一种基于行为链的Android应用隐私窃取检测方法

本文针对Android应用中普遍存在的用户隐私窃取问题,提出了基于行为链的应用隐私窃取行为检测方法,该方法能细粒度地定位Android应用中存在的信息泄露源和信息泄露点,利用WxShall算法快速计算信息泄漏源和信息泄露点之间的可达性,自动化地追踪Android应用中存在的隐私信息传递路径,实现了对Android应用中隐私窃取行为的完整检测和分析.对1259款应用检测结果表明,本方法正确性超过95.1%,算法复杂度仅为WarShall算法的5.45%,检测效果优于Androgurad 和Kirin.     

网络健康社区的用户隐私问题研究

Web 2.0时代信息更加开放,但是却隐藏着网络信息隐私泄露的风险。文章分析了网络健康社区的用户隐私内容和用户隐私泄露的方式,最终提出一种综合的用户隐私保护方案,从法律、技术、个人隐私保护意识3方面着手加强用户隐私保护。     

网络隐私泄露容忍度与运营商的隐私保护实践

为帮助电信运营商更合理的利用用户信息资源、有的放矢的保护用户隐私,文章借鉴风险容忍度的理论研究提出网络隐私泄露容忍度的概念,并采用调查问卷法对网络隐私泄露容忍度进行了测量。依据测量结果与文章对国内外网络隐私保护举措和现状的梳理归纳,为电信运营商构建安全、高效的信息管理体系提供了实践建议。电信运营商应充分了解用户的网络隐私泄露容忍底线,适当、合理的进行数据挖掘,同时采取企业自律、多重安全技术手段、广泛的用户宣导等多种措施来严守用户的隐私安全。     

基于KCAC和CP-ABE的隐私保护方案研究

在商业化应用中,用户在信息共享中不能制定细粒度的访问控制,并且可能造成隐私泄露。为了解决此问题,提出了将KACA和CP-ABE算法相结合的方法来构造信息共享的隐私保护方案,实现以用户为中心的避免敏感信息泄露及可控的信息共享方案,并对方案进行了验证分析,证明了方案的可行性。     

Android设备中基于流量特征的隐私泄露评估方案

针对Android操作系统App内第三方域名采集用户信息造成的隐私泄露问题,基于TF-IDF模型和层次聚类方法提出了移动设备中的隐私泄露评估方案Host Risk。TF-IDF模型通过App内域名的行为特征计算域名与App的业务相关性,对于未能表现出App业务相关性行为特征的业务相关域名通过平均连接的凝聚型层次聚类方法进行调整优化,最终根据App内所有域名的排名计算其隐私泄露危害程度。实验结果验证了所提方案的有效性和效率。     

基于伪随机置换的朋友发现系统

近年来,随着移动社交软件的迅速发展,便携式移动终端已经渗透到人们生活的方方面面。在这些软件中,人们经常用到其中的一项功能—朋友发现,但是目前这个功能对于用户并不安全,大量隐私信息被云服务商所获取。针对此现象,文章基于目前隐私集合比较的现状,运用伪随机置换和安全多方计算协议并加以改进,设计出基于伪随机置换的朋友发现系统,本系统使用户找到他们集合的交集而且不泄露除交集以外的信息,具有一定推广价值。     

属性隐藏的基于谓词的认证密钥交换协议

针对已有基于谓词的认证密钥交换协议在隐私保护方面的不足,通过结合一个内积加密方案和NAXOS技巧,提出了一个全新的基于谓词的认证密钥交换协议。并在修改的eCK模型下,将协议的安全性归约到了GBDH假设,同时,由于继承了内积加密方案隐藏用户属性的安全性质,新协议能够防止用户敏感信息的泄露。     

隐私计算研究范畴及发展趋势

随着移动互联网、云计算和大数据技术的广泛应用,电商、搜索、社交网络等服务在提供便利的同时,大数据分析使用户隐私泄露的威胁日益凸显,不同系统隐私保护策略和能力的差异性使隐私的延伸管理更加困难,同一信息的隐私保护需求随时间变化需要多种隐私保护方案的组合协同。目前已有的各类隐私保护方案大多针对单一场景,隐私缺乏定量化的定义,隐私保护的效果、隐私泄露的利益损失以及隐私保护方案融合的复杂性三者之间的关系刻画缺乏系统的计算模型。因此,在分析隐私保护研究现状的基础上,提出隐私计算的概念,对隐私计算的内涵加以界定,从隐私信息的全生命周期讨论隐私计算研究范畴,并从隐私计算模型、隐私保护场景适应的密码理论、隐私控制与抗大数据分析的隐私保护、基于信息隐藏的隐私保护以及支持高并发的隐私保护服务架构等方面展望隐私计算的发展趋势。     

基于数学模型的通信信息可逆矩阵机密技术

针对当前信息通信过程中存在通信效率低,且当有攻击者出现时无法抵御高等级攻击造成用户隐私信息泄露的问题,引入数学模型,开展对通信信息可逆矩阵机密技术的设计研究。明确信息通信的加密和解密过程后,建立信息通信机密数学函数;引入矩阵相关知识,构建通信信息可逆矩阵,并完成对可逆矩阵的编码;利用数学模型,对可逆矩阵加密;最后,利用隐私保护PCA外包协议,实现对通信信息隐私保护外包。通过对比实验的形式验证新的技术在应用中可以有效促进信息通信效率的提高,同时抵御更高等级攻击者的攻击行为为通信用户的隐私信息提供安全保障。     

社交媒体“隐私悖论”下隐私再定义

社交媒体时代,用户在社交平台的隐私披露与用户对隐私外泄的担忧形成了"隐私悖论"。从用户视角来看,"隐私悖论"的出现与社交媒体用户的"取"与"舍"密不可分,用户基于隐私披露"回报"即时性与隐私泄露风险或然性的权衡。本研究在归因分析的基础上,发现隐私概念的演变,将原有隐私"被公开"发展至"信息控制"才是破解"隐私悖论"的密码。     

移动社交网络中即时推荐好友的方法(英)

Differently from the general online social network(OSN),locationbased mobile social network(LMSN),which seamlessly integrates mobile computing and social computing technologies,has unique characteristics of temporal,spatial and social correlation.Recommending friends instantly based on current location of users in the real world has become increasingly popular in LMSN.However,the existing friend recommendation methods based on topological structures of a social network or non-topological information such as similar user profiles cannot well address the instant making friends in the real world.In this article,we analyze users' check-in behavior in a real LMSN site named Gowalla.According to this analysis,we present an approach of recommending friends instantly for LMSN users by considering the real-time physical location proximity,offline behavior similarity and friendship network information in the virtual community simultaneously.This approach effectively bridges the gap between the offline behavior of users in the real world and online friendship network information in the virtual community.Finally,we use the real user check-in dataset of Gowalla to verify the effectiveness of our approach.     

Survey on mobile social networking in proximity (MSNP): approaches,challenges and architecture

Recently, mobile social networks (MSN) have gained tremendous attention, which free users from face-to-monitor life, while still can share information and stay in touch with their friends on the go. However most MSN applications regard mobile terminals just as entry points to existing social networks, in which centralized servers (for storage and processing of all application/context data) and continual Internet connectivity are prerequisites for mobile users to exploit MSN services, even though they are within proximity area (like campus, event spot, and community, etc.), and can directly exchange data through various wireless technologies (e.g., Bluetooth, WiFi Direct, etc.). In this paper, we focus on mobile social networking in proximity (MSNP), which is explicitly defined in our paper as: MSNP is wireless peer-to-peer (P2P) network of spontaneously and opportunistically connected nodes, and uses geo-proximity as the primary filter in determining who is discoverable on the social network. In this paper, first, primary support approaches related to MSNP available in literature, are summarized and compared, including MSN, mobile P2P and opportunistic networks. And then, we offer the special characteristics of MSNP, open issues and potential solutions. A networking technologies and platform independent architecture is proposed for developing MSNP applications, and proof-of-concept implementation of WiFi direct based MSNP application is also provided. Our primary goal is to identify the characteristics, technical challenges and potential solutions for future MSNP applications, capable to flexibly adapt to different application domains and deployment requirements.     

Predicting users’ profiles in social network based on semi-supervised learning

How to derive the users’ hidden profiles using social relationships is studied. Considering the network structure of social network and characteristics of users’ data, the graph based semi-supervised learning algorithm is chose to predict users’ profiles. To improve the prediction accuracy, the attribute affinity is proposed to evaluate whether the value of an attribute is easy to be predicated, and different weight computing formulas are designed to calculate the relationship between users. The experimental data is collected from “renren network” and two attributes, hobbies and schools, are predicted in the experiments. The experimental results show that the strategies for computing weights among users are effective.     

异构网络中基于移动社交组网的内容传播研究

Since more and more mobile applications are based on the proliferation of social information, the study of Mobile Social Net-works (MSNs) combines social sciences and wireless communications. Operating wireless networks more efficiently by exploiting social relationships between MSN users is an ap-pealing but challenging option for network operators. An MSN-aided content dissemina-tion technique is presented as a potential ex-tension of conventional cellular wireless net-works in order to satisfy growing data traffic. By allowing the MSN users to create a self-organized ad hoc network for spontane-ously disseminating contents, the network operator may be able to reduce the oper-ational costs and simultaneously achieve an improved network performance. In this paper, we first summarize the basic features of the MSN architecture, followed by a survey of the factors which may affect MSN-aided content dissemination. Using a case study, we demon-strate that one can save resources of the Base Station (BS) while substantially lowering content dissemination delay. Finally, other potential applications of MSN-aided content dissemination are introduced, and a range of future challenges are summarized.     

Mobile social networking: reconnect virtual community with physical space

Online social networks (OSNs) such as Facebook and MySpace, etc., greatly improve our social connectivity and collaboration. However, those applications lead to a shift from physical communities to virtual communities. The recent availability of mobile broadband connections and location technologies, their increasing affordability, and the usability of new mobile devices (e.g. smartphones) have led to the emergence of mobile social networks (MSNs), which re-connect the virtual community to the physical region, and move users between them in a way that enhances both. Currently, MSN applications are mushrooming and racing to replicate the success of social computing in the mobile domain. We argue that the potential success of MSNs lies in active collaboration among users, which naturally arises many interdisciplinary challenges. However, there exists no systematical survey about MSNs. This paper thoroughly characterizes the basic design principles, research architecture, typical techniques, and fundamental issues in MSNs from cross-discipline and application viewpoints. Our contributions lie in the following aspects: First, we summarized the basic design principles and fundamental issues that run through MSN researches and applications; then, from multidisciplinary viewpoint, the research architecture is divided into multi-dimensional structural characteristics and evolution of users’ rational behaviors. Finally, from application perspective, MSNs are categorized into two areas: Socially inspired mobile networking technologies, and enhanced real social life with mobile computing (people-centric tasks and place centric tasks). Briefly, this paper organizes the isolated topics and systems in existing work into meaningful categories, and structures the design space for identifying social-technical challenges, inspiring potentially interesting social networking applications, and suggesting important research opportunities.     

一种适用于非平衡无线网络的组密钥交换协议

组认证密钥交换协议允许两方或多方用户通过公开的信道协商出共享的组会话密钥。针对非平衡无线网络中用户计算能力强弱不等的情况,该文提出一种适用于非平衡无线网络的组组认证密钥交换协议。该协议不但可以抵抗临时密钥泄露所带来的安全隐患,而且任意两个组中用户可以根据需要使用先前组通信消息计算独立于组会话密钥的两方会话密钥。与已有非平衡网络组密钥交换协议相比,该协议具有更高的安全性和实用性并且在随机预言模型下是可证安全的。     

Relaying protocols for two colocated users

We consider a wireless network where a remote source sends information to one of two colocated users, and where the second user can serve as a relay. The source's transmission is subjected to quasi-static flat Rayleigh fading, while the transmission of the relay experiences a fixed amplitude gain with a uniform random phase, capturing its close proximity to the destination. All communications share the same time/bandwith resources, and perfect channel state information is known only to the receivers. We propose relaying protocols which are based on Wyner-Ziv quantization at the relay, and demonstrate their high efficiency (in terms of expected throughput) with respect to previously reported relaying schemes based on amplify-and-forward and decode-and-forward. A salient feature of these protocols is that the relay need not know the actual fading gain experienced by the destination in order to perform the quantization. We also consider a hybrid amplify-quantize-decode-and-forward scheme which exhibits superior performance.     

Privacy-preserving and efficient user matching based on attribute encryption in mobile social networks

With the rapid popularity of social networking platforms, users can be matched when sharing their profiles. However, there is a risk of leakage of sensitive user information during the user matching process, which leads to the lack of user privacy protection. In this paper, we propose a privacy protection scheme based on the encryption of hidden attributes during user matching in mobile social networks, which uses linear secret sharing scheme (LSSS) as the access structure based on ciphertext policy attribute-based encryption (CP-ABE), and the match server can perform friend recommendation by completing bi-directional attribute matching determination without disclosing user attribute information. In addition, the use of selective keywords protects the privacy of requesters and publishers in selecting keywords and selecting plaintext attacks. The scheme reduces the encryption and decryption overhead for users by dividing encryption into a preparation phase and an online phase and shifting most of the decryption overhead from the requester to the match server. The experimental results show that the scheme ensures user privacy while effectively reducing communication overhead.     

无线传感器网络的安全技术研究

无线传感器网络（WSN）是通过无线通信方式形成的一个多跳自组织网络,是集信息采集、信息传输、信息处理于一体的智能化信息系统。由于其本身资源方面存在的局限性和脆弱性,使其安全问题成为一大挑战。文中分析了无线传感器网络的安全需求、可能受到的安全攻击,给出了防御方法和解决方案。通过安全加密协议、认证流广播和多种密钥机制实现传感器网络的数据机密性、完整性和系统鲁棒性。     

Remote access virtual private network architecture for high‐speed wireless internet users

The new emerging broadband wireless network (BWN) technologies with high‐speed wireless internet access promotes corporations to provide their roaming employees with high‐speed wireless access to the computing resources on their corporate networks. Thus, a value added service to broadband wireless network is the remote access virtual private network (VPN), where the corporate legitimate users can connect to their offices wirelessly from different locations and get secure services as if they were connected to the corporate local area network (LAN). One of the most important challenges is to block out illegitimate user requests, which are wirelessly received, to protect corporate privacy. Registration (adding new users) and authentication (accepting current users) functions should be implemented with highly secured wireless connection. These functions are accomplished by encapsulating (i.e. tunneling) the user information in a secured form to the corporate authentication server through the internet traffic. The corporate authentication server then grants or denies the user access. In this paper, we propose a new operational design algorithm for remote access wireless VPN authentication and registration protocols that depends on modifying tunnel establishment as compared to existing dial‐in VPN mechanisms. The modifications proposed in this paper are made to support successful deployment of the remote access VPN services over high‐speed wireless network. The paper presents an overview of two tunneling approaches using Layer 3 and Layer 2 separately for implementing these functions. Then we propose how we establish the tunnel in both approaches, and compare it to similar operation steps previously reported for the dial‐in VPN protocols. The proposed algorithms are distinguished from previously developed dial‐in VPN protocols by using L2TP and IPSEC instead of mobile IP. It is also shown that the steps involved in the establishment of the tunnel are functionally different and more appropriate to our applications using communication environment of the BWN. Finally, a qualitative analysis of the added functions, and a comparison between L2TP‐based and IPSec‐based approaches are established. Copyright © 2004 John Wiley & Sons, Ltd.