Towards privacy-driven design of a dynamic carpooling system

Dynamic carpooling (also known as instant or ad-hoc ridesharing) is a service that arranges one-time shared rides on very short notice. This type of carpooling generally makes use of three recent technological advances: (i) navigation devices to determine a driver’s route and arrange the shared ride; (ii) smartphones for a traveller to request a ride from wherever she happens to be; and (iii) social networks to establish trust between drivers and passengers. However, the mobiquitous environment in which dynamic carpooling is expected to operate raises several privacy issues. Among all the personal identifiable information, learning the location of an individual is one of the greatest threats against her privacy. For instance, the spatio-temporal data of an individual can be used to infer the location of her home and workplace, to trace her movements and habits, to learn information about her centre of interests or even to detect a change from her usual behaviour. Therefore, preserving location privacy is a major issue to be able to leverage the possibilities offered by dynamic carpooling. In this paper we use the principles of privacy-by-design to integrate the privacy aspect in the design of dynamic carpooling, henceforth increasing its public (and political) acceptability and trust.     

Dimensions of Anticipated Reaction in Information Management: Anticipating Responses and Outcomes

Many models, theories, and frameworks of information management (e.g., privacy, disclosure, secrets) incorporate the concept of receiver response, both anticipated and actual. Although most if not all information management literature highlights the importance of the response variable, each perspective conceptualizes and/or operationalizes response differently. The lack of consistency across perspectives limits research design, theory testing, and scholars' ability to make comparisons among and across theoretical frameworks, as well as their ability to evaluate research findings within the broader context of information management theory. This project presents a review and synthesis of receiver response within the context of information sharing and decision making, including both immediate responses and longer-term outcomes of sharing the information.     

Efficient multi-keyword ranked query over encrypted data in cloud computing

Cloud computing infrastructure is a promising new technology and greatly accelerates the development of large scale data storage, processing and distribution. However, security and privacy become major concerns when data owners outsource their private data onto public cloud servers that are not within their trusted management domains. To avoid information leakage, sensitive data have to be encrypted before uploading onto the cloud servers, which makes it a big challenge to support efficient keyword-based queries and rank the matching results on the encrypted data. Most current works only consider single keyword queries without appropriate ranking schemes. In the current multi-keyword ranked search approach, the keyword dictionary is static and cannot be extended easily when the number of keywords increases. Furthermore, it does not take the user behavior and keyword access frequency into account. For the query matching result which contains a large number of documents, the out-of-order ranking problem may occur. This makes it hard for the data consumer to find the subset that is most likely satisfying its requirements. In this paper, we propose a flexible multi-keyword query scheme, called MKQE to address the aforementioned drawbacks. MKQE greatly reduces the maintenance overhead during the keyword dictionary expansion. It takes keyword weights and user access history into consideration when generating the query result. Therefore, the documents that have higher access frequencies and that match closer to the users’ access history get higher rankings in the matching result set. Our experiments show that MKQE presents superior performance over the current solutions.     

集成RFID的智能建筑系统研究

RFID技术是近年来业界关注的热点，被认为是21世纪最重要的技术之一。本文结合普适计算环境发展的趋势，提出了集成RFID的智能建筑系统原型和模块设计，并对RFID在智能建筑系统中的安全及隐私性设计进行了详细论述。     

Verifiable shuffles: a formal model and a Paillier-based three-round construction with provable security

A shuffle takes a list of ciphertexts and outputs a permuted list of re-encryptions of the input ciphertexts. Mix-nets, a popular method for anonymous routing, can be constructed from a sequence of shuffles and decryption. We propose a formal model for security of verifiable shuffles and a new verifiable shuffle system based on the Paillier encryption scheme, and prove its security in the proposed dmodel. The model is general and can be extended to provide provable security for verifiable shuffle decryption.This paper is the extended version of the paper [37] presented at ACNS ‘04.     

Privacy Loss in Distributed Constraint Reasoning: A Quantitative Framework for Analysis and its Applications

It is critical that agents deployed in real-world settings, such as businesses, offices, universities and research laboratories, protect their individual users’ privacy when interacting with other entities. Indeed, privacy is recognized as a key motivating factor in the design of several multiagent algorithms, such as in distributed constraint reasoning (including both algorithms for distributed constraint optimization (DCOP) and distributed constraint satisfaction (DisCSPs)), and researchers have begun to propose metrics for analysis of privacy loss in such multiagent algorithms. Unfortunately, a general quantitative framework to compare these existing metrics for privacy loss or to identify dimensions along which to construct new metrics is currently lacking. This paper presents three key contributions to address this shortcoming. First, the paper presents VPS (Valuations of Possible States), a general quantitative framework to express, analyze and compare existing metrics of privacy loss. Based on a state-space model, VPS is shown to capture various existing measures of privacy created for specific domains of DisCSPs. The utility of VPS is further illustrated through analysis of privacy loss in DCOP algorithms, when such algorithms are used by personal assistant agents to schedule meetings among users. In addition, VPS helps identify dimensions along which to classify and construct new privacy metrics and it also supports their quantitative comparison. Second, the article presents key inference rules that may be used in analysis of privacy loss in DCOP algorithms under different assumptions. Third, detailed experiments based on the VPS-driven analysis lead to the following key results: (i) decentralization by itself does not provide superior protection of privacy in DisCSP/DCOP algorithms when compared with centralization; instead, privacy protection also requires the presence of uncertainty about agents’ knowledge of the constraint graph. (ii) one needs to carefully examine the metrics chosen to measure privacy loss; the qualitative properties of privacy loss and hence the conclusions that can be drawn about an algorithm can vary widely based on the metric chosen. This paper should thus serve as a call to arms for further privacy research, particularly within the DisCSP/DCOP arena.     

基于策略的移动RFID隐私安全问题研究

隐私安全问题是移动RFID众多安全问题中最重要的问题之一.对移动RFID的隐私安全问题进行研究,并提出一个基于策略的移动RFID隐私保护系统,该系统通过建立和管理应用服务的隐私保护策略,并根据标签的隐私策略对信息进行访问控制,确保隐私安全.     

SE-AKA: A secure and efficient group authentication and key agreement protocol for LTE networks

To support Evolved Packet System (EPS) in the Long Term Evolution (LTE) networks, the 3rd Generation Partnership Project (3GPP) has proposed an authentication and key agreement (AKA) protocol, named EPS-AKA, which has become an emerging standard for fourth-generation (4G) wireless communications. However, due to the requirement of backward compatibility, EPS-AKA inevitably inherits some defects of its predecessor UMTS-AKA protocol that cannot resist several frequent attacks, i.e., redirection attack, man-in-the-middle attack, and DoS attack. Meanwhile, there are additional security issues associated with the EPS-AKA protocol, i.e., the lack of privacy-preservation and key forward/backward secrecy (KFS/KBS). In addition, there are new challenges with the emergence of group-based communication scenarios in authentication. In this paper, we propose a secure and efficient AKA protocol, called SE-AKA, which can fit in with all of the group authentication scenarios in the LTE networks. Specifically, SE-AKA uses Elliptic Curve Diffie-Hellman (ECDH) to realize KFS/KBS, and it also adopts an asymmetric key cryptosystem to protect users’ privacy. For group authentication, it simplifies the whole authentication procedure by computing a group temporary key (GTK). Compared with other authentication protocols, SE-AKA cannot only provide strong security including privacy-preservation and KFS/KBS, but also provide a group authentication mechanism which can effectively authenticate group devices. Extensive security analysis and formal verification by using proverif have shown that the proposed SE-AKA is secure against various malicious attacks. In addition, elaborate performance evaluations in terms of communication, computational and storage overhead also demonstrates that SE-AKA is more efficient than those existing protocols.     

融合知识图谱和差分隐私的新闻推荐方法

针对现有融合知识图谱和隐私保护的推荐方法不能有效平衡差分隐私（DP）噪声与推荐系统性能的问题,提出了一种融合知识图谱和隐私保护的新闻推荐方法（KGPNRec）。首先,采用多通道知识感知的卷积神经网络（KCNN）模型融合新闻标题、知识图谱中实体和实体上下文等多维度的特征向量,以提高推荐的准确度;其次,利用注意力机制为不同敏感程度的特征向量添加不同程度的噪声,从而降低噪声对数据分析的影响;然后,对加权的用户特征向量添加统一的拉普拉斯噪声,以保证用户数据的安全性;最后,在真实的新闻数据集上进行实验分析。实验结果表明,与隐私保护的多任务推荐方法（PPMTF）和基于深度知识感知网络（DKN）的推荐方法等相比,所提KGPNRec在保护用户隐私的同时能保证方法的预测性能。在Bing News数据集上,所提方法的曲线下面积（AUC）值、准确率和F1分数与PPMTF相比分别提高了0.019、0.034和0.034。     

Known-plaintext cryptanalysis of the Domingo-Ferrer algebraic privacy homomorphism scheme

We propose cryptanalysis of the First Domingo-Ferrer's algebraic privacy homomorphism where n=pq. We show that the scheme can be broken by (d+1) known plaintexts in O(d³log²n) time. Even when the modulus n is kept secret, it can be broken by 2(d+1) known plaintexts in O(d⁴logdn+d³log²n+?(m)) time with overwhelming probability.