The rapid growth of smart technologies and services has intensified the challenges surrounding identity authenti-cation techniques.Biometric credentials are increasingly being used for verification due to their advant...The rapid growth of smart technologies and services has intensified the challenges surrounding identity authenti-cation techniques.Biometric credentials are increasingly being used for verification due to their advantages over traditional methods,making it crucial to safeguard the privacy of people’s biometric data in various scenarios.This paper offers an in-depth exploration for privacy-preserving techniques and potential threats to biometric systems.It proposes a noble and thorough taxonomy survey for privacy-preserving techniques,as well as a systematic framework for categorizing the field’s existing literature.We review the state-of-the-art methods and address their advantages and limitations in the context of various biometric modalities,such as face,fingerprint,and eye detection.The survey encompasses various categories of privacy-preserving mechanisms and examines the trade-offs between security,privacy,and recognition performance,as well as the issues and future research directions.It aims to provide researchers,professionals,and decision-makers with a thorough understanding of the existing privacy-preserving solutions in biometric recognition systems and serves as the foundation of the development of more secure and privacy-preserving biometric technologies.展开更多
In a cloud environment,outsourced graph data is widely used in companies,enterprises,medical institutions,and so on.Data owners and users can save costs and improve efficiency by storing large amounts of graph data on...In a cloud environment,outsourced graph data is widely used in companies,enterprises,medical institutions,and so on.Data owners and users can save costs and improve efficiency by storing large amounts of graph data on cloud servers.Servers on cloud platforms usually have some subjective or objective attacks,which make the outsourced graph data in an insecure state.The issue of privacy data protection has become an important obstacle to data sharing and usage.How to query outsourcing graph data safely and effectively has become the focus of research.Adjacency query is a basic and frequently used operation in graph,and it will effectively promote the query range and query ability if multi-keyword fuzzy search can be supported at the same time.This work proposes to protect the privacy information of outsourcing graph data by encryption,mainly studies the problem of multi-keyword fuzzy adjacency query,and puts forward a solution.In our scheme,we use the Bloom filter and encryption mechanism to build a secure index and query token,and adjacency queries are implemented through indexes and query tokens on the cloud server.Our proposed scheme is proved by formal analysis,and the performance and effectiveness of the scheme are illustrated by experimental analysis.The research results of this work will provide solid theoretical and technical support for the further popularization and application of encrypted graph data processing technology.展开更多
Federated learning for edge computing is a promising solution in the data booming era,which leverages the computation ability of each edge device to train local models and only shares the model gradients to the centra...Federated learning for edge computing is a promising solution in the data booming era,which leverages the computation ability of each edge device to train local models and only shares the model gradients to the central server.However,the frequently transmitted local gradients could also leak the participants’private data.To protect the privacy of local training data,lots of cryptographic-based Privacy-Preserving Federated Learning(PPFL)schemes have been proposed.However,due to the constrained resource nature of mobile devices and complex cryptographic operations,traditional PPFL schemes fail to provide efficient data confidentiality and lightweight integrity verification simultaneously.To tackle this problem,we propose a Verifiable Privacypreserving Federated Learning scheme(VPFL)for edge computing systems to prevent local gradients from leaking over the transmission stage.Firstly,we combine the Distributed Selective Stochastic Gradient Descent(DSSGD)method with Paillier homomorphic cryptosystem to achieve the distributed encryption functionality,so as to reduce the computation cost of the complex cryptosystem.Secondly,we further present an online/offline signature method to realize the lightweight gradients integrity verification,where the offline part can be securely outsourced to the edge server.Comprehensive security analysis demonstrates the proposed VPFL can achieve data confidentiality,authentication,and integrity.At last,we evaluate both communication overhead and computation cost of the proposed VPFL scheme,the experimental results have shown VPFL has low computation costs and communication overheads while maintaining high training accuracy.展开更多
Handover authentication in high mobility scenarios is characterized by frequent and shortterm parallel execution.Moreover,the penetration loss and Doppler frequency shift caused by high speed also lead to the deterior...Handover authentication in high mobility scenarios is characterized by frequent and shortterm parallel execution.Moreover,the penetration loss and Doppler frequency shift caused by high speed also lead to the deterioration of network link quality.Therefore,high mobility scenarios require handover schemes with less handover overhead.However,some existing schemes that meet this requirement cannot provide strong security guarantees,while some schemes that can provide strong security guarantees have large handover overheads.To solve this dilemma,we propose a privacy-preserving handover authentication scheme that can provide strong security guarantees with less computational cost.Based on Orthogonal Time Frequency Space(OTFS)link and Key Encapsulation Mechanism(KEM),we establish the shared key between protocol entities in the initial authentication phase,thereby reducing the overhead in the handover phase.Our proposed scheme can achieve mutual authentication and key agreement among the user equipment,relay node,and authentication server.We demonstrate that our proposed scheme can achieve user anonymity,unlinkability,perfect forward secrecy,and resistance to various attacks through security analysis including the Tamarin.The performance evaluation results show that our scheme has a small computational cost compared with other schemes and can also provide a strong guarantee of security properties.展开更多
In the analysis of big data,deep learn-ing is a crucial technique.Big data analysis tasks are typically carried out on the cloud since it offers strong computer capabilities and storage areas.Nev-ertheless,there is a ...In the analysis of big data,deep learn-ing is a crucial technique.Big data analysis tasks are typically carried out on the cloud since it offers strong computer capabilities and storage areas.Nev-ertheless,there is a contradiction between the open nature of the cloud and the demand that data own-ers maintain their privacy.To use cloud resources for privacy-preserving data training,a viable method must be found.A privacy-preserving deep learning model(PPDLM)is suggested in this research to ad-dress this preserving issue.To preserve data privacy,we first encrypted the data using homomorphic en-cryption(HE)approach.Moreover,the deep learn-ing algorithm’s activation function—the sigmoid func-tion—uses the least-squares method to process non-addition and non-multiplication operations that are not allowed by homomorphic.Finally,experimental re-sults show that PPDLM has a significant effect on the protection of data privacy information.Compared with Non-Privacy Preserving Deep Learning Model(NPPDLM),PPDLM has higher computational effi-ciency.展开更多
As an essential component of intelligent transportation systems(ITS),electric vehicles(EVs)can store massive amounts of electric power in their batteries and send power back to a charging station(CS)at peak hours to b...As an essential component of intelligent transportation systems(ITS),electric vehicles(EVs)can store massive amounts of electric power in their batteries and send power back to a charging station(CS)at peak hours to balance the power supply and generate profits.However,when the system collects the corresponding power data,several severe security and privacy issues are encountered.The identity and private injection data may be maliciously intercepted by network attackers and be tampered with to damage the services of ITS and smart grids.Existing approaches requiring high computational overhead render them unsuitable for the resource-constrained Internet of Things(IoT)environment.To address above problems,this paper proposes a blockchain-enabled secure and privacy-preserving data aggregation scheme for fog-based ITS.First,a fog computing and blockchain co-aware aggregation framework of power injection data is designed,which provides strong support for ITS to achieve secure and efficient power injection.Second,Paillier homomorphic encryption,the batch aggregation signature mechanism and a Bloom filter are effectively integrated with efficient aggregation of power injection data with security and privacy guarantees.In addition,the fine-grained homomorphic aggregation is designed for power injection data generated by all EVs,which provides solid data support for accurate power dispatching and supply management in ITS.Experiments show that the total computational cost is significantly reduced in the proposed scheme while providing security and privacy guarantees.The proposed scheme is more suitable for ITS with latency-sensitive applications and is also adapted to deploying devices with limited resources.展开更多
Developing a privacy-preserving data publishing algorithm that stops individuals from disclosing their identities while not ignoring data utility remains an important goal to achieve.Because finding the trade-off betw...Developing a privacy-preserving data publishing algorithm that stops individuals from disclosing their identities while not ignoring data utility remains an important goal to achieve.Because finding the trade-off between data privacy and data utility is an NP-hard problem and also a current research area.When existing approaches are investigated,one of the most significant difficulties discovered is the presence of outlier data in the datasets.Outlier data has a negative impact on data utility.Furthermore,k-anonymity algorithms,which are commonly used in the literature,do not provide adequate protection against outlier data.In this study,a new data anonymization algorithm is devised and tested for boosting data utility by incorporating an outlier data detection mechanism into the Mondrian algorithm.The connectivity-based outlier factor(COF)algorithm is used to detect outliers.Mondrian is selected because of its capacity to anonymize multidimensional data while meeting the needs of real-world data.COF,on the other hand,is used to discover outliers in high-dimensional datasets with complicated structures.The proposed algorithm generates more equivalence classes than the Mondrian algorithm and provides greater data utility than previous algorithms based on k-anonymization.In addition,it outperforms other algorithms in the discernibility metric(DM),normalized average equivalence class size(Cavg),global certainty penalty(GCP),query error rate,classification accuracy(CA),and F-measure metrics.Moreover,the increase in the values of theGCPand error ratemetrics demonstrates that the proposed algorithm facilitates obtaining higher data utility by grouping closer data points when compared to other algorithms.展开更多
Medical data mining has become an essential task in healthcare sector to secure the personal and medical data of patients using privacy policy.In this background,several authentication and accessibility issues emerge ...Medical data mining has become an essential task in healthcare sector to secure the personal and medical data of patients using privacy policy.In this background,several authentication and accessibility issues emerge with an inten-tion to protect the sensitive details of the patients over getting published in open domain.To solve this problem,Multi Attribute Case based Privacy Preservation(MACPP)technique is proposed in this study to enhance the security of privacy-preserving data.Private information can be any attribute information which is categorized as sensitive logs in a patient’s records.The semantic relation between transactional patient records and access rights is estimated based on the mean average value to distinguish sensitive and non-sensitive information.In addition to this,crypto hidden policy is also applied here to encrypt the sensitive data through symmetric standard key log verification that protects the personalized sensitive information.Further,linear integrity verification provides authentication rights to verify the data,improves the performance of privacy preserving techni-que against intruders and assures high security in healthcare setting.展开更多
Outsourcing the k-Nearest Neighbor(kNN)classifier to the cloud is useful,yet it will lead to serious privacy leakage due to sensitive outsourced data and models.In this paper,we design,implement and evaluate a new sys...Outsourcing the k-Nearest Neighbor(kNN)classifier to the cloud is useful,yet it will lead to serious privacy leakage due to sensitive outsourced data and models.In this paper,we design,implement and evaluate a new system employing an outsourced privacy-preserving kNN Classifier Model based on Multi-Key Homomorphic Encryption(kNNCM-MKHE).We firstly propose a security protocol based on Multi-key Brakerski-Gentry-Vaikuntanathan(BGV)for collaborative evaluation of the kNN classifier provided by multiple model owners.Analyze the operations of kNN and extract basic operations,such as addition,multiplication,and comparison.It supports the computation of encrypted data with different public keys.At the same time,we further design a new scheme that outsources evaluation works to a third-party evaluator who should not have access to the models and data.In the evaluation process,each model owner encrypts the model and uploads the encrypted models to the evaluator.After receiving encrypted the kNN classifier and the user’s inputs,the evaluator calculated the aggregated results.The evaluator will perform a secure computing protocol to aggregate the number of each class label.Then,it sends the class labels with their associated counts to the user.Each model owner and user encrypt the result together.No information will be disclosed to the evaluator.The experimental results show that our new system can securely allow multiple model owners to delegate the evaluation of kNN classifier.展开更多
Advanced cloud computing technology provides cost saving and flexibility of services for users.With the explosion of multimedia data,more and more data owners would outsource their personal multimedia data on the clou...Advanced cloud computing technology provides cost saving and flexibility of services for users.With the explosion of multimedia data,more and more data owners would outsource their personal multimedia data on the cloud.In the meantime,some computationally expensive tasks are also undertaken by cloud servers.However,the outsourced multimedia data and its applications may reveal the data owner’s private information because the data owners lose the control of their data.Recently,this thought has aroused new research interest on privacy-preserving reversible data hiding over outsourced multimedia data.In this paper,two reversible data hiding schemes are proposed for encrypted image data in cloud computing:reversible data hiding by homomorphic encryption and reversible data hiding in encrypted domain.The former is that additional bits are extracted after decryption and the latter is that extracted before decryption.Meanwhile,a combined scheme is also designed.This paper proposes the privacy-preserving outsourcing scheme of reversible data hiding over encrypted image data in cloud computing,which not only ensures multimedia data security without relying on the trustworthiness of cloud servers,but also guarantees that reversible data hiding can be operated over encrypted images at the different stages.Theoretical analysis confirms the correctness of the proposed encryption model and justifies the security of the proposed scheme.The computation cost of the proposed scheme is acceptable and adjusts to different security levels.展开更多
With the development of Internet of Things(IoT),the delay caused by network transmission has led to low data processing efficiency.At the same time,the limited computing power and available energy consumption of IoT t...With the development of Internet of Things(IoT),the delay caused by network transmission has led to low data processing efficiency.At the same time,the limited computing power and available energy consumption of IoT terminal devices are also the important bottlenecks that would restrict the application of blockchain,but edge computing could solve this problem.The emergence of edge computing can effectively reduce the delay of data transmission and improve data processing capacity.However,user data in edge computing is usually stored and processed in some honest-but-curious authorized entities,which leads to the leakage of users’privacy information.In order to solve these problems,this paper proposes a location data collection method that satisfies the local differential privacy to protect users’privacy.In this paper,a Voronoi diagram constructed by the Delaunay method is used to divide the road network space and determine the Voronoi grid region where the edge nodes are located.A random disturbance mechanism that satisfies the local differential privacy is utilized to disturb the original location data in each Voronoi grid.In addition,the effectiveness of the proposed privacy-preserving mechanism is verified through comparison experiments.Compared with the existing privacy-preserving methods,the proposed privacy-preserving mechanism can not only better meet users’privacy needs,but also have higher data availability.展开更多
Numerous privacy-preserving issues have emerged along with the fast development of Internet, both in theory and in real-life applications. To settle the privacy-preserving problems, secure multi-party computation is e...Numerous privacy-preserving issues have emerged along with the fast development of Internet, both in theory and in real-life applications. To settle the privacy-preserving problems, secure multi-party computation is essential and critical. In this paper, we have solved two problems regarding to how to determine the position relation between points and curves without revealing any private information. Two protocols have been proposed in order to solve the problems in different conditions. In addition, some building blocks have been developed, such as scalar product protocol, so that we can take advantage of them to settle the privacy-preserving computational geometry problems which are a kind of special secure multi-party computation problems. Moreover, oblivious transfer and power series expansion serve as significant parts in our protocols. Analyses and proofs have also been given to argue our conclusion.展开更多
To address the problem of privacy disclosure during data mining, a new privacy-preserving decision tree classification construction model based on a differential privacy-protection mechanism is presented. An efficient...To address the problem of privacy disclosure during data mining, a new privacy-preserving decision tree classification construction model based on a differential privacy-protection mechanism is presented. An efficient classifier that uses feedback to add two types of noise via Laplace and exponential mechanisms to perturb the calculation results are introduced to the construction algorithm that provides a secure data access interface for users.Different split solutions for attributes of continuous and discrete values are provided and used to optimize the search scheme to reduce the error rate of the classifier. By choosing an available quality function with lower sensitivity for making decisions and improving the privacy budget allocation methods, the algorithm effectively resists malicious attacks that depend on the background knowledge. The potential problem of obtaining personal information by guessing unknown sensitive nodes of tree-type data is solved correspondingly. The better privacy preservation and accuracy of this new algorithm are shown by simulation experiments.展开更多
Clinical decision-support systems are technology-based tools that help healthcare providers enhance the quality of their services to satisfy their patients and earn their trust.These systems are used to improve physic...Clinical decision-support systems are technology-based tools that help healthcare providers enhance the quality of their services to satisfy their patients and earn their trust.These systems are used to improve physicians’diagnostic processes in terms of speed and accuracy.Using data-mining techniques,a clinical decision support system builds a classification model from hospital’s dataset for diagnosing new patients using their symptoms.In this work,we propose a privacy-preserving clinical decision-support system that uses a privacy-preserving random forest algorithm to diagnose new symptoms without disclosing patients’information and exposing them to cyber and network attacks.Solving the same problem with a different methodology,the simulation results show that the proposed algorithm outperforms previous work by removing unnecessary attributes and avoiding cryptography algorithms.Moreover,our model is validated against the privacy requirements of the hospitals’datasets and votes,and patients’diagnosed symptoms.展开更多
An RFID (Radio-Frequency IDentification) system provides the mechanism to identify tags to readers and then to execute specific RFID-enabled applications. In those applications, secure protocols using lightweight cryp...An RFID (Radio-Frequency IDentification) system provides the mechanism to identify tags to readers and then to execute specific RFID-enabled applications. In those applications, secure protocols using lightweight cryptography need to be developed and the privacy of tags must be ensured. In 2010, Batina et al. proposed a privacy-preserving grouping proof protocol for RFID based on ECC (Elliptic Curve Cryptography) in public-key cryptosystem. In the next year, Lv et al. had shown that Batina et al.’s protocol was insecure against the tracking attack such that the privacy of tags did not be preserved properly. Then they proposed a revised protocol based on Batina et al.’s work. Their revised protocol was claimed to have all security properties and resisted tracking attack. But in this paper, we prove that Lv et al.’s protocol cannot work properly. Then we propose a new version protocol with some nonce to satisfy the functions of Batina et al.’s privacy-preserving grouping proof protocol. Further we try the tracing attack made by Lv et al. on our protocol and prove our protocol can resist this attack to recover the untraceability.展开更多
Healthcare centers always aim to deliver the best quality healthcare services to patients and earn their satisfaction. Technology has played a major role in achieving these goals, such as clinical decision-support sys...Healthcare centers always aim to deliver the best quality healthcare services to patients and earn their satisfaction. Technology has played a major role in achieving these goals, such as clinical decision-support systems and mobile health social networks. These systems have improved the quality of care services by speeding-up the diagnosis process with accuracy, and allowing caregivers to monitor patients remotely through the use of WBS, respectively. However, these systems’ accuracy and efficiency are dependent on patients’ health information, which must be inevitably shared over the network, thus exposing them to cyber-attacks. Therefore, privacy-preserving services are ought to be employed to protect patients’ privacy. In this work, we proposed a privacy-preserving healthcare system, which is composed of two subsystems. The first is a privacy-preserving clinical decision-support system. The second subsystem is a privacy-preserving Mobile Health Social Network (MHSN). The former was based on decision tree classifier that is used to diagnose patients with new symptoms without disclosing patients’ records. Whereas the latter would allow physicians to monitor patients’ current condition remotely through WBS;thus sending help immediately in case of a distress situation detected. The social network, which connects patients of similar symptoms together, would also provide the service of seeking help of near-by passing people while the patient is waiting for an ambulance to arrive. Our model is expected to improve healthcare services while protecting patients’ privacy.展开更多
Data mining is the extraction of vast interesting patterns or knowledge from huge amount of data. The initial idea of privacy-preserving data mining PPDM was to extend traditional data mining techniques to work with t...Data mining is the extraction of vast interesting patterns or knowledge from huge amount of data. The initial idea of privacy-preserving data mining PPDM was to extend traditional data mining techniques to work with the data modified to mask sensitive information. The key issues were how to modify the data and how to recover the data mining result from the modified data. Privacy-preserving data mining considers the problem of running data mining algorithms on confidential data that is not supposed to be revealed even to the party running the algorithm. In contrast, privacy-preserving data publishing (PPDP) may not necessarily be tied to a specific data mining task, and the data mining task may be unknown at the time of data publishing. PPDP studies how to transform raw data into a version that is immunized against privacy attacks but that still supports effective data mining tasks. Privacy-preserving for both data mining (PPDM) and data publishing (PPDP) has become increasingly popular because it allows sharing of privacy sensitive data for analysis purposes. One well studied approach is the k-anonymity model [1] which in turn led to other models such as confidence bounding, l-diversity, t-closeness, (α,k)-anonymity, etc. In particular, all known mechanisms try to minimize information loss and such an attempt provides a loophole for attacks. The aim of this paper is to present a survey for most of the common attacks techniques for anonymization-based PPDM & PPDP and explain their effects on Data Privacy.展开更多
As an emergent-architecture, mobile edge computing shifts cloud service to the edge of networks. It can satisfy several desirable characteristics for Io T systems. To reduce communication pressure from Io T devices, d...As an emergent-architecture, mobile edge computing shifts cloud service to the edge of networks. It can satisfy several desirable characteristics for Io T systems. To reduce communication pressure from Io T devices, data aggregation is a good candidate. However, data processing in MEC may suffer from many challenges, such as unverifiability of aggregated data, privacy-violation and fault-tolerance. To address these challenges, we propose PVF-DA: privacy-preserving, verifiable and fault-tolerant data aggregation in MEC based on aggregator-oblivious encryption and zero-knowledge-proof. The proposed scheme can not only provide privacy protection of the reported data, but also resist the collusion between MEC server and corrupted Io T devices. Furthermore, the proposed scheme has two outstanding features: verifiability and strong fault-tolerance. Verifiability can make Io T device to verify whether the reported sensing data is correctly aggregated. Strong fault-tolerance makes the aggregator to compute an aggregate even if one or several Io Ts fail to report their data. Finally, the detailed security proofs are shown that the proposed scheme can achieve security and privacy-preservation properties in MEC.展开更多
The introduction of the Internet of Things(IoT)paradigm serves as pervasive resource access and sharing platform for different real-time applications.Decentralized resource availability,access,and allocation provide a...The introduction of the Internet of Things(IoT)paradigm serves as pervasive resource access and sharing platform for different real-time applications.Decentralized resource availability,access,and allocation provide a better quality of user experience regardless of the application type and scenario.However,privacy remains an open issue in this ubiquitous sharing platform due to massive and replicated data availability.In this paper,privacy-preserving decision-making for the data-sharing scheme is introduced.This scheme is responsible for improving the security in data sharing without the impact of replicated resources on communicating users.In this scheme,classification learning is used for identifying replicas and accessing granted resources independently.Based on the trust score of the available resources,this classification is recurrently performed to improve the reliability of information sharing.The user-level decisions for information sharing and access are made using the classification of the resources at the time of availability.This proposed scheme is verified using the metrics access delay,success ratio,computation complexity,and sharing loss.展开更多
User profile matching can establish social relationships between different users in the social network.If the user profile is matched in plaintext,the user's privacy might face a security challenge.Although there ...User profile matching can establish social relationships between different users in the social network.If the user profile is matched in plaintext,the user's privacy might face a security challenge.Although there exist some schemes realizing privacypreserving user profile matching,the resource-limited users or social service providers in these schemes need to take higher computational complexity to ensure the privacy or matching of the data.To overcome the problems,a novel privacy-preserving user profile matching protocol in social networks is proposed by using t-out-of n servers and the bloom filter technique,in which the computational complexity of a user is reduced by applying the Chinese Remainder Theorem,the matching users can be found with the help of any t matching servers,and the privacy of the user profile is not compromised.Furthermore,if at most t-1 servers are allowed to collude,our scheme can still fulfill user profile privacy and user query privacy.Finally,the performance of the proposed scheme is compared with the other two schemes,and the results show that our scheme is superior to them.展开更多
基金The research is supported by Nature Science Foundation of Zhejiang Province(LQ20F020008)“Pioneer”and“Leading Goose”R&D Program of Zhejiang(Grant Nos.2023C03203,2023C01150).
文摘The rapid growth of smart technologies and services has intensified the challenges surrounding identity authenti-cation techniques.Biometric credentials are increasingly being used for verification due to their advantages over traditional methods,making it crucial to safeguard the privacy of people’s biometric data in various scenarios.This paper offers an in-depth exploration for privacy-preserving techniques and potential threats to biometric systems.It proposes a noble and thorough taxonomy survey for privacy-preserving techniques,as well as a systematic framework for categorizing the field’s existing literature.We review the state-of-the-art methods and address their advantages and limitations in the context of various biometric modalities,such as face,fingerprint,and eye detection.The survey encompasses various categories of privacy-preserving mechanisms and examines the trade-offs between security,privacy,and recognition performance,as well as the issues and future research directions.It aims to provide researchers,professionals,and decision-makers with a thorough understanding of the existing privacy-preserving solutions in biometric recognition systems and serves as the foundation of the development of more secure and privacy-preserving biometric technologies.
基金This research was supported in part by the Nature Science Foundation of China(Nos.62262033,61962029,61762055,62062045 and 62362042)the Jiangxi Provincial Natural Science Foundation of China(Nos.20224BAB202012,20202ACBL202005 and 20202BAB212006)+3 种基金the Science and Technology Research Project of Jiangxi Education Department(Nos.GJJ211815,GJJ2201914 and GJJ201832)the Hubei Natural Science Foundation Innovation and Development Joint Fund Project(No.2022CFD101)Xiangyang High-Tech Key Science and Technology Plan Project(No.2022ABH006848)Hubei Superior and Distinctive Discipline Group of“New Energy Vehicle and Smart Transportation”,the Project of Zhejiang Institute of Mechanical&Electrical Engineering,and the Jiangxi Provincial Social Science Foundation of China(No.23GL52D).
文摘In a cloud environment,outsourced graph data is widely used in companies,enterprises,medical institutions,and so on.Data owners and users can save costs and improve efficiency by storing large amounts of graph data on cloud servers.Servers on cloud platforms usually have some subjective or objective attacks,which make the outsourced graph data in an insecure state.The issue of privacy data protection has become an important obstacle to data sharing and usage.How to query outsourcing graph data safely and effectively has become the focus of research.Adjacency query is a basic and frequently used operation in graph,and it will effectively promote the query range and query ability if multi-keyword fuzzy search can be supported at the same time.This work proposes to protect the privacy information of outsourcing graph data by encryption,mainly studies the problem of multi-keyword fuzzy adjacency query,and puts forward a solution.In our scheme,we use the Bloom filter and encryption mechanism to build a secure index and query token,and adjacency queries are implemented through indexes and query tokens on the cloud server.Our proposed scheme is proved by formal analysis,and the performance and effectiveness of the scheme are illustrated by experimental analysis.The research results of this work will provide solid theoretical and technical support for the further popularization and application of encrypted graph data processing technology.
基金supported by the National Natural Science Foundation of China(No.62206238)the Natural Science Foundation of Jiangsu Province(Grant No.BK20220562)the Natural Science Research Project of Universities in Jiangsu Province(No.22KJB520010).
文摘Federated learning for edge computing is a promising solution in the data booming era,which leverages the computation ability of each edge device to train local models and only shares the model gradients to the central server.However,the frequently transmitted local gradients could also leak the participants’private data.To protect the privacy of local training data,lots of cryptographic-based Privacy-Preserving Federated Learning(PPFL)schemes have been proposed.However,due to the constrained resource nature of mobile devices and complex cryptographic operations,traditional PPFL schemes fail to provide efficient data confidentiality and lightweight integrity verification simultaneously.To tackle this problem,we propose a Verifiable Privacypreserving Federated Learning scheme(VPFL)for edge computing systems to prevent local gradients from leaking over the transmission stage.Firstly,we combine the Distributed Selective Stochastic Gradient Descent(DSSGD)method with Paillier homomorphic cryptosystem to achieve the distributed encryption functionality,so as to reduce the computation cost of the complex cryptosystem.Secondly,we further present an online/offline signature method to realize the lightweight gradients integrity verification,where the offline part can be securely outsourced to the edge server.Comprehensive security analysis demonstrates the proposed VPFL can achieve data confidentiality,authentication,and integrity.At last,we evaluate both communication overhead and computation cost of the proposed VPFL scheme,the experimental results have shown VPFL has low computation costs and communication overheads while maintaining high training accuracy.
基金supported by Natural Science Foundation of China(No.62002006,U2241213,U21B2021,62172025,61932011,61932014,61972018,61972019,61772538,32071775,91646203)Defense Industrial Technology Development Program(No.JCKY2021211B017)。
文摘Handover authentication in high mobility scenarios is characterized by frequent and shortterm parallel execution.Moreover,the penetration loss and Doppler frequency shift caused by high speed also lead to the deterioration of network link quality.Therefore,high mobility scenarios require handover schemes with less handover overhead.However,some existing schemes that meet this requirement cannot provide strong security guarantees,while some schemes that can provide strong security guarantees have large handover overheads.To solve this dilemma,we propose a privacy-preserving handover authentication scheme that can provide strong security guarantees with less computational cost.Based on Orthogonal Time Frequency Space(OTFS)link and Key Encapsulation Mechanism(KEM),we establish the shared key between protocol entities in the initial authentication phase,thereby reducing the overhead in the handover phase.Our proposed scheme can achieve mutual authentication and key agreement among the user equipment,relay node,and authentication server.We demonstrate that our proposed scheme can achieve user anonymity,unlinkability,perfect forward secrecy,and resistance to various attacks through security analysis including the Tamarin.The performance evaluation results show that our scheme has a small computational cost compared with other schemes and can also provide a strong guarantee of security properties.
基金This work was partially supported by the Natural Science Foundation of Beijing Municipality(No.4222038)by Open Research Project of the State Key Laboratory of Media Convergence and Communication(Communication University of China),the National Key R&D Program of China(No.2021YFF0307600)Fundamental Research Funds for the Central Universities.
文摘In the analysis of big data,deep learn-ing is a crucial technique.Big data analysis tasks are typically carried out on the cloud since it offers strong computer capabilities and storage areas.Nev-ertheless,there is a contradiction between the open nature of the cloud and the demand that data own-ers maintain their privacy.To use cloud resources for privacy-preserving data training,a viable method must be found.A privacy-preserving deep learning model(PPDLM)is suggested in this research to ad-dress this preserving issue.To preserve data privacy,we first encrypted the data using homomorphic en-cryption(HE)approach.Moreover,the deep learn-ing algorithm’s activation function—the sigmoid func-tion—uses the least-squares method to process non-addition and non-multiplication operations that are not allowed by homomorphic.Finally,experimental re-sults show that PPDLM has a significant effect on the protection of data privacy information.Compared with Non-Privacy Preserving Deep Learning Model(NPPDLM),PPDLM has higher computational effi-ciency.
基金The authors received Funding for this study from the National Natural Science Foundation of China(No.61971235)the China Postdoctoral Science Foundation(No.2018M630590)+1 种基金the Jiangsu Planned Projects for Postdoctoral Research Funds(No.2021K501C)the 333 High-level Talents Training Project of Jiangsu Province,and the 1311 Talents Plan of NJUPT.
文摘As an essential component of intelligent transportation systems(ITS),electric vehicles(EVs)can store massive amounts of electric power in their batteries and send power back to a charging station(CS)at peak hours to balance the power supply and generate profits.However,when the system collects the corresponding power data,several severe security and privacy issues are encountered.The identity and private injection data may be maliciously intercepted by network attackers and be tampered with to damage the services of ITS and smart grids.Existing approaches requiring high computational overhead render them unsuitable for the resource-constrained Internet of Things(IoT)environment.To address above problems,this paper proposes a blockchain-enabled secure and privacy-preserving data aggregation scheme for fog-based ITS.First,a fog computing and blockchain co-aware aggregation framework of power injection data is designed,which provides strong support for ITS to achieve secure and efficient power injection.Second,Paillier homomorphic encryption,the batch aggregation signature mechanism and a Bloom filter are effectively integrated with efficient aggregation of power injection data with security and privacy guarantees.In addition,the fine-grained homomorphic aggregation is designed for power injection data generated by all EVs,which provides solid data support for accurate power dispatching and supply management in ITS.Experiments show that the total computational cost is significantly reduced in the proposed scheme while providing security and privacy guarantees.The proposed scheme is more suitable for ITS with latency-sensitive applications and is also adapted to deploying devices with limited resources.
基金supported by the Scientific and Technological Research Council of Turkiye,under Project No.(122E670).
文摘Developing a privacy-preserving data publishing algorithm that stops individuals from disclosing their identities while not ignoring data utility remains an important goal to achieve.Because finding the trade-off between data privacy and data utility is an NP-hard problem and also a current research area.When existing approaches are investigated,one of the most significant difficulties discovered is the presence of outlier data in the datasets.Outlier data has a negative impact on data utility.Furthermore,k-anonymity algorithms,which are commonly used in the literature,do not provide adequate protection against outlier data.In this study,a new data anonymization algorithm is devised and tested for boosting data utility by incorporating an outlier data detection mechanism into the Mondrian algorithm.The connectivity-based outlier factor(COF)algorithm is used to detect outliers.Mondrian is selected because of its capacity to anonymize multidimensional data while meeting the needs of real-world data.COF,on the other hand,is used to discover outliers in high-dimensional datasets with complicated structures.The proposed algorithm generates more equivalence classes than the Mondrian algorithm and provides greater data utility than previous algorithms based on k-anonymization.In addition,it outperforms other algorithms in the discernibility metric(DM),normalized average equivalence class size(Cavg),global certainty penalty(GCP),query error rate,classification accuracy(CA),and F-measure metrics.Moreover,the increase in the values of theGCPand error ratemetrics demonstrates that the proposed algorithm facilitates obtaining higher data utility by grouping closer data points when compared to other algorithms.
文摘Medical data mining has become an essential task in healthcare sector to secure the personal and medical data of patients using privacy policy.In this background,several authentication and accessibility issues emerge with an inten-tion to protect the sensitive details of the patients over getting published in open domain.To solve this problem,Multi Attribute Case based Privacy Preservation(MACPP)technique is proposed in this study to enhance the security of privacy-preserving data.Private information can be any attribute information which is categorized as sensitive logs in a patient’s records.The semantic relation between transactional patient records and access rights is estimated based on the mean average value to distinguish sensitive and non-sensitive information.In addition to this,crypto hidden policy is also applied here to encrypt the sensitive data through symmetric standard key log verification that protects the personalized sensitive information.Further,linear integrity verification provides authentication rights to verify the data,improves the performance of privacy preserving techni-que against intruders and assures high security in healthcare setting.
基金supported in part by the National Natural Science Foundation of China under Grant No.61872069in part by the Fundamental Research Funds for the Central Universities under Grant N2017012.
文摘Outsourcing the k-Nearest Neighbor(kNN)classifier to the cloud is useful,yet it will lead to serious privacy leakage due to sensitive outsourced data and models.In this paper,we design,implement and evaluate a new system employing an outsourced privacy-preserving kNN Classifier Model based on Multi-Key Homomorphic Encryption(kNNCM-MKHE).We firstly propose a security protocol based on Multi-key Brakerski-Gentry-Vaikuntanathan(BGV)for collaborative evaluation of the kNN classifier provided by multiple model owners.Analyze the operations of kNN and extract basic operations,such as addition,multiplication,and comparison.It supports the computation of encrypted data with different public keys.At the same time,we further design a new scheme that outsources evaluation works to a third-party evaluator who should not have access to the models and data.In the evaluation process,each model owner encrypts the model and uploads the encrypted models to the evaluator.After receiving encrypted the kNN classifier and the user’s inputs,the evaluator calculated the aggregated results.The evaluator will perform a secure computing protocol to aggregate the number of each class label.Then,it sends the class labels with their associated counts to the user.Each model owner and user encrypt the result together.No information will be disclosed to the evaluator.The experimental results show that our new system can securely allow multiple model owners to delegate the evaluation of kNN classifier.
基金This work was supported by the National Natural Science Foundation of China(No.61702276)the Startup Foundation for Introducing Talent of Nanjing University of Information Science and Technology under Grant 2016r055 and the Priority Academic Program Development(PAPD)of Jiangsu Higher Education Institutions.The authors are grateful for the anonymous reviewers who made constructive comments and improvements.
文摘Advanced cloud computing technology provides cost saving and flexibility of services for users.With the explosion of multimedia data,more and more data owners would outsource their personal multimedia data on the cloud.In the meantime,some computationally expensive tasks are also undertaken by cloud servers.However,the outsourced multimedia data and its applications may reveal the data owner’s private information because the data owners lose the control of their data.Recently,this thought has aroused new research interest on privacy-preserving reversible data hiding over outsourced multimedia data.In this paper,two reversible data hiding schemes are proposed for encrypted image data in cloud computing:reversible data hiding by homomorphic encryption and reversible data hiding in encrypted domain.The former is that additional bits are extracted after decryption and the latter is that extracted before decryption.Meanwhile,a combined scheme is also designed.This paper proposes the privacy-preserving outsourcing scheme of reversible data hiding over encrypted image data in cloud computing,which not only ensures multimedia data security without relying on the trustworthiness of cloud servers,but also guarantees that reversible data hiding can be operated over encrypted images at the different stages.Theoretical analysis confirms the correctness of the proposed encryption model and justifies the security of the proposed scheme.The computation cost of the proposed scheme is acceptable and adjusts to different security levels.
文摘With the development of Internet of Things(IoT),the delay caused by network transmission has led to low data processing efficiency.At the same time,the limited computing power and available energy consumption of IoT terminal devices are also the important bottlenecks that would restrict the application of blockchain,but edge computing could solve this problem.The emergence of edge computing can effectively reduce the delay of data transmission and improve data processing capacity.However,user data in edge computing is usually stored and processed in some honest-but-curious authorized entities,which leads to the leakage of users’privacy information.In order to solve these problems,this paper proposes a location data collection method that satisfies the local differential privacy to protect users’privacy.In this paper,a Voronoi diagram constructed by the Delaunay method is used to divide the road network space and determine the Voronoi grid region where the edge nodes are located.A random disturbance mechanism that satisfies the local differential privacy is utilized to disturb the original location data in each Voronoi grid.In addition,the effectiveness of the proposed privacy-preserving mechanism is verified through comparison experiments.Compared with the existing privacy-preserving methods,the proposed privacy-preserving mechanism can not only better meet users’privacy needs,but also have higher data availability.
基金Supported by the National Natural Science Foundation of China (No. 61070189, 60673065)the National High Technology Development Program (No. 2008AA01Z419)
文摘Numerous privacy-preserving issues have emerged along with the fast development of Internet, both in theory and in real-life applications. To settle the privacy-preserving problems, secure multi-party computation is essential and critical. In this paper, we have solved two problems regarding to how to determine the position relation between points and curves without revealing any private information. Two protocols have been proposed in order to solve the problems in different conditions. In addition, some building blocks have been developed, such as scalar product protocol, so that we can take advantage of them to settle the privacy-preserving computational geometry problems which are a kind of special secure multi-party computation problems. Moreover, oblivious transfer and power series expansion serve as significant parts in our protocols. Analyses and proofs have also been given to argue our conclusion.
基金supported by the National Natural Science Foundation of China(6137301761402241+4 种基金615722606157226161472192)the Scientific&Technological Support Project of Jiangsu Province(BE2014718BE2015702)
文摘To address the problem of privacy disclosure during data mining, a new privacy-preserving decision tree classification construction model based on a differential privacy-protection mechanism is presented. An efficient classifier that uses feedback to add two types of noise via Laplace and exponential mechanisms to perturb the calculation results are introduced to the construction algorithm that provides a secure data access interface for users.Different split solutions for attributes of continuous and discrete values are provided and used to optimize the search scheme to reduce the error rate of the classifier. By choosing an available quality function with lower sensitivity for making decisions and improving the privacy budget allocation methods, the algorithm effectively resists malicious attacks that depend on the background knowledge. The potential problem of obtaining personal information by guessing unknown sensitive nodes of tree-type data is solved correspondingly. The better privacy preservation and accuracy of this new algorithm are shown by simulation experiments.
文摘Clinical decision-support systems are technology-based tools that help healthcare providers enhance the quality of their services to satisfy their patients and earn their trust.These systems are used to improve physicians’diagnostic processes in terms of speed and accuracy.Using data-mining techniques,a clinical decision support system builds a classification model from hospital’s dataset for diagnosing new patients using their symptoms.In this work,we propose a privacy-preserving clinical decision-support system that uses a privacy-preserving random forest algorithm to diagnose new symptoms without disclosing patients’information and exposing them to cyber and network attacks.Solving the same problem with a different methodology,the simulation results show that the proposed algorithm outperforms previous work by removing unnecessary attributes and avoiding cryptography algorithms.Moreover,our model is validated against the privacy requirements of the hospitals’datasets and votes,and patients’diagnosed symptoms.
文摘An RFID (Radio-Frequency IDentification) system provides the mechanism to identify tags to readers and then to execute specific RFID-enabled applications. In those applications, secure protocols using lightweight cryptography need to be developed and the privacy of tags must be ensured. In 2010, Batina et al. proposed a privacy-preserving grouping proof protocol for RFID based on ECC (Elliptic Curve Cryptography) in public-key cryptosystem. In the next year, Lv et al. had shown that Batina et al.’s protocol was insecure against the tracking attack such that the privacy of tags did not be preserved properly. Then they proposed a revised protocol based on Batina et al.’s work. Their revised protocol was claimed to have all security properties and resisted tracking attack. But in this paper, we prove that Lv et al.’s protocol cannot work properly. Then we propose a new version protocol with some nonce to satisfy the functions of Batina et al.’s privacy-preserving grouping proof protocol. Further we try the tracing attack made by Lv et al. on our protocol and prove our protocol can resist this attack to recover the untraceability.
文摘Healthcare centers always aim to deliver the best quality healthcare services to patients and earn their satisfaction. Technology has played a major role in achieving these goals, such as clinical decision-support systems and mobile health social networks. These systems have improved the quality of care services by speeding-up the diagnosis process with accuracy, and allowing caregivers to monitor patients remotely through the use of WBS, respectively. However, these systems’ accuracy and efficiency are dependent on patients’ health information, which must be inevitably shared over the network, thus exposing them to cyber-attacks. Therefore, privacy-preserving services are ought to be employed to protect patients’ privacy. In this work, we proposed a privacy-preserving healthcare system, which is composed of two subsystems. The first is a privacy-preserving clinical decision-support system. The second subsystem is a privacy-preserving Mobile Health Social Network (MHSN). The former was based on decision tree classifier that is used to diagnose patients with new symptoms without disclosing patients’ records. Whereas the latter would allow physicians to monitor patients’ current condition remotely through WBS;thus sending help immediately in case of a distress situation detected. The social network, which connects patients of similar symptoms together, would also provide the service of seeking help of near-by passing people while the patient is waiting for an ambulance to arrive. Our model is expected to improve healthcare services while protecting patients’ privacy.
文摘Data mining is the extraction of vast interesting patterns or knowledge from huge amount of data. The initial idea of privacy-preserving data mining PPDM was to extend traditional data mining techniques to work with the data modified to mask sensitive information. The key issues were how to modify the data and how to recover the data mining result from the modified data. Privacy-preserving data mining considers the problem of running data mining algorithms on confidential data that is not supposed to be revealed even to the party running the algorithm. In contrast, privacy-preserving data publishing (PPDP) may not necessarily be tied to a specific data mining task, and the data mining task may be unknown at the time of data publishing. PPDP studies how to transform raw data into a version that is immunized against privacy attacks but that still supports effective data mining tasks. Privacy-preserving for both data mining (PPDM) and data publishing (PPDP) has become increasingly popular because it allows sharing of privacy sensitive data for analysis purposes. One well studied approach is the k-anonymity model [1] which in turn led to other models such as confidence bounding, l-diversity, t-closeness, (α,k)-anonymity, etc. In particular, all known mechanisms try to minimize information loss and such an attempt provides a loophole for attacks. The aim of this paper is to present a survey for most of the common attacks techniques for anonymization-based PPDM & PPDP and explain their effects on Data Privacy.
基金supported by Beijing Natural Science Foundation—Haidian Original Innovation Joint Fund Project Task Book(Key Research Topic)(Nos.L182039)Open Fund of National Engineering Laboratory for Big Data Collaborative Security Technology and the Foundation of Guizhou Provincial Key Laboratory of Public Big Data(No.2019BDKFJJ012)。
文摘As an emergent-architecture, mobile edge computing shifts cloud service to the edge of networks. It can satisfy several desirable characteristics for Io T systems. To reduce communication pressure from Io T devices, data aggregation is a good candidate. However, data processing in MEC may suffer from many challenges, such as unverifiability of aggregated data, privacy-violation and fault-tolerance. To address these challenges, we propose PVF-DA: privacy-preserving, verifiable and fault-tolerant data aggregation in MEC based on aggregator-oblivious encryption and zero-knowledge-proof. The proposed scheme can not only provide privacy protection of the reported data, but also resist the collusion between MEC server and corrupted Io T devices. Furthermore, the proposed scheme has two outstanding features: verifiability and strong fault-tolerance. Verifiability can make Io T device to verify whether the reported sensing data is correctly aggregated. Strong fault-tolerance makes the aggregator to compute an aggregate even if one or several Io Ts fail to report their data. Finally, the detailed security proofs are shown that the proposed scheme can achieve security and privacy-preservation properties in MEC.
基金supported by the Deanship of Scientific Research(DSR),King Abdulaziz University,Jeddah,under grant No.(DF-203-611-1441)。
文摘The introduction of the Internet of Things(IoT)paradigm serves as pervasive resource access and sharing platform for different real-time applications.Decentralized resource availability,access,and allocation provide a better quality of user experience regardless of the application type and scenario.However,privacy remains an open issue in this ubiquitous sharing platform due to massive and replicated data availability.In this paper,privacy-preserving decision-making for the data-sharing scheme is introduced.This scheme is responsible for improving the security in data sharing without the impact of replicated resources on communicating users.In this scheme,classification learning is used for identifying replicas and accessing granted resources independently.Based on the trust score of the available resources,this classification is recurrently performed to improve the reliability of information sharing.The user-level decisions for information sharing and access are made using the classification of the resources at the time of availability.This proposed scheme is verified using the metrics access delay,success ratio,computation complexity,and sharing loss.
基金supported in part by the Natural Science Foundation of Beijing(no.4212019,M22002)the National Natural Science Foundation of China(no.62172005)+1 种基金the Open Research Fund of Key Laboratory of Cryptography of Zhejiang Province(No.ZCL21014)the Foundation of Guizhou Provincial Key Laboratory of Public Big Data(no.2019BDKF JJ012)。
文摘User profile matching can establish social relationships between different users in the social network.If the user profile is matched in plaintext,the user's privacy might face a security challenge.Although there exist some schemes realizing privacypreserving user profile matching,the resource-limited users or social service providers in these schemes need to take higher computational complexity to ensure the privacy or matching of the data.To overcome the problems,a novel privacy-preserving user profile matching protocol in social networks is proposed by using t-out-of n servers and the bloom filter technique,in which the computational complexity of a user is reduced by applying the Chinese Remainder Theorem,the matching users can be found with the help of any t matching servers,and the privacy of the user profile is not compromised.Furthermore,if at most t-1 servers are allowed to collude,our scheme can still fulfill user profile privacy and user query privacy.Finally,the performance of the proposed scheme is compared with the other two schemes,and the results show that our scheme is superior to them.