面向深度神经网络训练的数据差分隐私保护随机梯度下降算法

针对传统深度神经网络所采用的随机梯度下降算法忽略了对数据集隐私性保护的缺点,提出一种基于数据差分隐私保护的随机梯度下降算法。引入范数剪切与附加高斯噪声操作,对传统梯度更新策略进行改进。为衡量每次迭代过程中对数据隐私性的破坏,提出隐私损失累积函数在迭代过程中对数据隐私性的侵犯程度进行度量。MNIST手写数字识别和CIFAR-10图像分类实验表明,该算法在保护数据集隐私性的同时,对手写数字以及图像分类的识别准确率分别超过了90%和70%,且相较于传统的随机梯度下降算法,其准确率提升了5%以上。该算法在实际工程中能够有效兼顾数据隐私性保护与神经网络辨识准确度。     

面向脑机接口技术的属性可撤销访问控制方案

脑机接口技术(Brain-Computer Interface,BCI)在康复医学领域被广泛应用,然而其中的隐私数据保护问题常被忽略,从而引发严重的安全威胁,产生隐私泄露的隐患。针对BCI应用中的隐私保护问题,提出一种安全、高效的属性基访问控制方案。该方案利用版本号标记和代理重加密技术实现属性撤销,从而使访问策略灵活多变。实验分析表明,该方案有效地解决了BCI系统中的隐私保护问题,并提高了计算效率,降低了运算复杂度。     

云环境下面向隐私保护的用户行为分析

针对云环境下基于隐私Petri网（PPN）的用户行为,主要是存在隐私泄露的行为,通过软件监测应用程序获取调用的相关接口,分析存在隐私泄露用户行为的特点。主要通过研究正常QQ软件与植入了木马病毒的QQ软件在运行时所调用的系统序列的异同,根据调用的序列在建模软件中分别建立全局PPN模型,进行分析对比。最后对所分析的用户行为进行测试,研究PPN模型的相关算法,对PPN模型进行定性分析和定量分析,分别计算其4项指标值：可能性、严重性、操纵性、隐秘性。实验结果表明,与正常QQ相比,恶意的QQ不仅会越权访问其他数据,未经授权篡改权限获取相应数据;其次,包含隐私泄露行为的软件访问重要资源的能力更强,甚至会通过网络发送隐私数据。     

基于差分隐私的多源数据关联规则挖掘方法

随着大数据时代的到来,挖掘大数据的潜在价值越来越受到学术界和工业界的关注。但与此同时,由于互联网安全事件频发,用户越来越多地关注个人隐私数据的泄露问题,用户数据的安全问题成为阻碍大数据分析的首要问题之一。关于用户数据的安全性问题,现有研究更多地关注访问控制、密文检索和结果验证,虽然可以保证用户数据本身的安全性,但是无法挖掘出所保护数据的潜在价值。如何既能保护用户的数据安全又能挖掘数据的潜在价值,是亟需解决的关键问题之一。文中提出了一种基于差分隐私保护的关联规则挖掘方法,数据拥有者使用拉普拉斯机制和指数机制在数据发布的过程中对用户数据进行保护,数据分析者在差分隐私的FP-tree上进行关联规则挖掘。其中的安全性假设是:攻击者即使掌握了除攻击目标以外的所有元组数据信息的背景知识,仍旧无法获得攻击目标的信息,因此具有极高的安全性。所提方法是兼顾安全性、性能和准确性,以牺牲部分精确率为代价,大幅增加了用户数据的安全性和处理性能。实验结果表明,所提方法的精确性损失在可接受的范围内,性能优于已有算法的性能。     

VCFL: A verifiable and collusion attack resistant privacy preserving framework for cross-silo federated learning

To prevent privacy information leakage through model parameters in federated learning, many works use homomorphic encryption to protect clients’ updates. However, most of them result in significant computation and communication overhead. Even worse, few of them have considered the correctness of the aggregated results and collusion attack between internal curious clients and the server. In this paper, we propose VCFL, an efficient verifiable and collusion attack resistant privacy preserving framework for cross-silo federated learning. Firstly, we design a homomorphic signcryption mechanism to sign and encrypt model parameters in one go. Secondly, we employ the blinding technique to resist collusion attack between clients and the server. Moreover, we leverage the batching approach to further reduce its computation and communication overhead. Finally, we simulate VCFL in FedML on real world datasets and models. Extensive experimental results show that VCFL can guarantee model performance while protecting privacy, and it is more efficient in both computation and communication than similar frameworks.     

Context-aware privacy-preserving access control for mobile computing

In mobile and pervasive computing applications, opportunistic connections allow co-located devices to exchange data directly. Keeping data sharing local enables large-scale cooperative applications and empowers individual users to control what and how information is shared. Supporting such applications requires runtime frameworks that allow them to manage the who, what, when, and how of access to resources. Existing frameworks have limited expressiveness and do not allow data owners to modulate the granularity of information released. In addition, these frameworks focus exclusively on security and privacy concerns of data providers and do not consider the privacy of data consumers. We present PADEC, a context-sensitive, privacy-aware framework that allows users to define rich access control rules over their resources and to attach levels of granularity to each rule. PADEC is also characterized by its expressiveness, allowing users to decide under which conditions should which information be shared. We provide a formal definition of PADEC and an implementation based on private function evaluation. Our evaluation shows that PADEC is more expressive than other mechanisms, protecting privacy of both consumers and providers.     

Beyond the privacy paradox: The moderating effect of online privacy concerns on online service use behavior

In the digital information era, dealing with privacy issues is problematic in related research since online activities have become an inevitable trend. Following the privacy paradox, which occurs when online services are increasingly accepted or used despite raising the level of privacy concerns of individuals, there is no need to alleviate individual privacy concerns regarding online services. Accordingly, this study aims to empirically analyze the effect of online privacy concerns, when interacting with individual innovativeness, on individual online service use behavior. For the empirical analysis, a Heckman two-step analysis is performed using South Korean data from the 2019 Korea Media Panel Survey conducted by the Korea Information Society Development Institute. The results provide evidence in contradiction of the privacy paradox. Specifically, the main findings of this study are as follows. First, use of online services and privacy concerns are not a contradictory phenomenon both in principle and behavior but can act as a negative influence or constraint. Second, individuals with high levels of innovativeness actively use online services owing to differences in their acceptance and use of innovation. Third, as online activities become more common, privacy concerns are likely to affect the level of online service use by interacting with other personality traits. As a result, privacy concerns are more likely to act as an influencing variable that moderates the degree or intensity of an individual's use of an online service rather than an independent variable for the use of an online service. The impact of privacy concerns of individuals on the use of online services identified in this study suggests there is a need for an adequate governing mechanism for privacy protection to realize service provision through e-government.     

TPS3: A privacy preserving data collection protocol for smart grids

Smart grid (SG) allows for two-way communication between the utility and its consumers and hence they are considered as an inevitable future of the traditional grid. Since consumers are the key component of SGs, providing security and privacy to their personal data is a critical problem. In this paper, a security protocol, namely TPS3, is based on Temporal Perturbation and Shamir’s Secret Sharing (SSS) schemes that are proposed to ensure the privacy of SG consumer’s data. Temporal perturbation is employed to provide temporal privacy, while the SSS scheme is used to ensure data confidentiality. Temporal perturbation adds random delays to the data collected by smart meters, whereas the SSS scheme fragments these data before transmitting them to the data collection server. Joint employment of both schemes makes it hard for attackers to obtain consumer data collected in the SG. The proposed protocol TPS3 is evaluated in terms of privacy, reliability, and communication cost using two different SG topologies. The performance evaluation results clearly show that the TPS3 protocol ensures the privacy and reliability of consumer data in SGs. The results also show that the tradeoff between the communication cost and security of TPS3 is negligible.     

Online self-disclosure: The privacy paradox explained as a temporally discounted balance between concerns and rewards

Technological innovations are increasingly helping people expand their social capital through online networks by offering new opportunities for sharing personal information. Online social networks are perceived to provide individuals new benefits and have led to a surge of personal data uploaded, stored, and shared. While privacy concerns are a major issue for many users of social networking sites, studies have shown that their information disclosing behavior does not align with their concerns. This gap between behavior and concern is called the privacy paradox. Several theories have been explored to explain this, but with inconsistent and incomplete results. This study investigates the paradox using a construal level theory lens. We show how a privacy breach, not yet experienced and psychologically distant, has less weight in everyday choices than more concrete and psychologically-near social networking activities and discuss the implications for research and practice.     

Privacy management of patient physiological parameters

Patient Physiological Parameters (PPPs) seem to be the most extensively accessed and utilized Personal Health Information (PHI) in hospitals, and their utilization by the various medical entities for treatment and diagnosis creates a real threat to patient privacy. This study aims to investigate whether PPPs access in a hospital environment violates patient privacy. If so, to what extent can we manage patient privacy while accessing PPPs in this environment? We investigated this question by analyzing questionnaire-based data from two Asian countries: Group A (China) and Group B (Pakistan). For data collection, we targeted those medical entities which were directly dealing with PPPs in their routine tasks. Results suggest that patient type directly influences the collection of PPPs: Group A (one-time?=?1.9, follow-up?=?1.06) and Group B (one-time?=?2.0 and follow-up?=?1.9). Both groups agreed that patients have the right to control their own PPPs. In both, doctors are the most trusted entity: for Group A, the Pearson Chi-Square with one degree of freedom is 1.414, p?=?0.234, whereas for Group B, the Pearson Chi-Square with three degrees of freedom is 4.511, p?=?0.11. Most of the Group A entities (92%) are familiar with unauthorized access of PPPs, while in Group B the level was only 35%. In Group B, only 35% of entities stated the purpose, specification and use limitations of PPPs. Doctors in both groups showed a high utilization of PPPs read authorization rights. This empirical evidence about PPPs usage in both countries will benefit health technology and improve policy on patient privacy.