Preserving location privacy without exact locations in mobile services

Privacy preservation has recently received considerable attention in location-based services (LBSs). A large number of location cloaking algorithms have been proposed for protecting the location privacy of mobile users. However, most existing cloaking approaches assume that mobile users are trusted. And exact locations are required to protect location privacy, which is exactly the information mobile users want to hide. In this paper, we propose a p-anti-conspiration privacy model to anonymize over semi-honest users. Furthermore, two k*NNG-based cloaking algorithms, vk*NNCA and ek*NNCA, are proposed to protect location privacy without exact locations. The efficiency and effectiveness of the proposed algorithms are validated by a series of carefully designed experiments. The experimental results show that the price paid for location privacy protection without exact locations is small.     

A transformational model for Organizational Memory Systems management with privacy concerns

Collaborative activities such as coordination, decision-making and negotiation critically depend on historical information of an organization. This information is usually part of isolated legacy information systems, therefore, it can be inconsistent, redundant and difficult to retrieve and link. Previous research in CSCW has proposed the use of Organizational Memory Systems (OMS) to accumulate, organize, preserve, link and share diverse information coming from various sources, and thus support such collaborative activities. However, there is a need to provide a low-cost feeding process, to embed privacy mechanisms and to support information retrieval capabilities for all users of the OMS, in order to make these solutions useful to a broad range of organizations. As a way to deal with this need, this paper presents a transformational model able to: (a) facilitate the feeding of an OMS based on information stored in legacy information systems, (b) ease the information retrieval process, and (c) embed automatic mechanisms to evolve the information stored in the OMS, through a document privacy lifecycle. This is a low-cost solution that can be implemented using OpenSource technologies.     

基于比特币的私有信息检索支付协议

私有信息检索（PIR）是一种密码学工具,使用户能够从远程数据库服务器中获取信息,而不会让服务器知道用户获取了什么信息。PIR方案基本上由两种类型组成,即信息论私有信息检索（Information Theoretic PIR,IT-PIR）和计算性私有信息检索（Computational PIR,C-PIR）。IT-PIR方案要求服务器之间不共谋。一旦服务器共谋,就无法保证用户的隐私。共谋问题一直以来都没有一个比较好的解决办法。比特币和区块链的出现为解决公平和信任的问题提供了一种新方法。在本文中,我们创新地使用区块链来处理IT-PIR中的共谋问题,提出了一种基于比特币的PIR支付协议。在此支付协议中,客户通过比特币交易支付服务费。我们通过比特币脚本控制交易兑现的条件,使得如果服务方相互串通,则使服务方受到利益损失。通过这种方式,该支付协议可以在一定程度上降低共谋的可能性。     

k-Nearest Neighbor Query Processing Algorithms for a Query Region in Road Networks

Recent development of wireless communication technologies and the popularity of smart phones are making location-based services (LBS) popular. However, requesting queries to LBS servers with users’ exact locations may threat the privacy of users. Therefore, there have been many researches on generating a cloaked query region for user privacy protection. Consequently, an effcient query processing algorithm for a query region is required. So, in this paper, we propose k-nearest neighbor query (k-NN) processing algorithms for a query region in road networks. To effciently retrieve k-NN points of interest (POIs), we make use of the Island index. We also propose a method that generates an adaptive Island index to improve the query processing performance and storage usage. Finally, we show by our performance analysis that our k-NN query processing algorithms outperform the existing k-Range Nearest Neighbor (kRNN) algorithm in terms of network expansion cost and query processing time.     

Countering overlapping rectangle privacy attack for moving kNN queries

An important class of LBSs is supported by the moving k nearest neighbor (MkNN) query, which continuously returns the k nearest data objects for a moving user. For example, a tourist may want to observe the five nearest restaurants continuously while exploring a city so that she can drop in to one of them anytime. Using this kind of services requires the user to disclose her location continuously and therefore may cause privacy leaks derived from the user's locations. A common approach to protecting a user's location privacy is the use of imprecise locations (e.g., regions) instead of exact positions when requesting LBSs. However, simply updating a user's imprecise location to a location-based service provider (LSP) cannot ensure a user's privacy for an MkNN query: continuous disclosure of regions enable LSPs to refine more precise location of the user. We formulate this type of attack to a user's location privacy that arises from overlapping consecutive regions, and provide the first solution to counter this attack. Specifically, we develop algorithms which can process an MkNN query while protecting the user's privacy from the above attack. Extensive experiments validate the effectiveness of our privacy protection technique and the efficiency of our algorithm.     

L2P2: A location-label based approach for privacy preserving in LBS

The developments in positioning and mobile communication technology have made the location-based service (LBS) applications more and more popular. For privacy reasons and due to lack of trust in the LBS providers, k-anonymity and l-diversity techniques have been widely used to preserve privacy of users in distributed LBS architectures in Internet of Things (IoT). However, in reality, there are scenarios where the locations of users are identical or similar/near each other in IoT. In such scenarios the k locations selected by k-anonymity technique are the same and location privacy can be easily compromised or leaked. To address the issue of privacy preservation, in this paper, we introduce the location labels to distinguish locations of mobile users to sensitive and ordinary locations. We design a location-label based (LLB) algorithm for protecting location privacy of users while minimizing the response time for LBS requests. We also evaluate the performance and validate the correctness of the proposed algorithm through extensive simulations.     

An indexing scheme for energy-efficient processing of content-based retrieval queries on a wireless data stream

Wireless data broadcasting is a popular data delivery approach in mobile computing environments, where the broadcasting servers usually adopt indexing schemes for mobile clients to energy-efficiently access data on a wireless broadcast stream. However, conventional indexing schemes use primary key attribute values to construct tree structures. Therefore, these schemes do not support content-based retrieval queries such as partial-match queries and range-queries. This paper proposes an indexing method that supports content-based retrieval queries on a wireless data stream. The method uses a tree-structured index, called B2V-Tree, which is composed of bit-vectors that are generated from data records through multi-attribute hashing. Through analysis and experiments, the effectiveness of the proposed method is shown.     

基于点函数秘密共享的私有信息检索协议

针对私有信息检索（PIR）中的隐私安全问题,提出了一个基于点函数秘密共享的私有信息检索协议。该协议将检索的索引看成一个特殊的0-1点函数,利用点函数秘密共享技术生成这个点函数的密钥组,分别发送给p个服务器,根据p个服务器返回的响应作异或运算得到检索结果。对协议进行了正确性、安全性和效率分析,验证了这个协议是安全且高效的,并给出了一个具体实例来说明该协议的有效性。最后介绍了将该协议推广到多项私有信息检索和基于关键字的私有信息检索中的应用情况。     

Complete Bipartite Anonymity for Location Privacy

Users are vulnerable to privacy risks when providing their location information to location-based services (LBS). Existing work sacrifices the quality of LBS by degrading spatial and temporal accuracy ...     

一种新型隐私数据库秘密同态检索协议

针对隐私数据查询中的隐私泄露威胁模型,本文提出了一种新型隐私数据库秘密同态检索协议,该协议基于SomeWhat部分同态算法进行设计,通过使用密文同态运算性质较好的解决了该威胁模型中涉及到的隐私泄露问题,同时本文在证明该协议正确性和安全性的基础上,通过适当的参数选择,对该协议的同态算法进行了测试,给出了算法的运行效率。     

医疗大数据隐私保护多关键词范围搜索方案

随着医疗信息系统的急速发展,基于医疗云的信息系统将大量电子健康记录(EHRs)存储在医疗云系统中,利用医疗云强大的存储能力和计算能力对EHRs数据进行安全与统一的管理.尽管传统加密机制可以保证医疗数据在半诚实云服务器中的机密性,但对加密后的EHRs数据执行安全、快速、有效的范围搜索,仍是一个有待解决的关键问题.提出一种...     

Event graphs for information retrieval and multi-document summarization

With the number of documents describing real-world events and event-oriented information needs rapidly growing on a daily basis, the need for efficient retrieval and concise presentation of event-related information is becoming apparent. Nonetheless, the majority of information retrieval and text summarization methods rely on shallow document representations that do not account for the semantics of events. In this article, we present event graphs, a novel event-based document representation model that filters and structures the information about events described in text. To construct the event graphs, we combine machine learning and rule-based models to extract sentence-level event mentions and determine the temporal relations between them. Building on event graphs, we present novel models for information retrieval and multi-document summarization. The information retrieval model measures the similarity between queries and documents by computing graph kernels over event graphs. The extractive multi-document summarization model selects sentences based on the relevance of the individual event mentions and the temporal structure of events. Experimental evaluation shows that our retrieval model significantly outperforms well-established retrieval models on event-oriented test collections, while the summarization model outperforms competitive models from shared multi-document summarization tasks.     

Protecting query privacy with differentially private <Emphasis Type="Italic">k</Emphasis>-anonymity in location-based services

Nowadays, location-based services (LBS) are facilitating people in daily life through answering LBS queries. However, privacy issues including location privacy and query privacy arise at the same time. Existing works for protecting query privacy either work on trusted servers or fail to provide sufficient privacy guarantee. This paper combines the concepts of differential privacy and k-anonymity to propose the notion of differentially private k-anonymity (DPkA) for query privacy in LBS. We recognize the sufficient and necessary condition for the availability of 0-DPkA and present how to achieve it. For cases where 0-DPkA is not achievable, we propose an algorithm to achieve ??-DPkA with minimized ??. Extensive simulations are conducted to validate the proposed mechanisms based on real-life datasets and synthetic data distributions.     

k-Anonymous data collection

To protect individual privacy in data mining, when a miner collects data from respondents, the respondents should remain anonymous. The existing technique of Anonymity-Preserving Data Collection partially solves this problem, but it assumes that the data do not contain any identifying information about the corresponding respondents. On the other hand, the existing technique of Privacy-Enhancing k-Anonymization can make the collected data anonymous by eliminating the identifying information. However, it assumes that each respondent submits her data through an unidentified communication channel. In this paper, we propose k-Anonymous Data Collection, which has the advantages of both Anonymity-Preserving Data Collection and Privacy-Enhancing k-Anonymization but does not rely on their assumptions described above. We give rigorous proofs for the correctness and privacy of our protocol, and experimental results for its efficiency. Furthermore, we extend our solution to the fully malicious model, in which a dishonest participant can deviate from the protocol and behave arbitrarily.     

An algorithm for k-anonymous microaggregation and clustering inspired by the design of distortion-optimized quantizers

We present a multidisciplinary solution to the problems of anonymous microaggregation and clustering, illustrated with two applications, namely privacy protection in databases, and private retrieval of location-based information. Our solution is perturbative, is based on the same privacy criterion used in microdata k-anonymization, and provides anonymity through a substantial modification of the Lloyd algorithm, a celebrated quantization design algorithm, endowed with numerical optimization techniques.Our algorithm is particularly suited to the important problem of k-anonymous microaggregation of databases, with a small integer k representing the number of individual respondents indistinguishable from each other in the published database. Our algorithm also exhibits excellent performance in the problem of clustering or macroaggregation, where k may take on arbitrarily large values. We illustrate its applicability in this second, somewhat less common case, by means of an example of location-based services. Specifically, location-aware devices entrust a third party with accurate location information. This party then uses our algorithm to create distortion-optimized, size-constrained clusters, where k nearby devices share a common centroid location, which may be regarded as a distorted version of the original one. The centroid location is sent back to the devices, which use it when contacting untrusted location-based information providers, in lieu of the exact home location, to enforce k-anonymity.We compare the performance of our novel algorithm to the state-of-the-art microaggregation algorithm MDAV, on both synthetic and standardized real data, which encompass the cases of small and large values of k. The most promising aspect of our proposed algorithm is its capability to maintain the same k-anonymity constraint, while outperforming MDAV by a significant reduction in data distortion, in all the cases considered.     

保护位置隐私和查询内容隐私的路网K近邻查询方法

位置隐私和查询内容隐私是LBS兴趣点(point of interest,简称POI)查询服务中需要保护的两个重要内容,同时,在路网连续查询过程中,位置频繁变化会给LBS服务器带来巨大的查询处理负担,如何在保护用户隐私的同时,高效地获取精确查询结果,是目前研究的难题.以私有信息检索中除用户自身外其他实体均不可信的思想为基本假设,基于Paillier密码系统的同态特性,提出了无需用户提供真实位置及查询内容的K近邻兴趣点查询方法,实现了对用户位置、查询内容隐私的保护及兴趣点的精确检索;同时,以路网顶点为生成元组织兴趣点分布信息,进一步解决了高强度密码方案在路网连续查询中因用户位置变化频繁导致的实用效率低的问题,减少了用户的查询次数,并能确保查询结果的准确性.最后从准确性、安全性及查询效率方面对本方法进行了分析,并通过仿真实验验证了理论分析结果的正确性.     

隐私保护的图像内容检索技术研究综述

随着智能设备与社交媒体的广泛普及,图片数据的数量急剧增长,数据拥有者将本地数据外包至云平台,在云服务器上实现数据的存储、分享和检索。然而,图像数据含有大量有关用户的敏感信息,外部攻击者和不完全可信的云服务器都试图获取原始图像的内容,窥探用户隐私,造成严重的隐私泄露风险。回顾了近年来隐私保护需求下图像内容检索技术的研究进展,总结了应用于该技术的图像加密算法,包括同态加密、随机化加密和比较加密,围绕这3种密码技术,详细分析和比较了典型的解决方案,并介绍了索引构造的改进策略。最后,总结和展望了未来的研究趋势。     

Learning effective color features for content based image retrieval in dermatology

We investigate the extraction of effective color features for a content-based image retrieval (CBIR) application in dermatology. Effectiveness is measured by the rate of correct retrieval of images from four color classes of skin lesions. We employ and compare two different methods to learn favorable feature representations for this special application: limited rank matrix learning vector quantization (LiRaM LVQ) and a Large Margin Nearest Neighbor (LMNN) approach. Both methods use labeled training data and provide a discriminant linear transformation of the original features, potentially to a lower dimensional space. The extracted color features are used to retrieve images from a database by a k-nearest neighbor search. We perform a comparison of retrieval rates achieved with extracted and original features for eight different standard color spaces. We achieved significant improvements in every examined color space. The increase of the mean correct retrieval rate lies between 10% and 27% in the range of k=1-25 retrieved images, and the correct retrieval rate lies between 84% and 64%. We present explicit combinations of RGB and CIE-Lab color features corresponding to healthy and lesion skin. LiRaM LVQ and the computationally more expensive LMNN give comparable results for large values of the method parameter κ of LMNN (κ≥25) while LiRaM LVQ outperforms LMNN for smaller values of κ. We conclude that feature extraction by LiRaM LVQ leads to considerable improvement in color-based retrieval of dermatologic images.     

A comparison of clustering-based privacy-preserving collaborative filtering schemes

Privacy-preserving collaborative filtering (PPCF) methods designate extremely beneficial filtering skills without deeply jeopardizing privacy. However, they mostly suffer from scalability, sparsity, and accuracy problems. First, applying privacy measures introduces additional costs making scalability worse. Second, due to randomness for preserving privacy, quality of predictions diminishes. Third, with increasing number of products, sparsity becomes an issue for both CF and PPCF schemes.In this study, we first propose a content-based profiling (CBP) of users to overcome sparsity issues while performing clustering because the very sparse nature of rating profiles sometimes do not allow strong discrimination. To cope with scalability and accuracy problems of PPCF schemes, we then show how to apply k-means clustering (KMC), fuzzy c-means method (FCM), and self-organizing map (SOM) clustering to CF schemes while preserving users’ confidentiality. After presenting an evaluation of clustering-based methods in terms of privacy and supplementary costs, we carry out real data-based experiments to compare the clustering algorithms within and against traditional CF and PPCF approaches in terms of accuracy. Our empirical outcomes demonstrate that FCM achieves the best low cost performance compared to other methods due to its approximation-based model. The results also show that our privacy-preserving methods are able to offer precise predictions.     

Context-aware privacy-preserving access control for mobile computing

In mobile and pervasive computing applications, opportunistic connections allow co-located devices to exchange data directly. Keeping data sharing local enables large-scale cooperative applications and empowers individual users to control what and how information is shared. Supporting such applications requires runtime frameworks that allow them to manage the who, what, when, and how of access to resources. Existing frameworks have limited expressiveness and do not allow data owners to modulate the granularity of information released. In addition, these frameworks focus exclusively on security and privacy concerns of data providers and do not consider the privacy of data consumers. We present PADEC, a context-sensitive, privacy-aware framework that allows users to define rich access control rules over their resources and to attach levels of granularity to each rule. PADEC is also characterized by its expressiveness, allowing users to decide under which conditions should which information be shared. We provide a formal definition of PADEC and an implementation based on private function evaluation. Our evaluation shows that PADEC is more expressive than other mechanisms, protecting privacy of both consumers and providers.