一种个性化移动社交网络轨迹隐私保护方案*

针对移动社交网络迅猛发展带来的发布轨迹隐私泄露问题,提出了一种个性化的轨迹保护方案。根据个体个性化的隐私保护需求差异,对不同个体采用了不同的保护准则,这样可以解决传统隐私保护下“过度保护”及轨迹效用低等问题。给出k敏感轨迹匿名和(k,p)敏感轨迹匿名等重要的隐私保护定义,并利用Trie树的构造、剪枝、重构等技术实现了个体的个性化隐私保护。最后,通过在真实数据集上的实验分析,证明该个性化方案比现存隐私保护方案在轨迹位置损失率方面性能优,计算延时较低和效率高。     

An energy efficient privacy-preserving content sharing scheme in mobile social networks

The rising popularity of mobile social media enables personalization of various content sharing and subscribing services. These two types of services entail serious privacy concerns not only to the confidentiality of shared content, but also to the privacy of end users such as their identities, interests and social relationships. Previous works established on the attribute-based encryption (ABE) can provide fine-grained access control of content. However, practical privacy-preserving content sharing in mobile social networks either incurs great risk of information leaking to unauthorized third parties or suffers from high energy consumption for decrypting privacy-preserving content. Motivated by these issues, this paper proposes a publish–subscribe system with secure proxy decryption (PSSPD) in mobile social networks. First, an effective self-contained privacy-preserving access control method is introduced to protect the confidentiality of the content and the credentials of users. This method is based on ciphertext-policy ABE and public-key encryption with keyword search. After that, a secure proxy decryption mechanism is proposed to reduce the heavy burdens of energy consumption on performing ciphertext decryption at end users. The experimental results demonstrate the efficiency and privacy preservation effectiveness of PSSPD.     

DPPS: A novel dual privacy-preserving scheme for enhancing query privacy in continuous location-based services

Since smartphones embedded with positioning systems and digital maps are widely used, location-based services (LBSs) are rapidly growing in popularity and providing unprecedented convenience in people’s daily lives; however, they also cause great concern about privacy leakage. In particular, location queries can be used to infer users’ sensitive private information, such as home addresses, places of work and appointment locations. Hence, many schemes providing query anonymity have been proposed, but they typically ignore the fact that an adversary can infer real locations from the correlations between consecutive locations in a continuous LBS. To address this challenge, a novel dual privacy-preserving scheme (DPPS) is proposed that includes two privacy protection mechanisms. First, to prevent privacy disclosure caused by correlations between locations, a correlation model is proposed based on a hidden Markov model (HMM) to simulate users’ mobility and the adversary’s prediction probability. Second, to provide query probability anonymity of each single location, an advanced k-anonymity algorithm is proposed to construct cloaking regions, in which realistic and indistinguishable dummy locations are generated. To validate the effectiveness and efficiency of DPPS, theoretical analysis and experimental verification are further performed on a real-life dataset published by Microsoft, i.e., GeoLife dataset.     

可证明安全的社交网络隐私保护方案

针对社交网络隐私保护方案的安全性证明问题,提出了一种可证明安全的社交网络隐私保护方案。首先,通过分析社交网络中节点隐私的安全需求（不可区分的节点结构和不可区分的发送消息）,分别建立其安全模型;其次,基于该安全模型运用双线性映射构造社交网络节点隐私保护方案;最后,证明了该方案是可证明安全的,并且分析和对比了该方案的安全性,分析结果表明,该方案除了具有可证明安全性外,还能抵抗再识别攻击、推理攻击和信息聚集攻击。     

A scheme for privacy-preserving data dissemination

An adequate level of trust must be established between prospective partners before an interaction can begin. In asymmetric trust relationships, one of the interacting partners is stronger. The weaker partner can gain a higher level of trust by disclosing private information. Dissemination of sensitive data owned by the weaker partner starts at this moment. The stronger partner can propagate data to others, who may then choose to spread data further. The proposed scheme for privacy-preserving data dissemination enables control of data by their owner (such as a weaker partner). It relies on the ideas of bundling sensitive data with metadata, an apoptosis of endangered bundles, and an adaptive evaporation of bundles in suspect environments. Possible applications include interactions among patients and healthcare providers, customers and businesses, researchers, and suppliers of their raw data. They will contribute to providing privacy guarantees, which are indispensable for the realization of the promise of pervasive computing.     

Approximate query mapping: Accounting for translation closeness

In this paper we present a mechanism for approximately translating Boolean query constraints across heterogeneous information sources. Achieving the best translation is challenging because sources support different constraints for formulating queries, and often these constraints cannot be precisely translated. For instance, a query [score>8] might be “perfectly” translated as [rating>0.8] at some site, but can only be approximated as [grade=A] at another. Unlike other work, our general framework adopts a customizable “closeness” metric for the translation that combines both precision and recall. Our results show that for query translation we need to handle interdependencies among both query conjuncts as well as disjuncts. As the basis, we identify the essential requirements of a rule system for users to encode the mappings for atomic semantic units. Our algorithm then translates complex queries by rewriting them in terms of the semantic units. We show that, under practical assumptions, our algorithm generates the best approximate translations with respect to the closeness metric of choice. We also present a case study to show how our technique may be applied in practice. Received: 15 October 2000 / Accepted: 15 April 2001 Published online: 28 June 2001     

A context-aware scheme for privacy-preserving location-based services

We address issues related to privacy protection in location-based services (LBSs). Most existing privacy-preserving LBS techniques either require a trusted third-party (anonymizer) or use cryptographic protocols that are computationally and communicationally expensive. Our design of privacy-preserving techniques is principled on not requiring a trusted third-party while being highly efficient in terms of time and space complexities. The problem has two interesting and challenging characteristics: First, the degree of privacy protection and LBS accuracy depends on the context, such as population and road density, around a user’s location. Second, an adversary may violate a user’s location privacy in two ways: (i) based on the user’s location information contained in the LBS query payload and (ii) by inferring a user’s geographical location based on the device’s IP address. To address these challenges, we introduce CAP, a context-aware privacy-preserving LBS system with integrated protection for both data privacy and communication anonymity. We have implemented CAP and integrated it with Google Maps, a popular LBS system. Theoretical analysis and experimental results validate CAP’s effectiveness on privacy protection, LBS accuracy, and communication QoS (Quality-of-Service).     

Instance optimal query processing in spatial networks

The performance optimization of query processing in spatial networks focuses on minimizing network data accesses and the cost of network distance calculations. This paper proposes algorithms for network k-NN queries, range queries, closest-pair queries and multi-source skyline queries based on a novel processing framework, namely, incremental lower bound constraint. By giving high processing priority to the query associated data points and utilizing the incremental nature of the lower bound, the performance of our algorithms is better optimized in contrast to the corresponding algorithms based on known framework incremental Euclidean restriction and incremental network expansion. More importantly, the proposed algorithms are proven to be instance optimal among classes of algorithms. Through experiments on real road network datasets, the superiority of the proposed algorithms is demonstrated.     

分布式网络环境下基于区块链的密钥管理方案

为解决在分布式网络实施密钥管理困难和通信开销过大等问题,提出一种基于区块链技术的密钥管理方案（KMSBoB,key management schemes based on Blockchain）。KMSBoB中设计了分布式群组网络下基于区块链的密钥管理和传输过程,并将区块链全体成员挖矿过程和MTI/CO协议过程相结合形成动态生成会话密钥生成协议,简化了跨异构自治域下的密钥管理策略。通过仿真测试和结果分析表明 KMSBoB 的安全性和有效性,并且相比传统密钥管理方案通信开销更少和扩展性更高。     

A routing algorithm for distributed optimal double loop computer networks

A routing algorithm for distributed optimal double loop computer networks is proposed and analyzed. In this paper, the routing algorithm and the procedures realizing the algorithm are given. The proposed algorithm is shown to be optimal and robust for optimal double loop. In the absence of failures, the algorithm can send a packet along the shortest path to the destination; when there are failures, the packet can bypass failed nodes and links.     

分布式数据库保持隐私挖掘方法

隐私保护是当前数据挖掘领域中一个十分重要的研究问题,其目标是要在不精确访问真实原始数据的条件下,得到准确的模型和分析结果.为了提高对隐私数据的保护程度和挖掘结果的准确性,提出一种基于RSA算法的隐私保护挖掘方法.介绍了公共密钥加密算法RSA的概念,证明了RSA算法的可交换性和加密结果惟一性.然后采用RSA算法,引入了计算中心和混合中心,对原始数据进行了变换和隐藏,实现了保持隐私数据挖掘.最后,对算法的安全性、公平性,有效性和复杂度进行了分析.     

A novel key pre-distribution scheme for wireless distributed sensor networks

A novel key pre-distribution scheme for sensor networks is proposed, which enables sensor nodes to communicate securely with each other using cryptographic techniques. The approach uses the rational normal curves in the projective space with the dimension n over the finite field F q . Both secure connectivity and resilience of the resulting sensor networks are analyzed. By choosing the parameters q and n properly, this key pre-distribution scheme has some advantages over the previous known schemes. In addit...     

LPPTE: A lightweight privacy-preserving trust evaluation scheme for facilitating distributed data fusion in cooperative vehicular safety applications

Vehicular networks have tremendous potential to improve road safety, traffic efficiency, and driving comfort, where cooperative vehicular safety applications are a significant branch. In cooperative vehicular safety applications, through the distributed data fusion for large amounts of data from multiple nearby vehicles, each vehicle can intelligently perceive the surrounding conditions beyond the capability of its own onboard sensors. Trust evaluation and privacy preservation are two primary concerns for facilitating the distributed data fusion in cooperative vehicular safety applications. They have conflicting requirements and a good balance between them is urgently needed. Meanwhile, the computation, communication, and storage overheads will all influence the applicability of a candidate scheme. In this paper, we propose a Lightweight Privacy-Preserving Trust Evaluation (LPPTE) scheme which can primely balance the trust evaluation and privacy preservation with low overheads for facilitating the distributed data fusion in cooperative vehicular safety applications. Furthermore, we provide exhaustive theoretical analysis and simulation evaluation for the LPPTE scheme, and the results demonstrate that the LPPTE scheme can obviously improve the accuracy of fusion results and is significantly superior to the state-of-the-art schemes in multiple aspects.     

车载自组网中信任感知的隐私保护策略

车载自组网中的信任管理系统要求用户的声誉相关信息充分公开,这会给用户隐私带来隐患。为解决信任与隐私的冲突问题,提出“假名-声誉值”协同变换策略。新策略以k匿名隐私保护理论和用户中心策略为基础,同时考虑了用户个性化隐私保护需求,提出了PK-PCS策略。仿真实验表明PK-PCS策略在车辆隐私保护、满意度、数据损失方面整体优于现有PCS策略和K-PCS策略。PK-PCS既保持了信任的有用性,又同时保护了用户隐私。     

无线Mesh网络中一种分布式路由方案

在多射频多信道无线Mesh网络中,链路负载和节点位置的变化将导致网络性能的下降。针对此问题,在混合无线网状路由协议反应式路由基础上,设计了一种新的混合信道分配的分布式路由算法。该算法在路由建立的同时可实现以数据流为单位的最优信道分配,且能避免因单节点失效导致整个网络崩溃的危险。仿真结果表明,提出的RHCA算法较传统算法在网络吞吐量和端到端平均时延方面均有显著优势。另外,在节点移动场景下,所提出的分布式路由算法较其他方法能获得更高的吞吐量和更好的稳健性。     

DiDuSoNet: A P2P architecture for distributed Dunbar-based social networks

Online Social Networks (OSNs) are becoming more and more popular on the Web. Distributed Online Social Networks (DOSNs) are OSNs which do not exploit a central server for storing users data and enable users to have more control on their profile content, ensuring a higher level of privacy. In a DOSN there are some technical challenges to face. One of the most important challenges is the data availability problem when a user is offline. In this paper we propose DiDuSoNet, a novel P2P Distributed Online Social Network where users can exercise full access control on their data. Our system exploits trust relationships for providing a set of important social services, such as trustness, information diffusion, and data availability. In this paper we show how our system manages the problem of data availability by proposing a new P2P dynamic trusted storage approach. By following the Dunbar concept, our system stores the data of a user only on a restricted number of friends which have regular contacts with him/her. Differently from other approaches, nodes chosen to keep data replicas are not statically defined but dynamically change according to users churn. In according to our previous work, we use only two online profile replicas at time. By using real Facebook data traces we prove that our approach offers high availability.     

A link-based storage scheme for efficient aggregate query processing on clustered road networks

The need to have efficient storage schemes for spatial networks is apparent when the volume of query processing in some road networks (e.g., the navigation systems) is considered. Specifically, under the assumption that the road network is stored in a central server, the adjacent data elements in the network must be clustered on the disk in such a way that the number of disk page accesses is kept minimal during the processing of network queries. In this work, we introduce the link-based storage scheme for clustered road networks and compare it with the previously proposed junction-based storage scheme. In order to investigate the performance of aggregate network queries in clustered road networks, we extend our recently proposed clustering hypergraph model from junction-based storage to link-based storage. We propose techniques for additional storage savings in bidirectional networks that make the link-based storage scheme even more preferable in terms of the storage efficiency. We evaluate the performance of our link-based storage scheme against the junction-based storage scheme both theoretically and empirically. The results of the experiments conducted on a wide range of road network datasets show that the link-based storage scheme is preferable in terms of both storage and query processing efficiency.     

An optimal distributed algorithm for recognizing mesh-connected networks

In this paper, we consider the problem of recognizing whether a given network is a rectangular mesh. We present an efficient distributed algorithm with an O(N) message and time complexity, where N is the number of nodes in the network. This is an improvement of a previous algorithm presented in Mohan (1990) with a message complexity of O(N log N) and time complexity of O(N^1.6). The proposed algorithm is constructive in nature and also assigns coordinates to the nodes of the network.     

传感器网络中一种基于质心的分布式成簇算法

在LEACH的基础上,提出了一种适合无线传感器网络的基于质心的分布式成簇算法——CDCS。在CDCS中,每一个节点首先基于最优簇首概率popt自主确定自己是否为临时簇首。然后临时簇首根据收集到的簇内节点信息,确定簇内近似质心,并由此动态调整簇内结构,使得调整后的簇内通信总能耗尽可能小。理论分析和模拟实验表明,CDCS在保持LEACH算法简单性的同时,可以获得比LEACH更好的性能,优化后的簇首选择策略可以在不同场景下有效延长网络生存时间达32%~38%。     

A practical privacy-preserving targeted advertising scheme for IPTV users

In this work, we present a privacy-preserving scheme for targeted advertising via the Internet Protocol TV (IPTV). The scheme uses a communication model involving a collection of subscribers, a content provider (IPTV), advertisers and a semi-trusted server. To target potential customers, the advertiser can utilize not only demographic information of subscribers, but also their watching habits. The latter includes watching history, preferences for IPTV content and watching rate, which are periodically (e.g., weekly) published on a semi-trusted server (e.g., cloud server) along with anonymized demographics. Since the published data may leak sensitive information about subscribers, it is safeguarded using cryptographic techniques in addition to the anonymization of demographics. The techniques used by the advertiser, which can be manifested in its queries to the server, are considered (trade) secrets and therefore are protected as well. The server is oblivious to the published data and the queries of the advertiser as well as its own responses to these queries. Only a legitimate advertiser, endorsed with so-called trapdoors by the IPTV, can query the cloud server and access the query results. Even when some background information about users is available, query responses do not leak sensitive information about the IPTV users. The performance of the proposed scheme is evaluated with experiments, which show that the scheme is practical. The algorithms demonstrate both weak and strong scaling property and take advantage of high level of parallelism. The scheme can also be applied as a recommendation system.