Analyzing settings for social identity management on Social Networking Sites: Classification,current state,and proposed developments

The rising prevalence of Social Networking Sites (SNS) and their usage in multiple contexts poses new privacy challenges and increasingly prompts users to manage their online identity. To address privacy threats stemming from interacting with other users on SNS, effective Social Identity Management (SIdM) is a key requirement. It refers to the deliberate and targeted disclosure of personal attribute values to a subset of one's contacts or other users on the SNS. Protection against other entities such as the site operator itself or advertisers and application programmers is not covered by SIdM, but could be incorporated in further refinement steps. Features and settings to perform SIdM have been proposed and subsequently implemented partly by some SNS. Yet, these are often isolated solutions that lack integration into a reference framework that states the requirements for successfully managing one's identity. In this article, such a reference framework of existing and desired SIdM settings is derived from identity theory, literature analysis, and existing SNS. Based thereupon, we examine the SIdM capabilities of prevalent SNS and highlight possible improvements. Lastly, we reason about developing a metric to objectively compare the capability of SNS in regards to their support for SIdM.     

Private personalized social recommendations in an IPTV system

In our connected world, recommender systems have become widely known for their ability to provide expert and personalize referrals to end-users in different domains. The rapid growth of social networks and new kinds of systems so called “social recommender systems” are rising, where recommender systems can be utilized to find a suitable content according to end-users' personal preferences. However, preserving end-users' privacy in social recommender systems is a very challenging problem that might prevent end-users from releasing their own data, which detains the accuracy of extracted referrals. In order to gain accurate referrals, social recommender systems should have the ability to preserve the privacy of end-users registered in this system. In this paper, we present a middleware that runs on end-users' Set-top boxes to conceal their profile data when released for generating referrals, such that computation of recommendation proceeds over the concealed data. The proposed middleware is equipped with two concealment protocols to give users a complete control on the privacy level of their profiles. We present an IPTV network scenario and perform a number of different experiments to test the efficiency and accuracy of our protocols. As supported by the experiments, our protocols maintain the recommendations accuracy with acceptable privacy level.     

Privacy leakage on the Web: Diffusion and countermeasures

Protecting privacy on the Web is becoming increasingly complicated because of the considerable amount of personal and sensitive information left by users in many locations during their Web browsing and the silent actions of third party sites that collect data, aggregate information and build personal profiles of Internet users in order to provide free and personalized services. On the other hand, most of people are unaware that their information may be collected online, and that, after their aggregation from multiple sources, could be used for secondary purposes, such as linked to allow identification, without user’s notice.     

信息时代下的隐私如何保护

随着电子商务技术的发展,网络交易安全成为了电子商务发展的核心和关键问题,对网络隐私数据(网络隐私权)安全的有效保护,成为电子商务顺利发展的重要市场环境条件。网络信息安全技术、信息安全协议、P2P技术成为网络隐私安全保护的有效手段。     

A privacy preserving technique for distance-based classification with worst case privacy guarantees

There has been relatively little work on privacy preserving techniques for distance based mining. The most widely used ones are additive perturbation methods and orthogonal transform based methods. These methods concentrate on privacy protection in the average case and provide no worst case privacy guarantee. However, the lack of privacy guarantee makes it difficult to use these techniques in practice, and causes possible privacy breach under certain attacking methods. This paper proposes a novel privacy protection method for distance based mining algorithms that gives worst case privacy guarantees and protects the data against correlation-based and transform-based attacks. This method has the following three novel aspects. First, this method uses a framework to provide theoretical bound of privacy breach in the worst case. This framework provides easy to check conditions that one can determine whether a method provides worst case guarantee. A quick examination shows that special types of noise such as Laplace noise provide worst case guarantee, while most existing methods such as adding normal or uniform noise, as well as random projection method do not provide worst case guarantee. Second, the proposed method combines the favorable features of additive perturbation and orthogonal transform methods. It uses principal component analysis to decorrelate the data and thus guards against attacks based on data correlations. It then adds Laplace noise to guard against attacks that can recover the PCA transform. Third, the proposed method improves accuracy of one of the popular distance-based classification algorithms: K-nearest neighbor classification, by taking into account the degree of distance distortion introduced by sanitization. Extensive experiments demonstrate the effectiveness of the proposed method.     

A survey of RFID privacy approaches

A bewildering number of proposals have offered solutions to the privacy problems inherent in RFID communication. This article tries to give an overview of the currently discussed approaches and their attributes.

无线传感器网络中的隐私保护研究

随着无线传感器网络的广泛应用,安全问题发生变化,通信安全成为重要的一部分,隐私保护日渐重要。首先分析了无线传感器网络的通信安全特点、通信安全的需求、面临的保密性威胁及攻击模型。最后,基于对无线传感器网络隐私保护问题的分析和评述,指出了今后该领域的研究方向。     

A survey on privacy inference attacks and defenses in cloud-based Deep Neural Network

Deep Neural Network (DNN), one of the most powerful machine learning algorithms, is increasingly leveraged to overcome the bottleneck of effectively exploring and analyzing massive data to boost advanced scientific development. It is not a surprise that cloud computing providers offer the cloud-based DNN as an out-of-the-box service. Though there are some benefits from the cloud-based DNN, the interaction mechanism among two or multiple entities in the cloud inevitably induces new privacy risks. This survey presents the most recent findings of privacy attacks and defenses appeared in cloud-based neural network services. We systematically and thoroughly review privacy attacks and defenses in the pipeline of cloud-based DNN service, i.e., data manipulation, training, and prediction. In particular, a new theory, called cloud-based ML privacy game, is extracted from the recently published literature to provide a deep understanding of state-of-the-art research. Finally, the challenges and future work are presented to help researchers to continue to push forward the competitions between privacy attackers and defenders.     

Systematic review on privacy categorisation

In the modern digital world users need to make privacy and security choices that have far-reaching consequences. Researchers are increasingly studying people’s decisions when facing with privacy and security trade-offs, the pressing and time consuming disincentives that influence those decisions, and methods to mitigate them. This work aims to present a systematic review of the literature on privacy categorisation, which has been defined in terms of profile, profiling, segmentation, clustering and personae. Privacy categorisation involves the possibility to classify users according to specific prerequisites, such as their ability to manage privacy issues, or in terms of which type of and how many personal information they decide or do not decide to disclose. Privacy categorisation has been defined and used for different purposes. The systematic review focuses on three main research questions that investigate the study contexts, i.e. the motivations and research questions, that propose privacy categorisations; the methodologies and results of privacy categorisations; the evolution of privacy categorisations over time. Ultimately it tries to provide an answer whether privacy categorisation as a research attempt is still meaningful and may have a future.     

An intelligent and privacy-enhanced data sharing strategy for blockchain-empowered Internet of Things

With the development of the Internet of Things (IoT), the massive data sharing between IoT devices improves the Quality of Service (QoS) and user experience in various IoT applications. However, data sharing may cause serious privacy leakages to data providers. To address this problem, in this study, data sharing is realized through model sharing, based on which a secure data sharing mechanism, called BP2P-FL, is proposed using peer-to-peer federated learning with the privacy protection of data providers. In addition, by introducing the blockchain to the data sharing, every training process is recorded to ensure that data providers offer high-quality data. For further privacy protection, the differential privacy technology is used to disturb the global data sharing model. The experimental results show that BP2P-FL has high accuracy and feasibility in the data sharing of various IoT applications.