智能电网隐私保护工程分析与相关对策

保护电力消费者的数据和隐私对于智能电网来说是至关重要的。纵观全球,目前的智能电网往往趋于关注隐私安全的需要,隐私仅仅作为智能电网的一个特性存在。为了填补隐私保护在智能电网中的空白,同时帮助智能电网工程师分析隐私威胁、选择合适的策略即隐私保护技术最后达到解决智能电网系统开发阶段的隐私问题的目的,描述了相应的方法框架和指导规则,对现有的隐私保护技术进行了详细的总结,讨论了其应用的环境,并阐述了隐私实施过程中面对的潜在挑战。     

Privacy leakage in multi-relational databases: a semi-supervised learning perspective

In multi-relational databases, a view, which is a context- and content-dependent subset of one or more tables (or other views), is often used to preserve privacy by hiding sensitive information. However, recent developments in data mining present a new challenge for database security even when traditional database security techniques, such as database access control, are employed. This paper presents a data mining framework using semi-supervised learning that demonstrates the potential for privacy leakage in multi-relational databases. Many different types of semi-supervised learning techniques, such as the K-nearest neighbor (KNN) method, can be used to demonstrate privacy leakage. However, we also introduce a new approach to semi-supervised learning, hyperclique pattern-based semi-supervised learning (HPSL), which differs from traditional semi-supervised learning approaches in that it considers the similarity among groups of objects instead of only pairs of objects. Our experimental results show that both the KNN and HPSL methods have the ability to compromise database security, although the HPSL is better at this privacy violation (has higher prediction accuracy) than the KNN method. Finally, we provide a principle for avoiding privacy leakage in multi-relational databases via semi-supervised learning and illustrate this principle with a simple preventive technique whose effectiveness is demonstrated by experiments.A preliminary version of this work has been published as a two-page short paper in ACM CIKM 2005 (Proceedings of the ACM conference on information and knowledge management (CIKM) 2005).     

面向移动终端情景隐私保护设计研究

基于情境的个性化服务已经广泛应用在人们的日常生活中,并且在不断扩展服务的应用范围。然而,在这些 个性化服务体验的背后,也隐藏着不容忽视的隐私问题。因此,研究情景隐私的保护有迫切的现实需要。本论文重新分析移 动端重情境隐私保护的隐私模型,突破当前情境隐私保护的狭隘概念,完善情境隐私保护的理论基础,提出新的情境隐私的保 护方法,拟将解决当前情境隐私保护中理论基础不完善的现状,促进密码学、网络安全与软件安全技术的发展与情境隐私保护 方法的实用化。     

基于博弈论优化的高效联邦学习方案

随着网络信息技术与互联网的发展,数据的隐私与安全问题亟待解决,联邦学习作为一种新型的分布式隐私保护机器学习技术应运而生。针对在联邦学习过程中存在个人数据信息泄露的隐私安全问题,结合Micali-Rabin随机向量表示技术,基于博弈论提出一种具有隐私保护的高效联邦学习方案。根据博弈论激励机制,构建联邦学习博弈模型,通过设置合适的效用函数和激励机制保证参与者的合理行为偏好,同时结合Micali-Rabin随机向量表示技术设计高效联邦学习方案。基于Pedersen承诺机制实现高效联邦学习的隐私保护,以保证联邦学习各参与者的利益和数据隐私,并且全局达到帕累托最优状态。在数字分类数据集上的实验结果表明,该方案不仅提高联邦学习的通信效率,而且在通信开销和数据精确度之间实现平衡。     

An effective approach for the protection of privacy text data in the CloudDB

Due to the advantages of pay-on-demand, expand-on-demand and high availability, cloud databases (CloudDB) have been widely used in information systems. However, since a CloudDB is distributed on an untrusted cloud side, it is an important problem how to effectively protect massive private information in the CloudDB. Although traditional security strategies (such as identity authentication and access control) can prevent illegal users from accessing unauthorized data, they cannot prevent internal users at the cloud side from accessing and exposing personal privacy information. In this paper, we propose a client-based approach to protect personal privacy in a CloudDB. In the approach, privacy data before being stored into the cloud side, would be encrypted using a traditional encryption algorithm, so as to ensure the security of privacy data. To execute various kinds of query operations over the encrypted data efficiently, the encrypted data would be also augmented with additional feature index, so that as much of each query operation as possible can be processed on the cloud side without the need to decrypt the data. To this end, we explore how the feature index of privacy data is constructed, and how a query operation over privacy data is transformed into a new query operation over the index data so that it can be executed on the cloud side correctly. The effectiveness of the approach is demonstrated by theoretical analysis and experimental evaluation. The results show that the approach has good performance in terms of security, usability and efficiency, thus effective to protect personal privacy in the CloudDB.     

联邦学习可视化:挑战与框架

联邦学习是一种保证数据隐私安全的分布式机器学习方案.与传统的机器学习的可解释性问题类似,如何对联邦学习进行解释是一个新的挑战.文中面向联邦学习方法的分布式与隐私安全性的特性,探讨联邦学习的可视化框架设计.传统的可视化任务需要使用大量的数据,而联邦学习的隐私性决定了其无法获取用户数据.因此,可用的数据主要来自服务器端的训练过程,包括服务器端模型参数和用户训练状态.基于对联邦学习可解释性的挑战的分析,文中综合考虑用户、服务器端和联邦学习模型3个方面设计可视化框架,其包括经典联邦学习模型、数据中心、数据处理和可视分析4个模块.最后,介绍并分析了2个已有的可视化案例,对未来通用的联邦学习可视分析方法提出了展望.     

增强现实中基于位置安全性的LBS位置隐私保护方法

为了解决基于位置的服务(LBS)和增强现实(AR)技术快速发展带来的用户位置隐私泄露的隐患,分析了现有的位置隐私保护方法的优缺点,提出基于位置安全性的位置隐私保护方法。将区域安全度和伪装区域引入该方法中,将提示某区域是否需要保护这一度量标准定义为区域安全度,非安全区域(即需要给予保护的区域)的区域安全度设置为1,安全区域(即不需要保护的区域)设置为0,通过扩大区域安全度和识别等级来计算位置安全度。实验结果表明,该方法与未引入位置安全性的方法相比降低了平均定位误差,提高了平均安全性,从而有效地保护了用户的位置隐私,提高了LBS的服务质量。     

物联网安全传输模型

物联网的安全与隐私对参与方有着较大的影响,需要建立相应的安全框架实现数据保密、访问控制、客户端隐私保护等功能以抵抗复杂攻击.论文利用可信计算技术和双线性对的签密方法提出了一个物联网安全传输模型,满足了物联网的ONS查询及物品信息传输两个环节的安全需求.模型包括了EPC物联网中ONS查询服务的安全体系及相应的安全协议,O...     

基于差分隐私的多源数据关联规则挖掘方法

随着大数据时代的到来,挖掘大数据的潜在价值越来越受到学术界和工业界的关注。但与此同时,由于互联网安全事件频发,用户越来越多地关注个人隐私数据的泄露问题,用户数据的安全问题成为阻碍大数据分析的首要问题之一。关于用户数据的安全性问题,现有研究更多地关注访问控制、密文检索和结果验证,虽然可以保证用户数据本身的安全性,但是无法挖掘出所保护数据的潜在价值。如何既能保护用户的数据安全又能挖掘数据的潜在价值,是亟需解决的关键问题之一。文中提出了一种基于差分隐私保护的关联规则挖掘方法,数据拥有者使用拉普拉斯机制和指数机制在数据发布的过程中对用户数据进行保护,数据分析者在差分隐私的FP-tree上进行关联规则挖掘。其中的安全性假设是:攻击者即使掌握了除攻击目标以外的所有元组数据信息的背景知识,仍旧无法获得攻击目标的信息,因此具有极高的安全性。所提方法是兼顾安全性、性能和准确性,以牺牲部分精确率为代价,大幅增加了用户数据的安全性和处理性能。实验结果表明,所提方法的精确性损失在可接受的范围内,性能优于已有算法的性能。     

Privacy preservation of electronic health records with adversarial attacks identification in hybrid cloud

An increasing trend in healthcare organizations to outsource EHRs’ data to the cloud highlights new challenges regarding the privacy of given individuals. Healthcare organizations outsource their EHRs data in a hybrid cloud that elevates the problem of security and privacy in terms of EHRs’ access to an unlimited number of recipients in a hybrid cloud environment. In this paper, we investigated the need for a privacy-preserving access control model for the hybrid cloud. A comprehensive and exploratory analysis of privacy-preserving solutions with the help of taxonomy for cloud-based EHRs is described in this work. We have formally identified the existence of internal access control and external privacy disclosures in outsourcing system architecture for hybrid cloud. Then, we proposed a privacy-preserving XACML based access control model (PPX-AC) that supports fine-grained access control with the multipurpose utilization of EHRs alongside state-of-the-art privacy mechanism. Our proposed approach invalidates the identified security and privacy attacks. We have formally verified the proposed privacy-preserving XACML based access control model (PPX-AC) with the invalidation of identified privacy attacks using High-Level Petri Nets (HLPN). Moreover, property verification of the proposed model in SMT-lib and Z3 solver and implementation of the model proves its effectiveness in terms of privacy-aware EHRs access and multipurpose usage.     

区块链密码学隐私保护技术综述

近年来,数据隐私问题日益明显,如何在区块链中实现有效的隐私保护是研究热点。针对区块链在隐私保护上的研究现状与发展态势,阐述了区块链在交易地址、预言机以及智能合约上的隐私保护方法,归纳出区块链在基本要素防护上的隐私策略。基于国内外高水平文献梳理分析了特殊密码学原语、后量子密码学两类区块链密码学防护方法及使用场景,综述其研究思路,并给出属性基加密、特殊数据签名、同态加密、安全多方计算、零知识证明、格密码等适用于区块链隐私保护的密码学技术的优缺点,得出区块链应用的隐私防护离不开密码学技术支持的结论。针对区块链隐私保护技术,从基本要素防护和密码学防护两个方面进行了分析,总结出仅从区块链的应用层、合约层出发难以有效解决隐私问题,还需要利用各类密码学技术根据需求和应用场景的不同进行优势互补。根据区块链隐私加密技术发展现状,从区块链基本要素防护和基于密码学的防护展开叙述。从内生性基本要素安全和外生性密码学隐私安全两个角度出发,先研究基本要素隐私防护,再深入分析区块链隐私密码学防护技术。在对应防护措施中以技术联合实际应用发展,考虑技术时效性的同时,衡量其隐私处理方面的优劣势以及潜在价值。展望了未来区块...     

隐私保护数据挖掘系统的设计与实现

随着网络安全问题受到越来越多的关注,隐私保护数据挖掘问题已经成为数据挖掘领域中的研究热点。设计与实现了一个隐私保护数据挖掘系统,系统的算法可以帮助用户完成一些简单的隐私保护数据挖掘工作。在实际系统应用中,用户可以根据实际需要加入新的算法来完成隐私保护数据挖掘工作。     

“人工智能+”背景下的数据安全与隐私保护探析

随着大数据和云计算的技术的深入应用，人工智能时代的机器学习和深度学习更需要日益增长的数据，因此数据安全与隐私保护变得更加迫切。本文介绍人工智能的定义以及特征，探究数据安全和隐私保护现状，分析数据安全和隐私保护面临的诸多问题，并提出在人工智能时代对数据安全和隐私保护的措施。     

Why security and privacy research lies at the centre of the information systems (IS) artefact: proposing a bold research agenda

In this essay, we outline some important concerns in the hope of improving the effectiveness of security and privacy research. We discuss the need to re-examine our understanding of information technology and information system (IS) artefacts and to expand the range of the latter to include those artificial phenomena that are crucial to information security and privacy research. We then briefly discuss some prevalent limitations in theory, methodology, and contributions that generally weaken security/privacy studies and jeopardise their chances of publication in a top IS journal. More importantly, we suggest remedies for these weaknesses, identifying specific improvements that can be made and offering a couple of illustrations of such improvements. In particular, we address the notion of loose re-contextualisation, using deterrence theory research as an example. We also provide an illustration of how the focus on intentions may have resulted in an underuse of powerful theories in security and privacy research, because such theories explain more than just intentions. We then outline three promising opportunities for IS research that should be particularly compelling to security and privacy researchers: online platforms, the Internet of things, and big data. All of these carry innate information security and privacy risks and vulnerabilities that can be addressed only by researching each link of the systems chain, that is, technologies–policies–processes–people–society–economy–legislature. We conclude by suggesting several specific opportunities for new research in these areas.     

机器学习模型安全与隐私研究综述

在大数据时代下,深度学习、强化学习以及分布式学习等理论和技术取得的突破性进展,为机器学习提供了数据和算法层面的强有力支撑,同时促进了机器学习的规模化和产业化发展.然而,尽管机器学习模型在现实应用中有着出色的表现,但其本身仍然面临着诸多的安全威胁.机器学习在数据层、模型层以及应用层面临的安全和隐私威胁呈现出多样性、隐蔽性和动态演化的特点.机器学习的安全和隐私问题吸引了学术界和工业界的广泛关注,一大批学者分别从攻击和防御的角度对模型的安全和隐私问题进行了深入的研究,并且提出了一系列的攻防方法.在本综述中,我们回顾了机器学习的安全和隐私问题,并对现有的研究工作进行了系统的总结和科学的归纳,同时明确了当前研究的优势和不足.最后,我们探讨了机器学习模型安全与隐私保护研究当前所面临的挑战以及未来潜在的研究方向,旨在为后续学者进一步推动机器学习模型安全与隐私保护研究的发展和应用提供指导.     

一种基于PUF的超轻量级RFID标签所有权转移协议

针对RFID标签所有权转移协议中存在的数据完整性受到破坏、物理克隆攻击、去同步攻击等多种安全隐私问题,新提出一种基于物理不可克隆函数(PUF)的超轻量级RFID标签所有权转移协议—PUROTP.该协议中标签所有权的原所有者和新所有者之间直接进行通信完成所有权转移,从而不需要引入可信第三方,主要涉及的运算包括左循环移位变换(Rot(X,Y))和异或运算($\oplus$)以及标签中内置的物理不可克隆函数(PUF),并且该协议实现了两重认证,即所有权转移之前的标签原所有者与标签之间的双向认证、所有权转移之后的标签新所有者与标签之间的双向认证.通过使用BAN(Burrows-Abadi-Needham)逻辑形式化安全性分析以及协议安全分析工具Scyther对PUROTP协议的安全性进行验证,结果表明该协议的通信过程是安全的,Scyther没有发现恶意攻击,PUROTP协议能够保证通信过程中交互信息的安全性及数据隐私性.通过与现有部分经典RFID所有权转移协议的安全性及性能对比分析,结果表明该协议不仅能够满足标签所有权转移过程中的数据完整性、前向安全性、双向认证性等安全要求,而且能够抵抗物理克隆攻击、重放攻击、中间人攻击、去同步攻击等多种恶意攻击.在没有额外增加计算代价和存储开销的同时克服了现有方案存在的安全和隐私隐患,具有一定的社会经济价值.     

Privacy preserving security using biometrics in cloud computing

Cloud computing and the efficient storage provide new paradigms and approaches designed at efficiently utilization of resources through computation and many alternatives to guarantee the privacy preservation of individual user. It also ensures the integrity of stored cloud data, and processing of stored data in the various data centers. However, to provide better protection and management of sensitive information (data) are big challenge to maintain the confidentiality and integrity of data in the cloud computation. Thus, there is an urgent need for storing and processing the data in the cloud environment without any information leakage. The sensitive data require the storing and processing mechanism and techniques to assurance the privacy preservation of individual user, to maintain the data integrity, and preserve confidentiality. Face recognition has recently achieved advancements in the unobtrusive recognition of individuals to maintain the privacy-preservation in the cloud computing. This paper emphasizes on cloud security and privacy issues and provides the solution using biometric face recognition. We propose a biometrics face recognition approach for security and privacy preservation of cloud users during their access to cloud resources. The proposed approach has three steps: (1) acquisition of face images (2) preprocessing and extraction of facial feature (3) recognition of individual using encrypted biometric feature. The experimental results establish that our proposed recognition approach can ensure the privacy and security of biometrics data.

     

Privacy-preserving naive Bayes classification on distributed data via semi-trusted mixers

Distributed data mining applications, such as those dealing with health care, finance, counter-terrorism and homeland defense, use sensitive data from distributed databases held by different parties. This comes into direct conflict with an individual's need and right to privacy. It is thus of great importance to develop adequate security techniques for protecting privacy of individual values used for data mining.     

Systematic review on privacy categorisation

In the modern digital world users need to make privacy and security choices that have far-reaching consequences. Researchers are increasingly studying people’s decisions when facing with privacy and security trade-offs, the pressing and time consuming disincentives that influence those decisions, and methods to mitigate them. This work aims to present a systematic review of the literature on privacy categorisation, which has been defined in terms of profile, profiling, segmentation, clustering and personae. Privacy categorisation involves the possibility to classify users according to specific prerequisites, such as their ability to manage privacy issues, or in terms of which type of and how many personal information they decide or do not decide to disclose. Privacy categorisation has been defined and used for different purposes. The systematic review focuses on three main research questions that investigate the study contexts, i.e. the motivations and research questions, that propose privacy categorisations; the methodologies and results of privacy categorisations; the evolution of privacy categorisations over time. Ultimately it tries to provide an answer whether privacy categorisation as a research attempt is still meaningful and may have a future.     

Improved Cloud Storage Encryption Using Block Cipher-Based DNA Anti-Codify Model

When it comes to data storage, cloud computing and cloud storage providers play a critical role. The cloud data can be accessed from any location with an internet connection. Additionally, the risk of losing privacy when data is stored in a cloud environment is also increased. A variety of security techniques are employed in the cloud to enhance security. In this paper, we aim at maintaining the privacy of stored data in cloud environment by implementing block-based modelling to boost the privacy level with Anti-Codify Technique (ACoT) and block cipher-based algorithms. Initially, the cipher text is generated using Deoxyribo Nucleic Acid (DNA) model. Block-cipher-based encryption is used by ACoT, but the original encrypted file and its extension are broken up into separate blocks. When the original file is broken up into two separate blocks, it raises the security level and makes it more difficult for outsiders to cloud data access. ACoT improves the security and privacy of cloud storage data. Finally, the fuzzy-based classification is used that stores various access types in servers. The simulation results shows that the ACoT-DNA method achieves higher entropy against various block size with reduced computational cost than existing methods.