利用盲签名实现对3G位置隐私的保护

随着3G技术的深入发展,人们对服务提出了更高的要求,在合法用户获取相应服务的同时,还要保护好用户的隐私。论文主要目的是解决3G用户的位置隐私问题,通过使用一个授权的匿名身份来替代3G中用到的IMSI和TMSI,防止了用户身份和位置信息的暴露。文章采用盲签名来实现身份的隐藏,从而达到了保护位置信息的目的。匿名身份的独立性和基于应用层实现该协议达到了用户对位置隐私的完全控制。     

Applying privacy on the dissemination of location information

Recent achievements in the positioning technology enable the provision of location-based services that require high accuracy. On the other hand, location privacy is important, since position information is considered as personal information. Thus, anonymity and location privacy in mobile and pervasive environments has been receiving increasing attention during the last few years, and several mechanisms and architectures have been proposed to prevent “big brother” phenomena. In this paper, we discuss an architecture to shield the location of a mobile user and preserve the anonymity on the service delivery. This architecture relies on un-trusted entities to distribute segments of anonymous location information, and authorizes other entities to combine these portions and derive the actual location of a user. The paper describes how the proposed architecture takes into account the location privacy requirements, and how it is used by the end users’ devices, e.g., mobile phones, for the dissemination of location information to Service Providers. Furthermore, it discusses performance study experiments, based on real location data, and summarizes the threats analysis results.     

Light-Weight Selective Image Encryption for Privacy Preservation

To protect personal privacy and confidential preservation, access control is used to authorize legal users for safe browsing the authorized contents on photos. The access control generates an authorization rule according to each permission assignment. However, the general access control is inappropriate to apply in some social services (e.g., photos posted on Flickr and Instagram, personal image management in mobile phone) because of the increasing popularity of digital images being stored and managed. With low maintenance loads, this paper integrates the data hiding technique to propose an access control mechanism for privacy preservation. The proposed scheme changes the partial regions of a given image as random pads (called selective image encryption) and only allows the authorized people to remedy the random pads back to meaningful ones which are with similar visual qualities of original ones.     

Privacy self-correlation privacy-preserving scheme in LBS

The prevalence of mobile intelligent terminals gives the location-based service (LBS) more opportunities to enrich mobile users’ lives.However,mobile users enjoy the convenience with the cost of personal privacy.The side information and mobile user’s recent requirement records were considered,which were obtained or stored by the service provider.Based on the existence of recent requirement records,adversary can employ the inference attack to analysis mobile user’s personal information.Therefore,two schemes were proposed,including of basic privacy self-correlation privacy-preserving scheme (Ba-2PS) and enhanced privacy self-correlation privacy-preserving scheme(En-2PS).In En-2PS,the privacy-preserving scheme was designed from two dimensions of aspects of time factor and query region,which increased the uncertainty inferring out the real information.Finally,the privacy analysis was illustrated to proof En-2PS’s privacy degree,then the performance and privacy evaluation results indicate that En-2PS is effective and efficient.     

Intelligent Privacy Protection of End User in Long Distance Education

Long distance education is an important part during the COVID-19 age. An intelligent privacy protection with higher effect for the end users is an urgent problem in long distance education. In view of the risk of privacy disclosure of location, social network and trajectory of end users in the education system, this paper deletes the location information in the location set to protect the privacy of end user by providing the anonymous set to location. Firstly, this paper divides the privacy level of social networks by weighted sensitivity, and collects the anonymous set in social networks according to the level; Secondly, after the best anonymous set is generated by taking the data utility loss function as the standard, it was split to get an anonymous graph to hide the social network information; Finally, the trajectory anonymous set is constructed to hide the user trajectory with the l-difference privacy protection algorithm. Experiments show that the algorithm presented in this paper is superior to other algorithms no matter how many anonymous numbers there are, and the gap between relative anonymity levels is as large as 5.1 and 6.7. In addition, when the privacy protection intensity is 8, the trajectory loss rate presented in this paper tends to be stable, ranging from 0.005 to 0.007, all of which are less than 0.01. Meanwhile, its clustering effect is good. Therefore, the proportion of insecure anonymous sets in the algorithm in this paper is small, the trajectory privacy protection effect is good, and the location, social network and trajectory privacy of distance education end users are effectively protected.

     

Search me if you can: Multiple mix zones with location privacy protection for mapping services

The mobile vehicle is gaining popularity nowadays using map services like Google Maps and other mapping services. However, map services users have to expose sensitive information like geographic locations (GPS coordinates) or address to personal privacy concerns as users share their locations and queries to obtain desired services. Existing mix zones location privacy protection methods are most general purposed and theoretical value while not applicable when applied to provide location privacy for map service users. In this paper, we present new (multiple mix zones location privacy protection) MMLPP method specially designed for map services on mobile vehicles over the road network. This method enables mobile vehicle users to query a route between 2 endpoints on the map, without revealing any confidential location and queries information. The basic idea is to strategically endpoints to nearby ones, such that (1) the semantic meanings encoded in these endpoints (eg, their GPS coordinates) change much, ie, location privacy is protected; (2) the routes returned by map services little change, ie, services usability are maintained. Specifically, a mobile client first privately retrieves point of interest close to the original endpoints, and then selects 2 points of interest as the shifted endpoints satisfying the property of geoindistinguishability. We evaluate our MMLPP approach road network application for GTMobiSim on different scales of map services and conduct experiments with real traces. Results show that MMLPP strikes a good balance between location privacy and service usability.     

Pseudonym changing strategy with multiple mix zones for trajectory privacy protection in road networks

In road network, vehicles' location may be identified, and their transmissions may even tracked by eavesdrops (eg, safety messages) that contain sensitive personal information such as identity and location of the vehicle. This type of communication leads to breaking the users' trajectory privacy. Frequently changing pseudonyms are widely accepted as a solution that protects the trajectory privacy of users in road networks. However, this solution may become invalid if a vehicle changes its pseudonym at an improper occasion. To cope with this issue, we presented an efficient pseudonym change strategy with multiple mix zones scheme to provide trajectory privacy for road network. In addition, we protected vehicles against linkability attack by cheating mechanism. Henceforth, we constructed a cheating detection mechanism which allows the vehicles to verify whether the pseudonym change process is successful or not and also detect to malicious vehicles. In this way, users' trajectory privacy can be improved. Finally, by taking the anonymity set size (ASS) as the trajectory privacy metric, we exhibit by means of simulations that the proposed scheme is effective in multiple networks scenarios.     

Establishing Trust Through Anonymous and Private Information Exchange Over Personal Networks

Security and privacy in Personal Networks constitute a major challenge for designers and implementers. The deployment of novel services over a collaborative environment where users share their resources and profiles create higher demands on security and privacy requirements. In this paper, the authors address the issue of privacy-enabled, secure personal information exchange among participants of a Personal Networks federation, in order to establish trust. The paper proposes a novel model based on the separation of user ID information from personal preferences and user status information. The proposed model is able to ensure privacy through anonymity over personal data exchange, while it incorporates mechanisms for the detection and confronting of malicious behavior, and resilience against attacks. A proof of concept based on an actual implementation is provided. Further, discussion is presented on the issues that need to be tackled in order to incorporate the proposed model in a standard PN architecture.     

X‐Region: A framework for location privacy preservation in mobile peer‐to‐peer networks

While enjoying various LBS (location‐based services), users also face the threats of location privacy disclosure. This is because even if the communications between users and LBS providers can be encrypted and anonymized, the sensitive information inside LBS queries may disclose the exact location or even the identity of a user. The existing research on location privacy preservation in mobile peer‐to‐peer (P2P) networks assumed that users trust each other and directly share location information with each other. Nonetheless, this assumption is not practical for most of the mobile P2P scenarios, for example, an adversary can pretend to be a normal user and collect the locations of other users. Aiming at this issue, this paper presents x‐region as a solution to preserve the location privacy in a mobile P2P environment where no trust relationships are assumed amongst mobile users. The main idea is to allow users to share a blurred region known as x‐region instead of their exact locations so that one cannot distinguish any user from others inside the region. We propose a theoretical metric for measuring the anonymity property of x‐region, together with three algorithms for generating an x‐region, namely, benchmark algorithm, weighted expanding algorithm, and aggressive weighted expanding algorithm. These algorithms achieve the anonymity and QoS requirements with different strategies. Our experiments verify the performance of the algorithms against three key metrics. Copyright © 2013 John Wiley & Sons, Ltd.     

A novel attributes anonymity scheme in continuous query

In location-based service (LBS), the un-trusted LBS server can preserve lots of information about the user. Then the information can be used as background knowledge and initiated the inference attack to get user’s privacy. Among the background knowledge, the profile attribute of users is the especial one. The attribute can be used to correlate the real location in uncertain location set in both of the snapshot and continuous query, and then the location privacy of users will be revealed. In most of the existing scheme, the author usually assumes a trusted third party (TTP) to achieve the profile anonymity. However, as the TTP disposes all anonymous procedure for each user, it will become the center of attacks and the bottleneck of the query service. Furthermore, the TTP may be curious about user’s privacy just because of the commercial consideration. In order to deal with the inference attack and remedy the drawback of TTP scheme, we propose a similar attributes anonymous scheme which based on the CP-ABE, and with the help of center server and collaborative users, our scheme can resist the inference attack as well as the privacy detection of any entity in the service of query. At last, security analysis and experimental results further verify the effectiveness of our scheme in privacy protection as well as efficiency of the algorithm execution.     

Privacy‐preserving multireceiver ID‐based encryption with provable security

Multireceiver identity (ID) based encryption and ID‐based broadcast encryption allow a sender to use the public identities of multiple receivers to encrypt messages so that only the selected receivers or a privileged set of users can decrypt the messages. It can be used for many practical applications such as digital content distribution, pay‐per‐view and multicast communication. For protecting the privacy of receivers or providing receiver anonymity, several privacy‐preserving (or anonymous) multireceiver ID‐based encryption and ID‐based broadcast encryption schemes were recently proposed, in which receiver anonymity means that nobody (including any selected receiver), except the sender, knows who the other selected receivers are. However, security incompleteness or flaws were found in these schemes. In this paper, we propose a new privacy‐preserving multireceiver ID‐based encryption scheme with provable security. We formally prove that the proposed scheme is semantically secure for confidentiality and receiver anonymity. Compared with the previously proposed anonymous multireceiver ID‐based encryption and ID‐based broadcast encryption schemes, the proposed scheme has better performance and robust security. Copyright © 2012 John Wiley & Sons, Ltd.     

Towards generalized ID‐based user authentication for mobile multi‐server environment

With the popularity of Internet and wireless networks, more and more network architectures are used in multi‐server environment, in which mobile users remotely access servers through open networks. In the past, many schemes have been proposed to solve the issue of user authentication for multi‐server environment and low‐power mobile devices. However, most of these schemes have suffered from many attacks because these schemes did not provide the formal security analysis. In this paper, we first give a security model for multi‐server environment. We then propose an ID‐based mutual authentication and key agreement scheme based on bilinear maps for mobile multi‐server environment. Our scheme can be used for both general users with a long validity period and anonymous users with a short validity period. Under the presented security model, we show that our scheme is secure against all known attacks. We demonstrate that the proposed scheme is well suitable for low‐power mobile devices. Copyright © 2011 John Wiley & Sons, Ltd.     

个人移动数据收集中的多维轨迹匿名方法

在情景感知位置服务中,移动互联网络的开放性使得个人移动数据面临巨大的安全风险,移动数据的时空关联特性对个人数据的隐私保护提出重大挑战.针对基于时空关联的背景知识攻击,本文提出了一种多维的轨迹匿名隐私保护方法.该方法在匿名轨迹数据收集系统的基础上,基于多用户协作的隐私保护模式,通过时间匿名和空间匿名算法,实现用户的隐私保护.实验结果表明,该方法可以有效的对抗基于位置和移动方式的背景知识攻击,满足了k-匿名的隐私保护要求.     

Mobile Privacy in Wireless Networks-Revisited

With the widespread use of mobile devices, the privacy of mobile location information becomes an important issue. In this paper, we present the requirements on protecting mobile privacy in wireless networks, and identify the privacy weakness of the third generation partnership project - authentication and key agreement (3GPP-AKA) by showing a practical attack to it. We then propose a scheme that meets these requirements, and this scheme does not introduce security vulnerability to the underlying authentication scheme. Another feature of the proposed scheme is that on each use of wireless channel, it uses a one-time alias to conceal the real identity of the mobile station with respect to both eavesdroppers and visited (honest or false) location registers. Moreover, the proposed scheme achieves this goal of identity concealment without sacrificing authentication efficiency.     

Common friends discovery for multiple parties with friendship ownership and replay-attack resistance in mobile social networks

Social networking sites have emerged as a powerful tool for maintaining contact and sharing information between people, allowing users to quickly and easily communicate and interact over the Internet. However, such services have raised serious privacy concerns, especially in terms of ensuring the security of users’ personal information in the process of data exchange while also allowing for effective and complete data matching. Many studies have examined privacy matching issues and proposed solutions which could be applied to the current private matching issue. However, these solutions are almost entirely based on dual-matching designs. Therefore, this paper proposes a tripartite privacy matching protocol between common friends. In contexts with multiple users, this protocol searches for matching problems for common friends to produce a new solution. This approach does not rely on a trusted third party, and can be used on most mobile devices. In addition to providing outstanding operating performance and effective communication, this approach also accounts for context-specific privacy preservation, mutual authentication, mutual friendship certification, prevention of privacy spoofing and replay attack resistance, allowing users to safely and effectively identify mutual friends. The proposed methods are shown to be secure and efficient, and are implemented in mobile phones that allow users to find common friends securely in seconds. To the best of our knowledge, this is the first work done on mobile common friends discovery for three parties with advanced privacy preservation.     

Privacy-enhanced,Attack-resilient Access Control in Pervasive Computing Environments with Optional Context Authentication Capability

In pervasive computing environments (PCEs), privacy and security are two important but contradictory objectives. Users enjoy services provided in PCEs only after their privacy issues being sufficiently addressed. That is, users could not be tracked down for wherever they are and whatever they are doing. However, service providers always want to authenticate the users and make sure they are accessing only authorized services in a legitimate way. In PCEs, such user authentication may include context authentication in addition to the entity authentication. In this paper, we propose a novel privacy enhanced anonymous authentication and access control scheme to secure the interactions between mobile users and services in PCEs with optional context authentication capability. The proposed scheme seamlessly integrates two underlying cryptographic primitives, blind signature and hash chain, into a highly flexible and lightweight authentication and key establishment protocol. It provides explicit mutual authentication and allows multiple current sessions between a user and a service, while allowing the user to anonymously interact with the service. The proposed scheme is also designed to be DoS resilient by requiring the user to prove her legitimacy when initializing a service session.

Personal Trusted Devices for Web Services: Revisiting Multilevel Security

In this paper we revisit the concept of mandatory access control and investigate its potential with personal digital assistants (PDA). Only if applications are clearly separated and Trojans cannot leak personal information can these PDAs become personal trusted devices. Limited processing power and memory can be overcome by using Web services instead of full-fledged applications – a trend also in non-mobile computing. Web services, however, introduce additional security risks, some of them specific for mobile users. We propose an identification scheme that can be effectively used to protect privacy and show how this system builds upon a light-weight version of mandatory access control.     

Secure and efficient anonymous authentication scheme for three-tier mobile healthcare systems with wearable sensors

The mobility and openness of wireless communication technologies make Mobile Healthcare Systems (mHealth) potentially exposed to a number of potential attacks, which significantly undermines their utility and impedes their widespread deployment. Attackers and criminals, even without knowing the context of the transmitted data, with simple eavesdropping on the wireless links, may benefit a lot from linking activities to the identities of patient’s sensors and medical staff members. These vulnerabilities apply to all tiers of the mHealth system. A new anonymous mutual authentication scheme for three-tier mobile healthcare systems with wearable sensors is proposed in this paper. Our scheme consists of three protocols: Protocol-1 allows the anonymous authentication nodes (mobile users and controller nodes) and the HSP medical server in the third tier, while Protocol-2 realizes the anonymous authentication between mobile users and controller nodes in the second tier, and Protocol-3 achieves the anonymous authentication between controller nodes and the wearable body sensors in the first tier. In the design of our protocols, the variation in the resource constraints of the different nodes in the mHealth system are taken into consideration so that our protocols make a better trade-off among security, efficiency and practicality. The security of our protocols are analyzed through rigorous formal proofs using BAN logic tool and informal discussions of security features, possible attacks and countermeasures. Besides, the efficiency of our protocols are concretely evaluated and compared with related schemes. The comparisons show that our scheme outperforms the previous schemes and provides more complete and integrated anonymous authentication services. Finally, the security of our protocols are evaluated by using the Automated Validation of Internet Security Protocols and Applications and the SPAN animator software. The simulation results show that our scheme is secure and satisfy all the specified privacy and authentication goals.     

A differential privacy protection scheme for sensitive big data in body sensor networks

As a special kind of application of wireless sensor networks, body sensor networks (BSNs) have broad application perspectives in health caring. Big data acquired from BSNs usually contain sensitive information, such as physical condition, location information, and so on, which is compulsory to be appropriately protected. However, previous methods overlooked the privacy protection issue, leading to privacy violation. In this paper, a differential privacy protection scheme for sensitive big data in BSNs is proposed. A tree structure is constructed to reduce errors and provide long range queries. Haar Wavelet transformation method is applied to convert histogram into a complete binary tree. At last, to verify the advantages of our scheme, several experiments are conducted to show the outperformed results. Experimental results demonstrate that the tree structure greatly reduces the calculation overheads which preserves differential privacy for users.     

移动社交网络中一种朋友发现的隐私安全保护策略

在移动社交网络中分享用户特征属性配置文件能够迅速找到与用户特征属性相同的朋友。然而,配置文件通常包含用户的敏感隐私信息,如果被恶意攻击者截获将有可能造成不可预计的后果。该文提出一种基于用户伪身份匿名与哈希值比对认证的双重握手机制的隐私保护方案,结合身份权限认证、单向哈希散列函数、密钥协商等技术保证恶意攻击者无法通过身份欺骗、伪造特征属性、窃听安全信道等方式获取用户配置文件的真实内容,从而保证用户的个人隐私不被泄漏。依靠可信第三方服务器强大的计算和抗攻击能力, 减轻智能用户终端计算负担和安全风险。安全分析和实验分析表明,该方案更具有隐私性、消息不可抵赖性和可验证性,比传统的解决方案更有效。