粒子群属性聚类的位置隐私保护

针对基于位置服务中连续查询情况下，用户自身属性信息很容易被攻击者获取，并通过关联获得用户位置隐私的情况，提出了一种利用粒子群聚类加速相似属性用户寻找，并由相似属性匿名实现用户位置泛化的隐私保护方法。该方法利用位置隐私保护中常用的可信中心服务器，通过对发送到中心服务器中的查询信息进行粒子群属性聚类，在聚类的过程中加速相似属性用户的寻找过程，由相似属性用户完成位置泛化，以此实现位置隐私保护。实验结果证明，这种基于粒子群属性聚类的隐私保护方法具有高于同类算法的隐私保护能力，以及更快的计算处理速度。     

新一代意大利建筑师解读兼评阿克雅建筑师事务所的实践

今天,活跃在国际建筑舞台上的建筑师是 50来岁的一代人,与现代主义建筑大师们相比较,这一代建筑师具有更为特殊的位置。因为他们知道如何糅合不同的建筑创作模式,创造出体现设计者独立个性的做法,善于处理历史文化与当前现实的关系,适宜的合作规模和在建筑作品中巧妙地不事张扬。可是,意大利50来岁的建筑师却不知道处理这样一种恰如其分的平衡,例如如何体现设计者建筑语言的肯定性、在合作过程中如何认识自身的位置,以及面对当今复杂的施工要求如何保证建筑作品在实施过程中不失去个性,正是因为这些问题的处理不当,致使在国际建筑舞台上缺少他们的身影。今天,可以肯定的倒是30-40来岁的意大利建筑师,阿克雅建筑师事务所就是其中的一员。他们能够娴熟地运用国际流行的建筑语言,并且不局限在某种作者定式和个人魅力,致力于把纯粹的学术研究与建筑实践结合在一起。这一代意大利建筑师表现出来的特点是把每一次设计作为一次积极展示他们个人特点的机会,表现出强烈的希望设计作品付诸实施的愿望,以及作品中展现出扎实的结构专业能力。     

基于Voronoi图预划分的LBS位置隐私保护方法

为了解决服务器面临大量用户请求时匿名效率下降的问题,分别提出适用于静态用户和动态用户的协作匿名方法。首先基于Voronoi图划分全局区域,再由中心服务器组织本区域内用户实现协作匿名,由于服务器无需为每个用户单独构造匿名区,降低了服务端的负担;针对查询过程中用户提供真实位置信息带来位置隐私泄露的问题,提出了逆向增量近邻查询算法。用户以固定锚点代替真实位置,向位置服务器逐步获取兴趣点候选集并计算出想要的结果,避免位置隐私直接泄漏的同时获取精准查询结果。该算法同时解决了锚点与用户过近而带来的位置隐私被推断问题。实验表明本方法在有效保护用户位置隐私的同时,具有良好的工作效率。     

Impact of anonymity on roles of personal and group identities in online communities

Extant research on the control of anonymous human behavior is inconclusive because of its focus on partial aspects of the self-concept. Multiple self-concepts are usually effective in any given situation. Hence, a holistic approach is preferred over a fragmented picture of the self. We investigate anonymous online communities to determine whether multiple self-concepts concurrently control human behavior.Data were collected from 1453 users through a web-based survey. The results showed that multiple self-concepts concurrently influenced argument quality through group norm conformity, whereas private-self directly influenced argument quality. Furthermore, online anonymity decreased the influence of group identity, contrary to existing assertions.     

Lightweight and provably secure user authentication with anonymity for the global mobility network

Seamless roaming in the global mobility network (GLOMONET) is highly desirable for mobile users, although their proper authentication is challenging. This is because not only are wireless networks susceptible to attacks, but also mobile terminals have limited computational power. Recently, some authentication schemes with anonymity for the GLOMONET have been proposed. This paper shows some security weaknesses in those schemes. Furthermore, a lightweight and provably secure user authentication scheme with anonymity for the GLOMONET is proposed. It uses only symmetric cryptographic and hash operation primitives for secure authentication. Besides, it takes only four message exchanges among the user, foreign agent and home agent. We also demonstrate that this protocol enjoys important security attributes including prevention of various attacks, single registration, user anonymity, user friendly, no password/verifier table, and use of one‐time session key between mobile user and foreign agent. The security properties of the proposed protocol are formally validated by a model checking tool called AVISPA. Furthermore, as one of the new features in our protocol, it can defend smart card security breaches. Copyright © 2010 John Wiley & Sons, Ltd.     

Cryptanalysis of Hsiang‐Shih's authentication scheme for multi‐server architecture

From user point of view, password‐based remote user authentication technique is one of the most convenient and easy‐to‐use mechanisms to provide necessary security on system access. As the number of computer crimes in modern cyberspace has increased dramatically, the robustness of password‐based authentication schemes has been investigated by industries and organizations in recent years. In this paper, a well‐designed password‐based authentication protocol for multi‐server communication environment, introduced by Hsiang and Shih, is evaluated. Our security analysis indicates that their scheme is insecure against session key disclosure, server spoofing attack, and replay attack and behavior denial. Copyright © 2010 John Wiley & Sons, Ltd.     

An Improved User Authentication and Key Agreement Scheme Providing User Anonymity

When accessing remote services over public networks, a user authentication mechanism is required because these activities are executed in an insecure communication environment. Recently, Wang et al. proposed an authentication and key agreement scheme preserving the privacy of secret keys and providing user anonymity. Later, Chang et al. indicated that their scheme suffers from two security flaws. First, it cannot resist DoS (denial-of-service) attack because the indicators for the next session are not consistent. Second, the user password may be modified by a malicious attacker because no authentication mechanism is applied before the user password is updated. To eliminate the security flaws and preserve the advantages of Wang et al.'s scheme, we propose an improvement in this paper.     

A New Anonymity Model for Privacy-Preserving Data Publishing

Privacy-preserving data publishing （PPDP） is one of the hot issues in the field of the network security. The existing PPDP technique cannot deal with generality attacks, which explicitly contain the sensitivity attack and the similarity attack. This paper proposes a novel model, （w,γ, k）-anonymity, to avoid generality attacks on both cases of numeric and categorical attributes. We show that the optimal （w, γ, k）-anonymity problem is NP-hard and conduct the Top-down Local recoding （TDL） algorithm to implement the model. Our experiments validate the improvement of our model with real data.     

网络中多敏感属性数据发布隐私保护研究

随着网络技术的快速发展,许多社会网站被创建和使用,使得关于个人的社会网络信息大量被收集和发布.为了保证个人隐私的安全,本文提出了一个新的集值属性(k,l)anonymity隐私原则,开发了一个满足这个隐私原则的隐私算法来高效地处理集值属性数据流.并通过实验进行了验证本算法的高效率和有效性.     

Cryptanalysis and improvement of ‘a robust smart‐card‐based remote user password authentication scheme’

With the use of smart card in user authentication mechanisms, the concept of two‐factor authentication came into existence. This was a forward move towards more secure and reliable user authentication systems. It elevated the security level by requiring a user to possess something in addition to know something. In 2010, Sood et al. and Song independently examined a smart‐card‐based authentication scheme proposed by Xu et al. They showed that in the scheme of Xu et al., an internal user of the system can turn hostile to impersonate other users of the system. Both of them also proposed schemes to improve the scheme of Xu et al. Recently, Chen et al. identified some security problems in the improved schemes proposed by Sood et al. and Song. To fix these problems, Chen et al. presented another scheme, which they claimed to provide mutual authentication and withstand lost smart card attack. Undoubtedly, in their scheme, a user can also verify the legitimacy of server, but we find that the scheme fails to resist impersonation attacks and privileged insider attack. We also show that the scheme does not provide important features such as user anonymity, confidentiality to air messages, and revocation of lost/stolen smart card. Besides, the scheme defies the very purpose of two‐factor security. Furthermore, an attacker can guess a user's password from his or her lost/stolen smart card. To meet these challenges, we propose a user authentication method with user anonymity. We show through analysis and comparison that the proposed scheme exhibits enhanced efficiency in contrast to related schemes, including the scheme of Chen et al. Copyright © 2013 John Wiley & Sons, Ltd.