Anonymous smartphone data collection: factors influencing the users’ acceptance in mobile crowd sensing

Mobile crowd sensing (MCS) assumes a collaborative effort from mobile smartphone users to sense and share their data needed to fulfill a given MCS objective (e.g., modeling of urban traffic or wellness index of a community). In this paper, we investigate the user’s perception of anonymity in MCS and factors influencing it. We conducted a 4-week extensive smartphone user study to fulfill three main objectives. (1) Understand if users prefer to share data anonymously or not anonymously. (2) Investigate the possible factors influencing the difference between these two modalities, considering: (a) users’ sharing attitude, (b) shared data kind and (c) users’ intimacy when data are shared (we defined intimacy as the users’ perception of their context with respect to place, number and kind of people around them). (3) Identify further users’ personal factors influencing their perception of anonymity via multiple interviews along the user study. In the results, we show that data are shared significantly more when anonymously collected. We found that the shared data kind is the factor significantly contributing to this difference. Additionally, users have a common way to perceive anonymity and its effectiveness. To ensure the success of anonymization algorithms in the context of MCS systems, we highlight which issues the researchers developing these algorithms should carefully consider. Finally, we argue about new research paths to better investigate the user perception of anonymity and develop anonymous MCS systems that users are more likely to trust based on our findings.     

一个具有可公开追踪性的叛逆者追踪方案

广播加密系统中,叛逆者追踪方案起着防止数据盗版的重要作用。基于DDH（Decision Diffie-Hellman）假设,采用用户选择个人密钥并由此计算个人公钥,系统利用用户个人公钥来追踪识别叛逆者的思想,提出一个具有可公开追踪性的完全公钥非对称叛逆者追踪方案。该方案可将追踪过程交给任何信任或不信任的人,能撤销或添加用户而不需更新用户的个人密钥,同时,还具有匿名性、黑盒子追踪等特点。     

AAnA: Anonymous authentication and authorization based on short traceable signatures

Due to the privacy concerns prevailing in today’s computing environments, users are more likely to require anonymity or at least pseudonyms; on the other hand, they must be traceable or revokable in case of abuse. Meanwhile, an authorization mechanism that controls access rights of users to services or resources is frequently needed in various real-world applications but does not favor anonymity. To cope with these problems, we explore an anonymous authentication and authorization method that very efficiently supports fine-grained authorization services without losing strong but traceable anonymity. The efficiency of our method comes from atomizing authorization within a group and issuing multiple authorization values for a group membership. The cryptographic basis of our method is the famous short traceable signature scheme. Our method allows a user to selectively disclose authorization according to need and also provides revocation and update of authorization without revoking membership or anonymity. To prevent users from forging authorization, our method enables the users to prove their authorizations while hiding the corresponding authorization values from other users. We formally analyze security and compare the related methods in terms of efficiency and functionality. We show that our method is secure against misidentification, anonymity-break and framing attacks and is efficient within a reasonable bound while still providing various functionalities such as fine-grained authorization and authorization revocation, commonly required in many practical applications.     

基于FDI的用户模型及其在上下文觉察计算中的应用

上下文觉察计算是普适计算的重要内容。当前的上下文觉察计算研究大多没有为用户提供个性化的服务。已有的个性化上下文觉察服务的用户模型,其用户偏好的设置比较简单。本文从心理学的观点出发,提出一个使用基于场依存一独立性（FDI）的用户模型来为用户提供个性化的上下文觉察服务。本文系统分析了这种用户模型对上下文觉察计算的重要性,并给出了使用基于FDI的用户模型在上下文觉察计算中的应用过程。试验表明这种模型提供的个性化服务能够提高上下文觉察计算应用的有效性。     

Anonymous proximity mobile payment (APMP)

The growth of wireless networks and the increasing popularity of mobile devices present an significant opportunity to empower them as a payment device. Unfortunately, several problems hinder the widespread acceptance of mobile payments, for example, privacy protection and user anonymity. Measures to ensure anonymity in payment systems must be considered as an important factor in privacy and system acceptance. We propose a new measure to enhance the level of anonymity in mobile payments where users can customize their anonymity, according to their personal preferences. We rely on IPAS (Implicit Password Authentication System) (Almuairfi et al. 2011) for dispute resolution to support our proposed idea.     

A lightweight conditional privacy-preserving authentication and access control scheme for pervasive computing environments

In pervasive computing environments, the users can get access to the services from the service providers in a highly desirable way. But the security of the user's authentication is a challenging field. Pervasive computing environments must provide the service to only legitimate users. On the other hand, some users attempt to keep their anonymity without revealing their identities while using some privacy-related services such as location information, printing, buying shares, etc. In this paper, we propose a conditional privacy-preserving authentication and access control scheme for pervasive computing environments, called CPriauac. Compared with the previous schemes in the literature, registration servers and authentication servers in the proposed scheme need not maintain any sensitive verification tables. The management of public keys is easier. Furthermore, the anonymity of the user can be removed efficiently once the dispute happens. The proposed scheme provides user anonymity against outside and inside parties, mutual authentication, accountability and differentiated access control.     

Analysis of privacy in mobile telephony systems

We present a thorough experimental and formal analysis of users’ privacy in mobile telephony systems. In particular, we experimentally analyse the use of pseudonyms and point out weak deployed policies leading to some critical scenarios which make it possible to violate a user’s privacy. We also expose some protocol’s vulnerabilities resulting in breaches of the anonymity and/or user unlinkability. We show these breaches translate in actual attacks which are feasible to implement on real networks and discuss our prototype implementation. In order to countermeasure these attacks, we propose realistic solutions. Finally, we provide the theoretical framework for the automatic verification of the unlinkability and anonymity of the fixed 2G/3G procedures and automatically verify them using the ProVerif tool.     

Incorporating biometrics into veiled certificates: preventing unauthorized use of anonymous certificates

A leading cause of Identity Theft is that attackers get access to the victim’s personal credentials. We are warned to protect our personal identifiers but we need to share our credentials with various organizations in order to obtain services from them. As a result the safety of our credentials is dependent on both the ability and diligence of the various organizations with which we interact. However, recent data breach incidents are clear proof that existing approaches are insufficient to protect the privacy of our credentials. Using a Design Science methodology, we propose a new technology, veiled certificates, which includes features that prevent fraudulent use of user’s credentials and provides a degree of user anonymity. We also incorporate biometric authentication so that service providers know that they are dealing with the owner of the credentials. Results of a bench scale test that demonstrates the feasibility of the approach are reviewed. We also suggest four major applications which could take advantage of these certificates.     

多用户通信机制中支持隐私保护的属性基动态广播加密

云计算和物联网的快速发展使多用户信息共享机制备受关注,然而当用户将个人数据上传到云服务器与不同用户共享时,未经授权的用户和不可信的第三方云服务提供商会窥探这些隐私数据,对数据安全和用户隐私构成严重威胁。此外,多用户共享机制还存在访问控制不灵活、用户撤销和动态管理等问题。为了解决这些问题,文章结合属性基加密与广播加密技术提出一种动态广播加密机制。该方案在保证数据安全的同时,利用不经意传输协议,实现了接收者的匿名,保护了用户隐私。此外,该方案还支持新用户随时动态加入系统,且不影响原用户在系统中的解密能力,并实现了用户撤销和快速解密。性能分析表明,该方案较已有方案在安全性和效率方面有明显优势。     

Pool-based anonymous communication framework for high-performance computing

We propose and analyze in details the revised model of XPROB, an infinite family of pool-based anonymous communication systems that can be used in various applications including high performance computing environments. XPROB overcomes the limitations of APROB Channel that only resists a global delaying adversary (GDA). Each instance of XPROB uses a pool mix as its core component to provide resistance against a global active adversary (GAA), a stronger yet more practical opponent than a GDA. For XPROB, a GAA can drop messages from users but cannot break the anonymity of the senders of messages. Analysis and experimental evaluations show that each instance of XPROB provides greater anonymity than APROB Channel for the same traffic load and user behaviors (rate and number of messages sent). In XPROB, any message can be delivered with high probability within a few rounds after its arrival into the system; thus, an opponent cannot be certain when a message will be delivered. Furthermore, users can choose their own preference balance between anonymity and delay. Through the evaluation, we prove that XPROB can provide anonymity for users in high-performance computing environments.     

利用电子钱包的公正支付系统

提出了一种利用电子钱包的公正支付系统,用户在银行有一个和身份相联系的个人帐号,在所持的电子鲆包中有一个和身份没有联系的匿名帐号。用户在银行提款时,将钱从他的个人帐号转到电子钱包中的匿名帐号,而不泄露个人帐号和匿名帐号的联系,以后用匿名帐号支付。     

Usability study of ME2.0

Mobile context-aware applications execute in the background of hosts mobile devices. The applications source process and aggregate hosts’ contextual and personal information. This information is disclosed to ubiquitously pervasive services that adapt their offerings to individual preferences. Unfortunately, many developers continue to ignore the user perspective in context-aware application designs as they complicate their overall task and generate exponential requirements. The additional incorporation of privacy mechanisms in context-aware applications to safeguard context and personal information disclosures also complicates users’ tasks resulting to misconfigured or completely abandoned applications. Misconfigured applications give end-users a false assurance of privacy exposing them to comprising services. We present a usability study on Mobile Electronic Personality Version 2 a privacy enhanced context-aware mobile application for personalising ubiquitous services and adapting pervasive smart-spaces. We draw conclusions on key issues related to user needs, based on user interviews, surveys, prototypes and field evaluations. Users’ needs are evaluated against five themes, learn-ability, efficiency, memorability, errors, satisfaction and privacy contention. In addition, design layout preferences, privacy manageability and consensus design comprehension are also evaluated. Clarity of priorities in context-aware mobile applications shaped by usability studies effectively increases the acceptance of levels of potential users.     

基于盲签名的云共享数据完整性审计方案

云端共享数据完整性审计用来验证一个用户群组共享在云端的数据的完整性。传统方式下,成员用户需要为每一个数据块生成认证器,再将数据块和对应的认证器上传到云服务器中保存。然而用户的计算资源有限且计算能力不高,由用户产生数据块认证器需要消耗用户很大的计算开销。为了节省用户的计算资源,提高认证器生成的效率,提出基于盲签名算法的云共享数据完整性审计方案。用户先对数据块进行盲化再发送到认证器生成中心生成相应的认证器,此外,方案中对第三方审计者TPA进行审计授权,有效地避免了攻击者对于云服务器的DDoS攻击。安全性分析和实验结果表明该方案是安全、高效的。     

UbiqLog: a generic mobile phone-based life-log framework

Smartphones are conquering the mobile phone market; they are not just phones; they also act as media players, gaming consoles, personal calendars, storage, etc. They are portable computers with fewer computing capabilities than personal computers. However, unlike personal computers, users can carry their smartphone with them at all times. The ubiquity of mobile phones and their computing capabilities provide an opportunity of using them as a life-logging device. Life-logs (personal e-memories) are used to record users’ daily life events and assist them in memory augmentation. In a more technical sense, life-logs sense and store users’ contextual information from their environment through sensors, which are core components of life-logs. Spatio-temporal aggregation of sensor information can be mapped to users’ life events. We propose UbiqLog, a lightweight, configurable, and extendable life-log framework, which uses mobile phone as a device for life logging. The proposed framework extends previous research in this field, which investigated mobile phones as life-log tool through continuous sensing. Its openness in terms of sensor configuration allows developers to create flexible, multipurpose life-log tools. In addition to that, this framework contains a data model and an architecture, which can be used as reference model for further life-log development, including its extension to other devices, such as ebook readers, T.V.s, etc.     

Facebook single and cross domain data for recommendation systems

The emergence of social networks and the vast amount of data that they contain about their users make them a valuable source for personal information about users for recommender systems. In this paper we investigate the feasibility and effectiveness of utilizing existing available data from social networks for the recommendation process, specifically from Facebook. The data may replace or enrich explicit user ratings. We extract from Facebook content published by users on their personal pages about their favorite items and preferences in the domain of recommendation, and data about preferences related to other domains to allow cross-domain recommendation. We study several methods for integrating Facebook data with the recommendation process and compare the performance of these methods with that of traditional collaborative filtering that utilizes user ratings. In a field study that we conducted, recommendations obtained using Facebook data were tested and compared for 95 subjects and their crawled Facebook friends. Encouraging results show that when data is sparse or not available for a new user, recommendation results relying solely on Facebook data are at least equally as accurate as results obtained from user ratings. The experimental study also indicates that enriching sparse rating data by adding Facebook data can significantly improve results. Moreover, our findings highlight the benefits of utilizing cross domain Facebook data to achieve improvement in recommendation performance.     

面向多网关的无线传感器网络多因素认证协议

无线传感器网络作为物联网的重要组成部分,广泛应用于环境监测、医疗健康、智能家居等领域.身份认证为用户安全地访问传感器节点中的实时数据提供了基本安全保障,是保障无线传感器网络安全的第一道防线;前向安全性属于系统安全的最后一道防线,能够极大程度地降低系统被攻破后的损失,因此一直被学术及工业界视为重要的安全属性.设计面向多网关的可实现前向安全性的无线传感器网络多因素身份认证协议是近年来安全协议领域的研究热点.由于多网关无线传感器网络身份认证协议往往应用于高安全需求场景,一方面需要面临强大的攻击者,另一方面传感器节点的计算和存储资源却十分有限,这给如何设计一个安全的多网关无线传感器网络身份认证协议带来了挑战.近年来,大量的多网关身份认证协议被提出,但大部分都随后被指出存在各种安全问题.2018年,Ali等人提出了一个适用于农业监测的多因素认证协议,该协议通过一个可信的中心(基站)来实现用户与外部的传感器节点的认证;Srinivas等人提出了一个通用的面向多网关的多因素身份认证协议,该协议不需要一个可信的中心,而是通过在网关之间存储共享秘密参数来完成用户与外部传感器节点的认证.这两个协议是多网关无线传感器网络身份认证协议的典型代表,分别代表了两类实现不同网关间认证的方式:1)基于可信基站,2)基于共享秘密参数.分析指出这两个协议对离线字典猜测攻击、内部攻击是脆弱的,且无法实现匿名性和前向安全性.鉴于此,本文提出一个安全增强的可实现前向安全性的面向多网关的无线传感器网络多因素认证协议.该协议采用Srinivas等协议的认证方式,即通过网关之间的共享秘密参数完成用户与外部传感器节点的认证,包含两种典型的认证场景.对新协议进行了BAN逻辑分析及启发式分析,分析结果表明该协议实现了双向认证,且能够安全地协商会话密钥以及抵抗各类已知的攻击.与相关协议的对比结果显示,新协议在提高安全性的同时,保持了较高的效率,适于资源受限的无线传感器网络环境.     

基于区块链的链下个人数据保护方案

现有结合区块链保护个人数据的方案在授权第三方服务时多将用户的个人数据地址分享给第三方服务,在用户撤销对第三方服务的访问权限后,第三方服务仍然拥有个人数据地址.为避免用户数据泄露,通过采用链下存储的方式,提出一种基于区块链的匿名地址管理方案.利用资源服务处理个人数据的加密地址,并限制第三方服务只能获得用户个人数据地址的加...     

Can digital games help us identify our skills to manage abstractions?

In this work we present our progress in the field of Intelligent User Profiling. Our objective is to build a user profile that captures users’ skills rather than classical users’ interests. Thus, we propose a novel approach to learn users’ skills by observing their behavior during a very common activity: playing games. Specifically, we automatically identify users’ skills to manage abstractions by using digital games. Abstraction skills identification is important because it is related to several behavioral tendencies such as career preferences, aptitudes, and learning styles. Traditional skills identification is based on questionnaires whose application implies many complications, including non-intentional influences in the way questions are formulated, difficulty to motivate people to fill them out, and lack of awareness of the consequences or future uses of questionnaires. To address these limitations, we built a user profile that collects users’ actions when playing digital games. Then, we built and trained a Hierarchical Naive Bayes network to infer users’ skills to manage abstractions. The experiments carried out show that digital games can help us to identify abstraction skills with a promising accuracy.     

Accountable attribute-based authentication with fine-grained access control and its application to crowdsourcing

We introduce a new notion called accountable attribute-based authentication with fine-grained access control (AccABA), which achieves (i) fine-grained access control that prevents ineligible users from authenticating; (ii) anonymity such that no one can recognize the identity of a user; (iii) public accountability, i.e., as long as a user authenticates two different messages, the corresponding authentications will be easily identified and linked, and anyone can reveal the user’s identity without any help from a trusted third party. Then, we formalize the security requirements in terms of unforgeability, anonymity, linkability and traceability, and give a generic construction to fulfill these requirements. Based on AccABA, we further present the first attribute-based, fair, anonymous and publicly traceable crowdsourcing scheme on blockchain, which is designed to filter qualified workers to participate in tasks, and ensures the fairness of the competition between workers, and finally balances the tension between anonymity and accountability.     

A comparative study of the motivational orientation type on users’ behavior: focusing on ubiquitous computing services

One of the main problems of today’s ubiquitous computing systems is that they do not meet their quality requirements. Ubiquitous computing services such as mobile data services (MDS) are fundamentally different from traditional information systems (IS) in terms of important quality factors such as information or system quality because it has been used in various life contexts. We identify important quality factors on various contexts in Korea MDS market. Using the results of qualitative study, we propose research model. To identify the effect of motivational orientation type on users’ behavior, we classified users according to their propensities into intrinsic and extrinsic motivational orientation groups. The results show that the impact of quality factors on user satisfaction is differentiated depending on motivational orientation types. The paper concludes with a discussion of the study’s limitations and implications.