An analytical model for random pseudonym change scheme in VANETs

The emerging Vehicular Ad hoc NETworks (VANETs) can improve safety, efficiency and convenience in transportation. In spite of the expected benefits, VANETs also introduce some location privacy risk by periodically broadcasting vehicular information. Pseudonym change is commonly accepted as one approach to protect location privacy in VANETs, but the effectiveness of most pseudonym change schemes has never been investigated theoretically. In this paper, focusing on the Random Pseudonym Change (RPC) scheme, we propose an analytical model to quantify its level of location privacy by calculating the size of anonymity set of a vehicle. With this model, we can analyze the probability of a vehicle changing pseudonym simultaneously with its neighbor, which can be then used to calculate the size of anonymity set of the vehicle. Further, we investigate the influence of the pseudonym lifetime distribution on the level of location privacy. Research results, which are validated via extensive simulations, show that for the RPC scheme, the uniform pseudonym lifetime distribution can provide better location privacy protection than the reciprocal pseudonym lifetime distribution. In addition, we also discuss the conditional probability of a vehicle changing pseudonym simultaneously with its neighbor given the age of pseudonym used by the neighbor at the time when the vehicle last changed pseudonym, and point out that utilizing the age of pseudonym can improve the level of location privacy.     

Efficient chameleon hashing-based privacy-preserving auditing in cloud storage

Cloud storage is an important application service in cloud computing, it allows data users to store and access their files anytime, from anywhere and with any device. To ensure the security of the outsourced data, data user needs to periodically check data integrity. In some cases, the identity privacy of data user must be protected. However, in the existing preserving identity privacy protocols, data tag generation is mainly based on complex ring signature or group signature. It brings a heavy burden to data user. To ensure identity privacy of data user, in this paper we propose a novel identity privacy-preserving public auditing protocol by utilizing chameleon hash function. It can achieve the following properties: (1) the identity privacy of data user is preserved for cloud server; (2) the validity of the outsourced data is verified; (3) data privacy can be preserved for the auditor in auditing process; (4) computation cost to produce data tag is very low. Finally, we also show that our scheme is provably secure in the random oracle model, the security of the proposed scheme is related to the computational Diffie–Hellman problem and hash function problem.     

Anonymous Three-Party Password-Authenticated Key Exchange Scheme for Telecare Medical Information Systems

Telecare Medical Information Systems (TMIS) provide an effective way to enhance the medical process between doctors, nurses and patients. For enhancing the security and privacy of TMIS, it is important while challenging to enhance the TMIS so that a patient and a doctor can perform mutual authentication and session key establishment using a third-party medical server while the privacy of the patient can be ensured. In this paper, we propose an anonymous three-party password-authenticated key exchange (3PAKE) protocol for TMIS. The protocol is based on the efficient elliptic curve cryptosystem. For security, we apply the pi calculus based formal verification tool ProVerif to show that our 3PAKE protocol for TMIS can provide anonymity for patient and doctor while at the same time achieves mutual authentication and session key security. The proposed scheme is secure and efficient, and can be used in TMIS.     

Ambiguity in Social Network Data for Presence,Sensitive-Attribute,Degree and Relationship Privacy Protection

Maintaining privacy in network data publishing is a major challenge. This is because known characteristics of individuals can be used to extract new information about them. Recently, researchers have developed privacy methods based on k-anonymity and l-diversity to prevent re-identification or sensitive label disclosure through certain structural information. However, most of these studies have considered only structural information and have been developed for undirected networks. Furthermore, most existing approaches rely on generalization and node clustering so may entail significant information loss as all properties of all members of each group are generalized to the same value. In this paper, we introduce a framework for protecting sensitive attribute, degree (the number of connected entities), and relationships, as well as the presence of individuals in directed social network data whose nodes contain attributes. First, we define a privacy model that specifies privacy requirements for the above private information. Then, we introduce the technique of Ambiguity in Social Network data (ASN) based on anatomy, which specifies how to publish social network data. To employ ASN, individuals are partitioned into groups. Then, ASN publishes exact values of properties of individuals of each group with common group ID in several tables. The lossy join of those tables based on group ID injects uncertainty to reconstruct the original network. We also show how to measure different privacy requirements in ASN. Simulation results on real and synthetic datasets demonstrate that our framework, which protects from four types of private information disclosure, preserves data utility in tabular, topological and spectrum aspects of networks at a satisfactory level.     

Redefining Genomic Privacy: Trust and Empowerment

Fulfilling the promise of the genetic revolution requires the analysis of large datasets containing information from thousands to millions of participants. However, sharing human genomic data requires protecting subjects from potential harm. Current models rely on de-identification techniques in which privacy versus data utility becomes a zero-sum game. Instead, we propose the use of trust-enabling techniques to create a solution in which researchers and participants both win. To do so we introduce three principles that facilitate trust in genetic research and outline one possible framework built upon those principles. Our hope is that such trust-centric frameworks provide a sustainable solution that reconciles genetic privacy with data sharing and facilitates genetic research.     

CEDAR: communication efficient distributed analysis for regressions

Electronic health records (EHRs) offer great promises for advancing precision medicine and, at the same time, present significant analytical challenges. Particularly, it is often the case that patient-level data in EHRs cannot be shared across institutions (data sources) due to government regulations and/or institutional policies. As a result, there are growing interests about distributed learning over multiple EHRs databases without sharing patient-level data. To tackle such challenges, we propose a novel communication efficient method that aggregates the optimal estimates of external sites, by turning the problem into a missing data problem. In addition, we propose incorporating posterior samples of remote sites, which can provide partial information on the missing quantities and improve efficiency of parameter estimates while having the differential privacy property and thus reducing the risk of information leaking. The proposed approach, without sharing the raw patient level data, allows for proper statistical inference. We provide theoretical investigation for the asymptotic properties of the proposed method for statistical inference as well as differential privacy, and evaluate its performance in simulations and real data analyses in comparison with several recently developed methods.     

Differentially private distributed logistic regression using private and public data

Background

Privacy protecting is an important issue in medical informatics and differential privacy is a state-of-the-art framework for data privacy research. Differential privacy offers provable privacy against attackers who have auxiliary information, and can be applied to data mining models (for example, logistic regression). However, differentially private methods sometimes introduce too much noise and make outputs less useful. Given available public data in medical research (e.g. from patients who sign open-consent agreements), we can design algorithms that use both public and private data sets to decrease the amount of noise that is introduced.

Methodology

In this paper, we modify the update step in Newton-Raphson method to propose a differentially private distributed logistic regression model based on both public and private data.

Experiments and results

We try our algorithm on three different data sets, and show its advantage over: (1) a logistic regression model based solely on public data, and (2) a differentially private distributed logistic regression model based on private data under various scenarios.

Conclusion

Logistic regression models built with our new algorithm based on both private and public datasets demonstrate better utility than models that trained on private or public datasets alone without sacrificing the rigorous privacy guarantee.

     

Implementation of load management application system using smart grid privacy policy in energy management service environment

As the Smart grid is intelligent power grid, combining information Technology to the existing power grid. Electricity suppliers and consumers exchange real-time information to two-way and is a next-generation power grid to optimize energy efficiency. This paper suggests the implementation of load management application system using smart grid privacy policy in energy management service in energy management service environment. The structure of the privacy policy-based protection system using load management system in the smart grid environment is the structure that serves data in the load management system to the web through the application service network. For this, the privacy policy-based protection system suggested and developed the smart grid privacy policy-based protection system which controls service access by protecting items related to the personal information of the user and setting the privacy protection level for each item.     

In search of the missing subject: narrative identity and posthumous wronging

With the advanced methods of analysing old biological material, it is pressing to discuss what should be allowed to be done with human remains, particularly for well documented historical individuals. We argue that Queen Christina of Sweden, who challenged the traditional gender roles, has an interest in maintaining her privacy when there are continued attempts to reveal her ‘true’ gender. In the long-running philosophical debate on posthumous wronging, the fundamental question is: Who is wronged? Our aim is to find this ‘missing subject’ using narrative theory.Narrative identity emphasises the fact that no person is alone in knowing or telling their life story. People’s lives are entangled and parts of the life story of a deceased person can remain in the living realm. Since the narrative identity of a person does not necessarily end upon their death, and this narrative continues to relate directly to the person who once existed, it is the narrative subject that can continue to be posthumously wronged. Queen Christina can no longer maintain her own identity, but we maintain it by our research into her life. We propose three duties relevant for posthumous wronging: the duty of truthfulness, the duty of recognition and the duty to respect privacy.     

An empirical study of web browsers’ resistance to traffic analysis and website fingerprinting attacks

Anonymity protocols are employed to establish encrypted tunnels to protect the privacy of Internet users from traffic analysis attacks. However, the attackers strive to infer some traffic patterns’ characteristics (e.g. packet directions, packet sizes, inter-packet timing, etc.) in order to expose the identities of Internet users and their activities. A recent and popular traffic analysis attack is called website fingerprinting which reveals the identity of websites visited by target users. Existing work in the literature studied the website fingerprinting attack using a single web browser, namely Firefox. In this paper we propose a unified traffic analysis attack model composed of a sequence of phases that demonstrate the efficiency of website fingerprinting attack using popular web browsers under Tor (The Onion Router). In addition, we reveal the main factors that affect the accuracy of website fingerprinting attack over Tor anonymous system and using different browsers. To the best of our knowledge, no previous study uncovered such factors by deploying real-world traffic analysis attack utilizing the top five web browsers. The outcomes of the research are very relevant to Internet users (individuals/companies/governments) since they allow to assess to which extent their privacy is preserved in presence of traffic analysis attacks, in particular, website fingerprinting over different browsers. A recommendation for future research direction regarding the investigation of website fingerprinting over different scenarios is also provided.     

Yahtzee: An Anonymized Group Level Matching Procedure

Researchers often face the problem of needing to protect the privacy of subjects while also needing to integrate data that contains personal information from diverse data sources. The advent of computational social science and the enormous amount of data about people that is being collected makes protecting the privacy of research subjects ever more important. However, strict privacy procedures can hinder the process of joining diverse sources of data that contain information about specific individual behaviors. In this paper we present a procedure to keep information about specific individuals from being “leaked” or shared in either direction between two sources of data without need of a trusted third party. To achieve this goal, we randomly assign individuals to anonymous groups before combining the anonymized information between the two sources of data. We refer to this method as the Yahtzee procedure, and show that it performs as predicted by theoretical analysis when we apply it to data from Facebook and public voter records.     

Enabling secure auditing and deduplicating data without owner-relationship exposure in cloud storage

The public cloud storage auditing with deduplication has been studied to assure the data integrity and improve the storage efficiency for cloud storage in recent years. The cloud, however, has to store the link between the file and its data owners to support the valid data downloading in previous schemes. From this file-owner link, the cloud server can identify which users own the same file. It might expose the sensitive relationship among data owners of this multi-owners file, which seriously harms the data owners’ privacy. To address this problem, we propose an identity-protected secure auditing and deduplicating data scheme in this paper. In the proposed scheme, the cloud cannot learn any useful information on the relationship of data owners. Different from existing schemes, the cloud does not need to store the file-owner link for supporting valid data downloading. Instead, when the user downloads the file, he only needs to anonymously submit a credential to the cloud, and can download the file only if this credential is valid. Except this main contribution, our scheme has the following advantages over existing schemes. First, the proposed scheme achieves the constant storage, that is, the storage space is fully independent of the number of the data owners possessing the same file. Second, the proposed scheme achieves the constant computation. Only the first uploader needs to generate the authenticator for each file block, while subsequent owners do not need to generate it any longer. As a result, our scheme greatly reduces the storage overhead of the cloud and the computation overhead of data owners. The security analysis and experimental results show that our scheme is secure and efficient.     

Genomics and privacy: implications of the new reality of closed data for the field

Open source and open data have been driving forces in bioinformatics in the past. However, privacy concerns may soon change the landscape, limiting future access to important data sets, including personal genomics data. Here we survey this situation in some detail, describing, in particular, how the large scale of the data from personal genomic sequencing makes it especially hard to share data, exacerbating the privacy problem. We also go over various aspects of genomic privacy: first, there is basic identifiability of subjects having their genome sequenced. However, even for individuals who have consented to be identified, there is the prospect of very detailed future characterization of their genotype, which, unanticipated at the time of their consent, may be more personal and invasive than the release of their medical records. We go over various computational strategies for dealing with the issue of genomic privacy. One can "slice" and reformat datasets to allow them to be partially shared while securing the most private variants. This is particularly applicable to functional genomics information, which can be largely processed without variant information. For handling the most private data there are a number of legal and technological approaches-for example, modifying the informed consent procedure to acknowledge that privacy cannot be guaranteed, and/or employing a secure cloud computing environment. Cloud computing in particular may allow access to the data in a more controlled fashion than the current practice of downloading and computing on large datasets. Furthermore, it may be particularly advantageous for small labs, given that the burden of many privacy issues falls disproportionately on them in comparison to large corporations and genome centers. Finally, we discuss how education of future genetics researchers will be important, with curriculums emphasizing privacy and data security. However, teaching personal genomics with identifiable subjects in the university setting will, in turn, create additional privacy issues and social conundrums.     

SHARE-ABE: an efficient and secure data sharing framework based on ciphertext-policy attribute-based encryption and Fog computing

Attribute-based encryption (ABE) is an access control mechanism that ensures efficient data sharing among dynamic groups of users by setting up access structures indicating who can access what. However, ABE suffers from expensive computation and privacy issues in resource-constrained environments such as IoT devices. In this paper, we present SHARE-ABE, a novel collaborative approach for preserving privacy that is built on top of Ciphertext-Policy Attribute-Based Encryption (CP-ABE). Our approach uses Fog computing to outsource the most laborious decryption operations to Fog nodes. The latter collaborate to partially decrypt the data using an original and efficient chained architecture. Additionally, our approach preserves the privacy of the access policy by introducing false attributes. Furthermore, we introduce a new construction of a collaboration attribute that allows users within the same group to combine their attributes while satisfying the access policy. Experiments and analyses of the security properties demonstrate that the proposed scheme is secure and efficient especially for resource-constrained IoT devices.

     

Epidemic Contact Tracing via Communication Traces

Traditional contact tracing relies on knowledge of the interpersonal network of physical interactions, where contagious outbreaks propagate. However, due to privacy constraints and noisy data assimilation, this network is generally difficult to reconstruct accurately. Communication traces obtained by mobile phones are known to be good proxies for the physical interaction network, and they may provide a valuable tool for contact tracing. Motivated by this assumption, we propose a model for contact tracing, where an infection is spreading in the physical interpersonal network, which can never be fully recovered; and contact tracing is occurring in a communication network which acts as a proxy for the first. We apply this dual model to a dataset covering 72 students over a 9 month period, for which both the physical interactions as well as the mobile communication traces are known. Our results suggest that a wide range of contact tracing strategies may significantly reduce the final size of the epidemic, by mainly affecting its peak of incidence. However, we find that for low overlap between the face-to-face and communication interaction network, contact tracing is only efficient at the beginning of the outbreak, due to rapidly increasing costs as the epidemic evolves. Overall, contact tracing via mobile phone communication traces may be a viable option to arrest contagious outbreaks.     

Public Opinion about the Importance of Privacy in Biobank Research

Concerns about privacy may deter people from participating in genetic research. Recruitment and retention of biobank participants requires understanding the nature and magnitude of these concerns. Potential participants in a proposed biobank were asked about their willingness to participate, their privacy concerns, informed consent, and data sharing. A representative survey of 4659 U.S. adults was conducted. Ninety percent of respondents would be concerned about privacy, 56% would be concerned about researchers having their information, and 37% would worry that study data could be used against them. However, 60% would participate in the biobank if asked. Nearly half (48%) would prefer to provide consent once for all research approved by an oversight panel, whereas 42% would prefer to provide consent for each project separately. Although 92% would allow academic researchers to use study data, 80% and 75%, respectively, would grant access to government and industry researchers. Concern about privacy was related to lower willingness to participate only when respondents were told that they would receive $50 for participation and would not receive individual research results back. Among respondents who were told that they would receive $200 or individual research results, privacy concerns were not related to willingness. Survey respondents valued both privacy and participation in biomedical research. Despite pervasive privacy concerns, 60% would participate in a biobank. Assuring research participants that their privacy will be protected to the best of researchers'' abilities may increase participants'' acceptance of consent for broad research uses of biobank data by a wide range of researchers.     

A novel privacy protection of permissioned blockchains with conditionally anonymous ring signature

With the rapid development of permissioned blockchains, the problem of privacy leakage within permissioned blockchains is increasingly serious. In this paper, for the privacy problem in permissioned blockchains, a novel privacy protection method has been put forward. In this novel method, the ring signature is used to protect the privacy of the user in permissioned blockchains. On the other hand, the unconditional anonymity of ring signature may be abused maliciously by the adversary. Conditional anonymity is considered to improve the ring signature. Therefore, based on conditionally anonymous ring signature, permissioned blockchains privacy protection scheme has also been laid down. Furthermore, the effects of smart contract for transaction flows are considered. The asynchronous signing transaction process is proposed. The security of the scheme has been formally reduced to the Discrete Logarithm assumption. The comparison with the state-of-the-art and simulation experiment have also demonstrated that the proposed scheme is efficient and practical.

     

Privacy preserving sub-feature selection based on fuzzy probabilities

The feature selection addresses the issue of developing accurate models for classification in data mining. The aggregated data collection from distributed environment for feature selection makes the problem of accessing the relevant inputs of individual data records. Preserving the privacy of individual data is often critical issue in distributed data mining. In this paper, it proposes the privacy preservation of individual data for both feature and sub-feature selection based on data mining techniques and fuzzy probabilities. For privacy purpose, each party maintains their privacy as the instruction of data miner with the help of fuzzy probabilities as alias values. The techniques have developed for own database of data miner in distributed network with fuzzy system and also evaluation of sub-feature value included for the processing of data mining task. The feature selection has been explained by existing data mining techniques i.e., gain ratio using fuzzy optimization. The estimation of gain ratio based on the relevant inputs for the feature selection has been evaluated within the expected upper and lower bound of fuzzy data set. It mainly focuses on sub-feature selection with privacy algorithm using fuzzy random variables among different parties in distributed environment. The sub-feature selection is uniquely identified for better class prediction. The algorithm provides the idea of selecting sub-feature using fuzzy probabilities with fuzzy frequency data from data miner’s database. The experimental result shows performance of our findings based on real world data set.     

Joint analysis of multiple metagenomic samples

The availability of metagenomic sequencing data, generated by sequencing DNA pooled from multiple microbes living jointly, has increased sharply in the last few years with developments in sequencing technology. Characterizing the contents of metagenomic samples is a challenging task, which has been extensively attempted by both supervised and unsupervised techniques, each with its own limitations. Common to practically all the methods is the processing of single samples only; when multiple samples are sequenced, each is analyzed separately and the results are combined. In this paper we propose to perform a combined analysis of a set of samples in order to obtain a better characterization of each of the samples, and provide two applications of this principle. First, we use an unsupervised probabilistic mixture model to infer hidden components shared across metagenomic samples. We incorporate the model in a novel framework for studying association of microbial sequence elements with phenotypes, analogous to the genome-wide association studies performed on human genomes: We demonstrate that stratification may result in false discoveries of such associations, and that the components inferred by the model can be used to correct for this stratification. Second, we propose a novel read clustering (also termed "binning") algorithm which operates on multiple samples simultaneously, leveraging on the assumption that the different samples contain the same microbial species, possibly in different proportions. We show that integrating information across multiple samples yields more precise binning on each of the samples. Moreover, for both applications we demonstrate that given a fixed depth of coverage, the average per-sample performance generally increases with the number of sequenced samples as long as the per-sample coverage is high enough.