The need for enhanced privacy and consent dialogues

The aim of this article is to present the case for a closer examination of the privacy and consent dialogues that take place during the use of on-line services. This article explores the concepts of privacy and consent in on-line services, discusses the facets of both concepts and presents a case study from Sunderland City Council to illustrate the complexity of deploying privacy and consent dialogue within on-line services. The article concludes with an outline of how enhanced understanding of privacy and consent concepts can result in improved tools to support dialogue and result in a negotiated understanding of the privacy that can be expected and the consent that it is required. This rationale is the underpinning of the VOME project – Visualisation and Other Methods of Expression – funded by TSB, EPSRC and ESRC.     

PrivaSIP: Ad-hoc identity privacy in SIP

In modern and future networks that belong to different providers, multimedia protocols will have to operate through multiple domains. In such an environment security is considered a crucial parameter; this is true especially for privacy since not all domains can be considered trusted beforehand in terms of personal data protection. Probably the most promising protocol for multimedia session management is SIP. While SIP is popular and a lot of research has been conducted, it still has some security issues, one of which is related to privacy and more particularly the protection of user identities (IDs). In the general case everybody can reveal the communicating parties IDs by simply eavesdropping on the exchanged SIP messages. In this paper we analyze the lack of user ID protection in SIP and propose two solutions; in the first the ID of the caller is protected while in the second both IDs of the caller and the callee are protected. Our work also includes performance results and extensive comparison with similar methods. The most significant advantage of our method is that it can assure user ID protection even when SIP messages are transmitted through untrusted SIP domains before reaching the Home Domain of the user or another trusted domain. Moreover, it does not require from the SIP Proxy server to maintain state information for exchanged SIP requests and respective responses.     

Protecting query privacy in location-based services

The popularity of location-based services (LBSs) leads to severe concerns on users’ privacy. With the fast growth of Internet applications such as online social networks, more user information becomes available to the attackers, which allows them to construct new contextual information. This gives rise to new challenges for user privacy protection and often requires improvements on the existing privacy-preserving methods. In this paper, we classify contextual information related to LBS query privacy and focus on two types of contexts—user profiles and query dependency: user profiles have not been deeply studied in LBS query privacy protection, while we are the first to show the impact of query dependency on users’ query privacy. More specifically, we present a general framework to enable the attackers to compute a distribution on users with respect to issuing an observed request. The framework can model attackers with different contextual information. We take user profiles and query dependency as examples to illustrate the implementation of the framework and their impact on users’ query privacy. Our framework subsequently allows us to show the insufficiency of existing query privacy metrics, e.g., k-anonymity, and propose several new metrics. In the end, we develop new generalisation algorithms to compute regions satisfying users’ privacy requirements expressed in these metrics. By experiments, our metrics and algorithms are shown to be effective and efficient for practical usage.     

LBS的一种隐私保护模型

移动位置服务(LBS)是一个分布式多方参与的系统,给移动商业应用带来了一个快速发展的时机,但由于其拥有访问私人信息的权利,以至于也给它们的用户隐私带来很大的风险.为此,通过对能够有效保护用户隐私的模型进行了研究,提出了一个体系结构和一个协议,协议中使用一个位置中间件把来自LBS供应商提供的用户关心的区域信息和来自移动运营商的用户位置信息进行匹配.结果表明,该协议使得隐私友好的服务成为可能,而且仍然是高效率.     

Minimal privacy authorization in web services collaboration

With the popularity of Internet technology, web services are becoming the most promising paradigm for distributed computing. This increased use of web services has meant that more and more personal information of consumers is being shared with web service providers, leading to the need to guarantee that the private data of consumers are not illegitimate collected, used and disclosed in services collaboration. This paper studies how to realize the minimal privacy authorization while achieving the functional goals. Initially, this paper uses authorization policies to specify the privacy privileges of the services collaboration, and utilizes the trust relationships among services to make authorization decision. Next, it models the interface behaviors of services by extending the interface automata to support privacy semantics. Furthermore, it quantitatively analyzes the minimum set of privacy privileges which are required by the services to achieve the functional goals, and presents the minimal authorization algorithm, which helps us to automatically derive optimal authorization policies for a services collaboration. Finally, it verifies the correctness and efficiency of the approach proposed by this paper through a case study.     

Constructing dummy query sequences to protect location privacy and query privacy in location-based services

World Wide Web - Location-based services (LBS) have become an important part of people’s daily life. However, while providing great convenience for mobile users, LBS result in a serious...     

位置服务中基于贝叶斯的隐私泄露分析

个人位置信息是一种物理隐私信息,敌手可以根据背景知识获取用户的真实身份.为了分析位置服务的用户隐私问题,建模了敌手进行身份推理攻击的过程,并提出了一种根据个人位置信息测量身份泄露的贝叶斯推理方法.通过对比观测的位置信息与背景知识数据库的匹配程度,该方法能重新识别用户真实身份.实验采用了真实路网的数据集,结果显示不可信LBS通过收集查询请求能以很高的概率确定用户真实身份.研究表明高精度的个人位置信息泄露导致很高的身份隐私风险.     

ISO/IEC standardization of identity management and privacy technologies

To cover projects in the area of identity management, privacy, and biometrics ISO/IEC JTC 1/ SC 27 “IT Security techniques” in 2006 established Working Group 5 “Identity Management and Privacy Technologies”. This text describes the reasoning to have this Working Group within SC 27 and introduces WG 5 and its projects.     

Exploring privacy issues in Web services discovery/agencies

The increasing discussions concerning Web services privacy often neglect a key building block of the Web services architecture: discovery agencies. This overview of discovery agency privacy issues highlights the various challenges and proposes different technical approaches for addressing them.     

From location to location pattern privacy in location-based services

Location privacy is extensively studied in the context of location-based services (LBSs). Typically, users are assigned a location privacy profile and the precise locations are cloaked so that the privacy profile is not compromised. Though being well-defined for snapshot location privacy, these solutions require additional precautions and patches in case of consecutive LBS requests on the user trajectory. The attacker can exploit some background knowledge like maximum velocity to compromise the privacy profile. To protect against this kind of location privacy attacks, PROBE (Damiani et al. in Trans Data Priv 3(2):123–148, 2010)-like systems constantly check location privacy violations and alter requests as necessary. Clearly, the location privacy is defined in terms of snapshot locations. Observing that there are usually user-specific movement patterns existing in the shared LBS requests, this work extends location privacy to location pattern privacy. We present a framework where user-specific sensitive movement patterns are defined and sanitized in offline and online fashions, respectively. Our solution uses an efficient dynamic programming approach to decide on and to prevent sensitive pattern disclosure. An extensive experimental evaluation has been carried out too.     

Proactive privacy practices in transition: Toward ubiquitous services

As the Internet paved the way for electronic businesses, ubiquitous services (u-services) will be the next wave launched by electronic services based on current customer information potential. However, privacy is a strategic issue and has been identified as a key hindrance to u-services. As a proactive approach and drawing upon integrative social contracts theory, this study presents a proactive privacy practices framework to examine how the interplays within electronic service, providers’ proactive approaches influence customer disclosure willingness for future u-services, adoption. The results and implications of this study are discussed and expected to shed light on privacy practices.     

A novel software key container in on-line media services

Due to the explosive growth of the Internet and the pervasion of multimedia, protection of IP rights of digital content in transactions induces people’s concerns. For fee-based media services, data encryption may be the best solution for protection of the media. The encryption (decryption) keys placement may be a trivial but crucial issue for users. It is a significant issue that how to practically protect user’s key with the password-based cryptographic scheme and at different security levels. Nowadays, key container storing user’s key can be implemented by hardware or software-only. Unfortunately, the hardware key containers require expensive infrastructure; On the other hand, the software-only key containers are either insecure or impractical. Moreover, both of the hardware and software just store user’s key with the single security level. To solve these problems, we propose a novel software key container in on-line media services that can provide an adaptively secure and practical solution to protect user’s key. We use a human-trapdoor distortion function and symmetric cipher to protect user’s key in our key container so that it is computationally infeasible to break the system by using machine attack alone. The idea is to ensure that people must participate to verify each guessed password in the attack. User can adjust the security level of container according to the security requirement. Therefore, the attacker cannot succeed to extract user’s key within a reasonable time and budget.     

Securing online privacy: An empirical test on Internet scam victimization,online privacy concerns,and privacy protection behaviors

The current study identified the antecedents of being an Internet scam victim and how it impacts online privacy concerns and privacy protection behaviors. Structural equation modeling on data from a survey of 11,534 Internet users revealed that one indicator of weak self-control (i.e., willingness of risky investments) and two indicators of routine Internet activities (i.e., online shopping and opening emails from unknown sources) positively predicted being an Internet scam victim. Subsequently, being an Internet scam victim predicted increased online privacy concerns, which, in turn, predicted elevated privacy protection behaviors. Moreover, we found that being an Internet scam victim mediated the effects of routine Internet activities on privacy protection behaviors and that online privacy concerns mediated the effect of being an Internet scam on privacy protection behaviors. Unlike most Internet privacy studies using protection motivation theory only, the current study contributes to the understanding of the Internet scam victimization by incorporating three new theories—extended parallel process model, self-control theory, and routine activity theory. The research findings provided valuable implications for theory and practice related to Internet scam processes and prevention.     

An optimal query strategy for protecting location privacy in location-based services

In this paper, an optimal query strategy is proposed for location privacy in location-based services (LBSs) from a game-theoretic perspective. Distributed location privacy metrics are proposed, and a user-centric model is proposed, in which users make their own decisions to protect their location privacy. In addition, the mobile users’ cooperation is formalized as a query strategy selection optimizing problem by using the framework of Bayesian games. Based on the analysis of Bayesian Nash Equilibria, a User Query Strategy Optimization Algorithm (UQSOA) is designed to help users achieve optimized utilities. We perform simulations to assess the privacy protection effectiveness of our approach and validate the theoretical properties of the UQSOA algorithm.     

Long-term location privacy protection for location-based services in mobile cloud computing

The popularity of mobile devices, especially intelligent mobile phones, significantly prompt various location-based services (LBSs) in cloud systems. These services not only greatly facilitate people’s daily lives, but also cause serious threats that users’ location information may be misused or leaked by service providers. The dummy-based privacy protection techniques have significant advantages over others because they neither rely on trusted servers nor need adequate number of trustworthy peers. Existing dummy-based location privacy protection schemes, however, cannot yet provide long-term privacy protection. In this paper, we propose four principles for the dummy-based long-term location privacy protection (LT-LPP). Based on the principles, we propose a set of long-term consistent dummy generation algorithms for the LT-LPP. Our approach is built on soft computing techniques and can balance the preferred privacy protection and computing cost. Comprehensive experimental results demonstrate that our approach is effective to both long-term privacy protection and fake path generation for LBSs in mobile clouds.     

Multi-agent based middleware for protecting privacy in IPTV content recommender services

This work presents our efforts to design an agent based middleware that enables the end-users to use IPTV content recommender services without revealing their sensitive preference data to the service provider or any third party involved in this process. The proposed middleware (called AMPR) preserves users’ privacy when using the recommender service and permits private sharing of data among different users in the network. The proposed solution relies on a distributed multi-agent architecture involving local agents running on the end-user set up box to implement a two stage concealment process based on user role in order to conceal the local preference data of end-users when they decide to participate in recommendation process. Moreover, AMPR allows the end-users to use P3P policies exchange language (APPEL) for specifying their privacy preferences for the data extracted from their profiles, while the recommender service uses platform for privacy preferences (P3P) policies for specifying their data usage practices. AMPR executes the first stage locally at the end user side but the second stage is done at remote nodes that can be donated by multiple non-colluding end users that we will call super-peers Elmisery and Botvich (2011a, b, c); or third parties mash-up service Elmisery A, Botvich (2011a, b). Participants submit their locally obfuscated profiles anonymously to their local super-peer who collect and mix these preference data from multiple participants. The super-peer invokes AMPR to perform global perturbation process on the aggregated preference data to ensure a complete concealment of user’s profiles. Then, it anonymously submits these aggregated profiles to a third party content recommender service to generate referrals without breaching participants’ privacy. In this paper, we also provide an IPTV network scenario and experimentation results. Our results and analysis shows that our two-stage concealment process not only protect the users’ privacy, but also can maintain the recommendation accuracy