Establishing Trust Through Anonymous and Private Information Exchange Over Personal Networks

Security and privacy in Personal Networks constitute a major challenge for designers and implementers. The deployment of novel services over a collaborative environment where users share their resources and profiles create higher demands on security and privacy requirements. In this paper, the authors address the issue of privacy-enabled, secure personal information exchange among participants of a Personal Networks federation, in order to establish trust. The paper proposes a novel model based on the separation of user ID information from personal preferences and user status information. The proposed model is able to ensure privacy through anonymity over personal data exchange, while it incorporates mechanisms for the detection and confronting of malicious behavior, and resilience against attacks. A proof of concept based on an actual implementation is provided. Further, discussion is presented on the issues that need to be tackled in order to incorporate the proposed model in a standard PN architecture.     

基于信任授权的模糊访问控制模型

在开放式信息系统中,访问控制是保证信息系统安全的一项重要措施。传统访问控制模型在授权过程中没有考虑主体的信任度和权限集合划分等问题。文中引入模糊逻辑的思想,提出了基于信任授权的模糊访问控制模型,运用模糊综合评判法计算出主体在开放式信息系统中的信任度,并建立模糊控制规则,通过模糊判决自动授予主体相应的权限,使其能够更好的满足开放式信息系统中访问控制的要求。     

TC-BAC: A trust and centrality degree based access control model in wireless sensor networks

Access control is one of the major security concerns for wireless sensor networks. However, applying conventional access control models that rely on the central Certificate Authority and sophisticated cryptographic algorithms to wireless sensor networks poses new challenges as wireless sensor networks are highly distributed and resource-constrained. In this paper, a distributed and fine-grained access control model based on the trust and centrality degree is proposed (TC-BAC). Our design uses the combination of trust and risk to grant access control. To meet the security requirements of an access control system with the absence of Certificate Authority, a distributed trust mechanism is developed to allow access of a trusted node to a network. Then, centrality degree is used to assess the risk factor of a node and award the access, which can reduce the risk ratio of the access control scheme and provide a certain protection level. Finally, our design also takes multi-domain access control into account and solves this problem by utilizing a mapping mechanism and group access policies. We show with simulation that TC-BAC can achieve both the intended level of security and high efficiency suitable for wireless sensor networks.     

PriMa: a comprehensive approach to privacy protection in social network sites

With social networks (SNs) allowing their users to host large amounts of personal data on their platforms, privacy protection mechanisms are becoming increasingly important. The current privacy protection mechanisms offered by SNs mostly enforce access control policies based on users’ privacy settings. The task of setting privacy preferences may be tedious and confusing for the average user, who has hundreds of connections (e.g., acquaintances, colleagues, friends, etc.) and maintains an extensive profile on his main SN. Hence, users often end up with policies that do not sufficiently protect their personal information, thus facilitating potential privacy breaches and information misuse. In this paper, we propose PriMa (Privacy Manager), a privacy protection mechanism that supports semiautomated generation of access rules for users’ profile information, filling the gap between the privacy management needs of SN users and the existing SNs’ privacy protection mechanisms. PriMa access rules are generated using a multicriteria algorithm, so as to account for an extensive set of criteria to be considered when dealing with access control in SN sites. The resulting rules are simple yet powerful specifications, indicating the adequate level of protection for each user, and are dynamically adapted to the ever-changing requirements of the users’ preferences and SN configuration. We have implemented PriMa on a Drupal platform and as a third-party Facebook application. We have evaluated the performance of the PriMa application with respect to access rule generation.     

A semantic context exchange process for the federated management of the future internet

In the Future Internet, federations are set up to cope with the stringent quality requirements of services. While a federated solution offers advantages in terms of scalability, it complicates the exchange of context (e.g. Quality of Service information of services) between federated nodes, as each node requires context to perform management tasks. In this article, we propose a context exchange process that automates the context communication between nodes. A scalable approach is proposed that is able to quickly react to local context updates, while maintaining a high level of expressivity to define relationships between federation partners. We distinguish between the context exchange inside an administrative domain, which focuses on scalability, and the context exchange between federation partners, which emphasizes the trust relationships between partners. In both cases, the process allows defining which context needs to be exchanged when and from where. Inside an administrative domain, a combination of RDF and SPARQL rules are used. This allows modeling the contextual requirements of management algorithms and automatically requesting remote context, only when it is necessary for the management algorithms to proceed. Between domains, an OWL‐based approach is used, which allows describing the complex relationships between federation partners. Triggered by the intra‐domain context exchange process, the contextual capabilities are communicated and refined through policies. Both type of processes are evaluated. The results show that they can infer which context is needed in a timely and scalable manner. As such, it outperforms approaches where context is broadcast both in required bandwidth and end‐to‐end delay. Copyright © 2013 John Wiley & Sons, Ltd.     

Adaptive and dual data-communication trust scheme for clustered wireless sensor networks

In wireless sensor networks, trust management schemes are designed to preserve them against misbehavior of malicious sensor nodes. These schemes observe the behavior of nodes, check their conformity to what is expected, compute and assign them trust values, and avoid any interaction with untrustworthy nodes. In this paper, we introduce Adaptive and dual Data-Communication Trust scheme (ADCT) for clustered wireless sensor networks to effectively deal with untrustworthy nodes. Unlike prior works, we propose an adaptive trust function to assess the direct trust between nodes according to the application’s requirement in terms of trust severity. We also consider data trust to cope with untrustworthy nodes during the data collection despite their communication capabilities. Moreover, we use the duality data-communication trust to deal with untrustworthy recommendations when building cluster-member’s feedback at the cluster-head level. Theoretical analysis and simulation show that the trust mechanism presented in this paper provides a better cooperation with the same or even lower communication overhead compared to the latest trust management schemes proposed for clustered wireless sensor networks.     

Access Control Policy Analysis and Access Denial Method for Cloud Services

Personal cloud computing is an emerging trend in the computer industry. For a sustainable service, cloud computing services must control user access. The essential business characteristics of cloud computing are payment status and service level agreement. This work proposes a novel access control method for personal cloud service business. The proposed method sets metadata, policy analysis rules, and access denying rules. Metadata define the structure of access control policies and user requirements for cloud services. The policy analysis rules are used to compare conflicts and redundancies between access control policies. The access denying rules apply policies for inhibiting inappropriate access. The ontology is a theoretical foundation of this method. In this work, ontologies for payment status, access permission, service level, and the cloud provide semantic information needed to execute rules. A scenario of personal data backup cloud service is also provided in this work. This work potentially provides cloud service providers with a convenient method of controlling user access according to changeable business and marketing strategies.     

Enhancing Privacy and Authorization Control Scalability in the Grid Through Ontologies

The use of data Grids for sharing relevant data has proven to be successful in many research disciplines. However, the use of these environments when personal data are involved (such as in health) is reduced due to its lack of trust. There are many approaches that provide encrypted storages and key shares to prevent the access from unauthorized users. However, these approaches are additional layers that should be managed along with the authorization policies. We present in this paper a privacy-enhancing technique that uses encryption and relates to the structure of the data and their organizations, providing a natural way to propagate authorization and also a framework that fits with many use cases. The paper describes the architecture and processes, and also shows results obtained in a medical imaging platform.     

TRSF:一种移动存储设备主动防护框架

 移动存储设备属于被动设备,其安全防护往往依赖于终端系统的安全机制,在提供安全性的同时会降低系统可用性.本文提出了一种基于可信虚拟域的移动存储设备结构框架TRSF(Trusted Removable Storage Framework)实现存储设备的主动防护.TRSF将智能卡芯片和动态隔离机制绑定到存储设备中,并由片上操作系统构建从底层可信平台模块到隔离运行环境的可信数据通道,从而为移动存储设备在非可信终端系统中被非可信进程访问和使用提供一个可信虚拟环境.最后基于TRSF实现了一款主动安全U盘UTrustDisk.与没有增加主动防护机制相比,增加该机制导致平均读写性能开销分别增加了7.5%和11.5%.     

Game theoretic modeling of security and trust relationship in cyberspace

Today, online network services have evolved as the highest‐emergent medium, enabling various online activities to be lucrative. However, these lucrative activities also bring new forms of privacy threats to the community. In a reliable e‐business service, users should be able to trust the providers of the service to protect their customers' privacy. The service providers should not risk the personal and private information about their customers in cyberspace. There is an economic gain for a business provider when users trust the service provider. Despite those benefits, cyber security concern is the main reason some large organization may go bankrupted. Unfortunately, attackers may attempt to breach a provider's database and expose customers' private information. Therefore, in this paper, we propose a game theoretic framework for security and trust relationship in cyberspace for users, service providers, and attackers. Mathematical proofs and evaluations support our model. Service providers may use the model to see how important and dissuasive against attackers is when investing in cybersecurity. Copyright © 2016 John Wiley & Sons, Ltd.     

欧美个人信息保护政策的分歧与妥协以及对我国的启示

作为两个世界上最有影响力的个人信息保护政策模式,欧盟和美国不遗余力地传播符合他们价值和利益的政策体系。在分析欧美的政策分歧和妥协的基础上,提出制定并改善我国的个人信息保护政策的建议,在我国个人信息保护立法过程中,建立基本价值立场、完整机构,以及跨境数据的保护政策。     

CPFinder: Finding an unknown caller's profession from anonymized mobile phone data

Identifying an unfamiliar caller's profession is important to protect citizens' personal safety and property. Owing to the limited data protection of various popular online services in some countries, such as taxi hailing and ordering takeouts, many users presently encounter an increasing number of phone calls from strangers. The situation may be aggravated when criminals pretend to be such service delivery staff, threatening the user individuals as well as the society. In addition, numerous people experience excessive digital marketing and fraudulent phone calls because of personal information leakage. However, previous works on malicious call detection only focused on binary classification, which does not work for the identification of multiple professions. We observed that web service requests issued from users' mobile phones might exhibit their application preferences, spatial and temporal patterns, and other profession-related information. This offers researchers and engineers a hint to identify unfamiliar callers. In fact, some previous works already leveraged raw data from mobile phones (which includes sensitive information) for personality studies. However, accessing users' mobile phone raw data may violate the more and more strict private data protection policies and regulations (e.g., General Data Protection Regulation). We observe that appropriate statistical methods can offer an effective means to eliminate private information and preserve personal characteristics, thus enabling the identification of the types of mobile phone callers without privacy concerns. In this paper, we develop CPFinder —- a system that exploits privacy-preserving mobile data to automatically identify callers who are divided into four categories of users: taxi drivers, delivery and takeouts staffs, telemarketers and fraudsters, and normal users (other professions). Our evaluation of an anonymized dataset of 1,282 users over a period of 3 months in Shanghai City shows that the CPFinder can achieve accuracies of more than 75.0% and 92.4% for multiclass and binary classifications, respectively.     

Homonymous role in role‐based discretionary access control

The access control model is a core aspect of trusted information systems. Based on the role based access control (RBAC) model, we put forward the concept of the homonymous role, which extends the role control categories in RBAC, balances the control granularity and the storage space requirements, and executes the fine‐grained access control. Instead of the traditional global access control policies (GACP), we propose the homonymous control domain (HCD) mechanism to enable the coexistence of multiple types of access control policies in a single system, thereby improving the control granularity and flexibility. The HCD mechanism facilitates the discretionary supporting of independent access control policies for its homonymous user. The HCD mechanism and the traditional access control mechanism can be linked to construct a two‐layer access control policy mechanism for a system. Notably, we also consider the temporal characteristic in HCD, which is a critical feature of modern access control models. Furthermore, we analyze the conflicts between the HCD and GACP mechanisms. Finally, we design and implement our HCD on FreeBSD to demonstrate the advantages of the two‐layer access control mechanism. Copyright © 2008 John Wiley & Sons, Ltd.     

网格资源访问的一种主观信任机制

针对网格环境资源访问过程中的信任问题,为避免主观随意性,提出了基于贝叶斯函数的信任机制,通过判断并使用推荐能力最强的中间节点作为推荐者,搜索出对资源节点的信任链路,使用贝叶斯函数对由信任链路得到的资源节点的每种属性进行综合判断,最终确定是否访问该资源节点,模拟实验结果表明该信任模型的有效性.     

基于信任的企业信息系统访问控制研究

随着企业规模的不断扩大及信息化水平的不断提高,越来越多的企业采用信息系统提升其竞争力。针对企业信息系统不能对访问用户进行动态授权的问题,文中提出了一种基于信任的企业信息系统访问控制机制,根据用户行为对用户信任度进行评估,参照用户信任度对用户进行动态授权,对访问企业信息系统的用户权限进行动态控制,提高了企业信息系统的安全性。     

基于属性披露的移动信任协商方案

针对移动环境下使用传统信任协商方案存在的通信开销、存储开销及计算开销大的问题,提出一种基于属性披露的移动信任协商方案,协商时双方首先交换包含加密属性的信任证,并根据对对方的信任度评估,预先选择性地显露证书中的某些敏感属性,之后再根据协商策略多次交换属性加密密钥,逐步向对方显示自己的属性,从而完成协商过程。通过具体的应用实例说明方案的实现过程,方案性能分析表明该方案高效可行。     

Personal Data Use and Morality in the E-Business Environment

This paper deals with personal data use by firms in the e-business environment from the viewpoint of business administration and information ethics. Whereas the tremendous development of information and communication technology (ICT) has made it easier for firms to acquire, store, share,and utilise personal data on their customers, firms that use personal data are exposed to risks related to privacy issues. Since individuals fear the invasion of their privacy, the failure of a firm to appear or remain trustworthy would make it difficult for it to maintain accurate, up-to-date databases and to construct desirable business processes, which would affect the bottom line. Therefore, modem firms should do what they can to ensure that their customers trust them. For them, one promising way to remain trustworthy is to behave as a moral agent. Although it is difficult for any firm to meet the conditions necessary to be a moral agent, competence in behaving as a moral agent is a hard-to-imitate capability of firms for which personal data use is vital for enjoying the benefits of business relationships in the e-business environment.     

IP2DM: integrated privacy‐preserving data management architecture for smart grid V2G networks

With the development of battery vehicles, vehicle‐to‐grid (V2G) networks are becoming more and more important in smart grid. Although battery vehicles are environmentally friendly and flexible to use two‐way communication and two‐way electricity flow, they also raise privacy‐preservation challenges, such as location and movement privacy. On the one hand, utility companies have to monitor the grid and analyze user data to control the power production, distribution, scheduling, and billing process, while typical users need to access their data later online. On the other hand, users are not willing to provide their personal data because they do not trust the system security of the utility companies where their data stored, and it may potentially expose their privacy. Therefore, in this paper, we study data management of V2G networks in smart grid with privacy‐preservation to benefit both the customers and the utility companies. Both data aggregation and data publication of V2G networks are protected in the proposed architecture. To check its security, we analyze this architecture in several typical V2G networks attacks. We conduct several experiments to show that the proposed architecture is effective and efficient, and it can enhance user privacy protection while providing enough information for utility companies to analyze and monitor the grid. Copyright © 2016 John Wiley & Sons, Ltd.     

Data Protection and Data Sharing in Telematics

Automotive telematics may be defined as the information-intensive applications enabled for vehicles by a combination of telecommunications and computing technology. Telematics by its nature requires the capture, storage, and exchange of sensor data to obtain remote services. Such data likely include personal, sensitive information, which require proper handling to protect the driver's privacy. Some existing approaches focus on protecting privacy through anonymous interactions or by stopping information flow altogether. We complement these by concentrating instead on giving different stakeholders control over data sharing and use. In this paper, we identify several data protection challenges specifically related to the automotive telematics domain, and propose a general data protection framework to address some of those challenges. The framework enables data aggregation before data is released to service providers, which minimizes the disclosure of privacy sensitive information. We have implemented the core component, the privacy engine, to help users manage their privacy policies and to authorize data requests based on policy matching. The policy manager provides a flexible privacy policy model that allows data subjects to express rich constraint-based policies, including event-based, and spatio-temporal constraints. Thus, the policy engine can decide on a large number of requests without user assistance and causes no interruptions while driving. A performance study indicates that the overhead is stable with an increasing number of data subjects.     

De l’utilité d’une carte d’identité électronique pour sécuriser le monde numérique

The increase of identity theft and illegal access to data threatens heavily the trust in the digital world. Passwords fail to protect efficiently online services which create value by handling personal data or privacy information, such as e-government or financial services. eID cards are identity cards supporting a chip with a personal authentication key and a certificate. Already in use in several European countries, they are a secure and user-friendly means to prove one’s identity in the digital world, at low cost, and for all applications. These cards do not increase the threat to privacy, such as tracking, divulgation of privacy data, or the constitution of illegal databases, compared to traditional authentication means.