Privacy protection in pervasive systems: State of the art and technical challenges

Pervasive and mobile computing applications are dramatically increasing the amount of personal data released to service providers as well as to third parties. Data includes geographical and indoor positions of individuals, their movement patterns as well as sensor-acquired data that may reveal individuals’ physical conditions, habits, and, in general, information that may lead to undesired consequences like unsolicited advertisement or more serious ones like discrimination and stalking.In this survey paper, at first we consider representative classes of pervasive applications, and identify the requirements they impose in terms of privacy and trade-off with service quality. Then, we review the most prominent privacy preservation approaches, we discuss and summarize them in terms of the requirements.Finally, we take a more holistic view of the privacy problem by discussing other aspects that turn out to be crucial for the widespread adoption of privacy enhancing technologies. We discuss technical challenges like the need for tools augmenting the awareness of individuals and to capture their privacy preferences, as well as legal and economic challenges. Indeed, on one side privacy solutions must comply to ethical and legal requirements, and not prevent profitable business models, while on the other side it is unlikely that privacy preserving solutions will become practical and effective without new regulations.     

A novel electronic cash system with trustee-based anonymity revocation from pairing

Untraceable electronic cash is an attractive payment tool for electronic-commerce because its anonymity property can ensure the privacy of payers. However, this anonymity property is easily abused by criminals. In this paper, several recent untraceable e-cash systems are examined. Most of these provide identity revealing only when the e-cash is double spent. Only two of these systems can disclose the identity whenever there is a need, and only these two systems can prevent crime. We propose a novel e-cash system based on identity-based bilinear pairing to create an anonymity revocation function. We construct an identity-based blind signature scheme, in which a bank can blindly sign on a message containing a trustee-approved token that includes the user’s identity. On demand, the trustee can disclose the identity for e-cash using only one symmetric operation. Our scheme is the first attempt to incorporate mutual authentication and key agreement into e-cash protocols. This allows the proposed system to attain improvement in communication efficiency when compared to previous works.     

Opacity of discrete event systems and its applications

In this paper, we investigate opacity of discrete event systems. We define two types of opacities: strong opacity and weak opacity. Given a general observation mapping, a language is strongly opaque if all strings in the language are confused with some strings in another language and it is weakly opaque if some strings in the language are confused with some strings in another language. We show that security and privacy of computer systems and communication protocols can be investigated in terms of opacity. In particular, two important properties in security and privacy, namely anonymity and secrecy, can be studied as special cases of opacity. We also show that by properly specifying the languages and the observation mapping, three important properties of discrete event systems, namely observability, diagnosability, and detectability, can all be reformulated as opacity. Thus, opacity has a wide range of applications. Also in this paper we provide algorithms for checking strong opacity and weak opacity for systems described by regular languages and having a generalized projection as the observation mapping.     

Formal anonymity models for efficient privacy-preserving joins

Organizations, such as federally-funded medical research centers, must share de-identified data on their consumers to publicly accessible repositories to adhere to regulatory requirements. Many repositories are managed by third-parties and it is often unknown if records received from disparate organizations correspond to the same individual. Failure to resolve this issue can lead to biased (e.g., double counting of identical records) and underpowered (e.g., unlinked records of different data types) investigations. In this paper, we present a secure multiparty computation protocol that enables record joins via consumers’ encrypted identifiers. Our solution is more practical than prior secure join models in that data holders need to interact with the third party one time per data submission. Though technically feasible, the speed of the basic protocol scales quadratically with the number of records. Thus, we introduce an extended version of our protocol in which data holders append k-anonymous features of their consumers to their encrypted submissions. These features facilitate a more efficient join computation, while providing a formal guarantee that each record is linkable to no less than k individuals in the union of all organizations’ consumers. Beyond a theoretical treatment of the problem, we provide an extensive experimental investigation with data derived from the US Census to illustrate the significant gains in efficiency such an approach can achieve.     

Identity construction on Facebook: Digital empowerment in anchored relationships

Early research on online self-presentation mostly focused on identity constructions in anonymous online environments. Such studies found that individuals tended to engage in role-play games and anti-normative behaviors in the online world. More recent studies have examined identity performance in less anonymous online settings such as Internet dating sites and reported different findings. The present study investigates identity construction on Facebook, a newly emerged nonymous online environment. Based on content analysis of 63 Facebook accounts, we find that the identities produced in this nonymous environment differ from those constructed in the anonymous online environments previously reported. Facebook users predominantly claim their identities implicitly rather than explicitly; they “show rather than tell” and stress group and consumer identities over personally narrated ones. The characteristics of such identities are described and the implications of this finding are discussed.     

Shadow attacks on users’ anonymity in pervasive computing environments

Privacy preserving technologies are likely to become an essential component of adaptive services in pervasive and mobile computing. Although privacy issues have been studied for a long time in computer science as well as in other fields, most studies are focused on the release of data from large repositories. Mobile and pervasive computing pose new challenges, requiring specific formal models for attacks and new privacy preserving techniques. This paper considers a specific pervasive computing scenario, and shows that the application of state-of-the-art techniques for the anonymization of service requests is insufficient to protect the privacy of users. A specific class of attacks, called shadow attacks, is formally defined and a defense technique is proposed. This defense is formally proved to be correct, and its effectiveness is validated by extensive experiments in a simulated environment.     

智能卡与信息高速公路的数据库

介绍一种用智能卡访问信息高速公路中匿名和可认证数据库的机制。     

A NEW ANONYMITY CONTROLLED E－CASH SCHEME

E-cash is a type of very important electronic payment systems.The complete anonymity of E-cash can be used for criminal activities,so E-cash should be anonymity controlled.Moreover,Elliptic Curve Cryptography(ECC)has been regard as the mainstream of current public cryptography.In this paper,a new anonymity controlled E-cash scheme based on ECC for the first time and using a new technology-one-time key pairs digital signature is designed,and its security and efficiency are analyzed.In our scheme,the coin tracing ,and owner tracing can be implemented.     

Lee-Chang及派生类群签名方案的安全性分析

1998年Lee和Chang提出了一种基于离散对数问题的非交互的群签名方案。Tseng-Jan；李、张、刘、杨；敖、陈、自分别给出了改进方案。该文指出Lee—Chang方案及所有派生类方案都不具备防伪造性。它们都可以用类似的伪造签名方法，产生一个不可跟踪的群签名。