CPFinder: Finding an unknown caller's profession from anonymized mobile phone data

Identifying an unfamiliar caller's profession is important to protect citizens' personal safety and property. Owing to the limited data protection of various popular online services in some countries, such as taxi hailing and ordering takeouts, many users presently encounter an increasing number of phone calls from strangers. The situation may be aggravated when criminals pretend to be such service delivery staff, threatening the user individuals as well as the society. In addition, numerous people experience excessive digital marketing and fraudulent phone calls because of personal information leakage. However, previous works on malicious call detection only focused on binary classification, which does not work for the identification of multiple professions. We observed that web service requests issued from users' mobile phones might exhibit their application preferences, spatial and temporal patterns, and other profession-related information. This offers researchers and engineers a hint to identify unfamiliar callers. In fact, some previous works already leveraged raw data from mobile phones (which includes sensitive information) for personality studies. However, accessing users' mobile phone raw data may violate the more and more strict private data protection policies and regulations (e.g., General Data Protection Regulation). We observe that appropriate statistical methods can offer an effective means to eliminate private information and preserve personal characteristics, thus enabling the identification of the types of mobile phone callers without privacy concerns. In this paper, we develop CPFinder —- a system that exploits privacy-preserving mobile data to automatically identify callers who are divided into four categories of users: taxi drivers, delivery and takeouts staffs, telemarketers and fraudsters, and normal users (other professions). Our evaluation of an anonymized dataset of 1,282 users over a period of 3 months in Shanghai City shows that the CPFinder can achieve accuracies of more than 75.0% and 92.4% for multiclass and binary classifications, respectively.     

User location privacy protection mechanism for location-based services

With the rapid development of the Internet of Things (IoT), Location-Based Services (LBS) are becoming more and more popular. However, for the users being served, how to protect their location privacy has become a growing concern. This has led to great difficulty in establishing trust between the users and the service providers, hindering the development of LBS for more comprehensive functions. In this paper, we first establish a strong identity verification mechanism to ensure the authentication security of the system and then design a new location privacy protection mechanism based on the privacy proximity test problem. This mechanism not only guarantees the confidentiality of the user’s information during the subsequent information interaction and dynamic data transmission, but also meets the service provider’s requirements for related data.     

NLDA non-linear regression model for preserving data privacy in wireless sensor networks

Recently, the application of Wireless Sensor Networks (WSNs) has been increasing rapidly. It requires privacy preserving data aggregation protocols to secure the data from compromises. Preserving privacy of the sensor data is a challenging task. This paper presents a non-linear regression-based data aggregation protocol for preserving privacy of the sensor data. The proposed protocol uses non-linear regression functions to represent the sensor data collected from the sensor nodes. Instead of sending the complete data to the cluster head, the sensor nodes only send the coefficients of the non-linear function. This will reduce the communication overhead of the network. The data aggregation is performed on the masked coefficients and the sink node is able to retrieve the approximated results over the aggregated data. The analysis of experiment results shows that the proposed protocol is able to minimize communication overhead, enhance data aggregation accuracy, and preserve data privacy.     

Beyond the privacy paradox: The moderating effect of online privacy concerns on online service use behavior

In the digital information era, dealing with privacy issues is problematic in related research since online activities have become an inevitable trend. Following the privacy paradox, which occurs when online services are increasingly accepted or used despite raising the level of privacy concerns of individuals, there is no need to alleviate individual privacy concerns regarding online services. Accordingly, this study aims to empirically analyze the effect of online privacy concerns, when interacting with individual innovativeness, on individual online service use behavior. For the empirical analysis, a Heckman two-step analysis is performed using South Korean data from the 2019 Korea Media Panel Survey conducted by the Korea Information Society Development Institute. The results provide evidence in contradiction of the privacy paradox. Specifically, the main findings of this study are as follows. First, use of online services and privacy concerns are not a contradictory phenomenon both in principle and behavior but can act as a negative influence or constraint. Second, individuals with high levels of innovativeness actively use online services owing to differences in their acceptance and use of innovation. Third, as online activities become more common, privacy concerns are likely to affect the level of online service use by interacting with other personality traits. As a result, privacy concerns are more likely to act as an influencing variable that moderates the degree or intensity of an individual's use of an online service rather than an independent variable for the use of an online service. The impact of privacy concerns of individuals on the use of online services identified in this study suggests there is a need for an adequate governing mechanism for privacy protection to realize service provision through e-government.     

Attacks and improvements on the RFID authentication protocols based on matrix

Most of the Radio Frequency IDentification (RFID) authentication protocols, proposed to preserve security and privacy, are analysed to show that they can not provide security against some passive or active attacks. In this paper, the security of two matrix-based protocols, proposed by Karthikeyan and Nesterenko (KN protocol) and Ramachandra et al. (RRS protocol) that conform to Electronic Product Code Class-1 Generation-2 (EPC Class-1 Gen-2) standard, are investigated. Using the linear relationship of multiplication of matrix and vector, we point out that both protocols can not provide scalability, and they are vulnerable to passive impersonation attack. In addition, both protocols are totally insecure if the adversary can compromise one tag to extract the secrets. A modified lightweight matrix-based authentication protocol is presented, which can resist mainly common attacks on an RFID authentication system including eavesdropping, relay attack, desynchronization attack, impersonation attack and tag tracking attack. The new protocol also has the desirable scalability property and can keep secure under compromising attack.     

LBS系统的私密性研究

定位服务的关键在于对用户位置信息的使用,而位置信息与个人隐私密切相关,为了防止位置信息的滥用,定位系统需要充分考虑用户的私密性保护。论文针对不同类型的业务分析了私密性保护的需求,并根据定位系统的体系结构提出了私密性保护的必要方面,最后结合定位流程描述了私密性控制的实现。     

基于动态调整节点包发送速率的基站保护策略

无线传感器网络中,为了抵御全局流量监测的攻击者,提出了一种基于节点包发送速率动态调整的基站位置隐私保护策略SRA。SRA通过调整全网节点的发包率,实现源节点到基站的流量隐藏,继而能够有效抵御全局流量分析的攻击者。理论表明,SRA能够有抵御全局流量的攻击者对基站的定位。更进一步地,提出了基于贪心选择路径的基站位置隐私保护策略GCR,进一步降低网络通信开销。实验表明,与SRA相比,GCR能够有效保护基站的位置隐私且具有较低的通信开销。     

A time-aware searchable encryption scheme for EHRs

Despite the benefits of EHRs (Electronic Health Records), there is a growing concern over the risks of privacy exposure associated with the technologies of EHR storing and transmission. To deal with this problem, a time-aware searchable encryption with designated server is proposed in this paper. It is based on Boneh's public key encryption with keyword search and Rivest's timed-release cryptology. Our construction has three features: the user cannot issue a keyword search query successfully unless the search falls into the specific time range; only the authorized user can generate a valid trapdoor; only the designated server can execute the search. Applying our scheme in a multi-user environment, the number of the keyword ciphertexts would not increase linearly with the number of the authorized users. The security and performance analysis shows that our proposed scheme is securer and more efficient than the existing similar schemes.     

基于雾计算的智能电表用户虚拟环隐私保护方案

作为智能电网的基础组件,智能电表(SMS)可以定期向电力公司报告用户的详细用电量数据。但是智能电表也带来了一些安全问题,比如用户隐私泄露。该文提出了一种基于虚拟环的隐私保护方案,可以提供用电数据和用户身份的隐私,使攻击者无法知道匹配电力数据与用户身份的关系。在所提方案中,智能电表可以利用其虚拟环成员身份对其真实身份进行匿名化,并利用非对称加密和Paillier同态系统对其获得的用电量数据生成密文数据;然后智能电表将密文数据发送给其连接的雾节点,雾节点定期采集其管理的智能电表的密文数据。同时,雾节点对这些智能电表的虚拟环身份进行验证,然后将收集到的密文数据聚合并发送给控制中心;最后控制中心对聚合后的密文进行解密,得到用电量数据。实验结果表明所提方案在计算和通信成本上具有一定的优势。