Evolving privacy: From sensors to the Internet of Things

The Internet of Things (IoT) envisions a world covered with billions of smart, interacting things capable of offering all sorts of services to near and remote entities. The benefits and comfort that the IoT will bring about are undeniable, however, these may come at the cost of an unprecedented loss of privacy. In this paper we look at the privacy problems of one of the key enablers of the IoT, namely wireless sensor networks, and analyse how these problems may evolve with the development of this complex paradigm. We also identify further challenges which are not directly associated with already existing privacy risks but will certainly have a major impact in our lives if not taken into serious consideration.     

Efficient yet robust biometric iris matching on smart cards for data high security and privacy

Smart control access to any service and/or critical data is at the very basis of any smart project. Biometrics have been used as a solution for system access control, for many years now. However, the simple use of biometrics cannot be considered as final and perfect solution. Most problems are related to the data transmission method between the medias, where the users require access and the servers where the biometric data, captured upon registration, are stored. In this paper, we use smart cards as an effective yet efficient solution to this critical data storage problem. Furthermore, iris texture has been used as a human identifier for some time now. This biometric is considered one of the most reliable to distinguish a person from another as its unique yet perfectly stable over time. In this work, we propose an efficient implementation of iris texture verification on smart cards. For this implementation, the matching is done on-card. Thus, the biometric characteristics are always kept in the owner’s card, guaranteeing the maximum security and privacy. In a first approach, the False Acceptance Rate (FAR) and False Rejection Rate (FRR) are improved using circular translations of the matched iris codes. However, after a thorough analysis of the achieved results, we show that the proposed method introduces a significant increase in terms of execution time of the matching operation. In order to mitigate this impact, we augmented the proposed technique with acceptance threshold verification, thus decreasing drastically the execution time of the matching operation, and yet achieving considerably low FAR and FRR. It is noteworthy to point out that these characteristics are at the basis of any access control successful usage.     

一种基于权重属性熵的分类匿名算法

为了在高效地保护数据隐私不被泄露的同时保证数据效用,提出了一种基于权重属性熵的分类匿名方法(Weight-properties Entropy for Classification Anonymous,WECA)。该方法在数据分类挖掘的特定应用背景下,通过信息熵的概念来计算数据集中不同准标识符属性对敏感属性的分类重要程度,选取分类权重属性熵比率最高的准标识符属性对分类树进行有利的划分,同时构建了分类匿名信息损失度量,在更好地保护隐私数据的前提下确保了数据分类效用。最后,在标准数据集上的实验结果表明,该算法在保证较少的匿名损失的同时具有较高的分类精度,提高了数据可用性。     

面向位置推荐的差分隐私保护方法

位置推荐服务能使用户更容易地获得周边的兴趣点信息,但也会带来用户位置隐私泄露的风险。为了避免位置隐私泄露带来的不利影响,提出一种面向位置推荐服务的差分隐私保护方法。在保持用户位置轨迹与签到频率特征的前提下,基于路径前缀树及其平衡程度采用均匀分配和几何分配两种方式进行隐私预算分配,然后根据隐私预算分配结果添加满足差分隐私的Laplace噪音。实验结果表明该方法能有效保护用户位置隐私,同时通过合理的隐私预算分配能减少差分隐私噪音对推荐质量的影响。     

Toward Privacy-Preserving Personalized Recommendation Services

Recommendation systems are crucially important for the delivery of personalized services to users. With personalized recommendation services, users can enjoy a variety of targeted recommendations such as movies, books, ads, restaurants, and more. In addition, personalized recommendation services have become extremely effective revenue drivers for online business. Despite the great benefits, deploying personalized recommendation services typically requires the collection of users’ personal data for processing and analytics, which undesirably makes users susceptible to serious privacy violation issues. Therefore, it is of paramount importance to develop practical privacy-preserving techniques to maintain the intelligence of personalized recommendation services while respecting user privacy. In this paper, we provide a comprehensive survey of the literature related to personalized recommendation services with privacy protection. We present the general architecture of personalized recommendation systems, the privacy issues therein, and existing works that focus on privacy-preserving personalized recommendation services. We classify the existing works according to their underlying techniques for personalized recommendation and privacy protection, and thoroughly discuss and compare their merits and demerits, especially in terms of privacy and recommendation accuracy. We also identity some future research directions.     

An efficient data aggregation scheme with local differential privacy in smart grid

By integrating the traditional power grid with information and communication technology, smart grid achieves dependable, efficient, and flexible grid data processing. The smart meters deployed on the user side of the smart grid collect the users' power usage data on a regular basis and upload it to the control center to complete the smart grid data acquisition. The control center can evaluate the supply and demand of the power grid through aggregated data from users and then dynamically adjust the power supply and price, etc. However, since the grid data collected from users may disclose the user's electricity usage habits and daily activities, privacy concern has become a critical issue in smart grid data aggregation. Most of the existing privacy-preserving data collection schemes for smart grid adopt homomorphic encryption or randomization techniques which are either impractical because of the high computation overhead or unrealistic for requiring a trusted third party.In this paper, we propose a privacy-preserving smart grid data aggregation scheme satisfying Local Differential Privacy (LDP) based on randomized responses. Our scheme can achieve an efficient and practical estimation of power supply and demand statistics while preserving any individual participant's privacy. Utility analysis shows that our scheme can estimate the supply and demand of the smart grid. Our approach is also efficient in terms of computing and communication overhead, according to the results of the performance investigation.     

FedCDR: Privacy-preserving federated cross-domain recommendation

Cross-Domain Recommendation (CDR) aims to solve data sparsity and cold-start problems by utilizing a relatively information-rich source domain to improve the recommendation performance of the data-sparse target domain. However, most existing approaches rely on the assumption of centralized storage of user data, which undoubtedly poses a significant risk of user privacy leakage because user data are highly privacy-sensitive. To this end, we propose a privacy-preserving Federated framework for Cross-Domain Recommendation, called FedCDR. In our method, to avoid leakage of user privacy, a general recommendation model is trained on each user's personal device to obtain embeddings of users and items, and each client uploads weights to the central server. The central server then aggregates the weights and distributes them to each client for updating. Furthermore, because the weights implicitly contain private information about the user, local differential privacy is adopted for the gradients before uploading them to the server for better protection of user privacy. To distill the relationship of user embedding between two domains, an embedding transformation mechanism is used on the server side to learn the cross-domain embedding transformation model. Extensive experiments on real-world datasets demonstrate that our method achieves performance comparable with that of existing data-centralized methods and effectively protects user privacy.     

面向Android应用的细粒度位置隐私保护系统

位置隐私保护是移动定位服务中的关键安全问题,粗粒度的访问控制机制通过绝对的授权策略抑制了位置信息的暴露,但是忽略了用户的服务质量。提出一种针对本地位置信息的时空模糊算法,实现了细粒度的位置隐私保护系统,在保障用户服务质量的前提下实现位置信息的模糊,从而达到隐私保护的目的。首先设计了一种针对应用程序位置服务请求的位置信息拦截技术,截获精确位置信息,并使用位置模糊算法进行模糊处理;将模糊后的安全位置信息返回给Apps,从而实现位置隐私保护。实验结果证明了该方法的有效性。     

物联网中的隐私保护问题研究

在物联网中的认证和密钥协商过程中,如果用户的身份信息以明文的形式传输,攻击者可能追踪用户的行动轨迹,从而造成信息泄漏。针对大多数基于身份的认证和密钥协商协议不能保护用户隐私的问题,提出一个基于身份的匿名认证和密钥协商协议。在设计的认证和密钥协商方案中,用户的身份信息以密文的形式传输,解决了用户的隐私问题。