Valuating privacy

In several experimental auctions, participants put a dollar value on private information before revealing it to a group. An analysis of results show that a trait's desirability in relation to the group played a key role in the amount people demanded to publicize private information. Because people can easily obtain, aggregate, and disperse personal data electronically, privacy is a central concern in the information age. This concern is clear in relation to financial data and genetic information, both of which can lead to identity abuse and discrimination. However, other relatively harmless information can also be abused, including a person's gender, salary, age, marital status, or shopping preferences. What's unclear is whether it's the fear of such abuse that actually causes people's stated hesitance to reveal their data. Our hypothesis - and the motivation for our study - is that people reveal information when they feel that they're somewhat typical or positively atypical compared to the target group. To test this hypothesis, we conducted experiments that elicit the value people place on their private data. We found, with great significance (more than 95 percent statistical confidence) that a linear relationship exists between an individual's belief about a trait and the value he or she places on it. That is, the less desirable the trait, the greater the price a person demands for releasing the information. Furthermore, we found that small deviations in a socially positive direction are associated with a lower asking price.     

隐私数据验证场景下的隐私保护研究

隐私数据验证场景是信息验证服务下的一类特殊场景,其实用性要求数据在第三方数据库进行存储、发布且有能力处理任意形式声明的验证,其安全性要求数据在存储、更新与证明期间提供有效的隐私保护手段。目前该场景下的隐私保护研究尚且处于空白阶段,因此本文引入可证明数据加密策略的概念,以满足隐私数据验证场景下的实用性与安全性需求。本文主要有三个贡献：（1）对可证明数据加密策略进行讨论并给出形式化定义;（2）基于非交互零知识证明构造出首个可证明数据加密方案,并同时支持高效的数据更新操作;（3）基于承诺方案、非交互零知识证明与全同态加密,提出可证明数据加密策略的两种通用构造框架并给予相关性质证明。     

差分隐私模型的启发式隐私参数设置策略

差分隐私模型是一种强隐私模型,用隐私参数ε度量隐私保护程度及噪声量,近年来成为隐私保护领域的研究热点。但是隐私参数ε的设置只能依赖于实验或专业人士经验,限制了差分隐私模型的使用与推广。针对这个问题,基于(ρ1,ρ2)-隐私模型提出一种启发式的隐私参数ε设置策略（limit privacy breaches in differential privacy,LPBDP）,分析隐私参数ε与(ρ1,ρ2)的内在联系,实现噪声量的添加由(ρ1,ρ2)决定。LPBDP通过如下启发式原则设置隐私参数ε：如果攻击者关于目标受害者的先验概率小于阈值ρ1,攻击者得到差分隐私查询策略返回的加噪结果后,关于目标受害者的后验概率必须小于阈值ρ2。实验表明LPBDP能够更直观地设置隐私参数ε以满足差分隐私约束。     

Towards privacy preserving social recommendation under personalized privacy settings

World Wide Web - Privacy leakage is an important issue for social relationships-based recommender systems (i.e., social recommendation). Existing privacy preserving social recommendation approaches...     

k-匿名下通过本地差分隐私实现位置隐私保护

针对用户位置隐私保护过程中攻击者利用背景知识等信息发起攻击的问题,提出一种面向移动终端的位置隐私保护方法。该方案通过利用k-匿名和本地差分隐私技术进行用户位置保护,保证隐私和效用的权衡。结合背景知识构造匿名集,通过改进的Hilbert曲线对k-匿名集进行分割,使用本地差分隐私算法RAPPOR扰动划分后的位置集,最后将生成的位置集发送给位置服务提供商获取服务。在真实数据集上与已有的方案从用户位置保护、位置可用性和时间开销方面进行对比,实验结果显示,所提方案在确保LBS服务质量的同时,也增强了位置隐私保护的程度。     

基于差分隐私的数据匿名化隐私保护方法

在保护数据隐私的匿名技术中,为解决匿名安全性不足的问题,即匿名过程中因计算等价类质心遭受同质性和背景知识攻击造成的隐私泄漏,提出了一种基于差分隐私的数据匿名化隐私保护方法,构建了基于差分隐私的数据匿名化隐私保护模型;在利用微聚集MDAV算法划分相似等价类并在匿名属性过程中引入SuLQ框架设计得到ε-MDAV算法,同时选用Laplace实现机制合理控制隐私保护预算。通过对比不同隐私保护预算下可用性和安全性的变化,验证了该方法可以在保证数据高可用性的前提下有效地提升数据的安全性能。     

PrivSem: Protecting location privacy using semantic and differential privacy

World Wide Web - In this paper, we address the problem of users’ location privacy preservation on road networks. Most existing privacy preservation techniques rely on structure-based spatial...     

强制数据隐私和用户隐私的外包数据库服务研究*

外包数据库中的数据隐私和用户隐私保护是现代外包数据库服务面临的新挑战,针对目前外包数据库服务中单方面考虑数据隐私保护或用户隐私保护技术难以同时满足外包数据库安全需求的不足,提出一种可同时强制数据隐私和用户隐私保护的外包数据库服务模型,采用属性分解和部分属性加密技术,基于结合准标志集自动检测技术的近似算法实现外包数据的最小加密属性分解,同时把密码学应用于辅助随机服务器协议,以实现数据库访问时的用户隐私保护。理论分析和实验结果表明,该模型可以提供有效的数据隐私保护和查询处理,以及较好的用户隐私保护计算复杂度。     

基于用户相关性的差分隐私轨迹隐私保护方案

在使用位置查询服务时需要提供用户真实位置信息,导致用户信息泄露。大部分研究只针对单个用户的隐私保护,而忽略了多用户之间的相关性。针对轨迹隐私保护中多用户相关性的问题,提出了一种基于用户相关性的差分隐私轨迹隐私保护方案。首先,构建历史轨迹树,利用变阶马尔可夫模型预测用户轨迹,从轨迹集合中生成一组高可用性的轨迹数据集;其次,根据用户轨迹之间的相关性获取一组关联性较低的预测轨迹集;最后,通过自定义隐私预算的方法,根据用户不同的隐私需求动态调整每个位置点的隐私预算并为发布轨迹添加拉普拉斯噪声。实验结果表明：与LPADP算法相比,该算法的执行效率提升了10%~15.9%;与PTPP和LPADP算法相比,该算法的数据可用性提升了11%~16.1%,同时提升了隐私保护程度。     

Information privacy?!

When using the Internet, we reveal much personal information both willingly and indadvertedly. Companies use this information for targeted advertisement and thereby to finance the services they offer to users. The mechanisms used today to protect users’ personal information are lacking resulting in far too frequent privacy and security breaches that put the users at risk. In this article we argue that applications on the Internet should be built with privacy and security as a mandatory requirement, then provide an overview of the state of the art in privacy-enhancing mechanisms, and conclude with a roadmap towards a privacy-enhanced digital world, and pointing out a number of challenges that need to be solved.     

Emerging privacy issues

Because of the essential nature of information in the affairs of society, governments, and institutions, computer- and communications-based systems are creating new aspects of personal privacy threats. Because people and organizations will tend to carry forward established expectations derived from old systems and their characteristics to new systems and their procedures, it can be expected that new privacy threats will frequently not be perceived, (e.g. the transition from physical mail to electronic mail). Moreover, things which are not a privacy threat in the small (e.g. a single telephone number) can pose threats in the large (e.g. a year's worth of telephone billings). The networking of information systems will tend to aggregate information invisibly and create privacy threats (e.g. automatic check verification information blended with financial transaction information). Matching of computer files and the diversification of established industries (e.g. banks providing general accounting services to small business) also will create new dimensions of privacy.The future world will be so tightly stitched together by its information threads that a combination of approaches to protecting privacy will be essential. Technical security safeguards can contribute; privacy laws will surely afford protections. But for some situations, perhaps many, the individual will have to take care of himself. To do so, he will have to be well-informed about information systems and their impact on himself; and he must have a legal standing to recover damages and compel remedial actions by offending organizations.     

Understanding privacy policies

Their is growing recognition that users of web-based systems want to understand, if not control, what customer’s data is stored by whom, for what purpose, for what duration, and with whom it is shared. We inform current language-based privacy efforts with an empirical study of P3P—the W3C domain-specific language for privacy policies. We use methods of software language engineering to study usage profiles, correctness of policies, metrics, cloning, and language extensions. The study supports the conclusion that P3P’s approach to policy validation is too weak to ensure correct use of the language. The study also discovers common, dominating policies, which may suggest a simpler approach to web privacy. Further, the study investigates a range of metrics for policies in an attempt to discover particularly interesting or complex policies. Finally, the study also attempts to discover symptoms of the need for extending the P3P language, but the found results are not conclusive here.