无线传感器网络中节能与隐私保护范围查询

针对无线传感器网络中范围查询高隐私性与低能耗的要求,提出了一种节能的安全范围查询处理算法EPRN。EPRN对数据查询过程与上传过程进行分离,避免了所有节点将自身感知数据传输至存储节点或基站,大大降低了网络传输过程通信量,延长了网络寿命。运用前缀成员验证、数据加密等技术对感知数据以及查询范围进行处理,从而达到隐私保护的目的。理论分析和仿真实验显示,EPRN在保证数据隐私性的同时具有更好的节能性。     

匿名化隐私保护技术研究进展*

匿名化是目前数据发布环境下实现隐私保护的主要技术之一。阐述了匿名化技术的一般概念和基本原理,并从匿名化原则、匿名化方法和匿名化度量等方面对匿名化技术进行了总结,最后指出匿名化技术的研究难点以及未来的研究方向。     

基于条件函数依赖的隐私保护模型

数据拥有者发布的数据中如果包含条件函数依赖会导致数据的隐私受到攻击,由条件函数依赖产生的属性间的关联会带来潜在的隐私泄露问题。针对现有的隐私保护方法均无法保护包含条件函数依赖的数据的隐私,形式化地定义了基于条件函数依赖的隐私攻击,提出了隐私保护模型l-deduction来对包含条件函数依赖的数据进行隐私保护;并设计了相应的匿名算法来实现l-deduction模型。理论分析和实验结果表明,该方法既能保护包含条件函数依赖的数据的隐私,又具有较小的信息损失度。     

Privacy Computing: Concept,Computing Framework,and Future Development Trends

With the rapid development of information technology and the continuous evolution of personalized services, huge amounts of data are accumulated by large internet companies in the process of serving users. Moreover, dynamic data interactions increase the intentional/unintentional persistence of private information in different information systems. However, problems such as the cask principle of preserving private information among different information systems and the difficulty of tracing the source of privacy violations are becoming increasingly serious. Therefore, existing privacy-preserving schemes cannot provide systematic privacy preservation. In this paper, we examine the links of the information life-cycle, such as information collection, storage, processing, distribution, and destruction. We then propose a theory of privacy computing and a key technology system that includes a privacy computing framework, a formal definition of privacy computing, four principles that should be followed in privacy computing, algorithm design criteria, evaluation of the privacy-preserving effect, and a privacy computing language. Finally, we employ four application scenarios to describe the universal application of privacy computing, and discuss the prospect of future research trends. This work is expected to guide theoretical research on user privacy preservation within open environments.     

EEPPDA—Edge-enabled efficient privacy-preserving data aggregation in smart healthcare Internet of Things network

The Internet of Things-based smart healthcare provides numerous facilities to patients and medical professionals. Medical professionals can monitor the patient's real-time medical data and diagnose diseases through the medical health history stored in the cloud database. Any kind of attack on the cloud database will result in misdiagnosis of the patients by medical professionals. Therefore, it becomes a primary concern to secure private data. On the other hand, the conventional data aggregation method for smart healthcare acquires immense communication and computational cost. Edge-enabled smart healthcare can overcome these limitations. The paper proposes an edge-enabled efficient privacy-preserving data aggregation (EEPPDA) scheme to secure health data. In the EEPPDA scheme, captured medical data have been encrypted by the Paillier homomorphic cryptosystem. Homomorphic encryption is engaged in the assurance of secure communication. For data transmission from patients to the cloud server (CS), data aggregation is performed on the edge server (ES). Then aggregated ciphertext data are transmitted to the CS. The CS validates the data integrity and analyzes and processes the authenticated aggregated data. The authorized medical professional executes the decryption, then the aggregated ciphertext data are decrypted in plaintext. EEPPDA utilizes the batch verification process to reduce communication costs. Our proposed scheme maintains the privacy of the patient's identity and medical data, resists any internal and external attacks, and verifies the health data integrity in the CS. The proposed scheme has significantly minimized computational complexity and communication overhead concerning the existing approach through extensive simulation.     

基于访问控制安全高效的多用户外包图像检索方案

由于公有云不是可信的实体,通过公有云提供图像检索服务时,它可能会窃取图像数据的敏感信息。近年来,密文图像检索方法被提出,用于保护图像隐私。然而,传统的隐私保护图像检索方案搜索效率较低,且无法支持多用户场景。因此,提出一种基于访问控制安全高效的多用户外包图像检索方案。该方案采用一次一密和矩阵变换方法,实现基于欧几里得距离（简称欧氏距离）相似性的密文图像检索,并利用矩阵分解和代理重加密,实现多用户外包图像检索。采用局部敏感哈希算法构建索引,提高密文图像检索效率。特别地,提出一种基于角色多项式函数的轻量级访问控制策略,该策略能够灵活设定图像访问权限,防止恶意用户窃取隐私信息。安全性分析论证了所提方案能够保护图像和查询请求的机密性;实验结果表明所提方案能够达到高效的图像检索。     

支持批量认证和隐私保护的无线Mesh网络切换认证方案

为了在任何时间、任何地点向移动终端提供无缝网络服务,切换认证技术显得尤为重要.从认证节点的隐私保护出发,提出了一种基于身份且支持批量认证的切换认证方案,并且认证过程无需第三方参与.方案中,认证双方无复杂的双线性对运算,移动节点经两次握手可实现安全切换.相比其他方案,该方案不仅满足了认证的安全性要求,还具有较高的认证效率和支持批量认证的优点.     

两层传感器网络中安全高效的范围查询算法

针对两层传感器网络环境,提出了一种安全高效的范围查询算法. 在数据存储阶段,传感节点对感知数据进行加密处理,并利用保序函数生成保序编码,然后将密文和编码数据上传至存储节点. 在查询处理阶段,Sink通过克莱姆法则将查询范围转换成下上限多项式,并将查询请求信息发送给存储节点;存储节点通过多项式信息和保序编码,实现无须明文数值参与下的大小比较,从而确定查询结果,并返回给Sink;Sink获得查询结果,并对感知数据进行真实性和完整性验证. 理论分析和实验结果表明,该算法能够保证感知数据、查询结果和目标范围区间的隐私,且与现有方法相比具有更高的能效.     

隐私保护的费马问题极值计算协议

隐私保护的计算几何问题是目前安全多方计算领域的一个研究热点。提出了一个费马问题的极值计算问题,费马问题已被广泛地运用在许多领域,比如军事、商业等领域。因此,在保证隐私的前提下,设计了一个基于点积协议的费马问题极值计算协议。提出的协议仅调用了6次点积协议,不仅简化了协议,而且没有使用第三方,安全性更高。给出了协议的正确性,而且对安全性和有效性都进行了详细的理论分析。分析结果标明,所提出的协议是安全的,而且协议复杂度低,也可用于解决其他一些安全多方的计算几何问题。     

基于非敏感信息分析的轨迹数据隐私保护发布

针对轨迹数据发布时轨迹和非敏感信息引起的隐私泄露问题,提出一种基于非敏感信息分析的轨迹数据隐私保护发布算法。首先,分析轨迹和非敏感信息的关联性构建轨迹隐私泄露判定模型,得到最小违反序列元组（MVS）,然后借鉴公共子序列的思想,在消除MVS带来的隐私泄露风险时,选择MVS中对轨迹数据损失最小的时序序列作为抑制对象,从而生成具有隐私能力和低数据损失率的匿名轨迹数据集。仿真实验结果表明,与LKC-Local算法和Trad-Local算法相比,在序列长度为3的情况下,该算法平均实例损失率分别降低了6%和30%,平均最大频繁序列（MFS）损失率分别降低了7%和60%,因此所提算法能够有效用于提高推荐服务质量。