A semi-supervised privacy-preserving clustering algorithm for healthcare

With the proliferation of healthcare data, the cloud mining technology for E-health services and applications has become a hot research topic. While on the other hand, these rapidly evolving cloud mining technologies and their deployment in healthcare systems also pose potential threats to patient’s data privacy. In order to solve the privacy problem in the cloud mining technique, this paper proposes a semi-supervised privacy-preserving clustering algorithm. By employing a small amount of supervised information, the method first learns a Large Margin Nearest Cluster metric using convex optimization. Then according to the trained metric, the method imposes multiplicative perturbation on the original data, which can change the distribution shape of the original data and thus protect the privacy information as well as ensuring high data usability. The experimental results on the brain fiber dataset provided by the 2009 PBC demonstrated that the proposed method could not only protect data privacy towards secure attacks, but improve the clustering purity.     

结构化数据的隐私与数据效用度量模型

针对隐私保护中数据隐私量和数据效用的量化问题,基于度量空间和范数基本原理提出了一种结构化数据隐私与数据效用度量模型。首先,给出数据数值化处理方法,将数据表转变为矩阵进行运算;其次,引入隐私偏好函数,度量敏感属性随时间的变化;然后,分析隐私保护模型,量化隐私保护技术产生的变化;最后,构建度量空间,给出了隐私量、数据效用和隐私保护程度计算式。通过实例分析,该度量模型能够有效反映隐私信息量。     

个性化推荐系统隐私保护策略研究进展

个性化推荐系统能较好地帮助用户获得个人所需的信息,但它要获得好的推荐效果,需要收集大量的用户个人信息;这些信息可能泄露个人隐私,用户会因对隐私泄露的担心而放弃对推荐系统的信任,所以大量的研究集中于如何在获得高效推荐的同时保护用户的个人隐私。主要就个性化推荐系统中使用的隐私保护技术进行了综述,在给出了隐私和隐私保护定义的同时讨论了隐私保护的相关技术,包括隐私策略描述语言和目前使用的隐私保护技术。最后尝试给出了今后的研究重点和方向。     

Flamingos on a slackline: Companies' challenges of balancing the competing demands of handling customer information and privacy

Providers of online services are under increasing pressure to leverage the value inherent in customer data to remain competitive. At the same time, however, Internet users' privacy has become more and more subject to public debate, and companies must protect this privacy if they want to attract and retain customers. It seems that companies struggle to satisfy these competing demands, and neglecting either could have detrimental effects on their success. Different streams of research underline the importance of either privacy protection or the collection and use of customer information. But they remain largely silent about the resulting challenges that companies face. In this study, we address this gap by exploring how companies perceive and handle the tensions between their organizational information needs that necessitate some degree of privacy intrusion and their need to attract and retain customers, which requires privacy protection. We develop a grounded theory that explains how companies balance these opposing demands from an organizational perspective. More specifically, we identify four challenging tensions that define the conditions under which companies must operate. We find that companies try to achieve and maintain a state of balance in the presence of these tensions, and we discover three categories of tactics that help companies in their balancing acts. Our research contributes to a provider‐centric perspective on information privacy and uncovers the management of customer information and privacy as a new but important context in which organizational ambidexterity is required. We offer a detailed perspective on the specific challenges that companies face with respect to customer information and privacy, and our results can guide managers who have to deal with these challenges.     

Identity Management, Privacy, and Price Discrimination

In economics, privacy is usually discussed in the context of consumer preferences and price discrimination. But what forms of personal data privacy are compatible with merchants' interests in knowing more about their consumers, and how can identity management systems protect information privacy while enabling personalization and price discrimination?     

基于图论与互信息量的差分隐私度量模型

差分隐私是数据发布、数据挖掘领域内隐私保护的重要工具,但其强度和效果仅能后验评估,且高度依赖于经验性选择的隐私预算。文中提出一种基于图论和互信息量的差分隐私量化模型和隐私泄露量计算方法。利用信息论通信模型重构了差分隐私保护框架,构造了差分隐私信息通信模型和隐私度量模型;基于图的距离正则和点传递提出隐私泄露互信息量化方法,证明并计算了差分隐私泄露量的信息量上界。分析和对比表明,该隐私泄露上界与原始数据集的属性数量、属性值数量以及隐私预算参数具有较好的函数关系,且计算限制条件较少。文中所提方法优于现有方法,能够为差分隐私算法的设计及评价、隐私泄露风险评估提供理论支撑。     

Private aggregation for presence streams

Collaboration technologies must support information sharing between collaborators, but must also take care not to share too much information or share information too widely. Systems that share information without requiring an explicit action by a user to initiate the sharing must be particularly cautious in this respect. Presence systems are an emerging class of applications that support collaboration. Through the use of pervasive sensors, these systems estimate user location, activities, and available communication channels. Because such presence data are sensitive, to achieve wide-spread adoption, sharing models must reflect the privacy and sharing preferences of their users. This paper looks at the role that privacy-preserving aggregation can play in addressing certain user sharing and privacy concerns with respect to presence data.We define conditions to achieve CollaPSE (Collaboration Presence Sharing Encryption) security, in which (i) an individual has full access to her own data, (ii) a third party performs computation on the data without learning anything about the data values, and (iii) people with special privileges called “analysts” can learn statistical information about groups of individuals, but nothing about the individual values contributing to the statistic other than what can be deduced from the statistic. More specifically, analysts can decrypt aggregates without being able to decrypt the individual values contributing to the aggregate. Based in part on studies we carried out that illustrate the need for the conditions encapsulated by CollaPSE security, we designed and implemented a family of CollaPSE protocols. We analyze their security, discuss efficiency tradeoffs, describe extensions, and review more recent privacy-preserving aggregation work.     

Reversible data hiding based compressible privacy preserving system for color image

In digital era, privacy preservation and data size reduction are important issues and many applications handle them simultaneously. In this paper, authors introduce a novel application of reversible data hiding to protect privacy sensitive region in a color image while reducing its file size. The proposed work introduces entropy as a new performance criterion along with distortion, capacity for reversible data hiding. Evaluation metric of the proposed method is a file size of watermarked and losslessly compressed image. The proposed method preserves privacy and controls rise in image entropy by reversible data hiding.

     

Improving the secure management of personal data: Privacy on-line IS important,but it's not easy

This article introduces the growing importance of privacy and the need for an improved understanding of the issues involved. A key requirement is for organisations to better understand the relationship between security and privacy and, therefore, to ensure the design of their systems includes the ability to safeguard privacy and staff consistently apply controls that include the protection of individuals' personal data. A new approach to information security is proposed, as well as some outline results of the application of new methods and mechanisms for ensuring privacy in multi-agency data sharing. It is hoped that this article will prompt dialogue about the need to reconsider existing methods and tools for securely managing data.     

Privacy issues in intrusion detection systems: A taxonomy,survey and future directions

Intrusion Detection Systems (IDSs) detect potential attacks by monitoring activities in computers and networks. This monitoring is carried out by collecting and analyzing data pertaining to users and organizations. The data is collected from various sources – such as system log files or network traffic–and may contain private information. Therefore, analysis of the data by an IDS can raise multiple privacy concerns. Recently, building IDSs that consider privacy issues in their design criteria in addition to classic design objectives (such as IDS’ performance and precision) has become a priority. This article proposes a taxonomy of privacy issues in IDSs which is then utilized to identify new challenges and problems in the field. In this taxonomy, we classify privacy-sensitive IDS data as input, built-in and generated data. Research prototypes are then surveyed and compared using the taxonomy. The privacy techniques used in the surveyed systems are discussed and compared based on their effects on the performance and precision of the IDS. Finally, the taxonomy and the survey are used to point out a number of areas for future research.     

Privacy Loss in Distributed Constraint Reasoning: A Quantitative Framework for Analysis and its Applications

It is critical that agents deployed in real-world settings, such as businesses, offices, universities and research laboratories, protect their individual users’ privacy when interacting with other entities. Indeed, privacy is recognized as a key motivating factor in the design of several multiagent algorithms, such as in distributed constraint reasoning (including both algorithms for distributed constraint optimization (DCOP) and distributed constraint satisfaction (DisCSPs)), and researchers have begun to propose metrics for analysis of privacy loss in such multiagent algorithms. Unfortunately, a general quantitative framework to compare these existing metrics for privacy loss or to identify dimensions along which to construct new metrics is currently lacking. This paper presents three key contributions to address this shortcoming. First, the paper presents VPS (Valuations of Possible States), a general quantitative framework to express, analyze and compare existing metrics of privacy loss. Based on a state-space model, VPS is shown to capture various existing measures of privacy created for specific domains of DisCSPs. The utility of VPS is further illustrated through analysis of privacy loss in DCOP algorithms, when such algorithms are used by personal assistant agents to schedule meetings among users. In addition, VPS helps identify dimensions along which to classify and construct new privacy metrics and it also supports their quantitative comparison. Second, the article presents key inference rules that may be used in analysis of privacy loss in DCOP algorithms under different assumptions. Third, detailed experiments based on the VPS-driven analysis lead to the following key results: (i) decentralization by itself does not provide superior protection of privacy in DisCSP/DCOP algorithms when compared with centralization; instead, privacy protection also requires the presence of uncertainty about agents’ knowledge of the constraint graph. (ii) one needs to carefully examine the metrics chosen to measure privacy loss; the qualitative properties of privacy loss and hence the conclusions that can be drawn about an algorithm can vary widely based on the metric chosen. This paper should thus serve as a call to arms for further privacy research, particularly within the DisCSP/DCOP arena.     

网络匿名度量研究综述

保护网络空间隐私的愿望推动了匿名通信系统的研究,使得用户可以在使用互联网服务时隐藏身份和通信关系等敏感信息,不同的匿名通信系统提供不同强度的匿名保护.如何量化和比较这些系统提供的匿名程度,从开始就是重要的研究主题,如今愈发得到更多关注,成为新的研究焦点,需要开展更多的研究和应用.匿名度量可以帮助用户了解匿名通信系统提供...     

基于模糊层次化评估的分布式系统自毁感知方法及应用

自毁技术已成为保障分布式系统私密性的最后手段,如何实现准确快速的自毁感知是一项严峻的挑战.由于私密性评价指标具有多层次、多因素的特点,本文提出了针对分布式系统私密性的模糊层次化评估方法作为分布式系统的自毁感知方法.基于该方法采用数据多重覆盖技术实现了分布式系统的快速自毁过程,实验结果显示,系统误毁率和漏毁率均控制在1％以下,数据恢复率在1‰以下,该方法有效的保护系统数据的私密性.     

Measuring the privacy of user profiles in personalized information systems

Personalized information systems are information-filtering systems that endeavor to tailor information-exchange functionality to the specific interests of their users. The ability of these systems to profile users is, on the one hand, what enables such intelligent functionality, but on the other, the source of innumerable privacy risks. In this paper, we justify and interpret KL divergence as a criterion for quantifying the privacy of user profiles. Our criterion, which emerged from previous work in the domain of information retrieval, is here thoroughly examined by adopting the beautiful perspective of the method of types and large deviation theory, and under the assumption of two distinct adversary models. In particular, we first elaborate on the intimate connection between Jaynes’ celebrated method of entropy maximization and the use of entropies and divergences as measures of privacy; and secondly, we interpret our privacy metric as false positives and negatives in a binary hypothesis testing.     

Allocative and strategic effects of privacy enhancement in smart grids

Local energy markets are a promising approach for automatic and efficient matching of renewable energy with household demand in smart grids. Therefore, such markets can help to improve power system reliability and at the same reduce emissions. However, to participate in such markets, customers need to disclose private consumption data. A number of studies show that such data records may reveal a broad range of personal, sensitive information on the inhabitants. Privacy-enhancement mechanisms can be applied to preserve the privacy of individuals to modify the data reported to the market. Yet, these mechanisms can lower allocative efficiency and alter theoretical properties of the market mechanism.In this paper, we characterize both theoretically and numerically the effect of privacy mechanisms applied in a local energy market scenario. Our model considers demand side flexibility as well as energy storage systems. Furthermore, we allow for a free specification of the desired privacy enhancement level. We show that under certain natural assumptions market mechanisms retain in-expectation incentive compatibility despite the presence of privacy enhancement. Our numerical analysis based on real-world data shows that the welfare impact of privacy enhancement mechanisms is limited. Furthermore, energy storage can mitigate this efficiency loss to a large extent.     

The disclosure of private data: measuring the privacy paradox in digital services

Privacy is a current topic in the context of digital services because such services demand mass volumes of consumer data. Although most consumers are aware of their personal privacy, they frequently do not behave rationally in terms of the risk-benefit trade-off. This phenomenon is known as the privacy paradox. It is a common limitation in research papers examining consumers’ privacy intentions. Using a design science approach, we develop a metric that determines the extent of consumers’ privacy paradox in digital services based on the theoretical construct of the privacy calculus. We demonstrate a practical application of the metric for mobile apps. With that, we contribute to validating respective research findings. Moreover, among others, consumers and companies can be prevented from unwanted consequences regarding data privacy issues and service market places can provide privacy-customized suggestions.     

基于群签名与属性加密的区块链可监管隐私保护方案

区块链技术的去中心化、数据难篡改等特性使其在溯源问题上体现出明显优势,基于区块链的溯源系统可以解决传统系统中信息孤岛、共享程度低以及数据可篡改等问题,从而保证数据的可追溯性。然而,区块链溯源系统中的数据可追溯性与用户隐私保护之间难以取得平衡。提出一种结合群签名、隐私地址协议、零知识证明以及属性加密的分布式可监管隐私保护方案。对群签名的群管理员机制进行改进,设置多群管理员生成用户私钥片段,用户根据返回的私钥片段计算自身私钥,并根据需要有选择性地对溯源数据进行属性加密,同时为链上数据设置特定的访问结构,以实现数据与用户的“一对多”通信。群管理员利用群公钥对交易双方的身份进行追踪与追责。符合数据特定访问结构的用户通过自身的属性私钥对密文进行解密从而获取数据信息。实验结果表明,该方案能在保证数据可追溯并实现交易双方监管的同时,提高链上数据的隐私保护水平,与现有隐私保护方案相比安全性更高。     

Adolescents' privacy concerns and information disclosure online: The role of parents and the Internet

This study investigated the role of parents and the Internet in adolescents' online privacy concerns and information disclosing behaviors. Specifically, instructive and restrictive parental mediation, adolescents' self-disclosure to parents about their Internet experiences, time spent on the Internet, and participation in online communication activities were examined as factors that may impact adolescents' concerns about online privacy, willingness to disclose personally identifiable information, and actual disclosure of personal information online. A survey conducted in Singapore with 746 adolescents aged 12–18 revealed that instructive parental mediation based on parent-adolescent communication was more effective than restrictive parental mediation based on rule-making and controlling in reducing information disclosure among adolescents. Adolescents' self-disclosure to parents about their Internet experiences was found to be positively associated with their privacy concerns but did not foster privacy protection behaviors. While online chatting had a positive relationship with privacy concerns, excessive use of the Internet and frequent participation in social networking and online gaming resulted in increased information disclosure.     

A Cloud-Based BPM Architecture with User-End Distribution of Non-Compute-Intensive Activities and Sensitive Data

While cloud-based BPM (Business Process Management) shows potentials of inherent scalability and expenditure reduction, such issues as user autonomy, privacy protection and efficiency have popped up as major concerns. Users may have their own rudimentary or even full-fledged BPM systems, which may be embodied by local EAI systems, at their end, but still intend to make use of cloud-side infrastructure services and BPM capabilities, which may appear as PaaS (Platform-as-a-Service) services, at the same time. A whole business process may contain a number of non-compute-intensive activities, for which cloud computing is over-provision. Moreover, some users fear data leakage and loss of privacy if their sensitive data is processed in the cloud. This paper proposes and analyzes a novel architecture of cloud-based BPM, which supports user-end distribution of non-compute-intensive activities and sensitive data. An approach to optimal distribution of activities and data for synthetically utilizing both user-end and cloud-side resources is discussed. Experimental results show that with the help of suitable distribution schemes, data privacy can be satisfactorily protected, and resources on both sides can be utilized at lower cost.