车联网中基于位置服务的个性化位置隐私保护

随着车联网的快速发展,用户享受车联网提供的位置服务(location-based services,LBSs)时,位置隐私泄漏是一个关键安全问题.针对车载网络中位置服务隐私泄露问题,提出了一种基于差分隐私的个性化位置隐私保护方案,在保护用户隐私的前提下,满足用户个性化隐私需求.首先,定义归一化的决策矩阵,描述导航推荐路...     

社交网络中的位置隐私保护研究

随着智能终端设备和社交网络服务的广泛使用,移动互联网发展的一个重要趋势是社交、位置和移动相融合,在这些应用中,位置是一项非常重要的信息。该文从位置隐私泄露的风险出发,介绍了几种位置隐私保护技术,比较它们的优劣,提出了移动感知的匿位区域生成方法,通过信息熵理论将用户位置的不可推测性最大化,实现了社交网络中个人隐私保护。     

Anonymizing social networks: A generalization approach

Social networks provide a mathematical picture of various relationships that exist in society. A social network can be represented by graph data structures. These graphs are rich sources of information that must be published to share with the world. As a result, however, the privacy of users is compromised. Conventional techniques such as anonymization, randomization and masking are used to protect privacy. The techniques proposed to date do not consider the utility of published data. Absolute privacy implies zero utility, and vice versa. This paper focuses on the importance of users and the protection of their privacy. The importance of a user is determined by centrality or prestige measures. Generalization of the user is performed based on their importance to ensure privacy and utility in social networks. The information lost due to generalization is also measured.     

Protecting query privacy in location-based services

The popularity of location-based services (LBSs) leads to severe concerns on users’ privacy. With the fast growth of Internet applications such as online social networks, more user information becomes available to the attackers, which allows them to construct new contextual information. This gives rise to new challenges for user privacy protection and often requires improvements on the existing privacy-preserving methods. In this paper, we classify contextual information related to LBS query privacy and focus on two types of contexts—user profiles and query dependency: user profiles have not been deeply studied in LBS query privacy protection, while we are the first to show the impact of query dependency on users’ query privacy. More specifically, we present a general framework to enable the attackers to compute a distribution on users with respect to issuing an observed request. The framework can model attackers with different contextual information. We take user profiles and query dependency as examples to illustrate the implementation of the framework and their impact on users’ query privacy. Our framework subsequently allows us to show the insufficiency of existing query privacy metrics, e.g., k-anonymity, and propose several new metrics. In the end, we develop new generalisation algorithms to compute regions satisfying users’ privacy requirements expressed in these metrics. By experiments, our metrics and algorithms are shown to be effective and efficient for practical usage.     

半去中心化的社交网访问控制方案

提出一种将社交网网络服务与用户的数据资源管理相分离的半去中心化的社交网隐私保护方案。通过对其直接好友颁布并保存到关系服务器上的关系声明来明确用户与其好友之间的关系类型,以关系类型和访问深度作为参数定义数据资源的访问控制规则,利用关系服务器验证访问请求者与资源拥有者之间的关系路径,将关系路径与访问控制规则进行比较以决定是否授权访问。实现了依据用户指定的关系类型和深度进行授权控制,进而保护了社交网中用户数据资源的隐私。     

Agent societies and social networks for ubiquitous computing

In ubiquitous computing environments, providing appropriate services and information to users at the right place in the right way is challenging for many reasons: different user interests, heterogeneous devices and services, dynamic networks, information overload, or differing privacy levels, for example. Agent technology is a paradigm expected to play an increasing role in complex computing environments, and due to the increasing popularity of social networking services, we expect to see the convergence of agent and social web technologies. The goal of this theme issue is to bring together state-of-the-art research contributions that examine the convergence of agent technologies and social networks for ubiquitous computing.     

基于好友亲密度的用户匹配

用户匹配的目的是检测来自不同社交网络的用户是否是同一个人.现有的研究主要集中在用户属性和网络嵌入上,而这些研究方法往往忽略了用户与好友间的亲密关系.因此,文中提出一种基于好友亲密度的用户匹配算法(FCUM).该算法是一种半监督、端到端的跨社交网络用户匹配算法,其中注意力机制被用于量化用户与好友之间的亲密度.好友亲密度的...     

社交网络中用户隐私推理与保护研究综述

如今微博和Twitter等社交网络平台被广泛地用于交流、创建在线社区并进行社交活动。用户所发布的内容可以被推理出大量隐私信息,这导致社交网络中针对用户的隐私推理技术的兴起。利用用户的文本内容及在线行为等知识可以对用户进行推理攻击,社交关系推理和属性推理是对社交网络用户隐私的两种基本攻击。针对推理攻击保护机制和方法的研究也在日益增加,对隐私推理和保护技术相关的研究和文献进行了分类并总结,最后进行了探讨和展望。     

Privacy as information access and illusory control: The case of the Facebook News Feed privacy outcry

Increasingly, millions of people, especially youth, post personal information in online social networks (OSNs). In September 2006, one of the most popular sites—Facebook.com—introduced the features of News Feed and Mini Feed, revealing no more information than before, but resulting in immediate criticism from users. To investigate the privacy controversy, we conducted a survey among 172 current Facebook users in a large US university to explore their usage behaviors and privacy attitudes toward the introduction of the controversial News Feed and Mini Feed features. We examined the degree to which users were upset by the changes, explored the reasons as to why, and examined the influences of the News Feed privacy outcry on user behavior changes. The results have demonstrated how an easier information access and an “illusory” loss of control prompted by the introduction of News Feed features, triggered users’ privacy concerns. In addition to enhancing our theoretical understanding of privacy issues in the online social networks, this research is also potentially useful to privacy advocates, regulatory bodies, service providers, and marketers to help shape or justify their decisions concerning the online social networks.     

An energy efficient privacy-preserving content sharing scheme in mobile social networks

The rising popularity of mobile social media enables personalization of various content sharing and subscribing services. These two types of services entail serious privacy concerns not only to the confidentiality of shared content, but also to the privacy of end users such as their identities, interests and social relationships. Previous works established on the attribute-based encryption (ABE) can provide fine-grained access control of content. However, practical privacy-preserving content sharing in mobile social networks either incurs great risk of information leaking to unauthorized third parties or suffers from high energy consumption for decrypting privacy-preserving content. Motivated by these issues, this paper proposes a publish–subscribe system with secure proxy decryption (PSSPD) in mobile social networks. First, an effective self-contained privacy-preserving access control method is introduced to protect the confidentiality of the content and the credentials of users. This method is based on ciphertext-policy ABE and public-key encryption with keyword search. After that, a secure proxy decryption mechanism is proposed to reduce the heavy burdens of energy consumption on performing ciphertext decryption at end users. The experimental results demonstrate the efficiency and privacy preservation effectiveness of PSSPD.     

BFF: A tool for eliciting tie strength and user communities in social networking services

The use of social networking services (SNSs) such as Facebook has explosively grown in the last few years. Users see these SNSs as useful tools to find friends and interact with them. Moreover, SNSs allow their users to share photos, videos, and express their thoughts and feelings. However, users are usually concerned about their privacy when using SNSs. This is because the public image of a subject can be affected by photos or comments posted on a social network. In this way, recent studies demonstrate that users are demanding better mechanisms to protect their privacy. An appropriate approximation to solve this could be a privacy assistant software agent that automatically suggests a privacy policy for any item to be shared on a SNS. The first step for developing such an agent is to be able to elicit meaningful information that can lead to accurate privacy policy predictions. In particular, the information needed is user communities and the strength of users’ relationships, which, as suggested by recent empirical evidence, are the most important factors that drive disclosure in SNSs. Given the number of friends that users can have and the number of communities they may be involved on, it is infeasible that users are able to provide this information without the whole eliciting process becoming confusing and time consuming. In this work, we present a tool called Best Friend Forever (BFF) that automatically classifies the friends of a user in communities and assigns a value to the strength of the relationship ties to each one. We also present an experimental evaluation involving 38 subjects that showed that BFF can significantly alleviate the burden of eliciting communities and relationship strength.     

Anonymizing popularity in online social networks with full utility

With the rapid growth of social network applications, more and more people are participating in social networks. Privacy protection in online social networks becomes an important issue. The illegal disclosure or improper use of users’ private information will lead to unaccepted or unexpected consequences in people’s lives. In this paper, we concern on authentic popularity disclosure in online social networks. To protect users’ privacy, the social networks need to be anonymized. However, existing anonymization algorithms on social networks may lead to nontrivial utility loss. The reason is that the anonymization process has changed the social network’s structure. The social network’s utility, such as retrieving data files, reading data files, and sharing data files among different users, has decreased. Therefore, it is a challenge to develop an effective anonymization algorithm to protect the privacy of user’s authentic popularity in online social networks without decreasing their utility. In this paper, we first design a hierarchical authorization and capability delegation (HACD) model. Based on this model, we propose a novel utility-based popularity anonymization (UPA) scheme, which integrates proxy re-encryption with keyword search techniques, to tackle this issue. We demonstrate that the proposed scheme can not only protect the users’ authentic popularity privacy, but also keep the full utility of the social network. Extensive experiments on large real-world online social networks confirm the efficacy and efficiency of our scheme.     

When changing the look of privacy policies affects user trust: An experimental study

The majority of Internet users do not read privacy policies because of their lengthy verbose format, although they are still the main source of information for users about how their data are collected and used. Consequently, as shown by many studies, users do not trust online services with respect to the use of their private data. Furthermore, they find it unfair that their data are used to generate revenue by online services without their knowledge or without their benefit from this.In this paper, we take as main assumption that the control of their private data and also caring about their interests would restore the trust of users. Based on an empirical model, we conducted an experimental comparative study of user trust by offering to two groups of participants the possibility to adhere to a service with a privacy policy presented in one of two different formats: the first, a conventional privacy policy and the second, designed according to the privacy policy model studied in this paper.We collected, through a survey, 717 responses from participants. The results show that allowing personalization and management in privacy policies affects user trust and makes online services appear more trustworthy to their users.     

面向移动社交网络的位置隐私保护方法

移动社交网络为人们的生活带来了极大的便利,但用户在享受这些服务带来便利的同时,个人位置隐私受到了严重威胁。首先对用户位置隐私保护需求进行了形式化描述,继而针对用户的敏感兴趣点泄露问题,提出了一种情景感知的隐私保护方法。该方法将位置信息、社交关系、个人信息引入到知识构建算法中以计算兴趣点间的相关性,并利用该相关性及时空情景实时判断发布当前位置是否会泄露用户隐私,进而实现了隐私保护与服务可用性间的平衡。最后通过仿真实验验证了该方法的有效性。     

从脸书用户个人信息泄露事件谈我国社交媒体用户隐私保护

The rapid development of information technology has promoted the popularization of social media applications. Social me- dia has become a platform for users to search for real-time information and communicate and interact. Privacy protection is an im- portant symbol of the progress of human modern civilization. While enjoying the benefits brought by social media, human rights al- so face unprecedented challenges. Therefore, the protection of privacy highlights its importance. This paper analyzes the information leakage of Facebook users in order to discover the various risks faced by the privacy protection of social media users. Then it re- views the user privacy protection measures of major social media platforms at home and abroad. Finally, it is recommended that the government level should speed up the improvement of the social media platform user privacy supervision system, the enterprise lev- el should strengthen the implementation of the social media platform user privacy protection subject responsibility, and the user must improve personal information security literacy and protect personal information and privacy together.     

在线社交网络中延伸访问控制机制研究

针对社交网络中用户发布的数据延伸不可控的问题,提出了一种基于隐私标签的延伸控制机制。该机制基于用户关系跳数和资源转发跳数给用户和数据分配不同类型的隐私标签,以实现对数据的细粒度延伸访问控制。提出了隐私标签的生成算法和分配方法,设计了隐私标签约束规则并对可能出现的策略冲突进行分析。最后通过测试,表明了该机制可以实现社交网络中细粒度延伸控制,同时证明了该机制的安全性和有效性。     

Dynamic path privacy protection framework for continuous query service over road networks

Many applications of location based services (LBSs), it is useful or even necessary to ensure that LBSs services determine their location. For continuous queries where users report their locations periodically, attackers can infer more about users’ privacy by analyzing the correlations of their query samples. The causes of path privacy problems, which emerge because the communication by different users in road network using location based services so, attacker can track continuous query information. LBSs, albeit useful and convenient, pose a serious threat to users’ path privacy as they are enticed to reveal their locations to LBS providers via their queries for location-based information. Traditional path privacy solutions designed in Euclidean space can be hardly applied to road network environment because of their ignorance of network topological properties. In this paper, we proposed a novel dynamic path privacy protection scheme for continuous query service in road networks. Our scheme also conceals DPP (Dynamic Path Privacy) users’ identities from adversaries; this is provided in initiator untraceability property of the scheme. We choose the different attack as our defending target because it is a particularly challenging attack that can be successfully launched without compromising any user or having access to any cryptographic keys. The security analysis shows that the model can effectively protect the user identity anonymous, location information and service content in LBSs. All simulation results confirm that our Dynamic Path Privacy scheme is not only more accurate than the related schemes, but also provide better locatable ratio where the highest it can be around 95 % of unknown nodes those can estimate their position. Furthermore, the scheme has good computation cost as well as communication and storage costs.Simulation results show that Dynamic Path Privacy has better performances compared to some related region based algorithms such as IAPIT scheme, half symmetric lens based localization algorithm (HSL) and sequential approximate maximum a posteriori (AMAP) estimator scheme.     

基于Skyline计算的社交网络关系数据隐私保护

随着社交软件的流行，越来越多的人加入社交网络产生了大量有价值的信息，其中也包含了许多敏感隐私信息。不同的用户有不同的隐私需求，因此需要不同级别的隐私保护。社交网络中用户隐私泄露等级受社交网络图结构和用户自身威胁等级等诸多因素的影响。针对社交网络数据的个性化隐私保护问题及用户隐私泄露等级评价问题，提出基于Skyline计算的个性化差分隐私保护策略（PDPS）用以发布社交网络关系数据。首先构建用户的属性向量；接着采用基于Skyline计算的方法评定用户的隐私泄露等级，并根据该等级对用户数据集进行分割；然后应用采样机制来实现个性化差分隐私，并对整合后的数据添加噪声；最后对处理后数据进行安全性和实用性的分析并发布数据。在真实数据集上与传统的个性化差分隐私方法（PDP）对比，验证了PDPS算法的隐私保护质量和数据的可用性都优于PDP算法。     

基于加权最小二乘的社交网络用户定位方法

社交网络在提供位置交友等服务时,会对展示的用户距离文本进行混淆处理,以保护用户位置隐私。为了验证当前社交网络采用的位置混淆机制能否有效保护用户的精确位置不被泄露,提出了一种基于加权最小二乘的社交网络用户定位方法。该方法构造测试环境,对位置交友服务中混淆后的距离文本进行大量搜集和统计,结合真实距离数据识别报告距离对应的真实距离边界;基于对目标用户所处坐标系象限的判别,优化探针位置部署,并利用三边测量定位模型得到目标用户的多个初步位置估计;基于估计位置与探针的距离关系,分别确定目标用户相较各探针的最远距离和最近距离的权重,从而构造目标函数并基于加权最小二乘求目标函数的最优解,该最优解即目标用户的最终定位结果。该方法基于距离边界约束推断社交用户位置,避免了对位置服务的频繁查询,保证了对社交用户的定位效率。基于微信平台开展了社交用户定位实验,对500个微信用户的实际定位结果表明,该方法能够实现对微信“附近的人”用户的准确定位,与现有基于空间划分、基于启发式数论等典型定位方法相比,定位精度和效率均有更好的性能表现,平均定位误差降低了10%以上,定位过程中的位置服务访问次数减少了50%以上。     

Analysis of MySpace user profiles

Online social networks have attracted millions of users, who have integrated social network web sites into their daily life. Users participate to the changes and to the evolution of these sites because they are producers and reviewers of contents that help them to maintain the existing social relationships, make new friends, collaborate and enrich experiences. This paper presents a study of the characteristics of the users of MySpace web site, with the objective of studying relationships and interactions among users and deriving hints about their behavior. The analysis relies on data collected by monitoring the web site for 12 weeks. Typical user behaviors have been derived and classes of users characterized by different levels of participation to the social network have been identified. In particular, the analysis reveals that most of the users actively participate to the social network and specify many personal details. Social networks web sites allow access to such details; the sharing of information about users and their relationships can lead to non-ethic online activities, which threat the privacy and the security of users themselves.