A Distributed Privacy Preservation Approach for Big Data in Public Health Emergencies Using Smart Contract and SGX

Security and privacy issues have become a rapidly growing problem with the fast development of big data in public health. However, big data faces many ongoing serious challenges in the process of collection, storage, and use. Among them, data security and privacy problems have attracted extensive interest. In an effort to overcome this challenge, this article aims to present a distributed privacy preservation approach based on smart contracts and Intel Software Guard Extensions (SGX). First of all, we define SGX as a trusted edge computing node, design data access module, data protection module, and data integrity check module, to achieve hardware-enhanced data privacy protection. Then, we design a smart contract framework to realize distributed data access control management in a big data environment. The crucial role of the smart contract was revealed by designing multiple access control contracts, register contracts, and history contracts. Access control contracts provide access control methods for different users and enable static access verification and dynamic access verification by checking the user’s properties and history behavior. Register contract contains user property information, edge computing node information, the access control and history smart contract information, and provides functions such as registration, update, and deletion. History contract records the historical behavior information of malicious users, receives the report information of malicious requestors from the access control contract, implements a misbehavior check method to determines whether the requestor has misbehavior, and returns the corresponding result. Finally, we design decentralized system architecture, prove the security properties, and analysis to verify the feasibility of the system. Results demonstrate that our method can effectively improve the timeliness of data, reduce network latency, and ensure the security, reliability, and traceability of data.     

Distributed Trusted Computing for Blockchain-Based Crowdsourcing

A centralized trusted execution environment (TEE) has been extensively studied to provide secure and trusted computing. However, a TEE might become a throughput bottleneck if it is used to evaluate data quality when collecting large-scale data in a crowdsourcing system. It may also have security problems compromised by attackers. Here, we propose a scheme, named dTEE, for building a platform for providing distributed trusted computing by leveraging TEEs. The platform is used as an infrastructure of trusted computations for blockchain-based crowdsourcing systems, especially to securely evaluate data quality and manage remuneration: these operations are handled by a TEE group. First, dTEE uses a public blockchain with smart contracts to manage TEEs without reliance on any trusted third parties. Second, to update TEE registration information and rule out zombie TEEs, dTEE uses a reporting mechanism. To attract TEE owners to join in and provide service of trusted computations, it uses a fair monetary incentive mechanism. Third, to account for malicious attackers, we design a model with Byzantine fault tolerance, not limited to a crash-failure model. Finally, we conduct an extensive evaluation of our design on a local cluster. The results show that dTEE finishes evaluating 10,000 images within one minute and achieves about 65 tps throughput when evaluating Sudoku solution data with collective signatures both in a group of 120 TEEs.     

Towards Privacy-Preserving Cloud Storage: A Blockchain Approach

With the rapid development of cloud computing technology, cloud services have now become a new business model for information services. The cloud server provides the IT resources required by customers in a self-service manner through the network, realizing business expansion and rapid innovation. However, due to the insufficient protection of data privacy, the problem of data privacy leakage in cloud storage is threatening cloud computing. To address the problem, we propose BC-PECK, a data protection scheme based on blockchain and public key searchable encryption. Firstly, all the data is protected by the encryption algorithm. The privacy data is encrypted and stored in a cloud server, while the ciphertext index is established by a public key searchable encryption scheme and stored on the blockchain. Secondly, based on the characteristics of trusted execution of smart contract technology, a control mechanism for data accessing and sharing is given. Data transaction is automatically recorded on the blockchain, which is fairer under the premise of ensuring the privacy and security of the data sharing process. Finally, we analyzed the security and fairness of the current scheme. Through the comparison with similar schemes, we have shown the advantages of the proposed scheme.     

Privacy Protection Algorithm for the Internet of Vehicles Based on Local Differential Privacy and Game Model

In recent years, with the continuous advancement of the intelligent process of the Internet of Vehicles (IoV), the problem of privacy leakage in IoV has become increasingly prominent. The research on the privacy protection of the IoV has become the focus of the society. This paper analyzes the advantages and disadvantages of the existing location privacy protection system structure and algorithms, proposes a privacy protection system structure based on untrusted data collection server, and designs a vehicle location acquisition algorithm based on a local differential privacy and game model. The algorithm first meshes the road network space. Then, the dynamic game model is introduced into the game user location privacy protection model and the attacker location semantic inference model, thereby minimizing the possibility of exposing the regional semantic privacy of the k-location set while maximizing the availability of the service. On this basis, a statistical method is designed, which satisfies the local differential privacy of k-location sets and obtains unbiased estimation of traffic density in different regions. Finally, this paper verifies the algorithm based on the data set of mobile vehicles in Shanghai. The experimental results show that the algorithm can guarantee the user’s location privacy and location semantic privacy while satisfying the service quality requirements, and provide better privacy protection and service for the users of the IoV.     

一种通用移动支付模型及其协议的研究

以SEMOPS模型为基础,提出了一种新的通用移动支付模型及其协议.该模型与协议具有应用无关性.通过对交易数据的变换处理和为该模型设计的专有协议,使得用户的交易数据等敏感信息对于支付系统是透明的.另外,由于引入可信的第三方实体,降低了对银行等传统可信实体的信任依赖程度,因此提高了系统的安全性.利用形式化的方法验证了所设计的移动支付协议可以保证支付过程的不可抵赖性.     

An Efficient Three-Party Authenticated Key Exchange Procedure Using Chebyshev Chaotic Maps with Client Anonymity

Internet of Things (IoT) applications can be found in various industry areas, including critical infrastructure and healthcare, and IoT is one of several technological developments. As a result, tens of billions or possibly hundreds of billions of devices will be linked together. These smart devices will be able to gather data, process it, and even come to decisions on their own. Security is the most essential thing in these situations. In IoT infrastructure, authenticated key exchange systems are crucial for preserving client and data privacy and guaranteeing the security of data-in-transit (e.g., via client identification and provision of secure communication). It is still challenging to create secure, authenticated key exchange techniques. The majority of the early authenticated key agreement procedure depended on computationally expensive and resource-intensive pairing, hashing, or modular exponentiation processes. The focus of this paper is to propose an efficient three-party authenticated key exchange procedure (AKEP) using Chebyshev chaotic maps with client anonymity that solves all the problems mentioned above. The proposed three-party AKEP is protected from several attacks. The proposed three-party AKEP can be used in practice for mobile communications and pervasive computing applications, according to statistical experiments and low processing costs. To protect client identification when transferring data over an insecure public network, our three-party AKEP may also offer client anonymity. Finally, the presented procedure offers better security features than the procedures currently available in the literature.     

Research on Federated Learning Data Sharing Scheme Based onDifferentialPrivacy

To realize data sharing, and to fully use the data value, breaking the data island between institutions to realize data collaboration has become a new sharing mode. This paper proposed a distributed data security sharing scheme based on C/S communication mode, and constructed a federated learning architecture that uses differential privacy technology to protect training parameters. Clients do not need to share local data, and they only need to upload the trained model parameters to achieve data sharing. In the process of training, a distributed parameter update mechanism is introduced. The server is mainly responsible for issuing training commands and parameters, and aggregating the local model parameters uploaded by the clients. The client mainly uses the stochastic gradient descent algorithm for gradient trimming, updates, and transmits the trained model parameters back to the server after differential processing. To test the performance of the scheme, in the application scenario where many medical institutions jointly train the disease detection system, the model is tested from multiple perspectives by taking medical data as an example. From the testing results, we can know that for this specific test dataset, when the parameters are properly configured, the lowest prediction accuracy rate is 90.261% and the highest accuracy rate is up to 94.352. It shows that the performance of the model is good. The results also show that this scheme realizes data sharing while protecting data privacy, completes accurate prediction of diseases, and has a good effect.     

User Profile System Based on Sentiment Analysis for Mobile Edge Computing

Emotions of users do not converge in a single application but are scattered across diverse applications. Mobile devices are the closest media for handling user data and these devices have the advantage of integrating private user information and emotions spread over different applications. In this paper, we first analyze user profile on a mobile device by describing the problem of the user sentiment profile system in terms of data granularity, media diversity, and server-side solution. Fine-grained data requires additional data and structural analysis in mobile devices. Media diversity requires standard parameters to integrate user data from various applications. A server-side solution presents a potential risk when handling individual privacy information. Therefore, in order to overcome these problems, we propose a general-purposed user profile system based on sentiment analysis that extracts individual emotional preferences by comparing the difference between public and individual data based on particular features. The proposed system is built based on a sentiment hierarchy, which is created by using unstructured data on mobile devices. It can compensate for the concentration of single media, and analyze individual private data without the invasion of privacy on mobile devices.     

A restful web notification service

With the rapid growth of mobile applications or web services, many users are using the same service at the same time which leads to the need for scalable application services. To enlarge the capability of handling large volumes of concurrent requests, server-side push technologies have been then introduced recently. Server-side push technology tries to eliminate unnecessary client requests by sending notification messages to clients when a data change event is triggered on the server side. There are two famous server-side push frameworks used today, and they are services using the Pub/Sub protocol, and the Ajax Push Model. These two mechanisms need middleware between clients and servers which result in complex and heavy-weight system architectures for application developers. To simplify development and increase ability to accommodate the growth in application users, a RESTful notification service is proposed in this paper. The notification service leverages the event-driven characteristic of JavaScript, and pushes response data asynchronously to different requests. Based on the RESTful software architecture style, the proposed notification service is not only a lightweight system but also has impressive performance.     

Lightweight Authentication Protocol Based on Physical Unclonable Function

In the emerging Industrial Internet of Things (IIoT), authentication problems have become an urgent issue for massive resource-constrained devices because traditional costly security mechanisms are not suitable for them. The security protocol designed for resource-constrained systems should not only be secure but also efficient in terms of usage of energy, storage, and processing. Although recently many lightweight schemes have been proposed, to the best of our knowledge, they are unable to address the problem of privacy preservation with the resistance of Denial of Service (DoS) attacks in a practical way. In this paper, we propose a lightweight authentication protocol based on the Physically Unclonable Function (PUF) to overcome the limitations of existing schemes. The protocol provides an ingenious authentication and synchronization mechanism to solve the contradictions amount forward secrecy, DoS attacks, and resource-constrained. The performance analysis and comparison show that the proposed scheme can better improve the authentication security and efficiency for resource-constrained systems in IIoT.     

Efficient Joint Key Authentication Model in E-Healthcare

Many patients have begun to use mobile applications to handle different health needs because they can better access high-speed Internet and smartphones. These devices and mobile applications are now increasingly used and integrated through the medical Internet of Things (mIoT). mIoT is an important part of the digital transformation of healthcare, because it can introduce new business models and allow efficiency improvements, cost control and improve patient experience. In the mIoT system, when migrating from traditional medical services to electronic medical services, patient protection and privacy are the priorities of each stakeholder. Therefore, it is recommended to use different user authentication and authorization methods to improve security and privacy. In this paper, our prosed model involves a shared identity verification process with different situations in the e-health system. We aim to reduce the strict and formal specification of the joint key authentication model. We use the AVISPA tool to verify through the well-known HLPSL specification language to develop user authentication and smart card use cases in a user-friendly environment. Our model has economic and strategic advantages for healthcare organizations and healthcare workers. The medical staff can increase their knowledge and ability to analyze medical data more easily. Our model can continuously track health indicators to automatically manage treatments and monitor health data in real time. Further, it can help customers prevent chronic diseases with the enhanced cognitive functions support. The necessity for efficient identity verification in e-health care is even more crucial for cognitive mitigation because we increasingly rely on mIoT systems.     

Personalized Privacy Protecting Model in Mobile Social Network

With the rapid development of the new generation of information technology, the analysis of mobile social network big data is getting deeper and deeper. At the same time, the risk of privacy disclosure in social network is also very obvious. In this paper, we summarize the main access control model in mobile social network, analyze their contribution and point out their disadvantages. On this basis, a practical privacy policy is defined through authorization model supporting personalized privacy preferences. Experiments have been conducted on synthetic data sets. The result shows that the proposed privacy protecting model could improve the security of the mobile social network while keeping high execution efficiency     

A Secure Method for Data Storage and Transmission in Sustainable Cloud Computing

Cloud computing is a technology that provides secure storage space for the customer’s massive data and gives them the facility to retrieve and transmit their data efficiently through a secure network in which encryption and decryption algorithms are being deployed. In cloud computation, data processing, storage, and transmission can be done through laptops and mobile devices. Data Storing in cloud facilities is expanding each day and data is the most significant asset of clients. The important concern with the transmission of information to the cloud is security because there is no perceivability of the client’s data. They have to be dependent on cloud service providers for assurance of the platform’s security. Data security and privacy issues reduce the progression of cloud computing and add complexity. Nowadays; most of the data that is stored on cloud servers is in the form of images and photographs, which is a very confidential form of data that requires secured transmission. In this research work, a public key cryptosystem is being implemented to store, retrieve and transmit information in cloud computation through a modified Rivest-Shamir-Adleman (RSA) algorithm for the encryption and decryption of data. The implementation of a modified RSA algorithm results guaranteed the security of data in the cloud environment. To enhance the user data security level, a neural network is used for user authentication and recognition. Moreover; the proposed technique develops the performance of detection as a loss function of the bounding box. The Faster Region-Based Convolutional Neural Network (Faster R-CNN) gets trained on images to identify authorized users with an accuracy of 99.9% on training.     

Efficient Secure Data Provenance Scheme in Multimedia Outsourcing and Sharing

To cope with privacy leakage caused by multimedia outsourcing and sharing, data provenance is used to analyze leaked multimedia and provide reactive accountability. Existing schemes of multimedia provenance are based on watermarking protocols. In an outsourcing scenario, existing schemes face two severe challenges: 1) when data leakage occurs, there exists a probability that data provenance results can be repudiated, in which case data provenance tracking fails; and 2) when outsourced data are shared, data encryption transfer causes key management burden outside the schemes, and privacy leakage threatens users. In this paper, we propose a novel data provenance scheme with an improved LUT-based fingerprinting protocol, which integrates an asymmetric watermarking protocol, robust watermark algorithm and homomorphic encryption and digital signatures to achieve full non-repudiation provenance. We build an in-scheme stream cipher to protect outsourced multimedia data from privacy leakage and complicated key management. Our scheme is also lightweight and easy to deploy. Extensive security and performance analysis compares our scheme with the state of the art. The results show that our scheme has not only better provenance security and data confidentiality but also higher efficiency for multimedia outsourcing, sharing and provenance.     

Privacy Data Management Mechanism Based on Blockchain and Federated Learning

Due to the extensive use of various intelligent terminals and the popularity of network social tools, a large amount of data in the field of medical emerged. How to manage these massive data safely and reliably has become an important challenge for the medical network community. This paper proposes a data management framework of medical network community based on Consortium Blockchain (CB) and Federated learning (FL), which realizes the data security sharing between medical institutions and research institutions. Under this framework, the data security sharing mechanism of medical network community based on smart contract and the data privacy protection mechanism based on FL and alliance chain are designed to ensure the security of data and the privacy of important data in medical network community, respectively. An intelligent contract system based on Keyed-Homomorphic Public Key (KH-PKE) Encryption scheme is designed, so that medical data can be saved in the CB in the form of ciphertext, and the automatic sharing of data is realized. Zero knowledge mechanism is used to ensure the correctness of shared data. Moreover, the zero-knowledge mechanism introduces the dynamic group signature mechanism of chosen ciphertext attack (CCA) anonymity, which makes the scheme more efficient in computing and communication cost. In the end of this paper, the performance of the scheme is analyzed from both asymptotic and practical aspects. Through experimental comparative analysis, the scheme proposed in this paper is more effective and feasible.     

Delivery of pre‐stored videos for mobile clients with insufficient playback buffer and bounded delay guarantee

Abstract

A deterministic service model assisted by a sufficiently large playback buffer space can provide bounded delay guarantees for video packets and simplify network resource management. However, many popular mobile terminals do not have sufficient memory capacity for deterministic video services since the embedded memory is limited and needs to be shared by numerous software programs and masses of personal data. This paper improves the traditional deterministic modeling approach for delivering pre‐stored videos to mobile clients with QoS guarantees. The limitation of playback buffer space, the network delay jitter, the processing load of resource management, and the QoS guarantee are considered in the proposed mechanism. Some traffic smoothing operations are integrated into the proposed mechanism for reducing the playback buffer demand and data rate variation. This paper further proposes a smart video frame skip algorithm, originating at the sender for preventing possible overflow problems due to insufficient playback buffer space. The algorithm can determine the most suitable temporal range for skipping frames and prevent arbitrary discarding from inappropriate video frames such as I‐frames on the client side. Simulation results reveal that the proposed mechanism can effectively remedy situations of insufficient playback buffer space while still maintaining the advantages of deterministic services.     

Mobile Internet Mobile Agent System Dynamic Trust Model for Cloud Computing

In mobile cloud computing, trust is a very important parameter in mobile cloud computing security because data storage and data processing are performed remotely in the cloud. Aiming at the security and trust management of mobile agent system in mobile cloud computing environment, the Human Trust Mechanism (HTM) is used to study the subjective trust formation, trust propagation and trust evolution law, and the subjective trust dynamic management algorithm (MASTM) is proposed. Based on the interaction experience between the mobile agent and the execution host and the third-party recommendation information to collect the basic trust data, the public trust host selection algorithm is given. The isolated malicious host algorithm and the integrated trust degree calculation algorithm realize the function of selecting the trusted cluster and isolating the malicious host, so as to enhance the security interaction between the mobile agent and the host. Given algorithm simulation and verification were carried out to prove its feasibility and effectiveness.     

Privacy Protection for Medical Images Based on DenseNet and Coverless Steganography

With the development of the internet of medical things (IoMT), the privacy protection problem has become more and more critical. In this paper, we propose a privacy protection scheme for medical images based on DenseNet and coverless steganography. For a given group of medical images of one patient, DenseNet is used to regroup the images based on feature similarity comparison. Then the mapping indexes can be constructed based on LBP feature and hash generation. After mapping the privacy information with the hash sequences, the corresponding mapped indexes of secret information will be packed together with the medical images group and released to the authorized user. The user can extract the privacy information successfully with a similar method of feature analysis and index construction. The simulation results show good performance of robustness. And the hiding success rate also shows good feasibility and practicability for application. Since the medical images are kept original without embedding and modification, the performance of crack resistance is outstanding and can keep better quality for diagnosis compared with traditional schemes with data embedding.     

Federated Feature Concatenate Method for Heterogeneous Computing in Federated Learning

Federated learning is an emerging machine learning technique that enables clients to collaboratively train a deep learning model without uploading raw data to the aggregation server. Each client may be equipped with different computing resources for model training. The client equipped with a lower computing capability requires more time for model training, resulting in a prolonged training time in federated learning. Moreover, it may fail to train the entire model because of the out-of-memory issue. This study aims to tackle these problems and propose the federated feature concatenate (FedFC) method for federated learning considering heterogeneous clients. FedFC leverages the model splitting and feature concatenate for offloading a portion of the training loads from clients to the aggregation server. Each client in FedFC can collaboratively train a model with different cutting layers. Therefore, the specific features learned in the deeper layer of the server-side model are more identical for the data class classification. Accordingly, FedFC can reduce the computation loading for the resource-constrained client and accelerate the convergence time. The performance effectiveness is verified by considering different dataset scenarios, such as data and class imbalance for the participant clients in the experiments. The performance impacts of different cutting layers are evaluated during the model training. The experimental results show that the co-adapted features have a critical impact on the adequate classification of the deep learning model. Overall, FedFC not only shortens the convergence time, but also improves the best accuracy by up to 5.9% and 14.5% when compared to conventional federated learning and splitfed, respectively. In conclusion, the proposed approach is feasible and effective for heterogeneous clients in federated learning.