makers to facilitate this movement and to gain the public trust in research.
文摘Biological residual materials can be obtained from surgical activities or from pathological waste material collected for analysis and stored in formalin. This material can be stored in biobanks with the purpose of future research. Formalin-fixed tissue and also formalin-fixed paraffin embedded tissues are not suitable for all kinds of genetic studies on DNA or RNA, as formalin solution is well known for damaging nucleic acids. Therefore, for the purpose of conducting genetic studies, samples should be frozen in order to maintain a good quality of DNA/RNA over time Biobanks, in which waste samples are frozen, are undoubtedly expensive to maintain; however, it could be useful and important to consider their possible implication in particular research, regarding for example the tumor cells growth process, or when the procurement of samples is difficult. Regarding the relationship between informed consent and tissue collection, storage and research, two choices are possible: irreversible or reversible sample anonymization. These procedures involve different approaches and possible solutions that we will seek to define. Also, an important ethical aspect in regard to the role of biobanks is encouraging sample donation. For donors, seeing human sample being kept rather than discarded and seeing them become useful for research highlight the importance of the human body and improve the attitude towards donation. This process might also facilitate the giving of informed consent more trustfully and willingly.
