Personalized privacy protection method for group recommendation

To address the problem that most of the existing privacy protection methods can not satisfy the user’s personalized requirements very well in group recommendation,a user personalized privacy protection framework based on trusted client for group recommendation (UPPPF-TC-GR) followed with a group sensitive preference protection method (GSPPM) was proposed.In GSPPM,user’s historical data and privacy preference demands were collected in the trusted client,and similar users were selected in the group based on sensitive topic similarity between users.Privacy protection for users who had privacy preferences in the group was realized by randomization of cooperative disturbance to top k similar users.Simulation experiments show that the proposed GSPPM can not only satisfy privacy protection requirements for each user but also achieve better performance.     

MCDP:基于神经网络的多集群分布式差分隐私数据发布方法

大数据应用能够为人们的生活和工作方式提供便捷,但包含消费记录、社交关系、地理位置等个人隐私信息的数据在发布过程中可能被服务提供商收集,用户隐私面临巨大威胁.本文首次提出了一个基于神经网络的多集群分布式差分隐私数据发布方法,能够显著缓解单服务器的数据处理压力.同时,利用神经网络算法进行隐私参数预测明显提高了预测精度和预测效率,并且集群之间不同的隐私参数也保证了方案的灵活性.此外,由于中心服务器存储的是经过差分隐私处理后的统计数据,即使中心服务器由于遭受攻击导致存储的数据泄露,也能确保用户数据隐私.实验对比分析表明,我们的方法在隐私处理效率、隐私保护强度、预测精度和预测效率等方面都有明显优势.     

Privacy-preserving and efficient user matching based on attribute encryption in mobile social networks

With the rapid popularity of social networking platforms, users can be matched when sharing their profiles. However, there is a risk of leakage of sensitive user information during the user matching process, which leads to the lack of user privacy protection. In this paper, we propose a privacy protection scheme based on the encryption of hidden attributes during user matching in mobile social networks, which uses linear secret sharing scheme (LSSS) as the access structure based on ciphertext policy attribute-based encryption (CP-ABE), and the match server can perform friend recommendation by completing bi-directional attribute matching determination without disclosing user attribute information. In addition, the use of selective keywords protects the privacy of requesters and publishers in selecting keywords and selecting plaintext attacks. The scheme reduces the encryption and decryption overhead for users by dividing encryption into a preparation phase and an online phase and shifting most of the decryption overhead from the requester to the match server. The experimental results show that the scheme ensures user privacy while effectively reducing communication overhead.     

Approach of location privacy protection based on order preserving encryption of the grid

The centralized structure of the trusted third party is a major privacy protection structure on location based services.However,if the central third party server can not be trusted or compromised,users have the risk of leakage of privacy location.Aiming at the above problems,location privacy protection approach based on a user-defined grid to hide location was proposed.The system first automatically converted the query area into a user-defined grid,and then the approach utilized order preserving encryption,which made the user’s real-time position in the hidden state could still be compared.Because the information in the process of the approach was in a state of encryption,the server could not know the user’s location information,thus improved privacy protection of the user location.The central third party server only need to do simple comparison work,so its processing time overhead would effectively decrease.Security analysis certificate the security of the proposed approach and simulation experimental show the proposed approach can reduce the time cost of the central third party server.     

数据隐私保护的社会化推荐协议

基于邻域的社会化推荐需要同时依赖用户的历史行为数据和完善的社交网络拓扑图,但通常这些数据分别属于不同平台,如推荐系统服务提供商和社交网络服务提供商。出于维护自身数据价值及保护用户隐私的考虑,他们并不愿意将数据信息提供给其他方。针对这一现象,提出了2种数据隐私保护的社会化推荐协议,可以在保护推荐系统服务提供商和社交网络服务提供商的数据隐私的同时,为用户提供精准的推荐服务。其中,基于不经意传输的社会化推荐,计算代价较小,适用于对推荐效率要求较高的应用;基于同态加密的社会化推荐,安全程度更高,适用于对数据隐私要求较高的应用。在4组真实数据集上的实验表明,提出的2种方案切实可行,用户可以根据自身需求选择合适的方案。     

一种基于虚拟应用的安全防泄漏系统

针对目前日益严重的信息资产泄露问题,在对比已有的信息泄露的防御技术基础上,提出一种＂基于虚拟应用的安全防泄漏系统＂,通过集中运算、虚拟应用技术,在服务器上为每一个用户的应用构建独立的计算环境;采用远程桌面、SSLVPN技术保证集中计算环境中数据与用户操作终端的安全隔离;同时基于信息在服务器集中存储和运算,实现终端无痕（用户终端没有数据计算痕迹）,防止数据在应用过程中泄露;最后采用统一认证和应用授权发布,管理用户对数据的访问和输出控制。     

基于授权的多服务器可搜索密文策略属性基加密方案

针对现有属性基可搜索加密方案缺乏对云服务器授权的服务问题,该文提出一种基于授权的可搜索密文策略属性基加密(CP-ABE)方案。方案通过云过滤服务器、云搜索服务器和云存储服务器协同合作实现搜索服务。用户可将生成的授权信息和陷门信息分别发送给云过滤服务器和云搜索服务器,在不解密密文的情况下,云过滤服务器可对所有密文进行检测。该方案利用多个属性授权机构,在保证数据机密性的前提下能进行高效的细粒度访问,解决数据用户密钥泄露问题,提高数据用户对云端数据的检索效率。通过安全性分析,证明方案在提供数据检索服务的同时无法窃取数据用户的敏感信息,且能够有效地防止数据隐私的泄露。     

Evaluation and protection of multi-level location privacy based on an information theoretic approach

A privacy metric based on mutual information was proposed to measure the privacy leakage occurred when location data owner trust data users at different levels and need to publish the distorted location data to each user according to her trust level,based on which an location privacy protection mechanism (LPPM)was generated to protect user’s location privacy.In addition,based on mutual information,a metric was proposed to measure the privacy leakage caused by attackers obtaining different levels of distorted location data and then performing inference attack on the original location data more accurately.Another privacy metric was also proposed to quantify the information leakage occurred in the scenario based on mutual information.In particular,the proposed privacy mechanism was designed by modifying Blahut-Arimoto algorithm in rate-distortion theory.Experimental results show the superiority of the proposed LPPM over an existing LPPM in terms of location privacyutility tradeoff in both scenarios,which is more conspicuous when there are highly popular locations.     

基于艾宾浩斯遗忘曲线和注意力机制的推荐算法

传统基于注意力机制的推荐算法只利用位置嵌入对用户行为序列进行建模,忽略了具体的时间戳信息,导致推荐性能不佳和模型训练过拟合等问题。提出基于时间注意力的多任务矩阵分解推荐模型,利用注意力机制提取邻域信息对用户和物品进行嵌入编码,借助艾宾浩斯遗忘曲线描述用户兴趣随时间的变化特性,在模型训练过程中引入经验回放的强化学习策略模拟人类的记忆复习过程。真实数据集上的实验结果表明,该模型比现有推荐模型具有更好的推荐性能。     

An efficient remote user authentication and key agreement protocol for mobile client–server environment from pairings

With the continue evaluation of mobile devices in terms of the capabilities and services, security concerns increase dramatically. To provide secured communication in mobile client–server environment, many user authentication protocols from pairings have been proposed. In 2009, Goriparthi et al. proposed a new user authentication scheme for mobile client–server environment. In 2010, Wu et al. demonstrated that Goriparthi et al.’s protocol fails to provide mutual authentication and key agreement between the client and the server. To improve security, Wu et al. proposed an improved protocol and demonstrated that their protocol is provably secure in random oracle model. Based on Wu et al.’s work, Yoon et al. proposed another scheme to improve performance. However, their scheme just reduces one hash function operation at the both of client side and the server side. In this paper, we present a new user authentication and key agreement protocol using bilinear pairings for mobile client–server environment. Performance analysis shows that our protocol has better performance than Wu et al.’s protocol and Yoon et al.’s protocol. Then our protocol is more suited for mobile client–server environment. Security analysis is also given to demonstrate that our proposed protocol is provably secure against previous attacks.     

An ID‐based mutual authentication with key agreement protocol for multiserver environment on elliptic curve cryptosystem

Mutual authentication is used to validate the legitimacy of a remote login user and a server. Conventional user authentication protocols are suited to solve the privacy and security problems for the single client/server architecture environment. However, the use of computer networks and information technology has grown spectacularly. More and more network architectures are used in multi‐server environments. Recently, several authentication schemes for multi‐server environments have been proposed. However, the performance of these schemes is not suitable for applications. To improve the performance, we propose a new ID‐based mutual authentication protocols for multi‐server environment without bilinear pairings. We also show that the proposed scheme is provable secure in the random oracle model. Copyright © 2012 John Wiley & Sons, Ltd.     

Trajectory privacy protection method based on location obfuscation

In the process of continuous queries,a method of trajectory privacy protection based on location obfuscation was proposed to solve the problem that K-anonymity was difficult to guarantee user privacy in third party architectrue.Firstly,the (G-1) query obfuscation locations through the location prediction was obtained and the dummy location selection mechanism,and then sent them together with the user’s real query location to different anonymizers to form cloaking regions and sent them to the LBS server for queries,and the query results were returned to the user by different anonymizers.In this method,the user’s real query location was confused by the location obfuscation,and the attacker couldn’t deduce the user’s trajectory from a single anonymizer or the LBS server.The method can enhance the privacy of the user’s trajectory and can effectively solve the performance bottleneck in the single anonymizer structure.Security analysis shows the security of the proposed approach,and experiments show this method can reduce the number of interactions between the user and the LBS server and the overhead of the single anonymizer.     

医疗社交网络中基于云计算的属性基签密方案

移动医疗社交网络的出现为患者之间互相交流病情提供了极大的便利,促进了患者之间高效、高质量的沟通与交流,但与此同时也产生了患者数据的保密性和隐私性问题。针对此问题,该文提出一种基于云计算的属性基签密方案,能够有效地保护患者数据的隐私性。患者将自己的病情信息签密后上传至云服务器,当数据用户要访问患者的信息时,云服务器帮助数据用户进行部分解密并验证数据的完整性,这在一定程度上减少了数据用户的计算量。同时,在随机预言机模型下,证明了该方案满足选择消息攻击下的不可伪造性、选择密文攻击下的不可区分性以及属性隐私安全性。理论分析和数值模拟实验结果表明,该方案在签密和解签密阶段比现存的方案有更高的效率。     

Dynamic searchable encryption with privacy protection for cloud computing

The dynamic searchable encryption schemes generate search tokens for the encrypted data on a cloud server periodically or on a demand. With such search tokens, a user can query the encrypted data whiles preserving the data's privacy; ie, the cloud server can retrieve the query results to the user but do not know the content of the encrypted data. A framework DSSE with Forward Privacy (dynamic symmetric searchable encryption [DSSE] with forward privacy), which consists of Internet of Things and Cloud storage, with the attributes of the searchable encryption and the privacy preserving are proposed. Compared with the known DSSE schemes, our approach supports the multiusers query. Furthermore, our approach successfully patched most of the security flaws related to the sensitive information's leakage in the DSSE schemes. Both security analysis and simulations show that our approach outperforms other DSSE schemes with respect to both effectiveness and efficiency.     

基于相似度聚类的可信联邦安全聚合算法

联邦学习能够有效地规避参与方数据隐私问题,但模型训练中传递的参数或者梯度仍有可能泄露参与方的隐私数据,而恶意参与方的存在则会严重影响聚合过程和模型质量。基于此,该文提出一种基于相似度聚类的可信联邦安全聚合方法(FSA-SC)。首先基于客户端训练数据集规模及其与服务器间的通信距离综合评估选出拟参与模型聚合的候选客户端;然后根据候选客户端间的相似度,利用聚类将候选客户端划分为良性客户端和异常客户端;最后,对异常客户端类中的成员利用类内广播和二次协商进行参数替换和记录,检测识别恶意客户端。为了验证FSA-SC的有效性,以联邦推荐为应用场景,选取MovieLens 1M,Netflix数据集和Amazon抽样数据集为实验数据集,实验结果表明,所提方法能够实现高效的安全聚合,且相较对比方法有更高的鲁棒性。     

基于同态加密的DBSCAN聚类隐私保护方案

为了降低数据外包聚类运算过程中存在的隐私泄露风险,提出了一个基于同态加密的DBSCAN聚类隐私保护方案.为了加密实际场景中的浮点型数据,给出了针对不同数据精度的3种数据预处理方式,并提出了一种基于数据特点且综合考虑数据精度和计算开销等方面的数据预处理方式的选择策略.由于同态加密不支持密文比较运算,设计了一个用户端与云服...     

基于SLNR准则的MU-MIMO下行链路的预编码与用户调度

在多用户MIMO（MU-MIMO）系统的下行链路中,为了降低用户端的处理复杂度,发射端预编码的设计对多用户MIMO系统的性能非常重要,基于信漏噪比（SLNR）准则的预编码技术由于同时考虑了共信道干扰（CCI）和噪声,提高了系统的性能,但基站同时服务的用户有限,基于信漏噪比最大的用户调度能够合理地选择用户,提高了多用户分级增益,使系统获得更高的系统容量和系统性能。仿真结果表明,基于SLNR准则的多用户预编码在系统容量和误码率方面要优于单一考虑CCI的迫零预编码（ZF）和单一考虑噪声的最大化每个用户接收到信号的信噪比预编码（MRT）。在采用SLNR预编码的条件下,信漏噪比最大的用户调度系统性比轮询调度和最大信道增益调度好,并且随着待选用户数的增多,不会给系统的调度策略带来很大的影响。     

基于联邦学习的本地化差分隐私机制研究

联邦学习与群体学习作为当前热门的分布式机器学习范式，前者能够保护用户数据不被第三方获得的前提下在服务器中实现模型参数共享计算，后者在无中心服务器的前提下利用区块链技术实现所有用户同等地聚合模型参数。但是，通过分析模型训练后的参数，如深度神经网络训练的权值，仍然可能泄露用户的隐私信息。目前，在联邦学习下运用本地化差分隐私(LDP)保护模型参数的方法层出不穷，但皆难以在较小的隐私预算和用户数量下缩小模型测试精度差。针对此问题，该文提出正负分段机制(PNPM)，在聚合前对本地模型参数进行扰动。首先，证明了该机制满足严格的差分隐私定义，保证了算法的隐私性；其次分析了该机制能够在较少的用户数量下保证模型的精度，保证了机制的有效性；最后，在3种主流图像分类数据集上与其他最先进的方法在模型准确性、隐私保护方面进行了比较，表现出了较好的性能。     

基于Voronoi图预划分的LBS位置隐私保护方法

为了解决服务器面临大量用户请求时匿名效率下降的问题,分别提出适用于静态用户和动态用户的协作匿名方法。首先基于Voronoi图划分全局区域,再由中心服务器组织本区域内用户实现协作匿名,由于服务器无需为每个用户单独构造匿名区,降低了服务端的负担;针对查询过程中用户提供真实位置信息带来位置隐私泄露的问题,提出了逆向增量近邻查询算法。用户以固定锚点代替真实位置,向位置服务器逐步获取兴趣点候选集并计算出想要的结果,避免位置隐私直接泄漏的同时获取精准查询结果。该算法同时解决了锚点与用户过近而带来的位置隐私被推断问题。实验表明本方法在有效保护用户位置隐私的同时,具有良好的工作效率。     

Secure grid-based density peaks clustering on hybrid cloud for industrial IoT

Cloud computing gives clients the convenience of outsourcing data calculations. However, it also brings the risk of privacy leakage, and datasets that process industrial IoT information have a high computational cost for clients. To address these problems, this paper proposes a secure grid-based density peaks clustering algorithm for a hybrid cloud environment. First, the client utilizes the homomorphic encryption algorithm to construct encrypted objects with client dataset. Second, the client uploads the encrypted data to the cloud servers to implement our security protocol. Finally, the cloud servers return the clustering results with the disturbance to the client. The experimental results on the UCI datasets and the smart power grid dataset reveal that the secure algorithm presented in this paper can improve upon the precision and efficiency of other clustering algorithms while also preserving user privacy. Moreover, it only performs encryption and removes the disturbance operation on the client, so that the client has lower computational complexity. Therefore, the secure clustering scheme proposed in this paper is applicable to industrial IoT big data and has high security and scalability.