A Differential Privacy Based (<i>k</i>-Ψ)-Anonymity Method for Trajectory Data Publishing

In recent years, mobile Internet technology and location based services have wide application. Application providers and users have accumulated huge amount of trajectory data. While publishing and analyzing user trajectory data have brought great convenience for people, the disclosure risks of user privacy caused by the trajectory data publishing are also becoming more and more prominent. Traditional k-anonymous trajectory data publishing technologies cannot effectively protect user privacy against attackers with strong background knowledge. For privacy preserving trajectory data publishing, we propose a differential privacy based (k-Ψ)-anonymity method to defend against re-identification and probabilistic inference attack. The proposed method is divided into two phases: in the first phase, a dummy-based (k-Ψ)-anonymous trajectory data publishing algorithm is given, which improves (k-δ)-anonymity by considering changes of threshold δ on different road segments and constructing an adaptive threshold set Ψ that takes into account road network information. In the second phase, Laplace noise regarding distance of anonymous locations under differential privacy is used for trajectory perturbation of the anonymous trajectory dataset outputted by the first phase. Experiments on real road network dataset are performed and the results show that the proposed method improves the trajectory indistinguishability and achieves good data utility in condition of preserving user privacy.     

δ-Calculus: A New Approach to Quantifying Location Privacy☆

With the rapid development of mobile wireless Internet and high-precision localization devices, location-based services (LBS) bring more convenience for people over recent years. In LBS, if the original location data are directly provided, serious privacy problems raise. As a response to these problems, a large number of location-privacy protection mechanisms (LPPMs) (including formal LPPMs, FLPPMs, etc.) and their evaluation metrics have been proposed to prevent personal location information from being leakage and quantify privacy leakage. However, existing schemes independently consider FLPPMs and evaluation metrics, without synergizing them into a unifying framework. In this paper, a unified model is proposed to synergize FLPPMs and evaluation metrics. In detail, the probabilistic process calculus (called δ-calculus) is proposed to characterize obfuscation schemes (which is a LPPM) and integrate α-entropy to δ-calculus to evaluate its privacy leakage. Further, we use two calculus moving and probabilistic choice to model nodes’ mobility and compute its probability distribution of nodes’ locations, and a renaming function to model privacy leakage. By formally defining the attacker’s ability and extending relative entropy, an evaluation algorithm is proposed to quantify the leakage of location privacy. Finally, a series of examples are designed to demonstrate the efficiency of our proposed approach.     

A Dynamic Multi-Attribute Resource Bidding Mechanism with Privacy Protection in Edge Computing

In edge computing, a reasonable edge resource bidding mechanism can enable edge providers and users to obtain benefits in a relatively fair fashion. To maximize such benefits, this paper proposes a dynamic multi-attribute resource bidding mechanism (DMRBM). Most of the previous work mainly relies on a third-party agent to exchange information to gain optimal benefits. It is worth noting that when edge providers and users trade with third-party agents which are not entirely reliable and trustworthy, their sensitive information is prone to be leaked. Moreover, the privacy protection of edge providers and users must be considered in the dynamic pricing/transaction process, which is also very challenging. Therefore, this paper first adopts a privacy protection algorithm to prevent sensitive information from leakage. On the premise that the sensitive data of both edge providers and users are protected, the prices of providers fluctuate within a certain range. Then, users can choose appropriate edge providers by the price-performance ratio (PPR) standard and the reward of lower price (LPR) standard according to their demands. The two standards can be evolved by two evaluation functions. Furthermore, this paper employs an approximate computing method to get an approximate solution of DMRBM in polynomial time. Specifically, this paper models the bidding process as a non-cooperative game and obtains the approximate optimal solution based on two standards according to the game theory. Through the extensive experiments, this paper demonstrates that the DMRBM satisfies the individual rationality, budget balance, and privacy protection and it can also increase the task offloading rate and the system benefits.     

Lightweight Mobile Clients Privacy Protection Using Trusted Execution Environments for Blockchain

Nowadays, as lightweight mobile clients become more powerful and widely used, more and more information is stored on lightweight mobile clients, user sensitive data privacy protection has become an urgent concern and problem to be solved. There has been a corresponding rise of security solutions proposed by researchers, however, the current security mechanisms on lightweight mobile clients are proven to be fragile. Due to the fact that this research field is immature and still unexplored in-depth, with this paper, we aim to provide a structured and comprehensive study on privacy protection using trusted execution environment (TEE) for lightweight mobile clients. This paper presents a highly effective and secure lightweight mobile client privacy protection system that utilizes TEE to provide a new method for privacy protection. In particular, the prototype of Lightweight Mobile Clients Privacy Protection Using Trusted Execution Environments (LMCPTEE) is built using Intel software guard extensions (SGX) because SGX can guarantee the integrity, confidentiality, and authenticity of private data. By putting lightweight mobile client critical data on SGX, the security and privacy of client data can be greatly improved. We design the authentication mechanism and privacy protection strategy based on SGX to achieve hardware-enhanced data protection and make a trusted connection with the lightweight mobile clients, thus build the distributed trusted system architecture. The experiment demonstrates that without relying on the performance of the blockchain, the LMCPTEE is practical, feasible, low-performance overhead. It can guarantee the privacy and security of lightweight mobile client private data.     

Optimal anonymous location privacy protection algorithm based on grid user density

ABSTRACT

The existing location anonymity algorithms do not consider the distribution of user density in the region. The area of anonymous domain is not the most appropriate and the query workload is redundant. To solve this problem, this paper proposes optimal anonymous location privacy protection algorithm based on grid user density. Taking the user density of the regional grid as the core and using reasonable dynamic shrinkage and expansion rules to find the most suitable anonymous domain, and reduces the anonymous domain as much as possible to meet the user privacy parameter configuration, thereby improving LBS service quality. This paper builds simulation dataset based on road network moving objects, and simulation experiments are performed on location privacy protection method, which proves the effectiveness of this method. At the same time, the real road network floating vehicle data is selected for the application of algorithm, which proves the feasibility of this method.     

Federated Learning Based on Data Divergence and Differential Privacy inFinancial Risk Control Research

In the financial sector, data are highly confidential and sensitive, and ensuring data privacy is critical. Sample fusion is the basis of horizontal federation learning, but it is suitable only for scenarios where customers have the same format but different targets, namely for scenarios with strong feature overlapping and weak user overlapping. To solve this limitation, this paper proposes a federated learning-based model with local data sharing and differential privacy. The indexing mechanism of differential privacy is used to obtain different degrees of privacy budgets, which are applied to the gradient according to the contribution degree to ensure privacy without affecting accuracy. In addition, data sharing is performed to improve the utility of the global model. Further, the distributed prediction model is used to predict customers’ loan propensity on the premise of protecting user privacy. Using an aggregation mechanism based on federated learning can help to train the model on distributed data without exposing local data. The proposed method is verified by experiments, and experimental results show that for non-iid data, the proposed method can effectively improve data accuracy and reduce the impact of sample tilt. The proposed method can be extended to edge computing, blockchain, and the Industrial Internet of Things (IIoT) fields. The theoretical analysis and experimental results show that the proposed method can ensure the privacy and accuracy of the federated learning process and can also improve the model utility for non-iid data by 7% compared to the federated averaging method (FedAvg).     

A Privacy-Preserving System Design for Digital Presence Protection

A person’s privacy has become a growing concern, given the nature of an expansive reliance on real-time video activities with video capture, stream, and storage. This paper presents an innovative system design based on a privacy-preserving model. The proposed system design is implemented by employing an enhanced capability that overcomes today’s single parameter-based access control protection mechanism for digital privacy preservation. The enhanced capability combines multiple access control parameters: facial expression, resource, environment, location, and time. The proposed system design demonstrated that a person’s facial expressions combined with a set of access control rules can achieve a person’s privacy-preserving preferences. The findings resulted in different facial expressions successfully triggering a person’s face to be blurred and a person’s privacy when using a real-time video conferencing service captured from a webcam or virtual webcam. A comparison analysis of capabilities between existing designs and the proposed system design shows enhancement of the capabilities of the proposed system. A series of experiments exercising the enhanced, real-time multi-parameter-based system was shown as a viable path forward for preserving a person’s privacy while using a webcam or virtual webcam to capture, stream, and store videos.     

Location Privacy in Device-Dependent Location-Based Services: Challenges and Solution

With the evolution of location-based services (LBS), a new type of LBS has already gain a lot of attention and implementation, we name this kind of LBS as the Device-Dependent LBS (DLBS). In DLBS, the service provider (SP) will not only send the information according to the user’s location, more significant, he also provides a service device which will be carried by the user. DLBS has been successfully practised in some of the large cities around the world, for example, the shared bicycle in Beijing and London. In this paper, we, for the first time, blow the whistle of the new location privacy challenges caused by DLBS, since the service device is enabled to perform the localization without the permission of the user. To conquer these threats, we design a service architecture along with a credit system between DLBS provider and the user. The credit system tie together the DLBS device usability with the curious behaviour upon user’s location privacy, DLBS provider has to sacrifice their revenue in order to gain extra location information of their device. We make the simulation of our proposed scheme and the result convince its effectiveness.     

Container-Based Internet of Vehicles Edge Application Migration Mechanism

Internet of Vehicles (IoV) applications integrating with edge computing will significantly drive the growth of IoV. However, the contradiction between the high-speed mobility of vehicles, the delay sensitivity of corresponding IoV applications and the limited coverage and resource capacity of distributed edge servers will pose challenges to the service continuity and stability of IoV applications. IoV application migration is a promising solution that can be supported by application containerization, a technology forseamless cross-edge-server application migration without user perception. Therefore, this paper proposes the container-based IoV edge application migration mechanism, consisting of three parts. The first is the migration trigger determination algorithm for cross-border migration and service degradation migration, respectively, based on trajectory prediction and traffic awareness to improve the determination accuracy. The second is the migration target decision calculation model for minimizing the average migration time and maximizing the average service time to reduce migration times and improve the stability and adaptability of migration decisions. The third is the migration decision algorithm based on the improved artificial bee colony algorithm to avoid local optimal migration decisions. Simulation results show that the proposed migration mechanism can reduce migration times, reduce average migration time, improve average service time and enhance the stability and adaptability of IoV application services.     

A GDPR Compliant Approach to Assign Risk Levels to Privacy Policies

Data privacy laws require service providers to inform their customers on how user data is gathered, used, protected, and shared. The General Data Protection Regulation (GDPR) is a legal framework that provides guidelines for collecting and processing personal information from individuals. Service providers use privacy policies to outline the ways an organization captures, retains, analyzes, and shares customers’ data with other parties. These policies are complex and written using legal jargon; therefore, users rarely read them before accepting them. There exist a number of approaches to automating the task of summarizing privacy policies and assigning risk levels. Most of the existing approaches are not GDPR compliant and use manual annotation/labeling of the privacy text to assign risk level, which is time-consuming and costly. We present a framework that helps users see not only data practice policy compliance with GDPR but also the risk levels to privacy associated with accepting that policy. The main contribution of our approach is eliminating the overhead cost of manual annotation by using the most frequent words in each category to create word-bags, which are used with Regular Expressions and Pointwise Mutual Information scores to assign risk levels that comply with the GDPR guidelines for data protection. We have also developed a web-based application to graphically display risk level reports for any given online privacy policy. Results show that our approach is not only consistent with GDPR but performs better than existing approaches by successfully assigning risk levels with 95.1% accuracy after assigning data practice categories with an accuracy rate of 79%.     

Towards Privacy-Preserving Cloud Storage: A Blockchain Approach

With the rapid development of cloud computing technology, cloud services have now become a new business model for information services. The cloud server provides the IT resources required by customers in a self-service manner through the network, realizing business expansion and rapid innovation. However, due to the insufficient protection of data privacy, the problem of data privacy leakage in cloud storage is threatening cloud computing. To address the problem, we propose BC-PECK, a data protection scheme based on blockchain and public key searchable encryption. Firstly, all the data is protected by the encryption algorithm. The privacy data is encrypted and stored in a cloud server, while the ciphertext index is established by a public key searchable encryption scheme and stored on the blockchain. Secondly, based on the characteristics of trusted execution of smart contract technology, a control mechanism for data accessing and sharing is given. Data transaction is automatically recorded on the blockchain, which is fairer under the premise of ensuring the privacy and security of the data sharing process. Finally, we analyzed the security and fairness of the current scheme. Through the comparison with similar schemes, we have shown the advantages of the proposed scheme.     

Personalized Privacy Protecting Model in Mobile Social Network

With the rapid development of the new generation of information technology, the analysis of mobile social network big data is getting deeper and deeper. At the same time, the risk of privacy disclosure in social network is also very obvious. In this paper, we summarize the main access control model in mobile social network, analyze their contribution and point out their disadvantages. On this basis, a practical privacy policy is defined through authorization model supporting personalized privacy preferences. Experiments have been conducted on synthetic data sets. The result shows that the proposed privacy protecting model could improve the security of the mobile social network while keeping high execution efficiency     

Game-Oriented Security Strategy Against Hotspot Attacks for Internet of Vehicles

With the rapid development of mobile communication technology, the application of internet of vehicles (IoV) services, such as for information services, driving safety, and traffic efficiency, is growing constantly. For businesses with low transmission delay, high data processing capacity and large storage capacity, by deploying edge computing in the IoV, data processing, encryption and decision-making can be completed at the local end, thus providing real-time and highly reliable communication capability. The roadside unit (RSU), as an important part of edge computing in the IoV, fulfils an important data forwarding function and provides an interactive communication channel for vehicles and server providers. Additional computing resources can be configured to accommodate the computing requirements of users. In this study, a virtual traffic defense strategy based on a differential game is proposed to solve the security problem of user-sensitive information leakage when an RSU is attacked. An incentive mechanism encourages service vehicles within the hot range to send virtual traffic to another RSU. By attracting the attention of attackers, it covers the target RSU and protects the system from attack. Simulation results show that the scheme provides the optimal strategy for intelligent vehicles to transmit virtual data, and ensures the maximization of users’ interests.     

Reliable Medical Recommendation Based on Privacy-Preserving Collaborative Filtering

Collaborative filtering (CF) methods are widely adopted by existing medical recommendation systems, which can help clinicians perform their work by seeking and recommending appropriate medical advice. However, privacy issue arises in this process as sensitive patient private data are collected by the recommendation server. Recently proposed privacy-preserving collaborative filtering methods, using computation-intensive cryptography techniques or data perturbation techniques are not appropriate in medical online service. The aim of this study is to address the privacy issues in the context of neighborhood-based CF methods by proposing a Privacy Preserving Medical Recommendation (PPMR) algorithm, which can protect patients’ treatment information and demographic information during online recommendation process without compromising recommendation accuracy and efficiency. The proposed algorithm includes two privacy preserving operations: Private Neighbor Selection and Neighborhood-based Differential Privacy Recommendation. Private Neighbor Selection is conducted on the basis of the notion of k-anonymity method, meaning that neighbors are privately selected for the target user according to his/her similarities with others. Neighborhood-based Differential Privacy Recommendation and a differential privacy mechanism are introduced in this operation to enhance the performance of recommendation. Our algorithm is evaluated using the real-world hospital EMRs dataset. Experimental results demonstrate that the proposed method achieves stable recommendation accuracy while providing comprehensive privacy for individual patients.     

Research on Federated Learning Data Sharing Scheme Based onDifferentialPrivacy

To realize data sharing, and to fully use the data value, breaking the data island between institutions to realize data collaboration has become a new sharing mode. This paper proposed a distributed data security sharing scheme based on C/S communication mode, and constructed a federated learning architecture that uses differential privacy technology to protect training parameters. Clients do not need to share local data, and they only need to upload the trained model parameters to achieve data sharing. In the process of training, a distributed parameter update mechanism is introduced. The server is mainly responsible for issuing training commands and parameters, and aggregating the local model parameters uploaded by the clients. The client mainly uses the stochastic gradient descent algorithm for gradient trimming, updates, and transmits the trained model parameters back to the server after differential processing. To test the performance of the scheme, in the application scenario where many medical institutions jointly train the disease detection system, the model is tested from multiple perspectives by taking medical data as an example. From the testing results, we can know that for this specific test dataset, when the parameters are properly configured, the lowest prediction accuracy rate is 90.261% and the highest accuracy rate is up to 94.352. It shows that the performance of the model is good. The results also show that this scheme realizes data sharing while protecting data privacy, completes accurate prediction of diseases, and has a good effect.     

A Distributed Privacy Preservation Approach for Big Data in Public Health Emergencies Using Smart Contract and SGX

Security and privacy issues have become a rapidly growing problem with the fast development of big data in public health. However, big data faces many ongoing serious challenges in the process of collection, storage, and use. Among them, data security and privacy problems have attracted extensive interest. In an effort to overcome this challenge, this article aims to present a distributed privacy preservation approach based on smart contracts and Intel Software Guard Extensions (SGX). First of all, we define SGX as a trusted edge computing node, design data access module, data protection module, and data integrity check module, to achieve hardware-enhanced data privacy protection. Then, we design a smart contract framework to realize distributed data access control management in a big data environment. The crucial role of the smart contract was revealed by designing multiple access control contracts, register contracts, and history contracts. Access control contracts provide access control methods for different users and enable static access verification and dynamic access verification by checking the user’s properties and history behavior. Register contract contains user property information, edge computing node information, the access control and history smart contract information, and provides functions such as registration, update, and deletion. History contract records the historical behavior information of malicious users, receives the report information of malicious requestors from the access control contract, implements a misbehavior check method to determines whether the requestor has misbehavior, and returns the corresponding result. Finally, we design decentralized system architecture, prove the security properties, and analysis to verify the feasibility of the system. Results demonstrate that our method can effectively improve the timeliness of data, reduce network latency, and ensure the security, reliability, and traceability of data.     

Research on Privacy Disclosure Detection Method in Social Networks Based on Multi-Dimensional Deep Learning

In order to effectively detect the privacy that may be leaked through social networks and avoid unnecessary harm to users, this paper takes microblog as the research object to study the detection of privacy disclosure in social networks. First, we perform fast privacy leak detection on the currently published text based on the fastText model. In the case that the text to be published contains certain private information, we fully consider the aggregation effect of the private information leaked by different channels, and establish a convolution neural network model based on multi-dimensional features (MF-CNN) to detect privacy disclosure comprehensively and accurately. The experimental results show that the proposed method has a higher accuracy of privacy disclosure detection and can meet the real-time requirements of detection.     

Privacy Data Management Mechanism Based on Blockchain and Federated Learning

Due to the extensive use of various intelligent terminals and the popularity of network social tools, a large amount of data in the field of medical emerged. How to manage these massive data safely and reliably has become an important challenge for the medical network community. This paper proposes a data management framework of medical network community based on Consortium Blockchain (CB) and Federated learning (FL), which realizes the data security sharing between medical institutions and research institutions. Under this framework, the data security sharing mechanism of medical network community based on smart contract and the data privacy protection mechanism based on FL and alliance chain are designed to ensure the security of data and the privacy of important data in medical network community, respectively. An intelligent contract system based on Keyed-Homomorphic Public Key (KH-PKE) Encryption scheme is designed, so that medical data can be saved in the CB in the form of ciphertext, and the automatic sharing of data is realized. Zero knowledge mechanism is used to ensure the correctness of shared data. Moreover, the zero-knowledge mechanism introduces the dynamic group signature mechanism of chosen ciphertext attack (CCA) anonymity, which makes the scheme more efficient in computing and communication cost. In the end of this paper, the performance of the scheme is analyzed from both asymptotic and practical aspects. Through experimental comparative analysis, the scheme proposed in this paper is more effective and feasible.     

Privacy Protection for Medical Images Based on DenseNet and Coverless Steganography

With the development of the internet of medical things (IoMT), the privacy protection problem has become more and more critical. In this paper, we propose a privacy protection scheme for medical images based on DenseNet and coverless steganography. For a given group of medical images of one patient, DenseNet is used to regroup the images based on feature similarity comparison. Then the mapping indexes can be constructed based on LBP feature and hash generation. After mapping the privacy information with the hash sequences, the corresponding mapped indexes of secret information will be packed together with the medical images group and released to the authorized user. The user can extract the privacy information successfully with a similar method of feature analysis and index construction. The simulation results show good performance of robustness. And the hiding success rate also shows good feasibility and practicability for application. Since the medical images are kept original without embedding and modification, the performance of crack resistance is outstanding and can keep better quality for diagnosis compared with traditional schemes with data embedding.