Efficient privacy-preserving online medical primary diagnosis scheme on naive bayesian classification

With the advances of machine learning algorithms and the pervasiveness of network terminals, online medical primary diagnosis scheme, which can provide the primary diagnosis service anywhere anytime, has attracted considerable interest recently. However, the flourish of online medical primary diagnosis scheme still faces many challenges including information security and privacy preservation. In this paper, we propose an efficient and privacy-preserving medical primary diagnosis scheme, called PDiag, on naive Bayes classification. With PDiag, the sensitive personal health information can be processed without privacy disclosure during online medical primary diagnosis service. Specifically, based on an improved expression for the naive Bayes classifier, an efficient and privacy-preserving classification scheme is introduced with lightweight polynomial aggregation technique. The encrypted user query is directly operated at the service provider without decryption, and the diagnosis result can only be decrypted by user. Through extensive analysis, we show that PDiag ensures users’ health information and service provider’s prediction model are kept confidential, and has significantly less computation and communication overhead than existing schemes. In addition, performance evaluations via implementing PDiag on smartphone and computer demonstrate PDiag’s effectiveness in term of real environment.     

分布的缺失数据中保护隐私的贝叶斯网络学习

对隐私的保护性关注限制了参与各方对数据资源的共享使用,为此提出了从分布的缺失数据中保护隐私的贝叶斯网络学习方 法——PPHI-EM方法。该方法基于Pohlig-Hellman加密算法,使用安全有向边统计算法得到结构有向边的交集和并集。以交集作为初始网络结构,依次将并集中的其他边放入网络中,通过打分函数值的大小,判断该边是否应予保留。根据设定的适当权重,使用安全矩阵求和算法求解当前网络结构参数。循环计算直至确定网络的最优参数。该方法使用了期望统计来代替实际不存在的充分统计,使数据各方的打分函数便于分解,并基于AMS-EM方法分布迭代改进结构,使之收敛。实验结果验证了该方法的有效性。     

一种增强的位置分享隐私保护方案*

目前,位置分享已经成为移动在线社交网络中一个非常重要的功能。与此同时,人们也对位置分享过程中产生的隐私泄露问题越来越担忧。如果得不到足够的隐私保护,用户很可能不愿意分享自己的位置信息。针对移动在线社交网络中位置分享的隐私保护问题,本文进行了深入的研究,指出了已有的保护方案的缺陷,提出了一个名为BMobishare 的安全方案。该方案改进了先前方案的架构,并采用位置加密和Bloom过滤器来阻止非法攻击。最后,通过安全分析和模拟实验,证明了BMobishare 方案能有效地保护用户位置和社交网络的隐私信息。     

Efficient and privacy-preserving skyline computation framework across domains

Skyline computation, which returns a set of interesting points from a potentially huge data space, has attracted considerable interest in big data era. However, the flourish of skyline computation still faces many challenges including information security and privacy-preserving concerns. In this paper, we propose a new efficient and privacy-preserving skyline computation framework across multiple domains, called EPSC. Within EPSC framework, a skyline result from multiple service providers will be securely computed to provide better services for the client. Meanwhile, minimum privacy disclosure will be elicited from one service provider to another during skyline computation. Specifically, to leverage the service provider’s privacy disclosure and achieve almost real-time skyline processing and transmission, we introduce an efficient secure vector comparison protocol (ESVC) to construct EPSC, which is exclusively based on two novel techniques: fast secure permutation protocol (FSPP) and fast secure integer comparison protocol (FSIC). Both protocols allow multiple service providers to calculate skyline result interactively in a privacy-preserving way. Detailed security analysis shows that the proposed EPSC framework can achieve multi-domain skyline computation without leaking sensitive information to each other. In addition, performance evaluations via extensive simulations also demonstrate the EPSC’s efficiency in terms of providing skyline computation and transmission while minimizing the privacy disclosure across different domains.     

A verifiable privacy-preserving data collection scheme supporting multi-party computation in fog-based smart grid

Incorporation of fog computing with low latency,preprocession(e.g.,data aggregation)and location awareness,can facilitate fine-grained collection of smart metering data in smart grid and promotes the sustainability and efficiency of the grid.Recently,much attention has been paid to the research on smart grid,especially in protecting privacy and data aggregation.However,most previous works do not focus on privacy-preserving data aggregation and function computation query on enormous data simultaneously in smart grid based on fog computation.In this paper,we construct a novel verifiable privacy-preserving data collection scheme supporting multi-party computation(MPC),named VPDC-MPC,to achieve both functions simultaneously in smart grid based on fog computing.VPDC-MPC realizes verifiable secret sharing of users’data and data aggregation without revealing individual reports via practical cryptosystem and verifiable secret sharing scheme.Besides,we propose an efficient algorithm for batch verification of share consistency and detection of error reports if the external adversaries modify the SMs’report.Furthermore,VPDC-MPC allows both the control center and users with limited resources to obtain arbitrary arithmetic analysis(not only data aggregation)via secure multi-party computation between cloud servers in smart grid.Besides,VPDC-MPC tolerates fault of cloud servers and resists collusion.We also present security analysis and performance evaluation of our scheme,which indicates that even with tradeoff on computation and communication overhead,VPDC-MPC is practical with above features.     

Privacy-preserving identity-based broadcast encryption

Broadcast encryption enables a broadcaster to encrypt messages and transmit them to some subset S of authorized users. In identity-based broadcast encryption schemes, a broadcasting sender typically encrypts a message by combining public identities of receivers in S and system parameters. However, previous identity-based broadcast encryption schemes have not been concerned about preserving the privacy of receivers. Consequently, all of the identities of broadcast receivers in S are exposed to the public in the previous schemes, which may be subject to attacks on user privacy in lots of pragmatic applications. We propose a novel privacy-preserving identity-based broadcast encryption scheme against an active attacker. The proposed scheme protects the privacy of receivers of broadcasted messages by hiding the identities of receivers in S. Additionally, it achieves less storage and computation costs required to encrypt and decrypt the broadcast message, compared to the previous identity-based broadcast encryption schemes that do not provide user privacy.     

A context-aware scheme for privacy-preserving location-based services

We address issues related to privacy protection in location-based services (LBSs). Most existing privacy-preserving LBS techniques either require a trusted third-party (anonymizer) or use cryptographic protocols that are computationally and communicationally expensive. Our design of privacy-preserving techniques is principled on not requiring a trusted third-party while being highly efficient in terms of time and space complexities. The problem has two interesting and challenging characteristics: First, the degree of privacy protection and LBS accuracy depends on the context, such as population and road density, around a user’s location. Second, an adversary may violate a user’s location privacy in two ways: (i) based on the user’s location information contained in the LBS query payload and (ii) by inferring a user’s geographical location based on the device’s IP address. To address these challenges, we introduce CAP, a context-aware privacy-preserving LBS system with integrated protection for both data privacy and communication anonymity. We have implemented CAP and integrated it with Google Maps, a popular LBS system. Theoretical analysis and experimental results validate CAP’s effectiveness on privacy protection, LBS accuracy, and communication QoS (Quality-of-Service).     

A k-anonymity privacy-preserving approach in wireless medical monitoring environments

With the proliferation of wireless sensor networks and mobile technologies in general, it is possible to provide improved medical services and also to reduce costs as well as to manage the shortage of specialized personnel. Monitoring a person’s health condition using sensors provides a lot of benefits but also exposes personal sensitive information to a number of privacy threats. By recording user-related data, it is often feasible for a malicious or negligent data provider to expose these data to an unauthorized user. One solution is to protect the patient’s privacy by making difficult a linkage between specific measurements with a patient’s identity. In this paper we present a privacy-preserving architecture which builds upon the concept of k-anonymity; we present a clustering-based anonymity scheme for effective network management and data aggregation, which also protects user’s privacy by making an entity indistinguishable from other k similar entities. The presented algorithm is resource aware, as it minimizes energy consumption with respect to other more costly, cryptography-based approaches. The system is evaluated from an energy-consuming and network performance perspective, under different simulation scenarios.     

基于群签名与属性加密的区块链可监管隐私保护方案

区块链技术的去中心化、数据难篡改等特性使其在溯源问题上体现出明显优势,基于区块链的溯源系统可以解决传统系统中信息孤岛、共享程度低以及数据可篡改等问题,从而保证数据的可追溯性。然而,区块链溯源系统中的数据可追溯性与用户隐私保护之间难以取得平衡。提出一种结合群签名、隐私地址协议、零知识证明以及属性加密的分布式可监管隐私保护方案。对群签名的群管理员机制进行改进,设置多群管理员生成用户私钥片段,用户根据返回的私钥片段计算自身私钥,并根据需要有选择性地对溯源数据进行属性加密,同时为链上数据设置特定的访问结构,以实现数据与用户的“一对多”通信。群管理员利用群公钥对交易双方的身份进行追踪与追责。符合数据特定访问结构的用户通过自身的属性私钥对密文进行解密从而获取数据信息。实验结果表明,该方案能在保证数据可追溯并实现交易双方监管的同时,提高链上数据的隐私保护水平,与现有隐私保护方案相比安全性更高。     

基于代理重加密的电子病历数据共享方案

现有的电子病历大部分只能在医生与患者之间实现数据共享,数据用户难以访问患者的电子病历。针对该问题,提出一种利用代理重加密的电子病历数据共享方案。患者通过搜索陷门得到加密电子病历,数据用户要获取其电子病历,可请求患者和云服务器进行交互,云服务器生成重加密密钥,并对电子病历密文进行代理重加密,经患者授权后将重加密密文发送给数据用户,数据用户用其私钥解密密文,最终获取电子病历数据。基于随机预言机模型的实验结果表明,该方案在改进双线性Diffie-Hellman假设和q决策双线性Diffie-Hellman逆转假设下,均可实现关键字隐私安全和消息隐私安全。     

多用户通信机制中支持隐私保护的属性基动态广播加密

云计算和物联网的快速发展使多用户信息共享机制备受关注,然而当用户将个人数据上传到云服务器与不同用户共享时,未经授权的用户和不可信的第三方云服务提供商会窥探这些隐私数据,对数据安全和用户隐私构成严重威胁。此外,多用户共享机制还存在访问控制不灵活、用户撤销和动态管理等问题。为了解决这些问题,文章结合属性基加密与广播加密技术提出一种动态广播加密机制。该方案在保证数据安全的同时,利用不经意传输协议,实现了接收者的匿名,保护了用户隐私。此外,该方案还支持新用户随时动态加入系统,且不影响原用户在系统中的解密能力,并实现了用户撤销和快速解密。性能分析表明,该方案较已有方案在安全性和效率方面有明显优势。     

服务组合安全隐私信息流静态分析方法

用户为使用服务组合提供的功能,需要提供必要的个人隐私数据.由于组合的业务逻辑对用户是透明的,且用户与成员服务之间缺乏隐私数据使用的相关协议,如何保证组合执行过程中不发生用户隐私信息的非法泄露,成为当前服务计算领域的研究热点之一.针对隐私保护特征,提出一种服务组合安全隐私信息流静态分析方法.首先,从服务信誉度、隐私数据使用目的及保留期限这3个维度提出一种面向服务组合的隐私信息流安全模型;其次,采用支持隐私信息流分析的隐私工作流网（privacy workflow net,简称PWF-net）构建服务组合模型,并通过静态分析算法分析组合执行路径,检测组合的执行是否会发生用户隐私信息的非法泄露;最后,通过实例分析说明了方法的有效性,并对方法性能进行了实验分析.与现有的相关工作相比,针对隐私保护特征提出了隐私信息流安全模型,且分析方法考虑了隐私数据项聚合问题,从而能够更为有效地防止用户隐私信息非法泄露.     

An efficient PHR service system supporting fuzzy keyword search and fine-grained access control

Outsourcing of personal health record (PHR) has attracted considerable interest recently. It can not only bring much convenience to patients, it also allows efficient sharing of medical information among researchers. As the medical data in PHR is sensitive, it has to be encrypted before outsourcing. To achieve fine-grained access control over the encrypted PHR data becomes a challenging problem. In this paper, we provide an affirmative solution to this problem. We propose a novel PHR service system which supports efficient searching and fine-grained access control for PHR data in a hybrid cloud environment, where a private cloud is used to assist the user to interact with the public cloud for processing PHR data. In our proposed solution, we make use of attribute-based encryption (ABE) technique to obtain fine-grained access control for PHR data. In order to protect the privacy of PHR owners, our ABE is anonymous. That is, it can hide the access policy information in ciphertexts. Meanwhile, our solution can also allow efficient fuzzy search over PHR data, which can greatly improve the system usability. We also provide security analysis to show that the proposed solution is secure and privacy-preserving. The experimental results demonstrate the efficiency of the proposed scheme.     

参与式感知中可验证的隐私保护数据类型匹配方案

参与式感知中,用户在相互间物理邻近时共享感知数据时,需要对数据类型进行预匹配。而如何在资源有限的移动设备上,对用户间数据类型进行高效匹配及验证的同时,保护用户的个人隐私不被泄露,是一个不能被现有方案良好解决的问题。提出了一个匹配结果可验证的数据类型高效匹配方案,通过引入时空性价比高的布隆过滤器及基于位运算的门限秘密共享机制,解决了上述问题。集中的理论分析和实验结果证实了方案正确性、隐私保护性、可验证性和高效性。 关键词: 参与式感知;移动社交;用户隐私;可验证性。     

Protecting query privacy in location-based services

The popularity of location-based services (LBSs) leads to severe concerns on users’ privacy. With the fast growth of Internet applications such as online social networks, more user information becomes available to the attackers, which allows them to construct new contextual information. This gives rise to new challenges for user privacy protection and often requires improvements on the existing privacy-preserving methods. In this paper, we classify contextual information related to LBS query privacy and focus on two types of contexts—user profiles and query dependency: user profiles have not been deeply studied in LBS query privacy protection, while we are the first to show the impact of query dependency on users’ query privacy. More specifically, we present a general framework to enable the attackers to compute a distribution on users with respect to issuing an observed request. The framework can model attackers with different contextual information. We take user profiles and query dependency as examples to illustrate the implementation of the framework and their impact on users’ query privacy. Our framework subsequently allows us to show the insufficiency of existing query privacy metrics, e.g., k-anonymity, and propose several new metrics. In the end, we develop new generalisation algorithms to compute regions satisfying users’ privacy requirements expressed in these metrics. By experiments, our metrics and algorithms are shown to be effective and efficient for practical usage.     

Mosco: a privacy-aware middleware for mobile social computing

The proliferation of mobile devices coupled with Internet access is generating a tremendous amount of highly personal and sensitive data. Applications such as location-based services and quantified self harness such data to bring meaningful context to users’ behavior. As social applications are becoming prevalent, there is a trend for users to share their mobile data. The nature of online social networking poses new challenges for controlling access to private data, as compared to traditional enterprise systems. First, the user may have a large number of friends, each associated with a unique access policy. Second, the access control policies must be dynamic and fine-grained, i.e. they are content-based, as opposed to all-or-nothing. In this paper, we investigate the challenges in sharing of mobile data in social applications. We design and evaluate a middleware running on Google App Engine, named Mosco, that manages and facilitates sharing of mobile data in a privacy-preserving manner. We use Mosco to develop a location sharing and a health monitoring application. Mosco helps shorten the development process. Finally, we perform benchmarking experiments with Mosco, the results of which indicate small overhead and high scalability.     

Application and analysis of multidimensional negative surveys in participatory sensing applications

Participatory sensing applications rely on individuals to share personal data to produce aggregated models and knowledge. In this setting, privacy concerns can discourage widespread adoption of new applications. We present a privacy-preserving participatory sensing scheme based on negative surveys for both continuous and multivariate categorical data. Without relying on encryption, our algorithms enhance the privacy of sensed data in an energy and computation efficient manner. Simulations and implementation on Android smart phones illustrate how multidimensional data can be aggregated in a useful and privacy-enhancing manner.     

可证明安全的社交网络隐私保护方案

针对社交网络隐私保护方案的安全性证明问题,提出了一种可证明安全的社交网络隐私保护方案。首先,通过分析社交网络中节点隐私的安全需求（不可区分的节点结构和不可区分的发送消息）,分别建立其安全模型;其次,基于该安全模型运用双线性映射构造社交网络节点隐私保护方案;最后,证明了该方案是可证明安全的,并且分析和对比了该方案的安全性,分析结果表明,该方案除了具有可证明安全性外,还能抵抗再识别攻击、推理攻击和信息聚集攻击。     

Blockchain-based Privacy-Preserving Group Data Auditing with Secure User Revocation

Progress in cloud computing makes group data sharing in outsourced storage a reality. People join in group and share data with each other, making team work more convenient. This new application scenario also faces data security threats, even more complex. When a user quit its group, remaining data block signatures must be re-signed to ensure security. Some researchers noticed this problem and proposed a few works to relieve computing overhead on user side. However, considering the privacy and security need of group auditing, there still lacks a comprehensive solution to implement secure group user revocation, supporting identity privacy preserving and collusion attack resistance. Aiming at this target, we construct a concrete scheme based on ring signature and smart contracts. We introduce linkable ring signature to build a kind of novel meta data for integrity proof enabling anonymous verification. And the new meta data supports secure revocation. Meanwhile, smart contracts are using for resisting possible collusion attack and malicious re-signing computation. Under the combined effectiveness of both signature method and blockchain smart contracts, our proposal supports reliable user revocation and signature re-signing, without revealing any user identity in the whole process. Security and performance analysis compared with previous works prove that the proposed scheme is feasible and efficient.     

雾辅助智能电网中容错隐私保护数据聚合方案

针对雾辅助智能电网数据收集过程中存在的隐私泄露问题,本文提出一种新的支持容错的隐私保护数据聚合方案.首先,结合BGN同态加密算法和Shamir秘密共享方案确保电量数据的隐私性.同时,基于椭圆曲线离散对数困难问题构造高效的签名认证方法保证数据的完整性.特别地,方案具有两种容错措施,当部分智能电表数据无法正常发送或部分云服务器遭受攻击而无法工作时,方案仍然能够进行聚合统计.安全分析证明了方案满足智能电网的安全需求;性能实验表明,与已有方案相比,本文方案计算和通信性能更优.