Privacy preserving security using biometrics in cloud computing

Cloud computing and the efficient storage provide new paradigms and approaches designed at efficiently utilization of resources through computation and many alternatives to guarantee the privacy preservation of individual user. It also ensures the integrity of stored cloud data, and processing of stored data in the various data centers. However, to provide better protection and management of sensitive information (data) are big challenge to maintain the confidentiality and integrity of data in the cloud computation. Thus, there is an urgent need for storing and processing the data in the cloud environment without any information leakage. The sensitive data require the storing and processing mechanism and techniques to assurance the privacy preservation of individual user, to maintain the data integrity, and preserve confidentiality. Face recognition has recently achieved advancements in the unobtrusive recognition of individuals to maintain the privacy-preservation in the cloud computing. This paper emphasizes on cloud security and privacy issues and provides the solution using biometric face recognition. We propose a biometrics face recognition approach for security and privacy preservation of cloud users during their access to cloud resources. The proposed approach has three steps: (1) acquisition of face images (2) preprocessing and extraction of facial feature (3) recognition of individual using encrypted biometric feature. The experimental results establish that our proposed recognition approach can ensure the privacy and security of biometrics data.

     

Privacy-preserving naive Bayes classification on distributed data via semi-trusted mixers

Distributed data mining applications, such as those dealing with health care, finance, counter-terrorism and homeland defense, use sensitive data from distributed databases held by different parties. This comes into direct conflict with an individual's need and right to privacy. It is thus of great importance to develop adequate security techniques for protecting privacy of individual values used for data mining.     

基于差分隐私保护的DP-DBScan聚类算法研究

差分隐私保护是一种基于数据失真的隐私保护方法,通过添加随机噪声使敏感数据失真的同时也保证数据的统计特性。针对DBScan聚类算法在聚类分析过程中会泄露隐私的问题,提出一种新的基于差分隐私保护的DP-DBScan聚类算法。在满足ε-差分隐私保护的前提下,DP-DBScan聚类算法在基于密度的DBScan聚类算法上引入并实现了差分隐私保护。算法能够有效地保护个人隐私,适用于不同规模和不同维度的数据集。实验结果表明,与DBScan聚类算法相比,DP-DBScan聚类算法在添加少量随机噪声的情况下能保持聚类的有效性并获得差分隐私保护。     

Privacy-preserving computation of participatory noise maps in the cloud

This paper presents a privacy-preserving system for participatory sensing, which relies on cryptographic techniques and distributed computations in the cloud. Each individual user is represented by a personal software agent, deployed in the cloud, where it collaborates on distributed computations without loss of privacy, including with respect to the cloud service providers. We present a generic system architecture involving a cryptographic protocol based on a homomorphic encryption scheme for aggregating sensing data into maps, and demonstrate security in the Honest-But-Curious model both for the users and the cloud service providers. We validate our system in the context of NoiseTube, a participatory sensing framework for noise pollution, presenting experiments with real and artificially generated data sets, and a demo on a heterogeneous set of commercial cloud providers. To the best of our knowledge our system is the first operational privacy-preserving system for participatory sensing. While our validation pertains to the noise domain, the approach used is applicable in any crowd-sourcing application relying on location-based contributions of citizens where maps are produced by aggregating data – also beyond the domain of environmental monitoring.     

面向敏感值的层次化多源数据融合隐私保护

数据融合技术能够使用户得到更全面的数据以提供更有效的服务。然而现有的多源数据融合隐私保护模型没有考虑数据提供者的重要程度,以及数据不同属性和属性值的敏感度。针对上述问题,提出了一种面向敏感值层次化的隐私模型,该模型通过数据提供者对数据的匿名程度要求来设置数据属性以及属性值的敏感度以实现敏感值的个性化隐私保护。同时结合k-匿名隐私模型以及自顶向下特殊化TDS的思想提出了一种面向敏感值的多源数据融合隐私保护算法。实验表明,该算法既能实现数据的安全融合,又能获得更好的隐私保护。     

可穿戴设备数值型敏感数据本地差分隐私保护

针对数据服务器不可信时，直接收集可穿戴设备多维数值型敏感数据有可能存在泄露用户隐私信息的问题，通过引入本地差分隐私模型，提出了一种可穿戴设备数值型敏感数据的个性化隐私保护方案。首先，通过设置隐私预算的阈值区间，用户在区间内设置满足个人隐私需求的隐私预算，同时也满足了个性化本地差分隐私；其次，利用属性安全域将敏感数据进行归一化；最后，利用伯努利分布分组扰动多维数值型敏感数据，并利用属性安全域对扰动结果进行归一化还原。理论分析证明了该算法满足个性化本地差分隐私。实验结果表明该算法的最大相对误差（MRE）明显低于Harmony算法，在保护用户隐私的基础上有效地提高了不可信数据服务器从可穿戴设备收集数据的可用性。     

Random-data perturbation techniques and privacy-preserving data mining

Privacy is becoming an increasingly important issue in many data-mining applications. This has triggered the development of many privacy-preserving data-mining techniques. A large fraction of them use randomized data-distortion techniques to mask the data for preserving the privacy of sensitive data. This methodology attempts to hide the sensitive data by randomly modifying the data values often using additive noise. This paper questions the utility of the random-value distortion technique in privacy preservation. The paper first notes that random matrices have predictable structures in the spectral domain and then it develops a random matrix-based spectral-filtering technique to retrieve original data from the dataset distorted by adding random values. The proposed method works by comparing the spectrum generated from the observed data with that of random matrices. This paper presents the theoretical foundation and extensive experimental results to demonstrate that, in many cases, random-data distortion preserves very little data privacy. The analytical framework presented in this paper also points out several possible avenues for the development of new privacy-preserving data-mining techniques. Examples include algorithms that explicitly guard against privacy breaches through linear transformations, exploiting multiplicative and colored noise for preserving privacy in data mining applications.     

面向高维数据发布的个性化差分隐私算法

在高维数据隐私发布过程中,差分隐私预算大小直接影响噪音的添加.针对不能合理地为多个相对独立的低维属性集合合理分配隐私预算,进而影响合成发布数据集的安全性和可用性,提出一种个性化隐私预算分配算法(PPBA).引入最大支撑树和属性节点权重值降低差分隐私指数机制挑选属性关系对的候选空间,提高贝叶斯网络精确度,提出使用贝叶斯网络中节点动态权重值衡量低维属性集合的敏感性排序.根据发布数据集安全性和可用性的个性化需求,个性化设置差分隐私预算分配比值常数q值,实现对按敏感性排序的低维属性集合个性化分配拉普拉斯噪音.理论分析和实验结果表明, PPBA算法相比较于同类算法能够满足高维数据发布安全性和可用性的个性化需求,同时具有更低的时间复杂度.     

混洗差分隐私下的多维类别数据的收集与分析

随着大数据时代的到来,如何在保护用户隐私的前提下完成多维类别数据上的频率分布估计问题成为研究热点.已有的工作主要是基于中心化差分隐私模型或本地化差分隐私模型完成安全算法的设计.鉴于上述两种模型在隐私保护程度或发布结果可用性方面的弊端,基于新兴的混洗差分隐私模型,设计用户数据收集策略,进而提供高安全、高可用的频率分布估计...     

Analysis of QoS in cooperative services for real time applications

Discovering frequent patterns in large databases is one of the most studied problems in data mining, since it can yield substantial commercial benefits. However, some sensitive patterns with security considerations may compromise privacy. In this paper, we aim to determine appropriate balance between need for privacy and information discovery in frequent patterns. A novel method to modify databases for hiding sensitive patterns is proposed in this paper. Multiplying the original database by a sanitization matrix yields a sanitized database with private content. In addition, two probabilities are introduced to oppose against the recovery of sensitive patterns and to reduce the degree of hiding non-sensitive patterns in the sanitized database. The complexity analysis and the security discussion of the proposed sanitization process are provided. The results from a series of experiments performed to show the efficiency and effectiveness of this approach are described.     

一种基于TPM匿名证书的信任协商方案

为促进分布式网络环境中跨安全域的信息共享与协作,需要一种合理有效的信任协商敏感信息保护机制.可信计算组织（Trusted Computing Group,TCG）专注于从计算平台体系结构上增强其安全性.基于可信计算的匿名证书机制提出一种新的信任协商方案：匿名证书信任协商 ACTN（anonymous credentials based trusted negotiation）,良好地解决了跨安全域的敏感信息保护的问题,可以有效地防止重放攻击、窜改攻击和替换攻击.使用一个硬件模块TPM进行隐私信息保护,并通过TPM模块提供可靠的匿名证书和平台认证.定义了ACTN的模型以及模型中的匿名证书,详细说明了匿名证书的基本参数以及匿名证书的创建方法,讨论了策略的安全性、委托机制以及证书链的发现机制,同时设计了协商节点的框架以及协商过程.通过实验并与TrustBuilder和COTN协商系统进行比较,表明系统具有良好的稳定性和可用性.最后指出相关的一些未来研究方向.     

动态数值敏感属性的数据隐私保护

目前动态数据的隐私保护引起了人们的广泛关注。m-invariance概念的提出,比较好地解决了动态类别敏感属性的数据隐私保护问题,但对于动态数值敏感属性却未取得任何进展。描述了动态数值敏感属性的数据隐私保护问题,提出了解决该问题的m-increment概念及其泛化算法,并通过实验数据说明了算法的实用性和效率。     

Privacy preserving clustering on horizontally partitioned data

Data mining has been a popular research area for more than a decade due to its vast spectrum of applications. However, the popularity and wide availability of data mining tools also raised concerns about the privacy of individuals. The aim of privacy preserving data mining researchers is to develop data mining techniques that could be applied on databases without violating the privacy of individuals. Privacy preserving techniques for various data mining models have been proposed, initially for classification on centralized data then for association rules in distributed environments. In this work, we propose methods for constructing the dissimilarity matrix of objects from different sites in a privacy preserving manner which can be used for privacy preserving clustering as well as database joins, record linkage and other operations that require pair-wise comparison of individual private data objects horizontally distributed to multiple sites. We show communication and computation complexity of our protocol by conducting experiments over synthetically generated and real datasets. Each experiment is also performed for a baseline protocol, which has no privacy concern to show that the overhead comes with security and privacy by comparing the baseline protocol and our protocol.     

Privacy leakage in multi-relational databases: a semi-supervised learning perspective

In multi-relational databases, a view, which is a context- and content-dependent subset of one or more tables (or other views), is often used to preserve privacy by hiding sensitive information. However, recent developments in data mining present a new challenge for database security even when traditional database security techniques, such as database access control, are employed. This paper presents a data mining framework using semi-supervised learning that demonstrates the potential for privacy leakage in multi-relational databases. Many different types of semi-supervised learning techniques, such as the K-nearest neighbor (KNN) method, can be used to demonstrate privacy leakage. However, we also introduce a new approach to semi-supervised learning, hyperclique pattern-based semi-supervised learning (HPSL), which differs from traditional semi-supervised learning approaches in that it considers the similarity among groups of objects instead of only pairs of objects. Our experimental results show that both the KNN and HPSL methods have the ability to compromise database security, although the HPSL is better at this privacy violation (has higher prediction accuracy) than the KNN method. Finally, we provide a principle for avoiding privacy leakage in multi-relational databases via semi-supervised learning and illustrate this principle with a simple preventive technique whose effectiveness is demonstrated by experiments.A preliminary version of this work has been published as a two-page short paper in ACM CIKM 2005 (Proceedings of the ACM conference on information and knowledge management (CIKM) 2005).     

一种基于最小选择度优先的多敏感属性个性化l-多样性算法

数据发布中的隐私保护技术一直是数据挖掘与信息安全领域关注的重要问题.目前大部分的研究都仅限于单敏感属性的隐私保护技术,而现实生活中存在着大量包含多敏感属性的数据信息.同时,随着个性需求的不断提出,隐私保护中的个性化服务越来越受研究者的关注.为了扩展单敏感属性数据的隐私保护技术以及满足个性化服务的需求问题,研究了数据发布过程中面向多敏感属性的个性化隐私保护方法.在单敏感属性l-多样性原则的基础上,引入基于值域等级划分的个性化定制方案,定义了多敏感属性个性化l-多样性模型,并提出了一种基于最小选择度优先的多敏感属性个性化l-多样性算法.实验结果表明:该方法不仅可以满足隐私个性化的需求,而且能有效地保护数据的隐私,减少信息的隐匿率,保证发布数据的可用性.     

A privacy preserving technique for distance-based classification with worst case privacy guarantees

There has been relatively little work on privacy preserving techniques for distance based mining. The most widely used ones are additive perturbation methods and orthogonal transform based methods. These methods concentrate on privacy protection in the average case and provide no worst case privacy guarantee. However, the lack of privacy guarantee makes it difficult to use these techniques in practice, and causes possible privacy breach under certain attacking methods. This paper proposes a novel privacy protection method for distance based mining algorithms that gives worst case privacy guarantees and protects the data against correlation-based and transform-based attacks. This method has the following three novel aspects. First, this method uses a framework to provide theoretical bound of privacy breach in the worst case. This framework provides easy to check conditions that one can determine whether a method provides worst case guarantee. A quick examination shows that special types of noise such as Laplace noise provide worst case guarantee, while most existing methods such as adding normal or uniform noise, as well as random projection method do not provide worst case guarantee. Second, the proposed method combines the favorable features of additive perturbation and orthogonal transform methods. It uses principal component analysis to decorrelate the data and thus guards against attacks based on data correlations. It then adds Laplace noise to guard against attacks that can recover the PCA transform. Third, the proposed method improves accuracy of one of the popular distance-based classification algorithms: K-nearest neighbor classification, by taking into account the degree of distance distortion introduced by sanitization. Extensive experiments demonstrate the effectiveness of the proposed method.     

Precluding incongruous behavior by aligning software requirements with security and privacy policies

Keeping sensitive information secure is increasingly important in e-commerce and web-based applications in which personally identifiable information is electronically transmitted and disseminated. This paper discusses techniques to aid in aligning security and privacy policies with system requirements. Early conflict identification between requirements and policies enables analysts to prevent incongruous behavior, misalignments and unfulfilled requirements, ensuring that security and privacy are built in rather than added on as an afterthought. Validated techniques to identify conflicts between system requirements and the governing security and privacy policies are presented. The techniques are generalizable to other domains, in which systems contain sensitive information.     

Determining error bounds for spectral filtering based reconstruction methods in privacy preserving data mining

Additive randomization has been a primary tool for hiding sensitive private information. Previous work empirically showed that individual data values can be approximately reconstructed from the perturbed values, using spectral filtering techniques. This poses a serious threat of privacy breaches. In this paper we conduct a theoretical study on how the reconstruction error varies, for different types of additive noise. In particular, we first derive an upper bound for the reconstruction error using matrix perturbation theory. Attackers who use spectral filtering techniques to estimate the true data values may leverage this bound to determine how close their estimates are to the original data. We then derive a lower bound for the reconstruction error, which can help data owners decide how much noise should be added to satisfy a given threshold of the tolerated privacy breach.

Secure provision of patient-centered health information technology services in public networks—leveraging security and privacy features provided by the German nationwide health information technology infrastructure

Patient-centered health information technology services (PHS) provide personalized electronic health services to patients. Since provision of PHS entails handling sensitive medical information, a special focus on information security and privacy aspects is required. We present information security and privacy requirements for PHS and examine how security features of large-scale, inter-organizational health information technology networks, like the German health information technology infrastructure (HTI), can be used for ensuring information security and privacy of PHS. Moreover, we illustrate additional security measures that complement the HTI security measures and introduce a guideline for provision of PHS while ensuring information security and privacy. Our elaborations lead to the conclusion that security features of health information technology networks can be used to create a solid foundation for protecting information security and privacy in patient-centered health information technology services offered in public networks like the Internet.     

Beyond Secrecy: New Privacy Protection Strategies for Open Information Spaces

When the US government erected export-control barriers against the cryptographic technology used to ensure data confidentiality, a coalition of privacy advocates joined IT companies to get those barriers removed and enable widespread adoption of encryption for privacy protection. The most fundamental challenge to 20th century privacy laws is more social than technical - adding to the stream of personal data is a new wave of user-generated content in the form of blogs. Access control and security techniques will remain vital to privacy protection - access control is important for protecting sensitive information and, above all, preserving anonymity.