Data Dynamics Enabled Privacy-Preserving Public Batch Auditing in Cloud Storage

Many schemes have been present to tackle data integrity and retrievability in cloud storage. Few of existing schemes support data dynamics, public verifica- tion and protect data privacy simultaneously. We propose a public auditing scheme which enables privacy-preserving, data dynamics and batch auditing. A data updating infor- mation table is designed to record the status information of the data blocks and facilitate data dynamics. Homomor- phic authenticator and random masking technologies are exploited to protect data privacy for data owners. The scheme employs a Trusted third party auditor （TTPA） to verify the data integrity without learning any informa- tion about the data content during the auditing process. The scheme also allows batch auditing so that TTPA can process multiple auditing requests simultaneously which greatly accelerates the auditing process. Security and per- formance analysis show that our scheme is secure and fea- sible.     

多方参与高效撤销组成员的共享数据审计方案

针对云平台上共享数据的完整性验证问题,该文提出一种多方参与高效撤销组成员的共享数据审计方案(SDRM)。首先,通过Shamir秘密共享方法,使多个组成员共同参与撤销非法组成员,保证了组成员间的权限平等。然后,结合代数签名技术,用文件标识符标识数据拥有者的上传数据记录和普通组成员的访问记录,使数据拥有者能够高效更新其所有数据。最后对方案的正确性、安全性和有效性进行理论分析和实验验证,结果表明,该文方案的计算复杂度与被撤销组成员签名的文件块数之间相互独立,达到了高效撤销组成员的目的。并且,随数据拥有者数量增加,该方案更新数据效率较NPP明显提升。

     

一种新的满足隐私性的云存储公共审计方案

在云存储网络环境中,数据的安全性、完整性和隐私性是用户最关心的问题之一.云存储服务中,用户将存储的数据和认证标识信息存储在云服务器中.为了保证存储数据的完整性,云存储服务提供者需要向用户或第三方审计者证明其正确地持有用户存储的数据.公共审计是指由用户以外的第三方代替用户完成审计工作,这对于计算资源比较有限的用户尤其重要.目前多数云存储审计方案没有考虑隐私性问题.本文提出了一种新的可聚合基于签名的广播加密(ASBB)方案,并在此基础上设计了新的满足隐私性的云存储公共审计方案.新方案在随机预言模型下是可证安全的,并且在计算开销方面更具有优势.     

Personalized Privacy-Preserving Trajectory Data Publishing

Due to the popularity of mobile internet and location-aware devices, there is an explosion of loca-tion and tra jectory data of m oving ob jects. A few pro-posals have been proposed for privacy preserving trajec-tory data publishing, and most of them assume the at-tacks with the same adversarial background knowledge. In practice, different users have different privacy require-ments. Such non-personalized privacy assumption does not meet the personalized privacy requirements, meanwhile, it looses the chance to achieve better utility by taking advan-tage of differences of users' privacy requirements. We study the personalized trajectory k-anonymity criterion for tra-jectory data publication. Specifically, we explore and pro-pose an overall framework which provides privacy preserv-ing services based on users' personal privacy requests, in-cluding tra jectory clustering, editing and publication. We demonstrate the efficiency and effectiveness of our scheme through experiments on real world dataset.     

A New Anonymity Model for Privacy-Preserving Data Publishing

Privacy-preserving data publishing （PPDP） is one of the hot issues in the field of the network security. The existing PPDP technique cannot deal with generality attacks, which explicitly contain the sensitivity attack and the similarity attack. This paper proposes a novel model, （w,γ, k）-anonymity, to avoid generality attacks on both cases of numeric and categorical attributes. We show that the optimal （w, γ, k）-anonymity problem is NP-hard and conduct the Top-down Local recoding （TDL） algorithm to implement the model. Our experiments validate the improvement of our model with real data.     

Privacy-Preserving Deep Learning on Big Data in Cloud

In the analysis of big data,deep learning is a crucial technique.Big data analysis tasks are typically carried out on the cloud since it offers strong computer capabilities and storage areas.Nevertheless,there is a contradiction between the open nature of the cloud and the demand that data owners maintain their privacy.To use cloud resources for privacy-preserving data training,a viable method must be found.A privacy-preserving deep learning model(PPDLM) is suggested in this research to address ...     

传感器网络中基于路线的隐私保护数据聚集算法

针对现有隐私保护数据聚集算法依赖某种网络拓扑结构和加解密次数过多的问题,本文提出了一种基于同心圆路线的隐私保护数据聚集算法PCIDA （Privacy-preserving and Concentric-circle Itinerary-based Data Aggregation algorithm）.PCIDA沿着设计好的理想路线执行数据聚集,使得算法不依赖网络拓扑结构.PCIDA利用安全通道保证数据的隐私性,避免了数据聚集过程中的加解密运算.PCIDA沿着同心圆并行处理,使得算法数据处理延迟较小.理论分析和实验结果显示,PCIDA在较低通信量和能耗的情况下获得较高的数据隐私性和聚集精确度.     

A Secret Confusion Based Energy-Saving and Privacy-Preserving Data Aggregation Algorithm

To reduce communication overhead on the premise of privacy protection, this study presents a novel secret Confusion based energy-saving and privacy-preserving data aggregation algorithm (CESPT). In con-fusion phase, CESPT confuses real sensory data and their sources by positive-negative pairs and a confusion factor is introduced to determine the quantity of pairs generated by a sensor, the exchange rounds and the threshold of data ex-change, which aff ect communication overhead and privacy intensity of a Wireless sensor network (WSN). In aggre-gation phase, CESPT adopts a positive-negative neutral-ization strategy and a well-designed time slice allocation mechanism to reduce network traffic and message collision. In a word, CESPT can greatly reduce data traffic and en-ergy consumption and obtain accurate statistical results on the basis of data privacy.     

Privacy-Preserving Lightweight Data Monitoring in Internet of Things Environments

Wireless Personal Communications - The fast development of Internet of Things (IoT) has shown that it becomes one of the most popular techniques. In the IoT paradigm, ubiquitous sensors and smart...     

Privacy-Preserving Data Packet Filtering Protocol with Source IP Authentication

Packet filtering allows a network gateway to control the network traffic flows and protect the computer system. Most of the recent research works on the filtering systems mainly concern the performance, reliability and defence against common network attacks. However, since the gateway might be controlled by red an untrusted attacker, who might try to infer the identity privacy of the sender host and mount IP tracking to its data packets. IP spoofing is another problem. To avoid data packets to be filtered in the packet filtering system, the malicious sender host might use a spoofed source IP address. Therefore, to preserve the source IP privacy and provide source IP authentication simultaneously in the filtering system is an interesting and challenging problem. To deal with the problem, we construct a data packet filtering scheme, which is formally proved to be semantic secure against the chosen IP attack and IP guessing attack. Based on this filtering scheme, we propose the first privacy-preserving packet filtering system, where the data packets whose source IP addresses are at risk are filtered, the privacy of the source IP is protected and its correctness can be verified by the recipient host. The analysis shows that our protocol can fulfil the objectives of a data packet filtering system. The performance evaluation demonstrates its applicability in the current network systems. We also presented a packet filtering scheme, where the data packets from one subnet can be filtered with only one filter policy.     

Privacy-Preserving Data Communication Through Secure Multi-Party Computation in Healthcare Sensor Cloud

In recent years, wireless medical sensor networks meet the web to enable exciting healthcare applications that require data communication over the Internet. Often these applications suffer from data disclosure due to malicious users’ activities. To prevent such data disclosure in the healthcare systems, many public key cryptographic techniques have been used. However, most of them are too expensive to implement in the web-enabled wireless medical sensor networks. In 2013, Xun et al. introduced a lightweight encryption algorithm to protect communication between the sensor node and the data servers. Their scheme is based on the Sharemind framework. However, Sharemind framework has a limitation on the number of data storage servers (ie., three servers only). In addition, Xun et al’s scheme does not support privacy-preserving patient data analysis for distributed databases of different hospitals. In this paper, we introduce a new practical approach to prevent data disclosure from inside attack. Our new proposal is based on FairplayMP framework which enables programmers who are not experts in the theory of secure computation to implement such protocols. In addition, it support any number of n participants and is suitable for distributed environments. Moreover, in our new scheme, each sensor node needs only one secret key stored in advance to communicate with n different data servers, whereas three secret keys are embedded in advance into each sensor in order to communicate with three data servers in Xun et al’s scheme.     

Privacy-Preserving and Energy-Efficient Continuous Data Aggregation Algorithm in Wireless Sensor Networks

Wireless Personal Communications - Privacy-preserving continuous data aggregation in wireless sensor networks has broad application prospects, such as environmental monitoring, health care, etc....     

A Retrievable Data Perturbation Method Used in Privacy-Preserving in Cloud Computing

With the increasing popularity of cloud computing,privacy has become one of the key problem in cloud security.When data is outsourced to the cloud,for data owners,they need to ensure the security of their privacy;for cloud service providers,they need some information of the data to provide high QoS services;and for authorized users,they need to access to the true value of data.The existing privacy-preserving methods can＇t meet all the needs of the three parties at the same time.To address this issue,we propose a retrievable data perturbation method and use it in the privacy-preserving in data outsourcing in cloud computing.Our scheme comes in four steps.Firstly,an improved random generator is proposed to generate an accurate ＂noise＂.Next,a perturbation algorithm is introduced to add noise to the original data.By doing this,the privacy information is hidden,but the mean and covariance of data which the service providers may need remain unchanged.Then,a retrieval algorithm is proposed to get the original data back from the perturbed data.Finally,we combine the retrievable perturbation with the access control process to ensure only the authorized users can retrieve the original data.The experiments show that our scheme perturbs date correctly,efficiently,and securely.     

隐私保护机器学习的密码学方法

新一代人工智能技术的特征,表现为借助GPU计算、云计算等高性能分布式计算能力,使用以深度学习算法为代表的机器学习算法,在大数据上进行学习训练,来模拟、延伸和扩展人的智能。不同数据来源、不同的计算物理位置,使得目前的机器学习面临严重的隐私泄露问题,因此隐私保护机器学习(PPM)成为目前广受关注的研究领域。采用密码学工具来解决机器学习中的隐私问题,是隐私保护机器学习重要的技术。该文介绍隐私保护机器学习中常用的密码学工具,包括通用安全多方计算(SMPC)、隐私保护集合运算、同态加密(HE)等,以及应用它们来解决机器学习中数据整理、模型训练、模型测试、数据预测等各个阶段中存在的隐私保护问题的研究方法与研究现状。     

A Blockchain-Based Flexible Data Auditing Scheme for the Cloud Service

Nowdays, cloud storage technology has become a hot topic, and an increasing number of users are concerned with the security of their data in the cloud. Many aud...     

基于数据仓库审计信息安全的方法

采用Syslog标准协议及基于正则表达式的模式匹配方法实时收集日志信息,借助于数据仓库采用信息安全多维模型的建模方法,对各个审计分析主题通过共同的分析维进行关联;通过数据仓库中的多维模型,采用联机在线分析处理方法、数据挖掘方法进行多维分析、挖掘,发现网络中潜在的安全漏洞和问题,根据分析结果生成审计分析报表,进而提高审计系统的扩展性、开放性以及审计分析的效率。     

数据标签在共享数据溯源中的应用研究

大数据时代,数据资产已成为企业的核心发展要素之一。一方面企业迫切希望能够将数据整合、分析和挖掘,以达到数据驱动业务、数据创新业务及实现业务转型的目标。另一方面,层出不穷的数据泄露事件制约着数据共享的进展。因此,急需一套数据共享管理体系,辅以数据共享技术管控措施,解决数据共享“不愿”“不敢”“不会”的三难问题。这种情形下,提出了一种基于数据标签的共享数据溯源方法,通过数据标签标记合法授权的数据共享信息流,结合数据共享规则特征库进行非法数据共享数据信息流的追踪溯源,并可对合法授权的数据共享信息流的违规操作进行追踪。     

Pseudo-Location Updating System for Privacy-Preserving Location-Based Services

With the rapid development of lo- cation-aware devices such as smart phones, Location-Based Services （LBSs） are becoming increasingly popular. Users can enjoy conven- ience by sending queries to LBS servers and obtaining service information that is nearby. However, these queries may leak the users＇ locations and interests to the un-trusted LBS servers, leading to serious privacy concerns. In this paper, we propose a Privacy-Preserving Pseudo-Location Updating System （3PLUS） to achieve k-anonymity for mobile users using LBSs. In 3PLUS, without relying on a third party, each user keeps pseudo-locations ob- tained from both the history locations and the encountered users, and randomly exchanges one of them with others when encounters oc- cur. As a result, each user＇s buffer is disor- dered. A user can obtain any k locations from the buffer to achieve k-anonymity locally. The security analysis shows the security properties and our evaluation results indicate that the user＇s privacy is significantly improved.