面向位置推荐的差分隐私保护方法

位置推荐服务能使用户更容易地获得周边的兴趣点信息,但也会带来用户位置隐私泄露的风险。为了避免位置隐私泄露带来的不利影响,提出一种面向位置推荐服务的差分隐私保护方法。在保持用户位置轨迹与签到频率特征的前提下,基于路径前缀树及其平衡程度采用均匀分配和几何分配两种方式进行隐私预算分配,然后根据隐私预算分配结果添加满足差分隐私的Laplace噪音。实验结果表明该方法能有效保护用户位置隐私,同时通过合理的隐私预算分配能减少差分隐私噪音对推荐质量的影响。     

Toward Privacy-Preserving Personalized Recommendation Services

Recommendation systems are crucially important for the delivery of personalized services to users. With personalized recommendation services, users can enjoy a variety of targeted recommendations such as movies, books, ads, restaurants, and more. In addition, personalized recommendation services have become extremely effective revenue drivers for online business. Despite the great benefits, deploying personalized recommendation services typically requires the collection of users’ personal data for processing and analytics, which undesirably makes users susceptible to serious privacy violation issues. Therefore, it is of paramount importance to develop practical privacy-preserving techniques to maintain the intelligence of personalized recommendation services while respecting user privacy. In this paper, we provide a comprehensive survey of the literature related to personalized recommendation services with privacy protection. We present the general architecture of personalized recommendation systems, the privacy issues therein, and existing works that focus on privacy-preserving personalized recommendation services. We classify the existing works according to their underlying techniques for personalized recommendation and privacy protection, and thoroughly discuss and compare their merits and demerits, especially in terms of privacy and recommendation accuracy. We also identity some future research directions.     

An efficient data aggregation scheme with local differential privacy in smart grid

By integrating the traditional power grid with information and communication technology, smart grid achieves dependable, efficient, and flexible grid data processing. The smart meters deployed on the user side of the smart grid collect the users' power usage data on a regular basis and upload it to the control center to complete the smart grid data acquisition. The control center can evaluate the supply and demand of the power grid through aggregated data from users and then dynamically adjust the power supply and price, etc. However, since the grid data collected from users may disclose the user's electricity usage habits and daily activities, privacy concern has become a critical issue in smart grid data aggregation. Most of the existing privacy-preserving data collection schemes for smart grid adopt homomorphic encryption or randomization techniques which are either impractical because of the high computation overhead or unrealistic for requiring a trusted third party.In this paper, we propose a privacy-preserving smart grid data aggregation scheme satisfying Local Differential Privacy (LDP) based on randomized responses. Our scheme can achieve an efficient and practical estimation of power supply and demand statistics while preserving any individual participant's privacy. Utility analysis shows that our scheme can estimate the supply and demand of the smart grid. Our approach is also efficient in terms of computing and communication overhead, according to the results of the performance investigation.     

FedCDR: Privacy-preserving federated cross-domain recommendation

Cross-Domain Recommendation (CDR) aims to solve data sparsity and cold-start problems by utilizing a relatively information-rich source domain to improve the recommendation performance of the data-sparse target domain. However, most existing approaches rely on the assumption of centralized storage of user data, which undoubtedly poses a significant risk of user privacy leakage because user data are highly privacy-sensitive. To this end, we propose a privacy-preserving Federated framework for Cross-Domain Recommendation, called FedCDR. In our method, to avoid leakage of user privacy, a general recommendation model is trained on each user's personal device to obtain embeddings of users and items, and each client uploads weights to the central server. The central server then aggregates the weights and distributes them to each client for updating. Furthermore, because the weights implicitly contain private information about the user, local differential privacy is adopted for the gradients before uploading them to the server for better protection of user privacy. To distill the relationship of user embedding between two domains, an embedding transformation mechanism is used on the server side to learn the cross-domain embedding transformation model. Extensive experiments on real-world datasets demonstrate that our method achieves performance comparable with that of existing data-centralized methods and effectively protects user privacy.     

面向Android应用的细粒度位置隐私保护系统

位置隐私保护是移动定位服务中的关键安全问题,粗粒度的访问控制机制通过绝对的授权策略抑制了位置信息的暴露,但是忽略了用户的服务质量。提出一种针对本地位置信息的时空模糊算法,实现了细粒度的位置隐私保护系统,在保障用户服务质量的前提下实现位置信息的模糊,从而达到隐私保护的目的。首先设计了一种针对应用程序位置服务请求的位置信息拦截技术,截获精确位置信息,并使用位置模糊算法进行模糊处理;将模糊后的安全位置信息返回给Apps,从而实现位置隐私保护。实验结果证明了该方法的有效性。     

物联网中的隐私保护问题研究

在物联网中的认证和密钥协商过程中,如果用户的身份信息以明文的形式传输,攻击者可能追踪用户的行动轨迹,从而造成信息泄漏。针对大多数基于身份的认证和密钥协商协议不能保护用户隐私的问题,提出一个基于身份的匿名认证和密钥协商协议。在设计的认证和密钥协商方案中,用户的身份信息以密文的形式传输,解决了用户的隐私问题。     

基于动态社会网络的敏感边的隐私保护

为解决动态社会网络发布中敏感边的隐私保护问题,针对攻击者将目标节点在不同时刻的节点度作为背景知识的应用场景,提出了一种新的基于动态网络的敏感边的隐私保护方法,它的思想是:首先通过k-分组和(k,Δd)-匿名发布隐私保护方法来确保目标节点不能被唯一识别,被攻击识别的概率不超过1/k;其次根据泄露概率对边进行保护,确保敏感边泄露的概率不超过用户给定参数u。理论分析和实验证明,所提出的方法可以抵御攻击者对敏感边的攻击,能有效地保护社会网络中用户的隐私信息,同时保证了动态社会网络发布的质量。     

物联网安全与隐私保护研究

随着物联网概念的提出,各国政府专家、企业和技术人员都开始着手研究和建设物联网的工作。物联网安全和隐私问题必然会影响其建设与发展。为了解除物联网发展过程中的障碍,同时为物联网的安全与隐私保护提供相关措施,分析了物联网体系架构所面临的安全威胁,并从感知层、传输层和应用层分别对安全威胁进行详细的研究和总结,最后针对物联网面临的各类安全威胁给出了对应的安全措施。     

A hybrid approach for scalable sub-tree anonymization over big data using MapReduce on cloud

In big data applications, data privacy is one of the most concerned issues because processing large-scale privacy-sensitive data sets often requires computation resources provisioned by public cloud services. Sub-tree data anonymization is a widely adopted scheme to anonymize data sets for privacy preservation. Top–Down Specialization (TDS) and Bottom–Up Generalization (BUG) are two ways to fulfill sub-tree anonymization. However, existing approaches for sub-tree anonymization fall short of parallelization capability, thereby lacking scalability in handling big data in cloud. Still, either TDS or BUG individually suffers from poor performance for certain valuing of k-anonymity parameter. In this paper, we propose a hybrid approach that combines TDS and BUG together for efficient sub-tree anonymization over big data. Further, we design MapReduce algorithms for the two components (TDS and BUG) to gain high scalability. Experiment evaluation demonstrates that the hybrid approach significantly improves the scalability and efficiency of sub-tree anonymization scheme over existing approaches.