Blockchain-Enabled Privacy Protection and Access Control Scheme Towards Sensitive Digital Assets Management

With the growth of requirements for data sharing,a novel business model of digital assets trading has emerged that allows data owners to sell their data for monetary gain.In the distributed ledger of blockchain,however,the privacy of stakeholder's identity and the confidentiality of data content are threatened.Therefore,we proposed a blockchainenabled privacy-preserving and access control scheme to address the above problems.First,the multi-channel mechanism is introduced to provide the privacy protection of distributed ledger inside the channel and achieve coarse-grained access control to digital assets.Then,we use multi-authority attribute-based encryption(MAABE)algorithm to build a fine-grained access control model for data trading in a single channel and describe its instantiation in detail.Security analysis shows that the scheme has IND-CPA secure and can provide privacy protection and collusion resistance.Compared with other schemes,our solution has better performance in privacy protection and access control.The evaluation results demonstrate its effectiveness and practicability.

Intelligent Silent Zone for Source-Location Privacy Based on Context-Awareness in WSNs

In many wireless sensor networks(WSNs)applications,the preservation of source-location privacy plays a critical role in concealing context information,otherwise the monitored entities or subjects may be put in danger.Many traditional solutions have been proposed based on the creation of random routes,such as random walk and fake sources approach,which will lead to serious packet delay and high energy consumption.Instead of applying the routing in a blind way,this article proposes a novel solution for source location privacy in WSNs by utilizing sensor ability of perceiving the presence a mobile attacker nearby,for patient attackers in particular to increase the safety period and decrease the data delivery delay.The proposed strategy forms an intelligent silent zone(ISZ)by sacrificing only a minority of sensor nodes to entice patient attackers away from real packet routing path.The analysis and simulation results show that the proposed scheme,besides providing source location privacy energy efficiently,can significantly reduce real event reporting latency compared with the existing approaches.

Fuzzy Privacy Decision for Context-Aware Access Personal Information

A context-aware privacy protection framework was designed for context-aware services and privacy control methods about access personal information in pervasive environment. In the process of user＇s privacy decision, it can produce fuzzy privacy decision as the change of personal information sensitivity and personal information receiver trust. The uncertain privacy decision model was proposed about personal information disclosure based on the change of personal information receiver trust and personal information sensitivity. A fuzzy privacy decision information system was designed according to this model. Personal privacy control policies can be extracted from this information system by using rough set theory. It also solves the problem about learning privacy control policies of personal information disclosure.

Context-Aware System Modeling Based on Boolean Control Network

Boolean control network consists of a set of Boolean variables whose state is determined by other variables in the network. Boolean network is used for modeling complex system. In this paper, we have presented a model of a context-aware system used in smart home based on Boolean control networks. This modeling describes the relationship between the context elements (person, time, location, and activity) and services (Morning Call, Sleeping, Guarding, Entertainment, and normal), which is effective to logical inference. We apply semi tensor matrix product to describe the dynamic of the system. This matrix form of expression is a convenient and reasonable way to design logic control system.

Ending Privacy’s Gremlin: Stopping the Data-Broker Loophole to the Fourth Amendment’s Search Warrant Requirement

Advances in technology require upgrades in the law. One such area involves data brokers, which have thus far gone unregulated. Data brokers use artificial intelligence to aggregate information into data profiles about individual Americans derived from consumer use of the internet and connected devices. Data profiles are then sold for profit. Government investigators use a legal loophole to purchase this data instead of obtaining a search warrant, which the Fourth Amendment would otherwise require. Consumers have lacked a reasonable means to fight or correct the information data brokers collect. Americans may not even be aware of the risks of data aggregation, which upends the test of reasonable expectations used in a search warrant analysis. Data aggregation should be controlled and regulated, which is the direction some privacy laws take. Legislatures must step forward to safeguard against shadowy data-profiling practices, whether abroad or at home. In the meantime, courts can modify their search warrant analysis by including data privacy principles.

Blockchain Data Privacy Access Control Based on Searchable Attribute Encryption

Data privacy is important to the security of our society,and enabling authorized users to query this data efficiently is facing more challenge.Recently,blockchain has gained extensive attention with its prominent characteristics as public,distributed,decentration and chronological characteristics.However,the transaction information on the blockchain is open to all nodes,the transaction information update operation is even more transparent.And the leakage of transaction information will cause huge losses to the transaction party.In response to these problems,this paper combines hierarchical attribute encryption with linear secret sharing,and proposes a blockchain data privacy protection control scheme based on searchable attribute encryption,which solves the privacy exposure problem in traditional blockchain transactions.The user’s access control is implemented by the verification nodes,which avoids the security risks of submitting private keys and access structures to the blockchain network.Associating the private key component with the random identity of the user node in the blockchain can solve the collusion problem.In addition,authorized users can quickly search and supervise transaction information through searchable encryption.The improved algorithm ensures the security of keywords.Finally,based on the DBDH hypothesis,the security of the scheme is proved in the random prediction model.

Privacy Protection Based Access Control Scheme in Cloud-Based Services

With the rapid development of computer technology, cloud-based services have become a hot topic. They not only provide users with convenience, but also bring many security issues, such as data sharing and privacy issue. In this paper, we present an access control system with privilege separation based on privacy protection(PS-ACS). In the PS-ACS scheme, we divide users into private domain(PRD) and public domain(PUD) logically. In PRD, to achieve read access permission and write access permission, we adopt the Key-Aggregate Encryption(KAE) and the Improved Attribute-based Signature(IABS) respectively. In PUD, we construct a new multi-authority ciphertext policy attribute-based encryption(CP-ABE) scheme with efficient decryption to avoid the issues of single point of failure and complicated key distribution, and design an efficient attribute revocation method for it. The analysis and simulation result show that our scheme is feasible and superior to protect users' privacy in cloud-based services.

Security and Privacy Frameworks for Access Control Big Data Systems

In the security and privacy fields,Access Control(AC)systems are viewed as the fundamental aspects of networking security mechanisms.Enforcing AC becomes even more challenging when researchers and data analysts have to analyze complex and distributed Big Data(BD)processing cluster frameworks,which are adopted to manage yottabyte of unstructured sensitive data.For instance,Big Data systems’privacy and security restrictions are most likely to failure due to the malformed AC policy configurations.Furthermore,BD systems were initially developed toped to take care of some of the DB issues to address BD challenges and many of these dealt with the“three Vs”(Velocity,Volume,and Variety)attributes,without planning security consideration,which are considered to be patch work.Some of the BD“three Vs”characteristics,such as distributed computing,fragment,redundant data and node-to node communication,each with its own security challenges,complicate even more the applicability of AC in BD.This paper gives an overview of the latest security and privacy challenges in BD AC systems.Furthermore,it analyzes and compares some of the latest AC research frameworks to reduce privacy and security issues in distributed BD systems,which very few enforce AC in a cost-effective and in a timely manner.Moreover,this work discusses some of the future research methodologies and improvements for BD AC systems.This study is valuable asset for Artificial Intelligence(AI)researchers,DB developers and DB analysts who need the latest AC security and privacy research perspective before using and/or improving a current BD AC framework.

Cloud-Based Access Control to Preserve Privacy in Academic Web Application

Emerging cloud computing has introduced new platforms for developing enterprise academic web applications, where software, platforms and infrastructures are published to the globe as services. Software developers can build their systems by multiple invocations of these services. This research is devoted to investigating the management and data flow control over enterprise academic web applications where web services and developed academic web application are constructing infrastructure-networking scheme at the application level. Academic web services are invoked over http port and using REST based protocol;thus traditional access control method is not enough to control the follow of data using host and port information. The new cloud based access control rules proposed here are to be designed and implemented to work at this level. The new proposed access control architecture will be a web service gateway, and it published itself as a service (SaaS). We used three case studies to test our moodle and then we apply JSON parsers to perceive web service description file (WSDL file) and supply policies according to data are to be allowed or denied based on user roll through our parsing.

Context-Aware Usage-Based Grid Authorization Framework

Due to inherent heterogeneity, multi-domain characteristic and highly dynamic nature, authorization is a critical concern in grid computing. This paper proposes a general authorization and access control architecture, grid usage control （GUCON）, for grid computing. It＇s based on the next generation access control mechanism usage control （UCON） model. The GUCON Framework dynamic grants and adapts permission to the subject based on a set of contextual information collected from the system environments; while retaining the authorization by evaluating access requests based on subject attributes, object attributes and requests. In general, GUCON model provides very flexible approaches to adapt the dynamically security request. GUCON model is being implemented in our experiment prototype.

Optimal Task Recommendation for Spatial Crowdsourcing with Privacy Control

Spatial Crowdsourcing(SC)is a transformative platform that engages a crowd of mobile users(i.e.,workers)in collecting and analyzing environmental,social and other spatio-temporal information.However,current solutions ignore the preference of each worker’s remuneration and acceptable distance,and the lack of error analysis after privacy control lead to undesirable task recommendation.In this paper,we introduce an optimization framework for task recommendation while protecting participant privacy.We propose a Generalization mechanism based on Bisecting k-means and an efficient algorithm considering the generalization error to maximization the reward of SC server.Both numerical evaluations and performance analysis are conducted to show the effectiveness and efficiency of the propose framework.

A Privacy-Preserving System Design for Digital Presence Protection

A person’s privacy has become a growing concern,given the nature of an expansive reliance on real-time video activities with video capture,stream,and storage.This paper presents an innovative system design based on a privacy-preserving model.The proposed system design is implemented by employing an enhanced capability that overcomes today’s single parameterbased access control protection mechanism for digital privacy preservation.The enhanced capability combines multiple access control parameters:facial expression,resource,environment,location,and time.The proposed system design demonstrated that a person’s facial expressions combined with a set of access control rules can achieve a person’s privacy-preserving preferences.The findings resulted in different facial expressions successfully triggering a person’s face to be blurred and a person’s privacy when using a real-time video conferencing service captured from a webcam or virtual webcam.A comparison analysis of capabilities between existing designs and the proposed system design shows enhancement of the capabilities of the proposed system.A series of experiments exercising the enhanced,real-time multi-parameterbased system was shown as a viable path forward for preserving a person’s privacy while using a webcam or virtual webcam to capture,stream,and store videos.

迈向信任的算法个性化推荐——“一键关闭”的法律反思

个性化推荐主要面临威胁人类主体自主性、“信息茧房”与“回音室”效应、大数据“杀熟”方面的质疑。“一键关闭”功能因能够实现隐私个人控制、促进信息自由流通和预防价格歧视而被推崇。然而,用户往往缺少隐私自治能力,个性化推荐造成群体极化之前首先具有议程凝聚、促进交往的价值,以关闭个性化推荐来解决价格歧视存在目标和手段的错位。“一键关闭”不仅难以符合规制预期,其自身还存在可操作度低和所承载公共价值模糊的弊端。个性化推荐的治理应以算法向善为方向,通过打造以信任为中心的透明可解释、用户交互友好的算法推荐,发挥个性化推荐的公共价值,增进社会福利。

分布式数据库隐私数据细粒度安全访问控制研究

为控制隐私数据的细粒度安全访问行为,提出分布式数据库隐私数据细粒度安全访问控制。通过分布式数据库空间划分,过滤隐私数据,利用分区方程,分解数据库空间内隐私数据,将隐私数据反应函数的构建过程定义为对分布式数据库中隐私数据挖掘的博弈过程,获取博弈因子,将细粒度划分问题转化为隐私数据在最小二乘准则下的规划问题,划分隐私数据的细粒度。利用加密算法,对隐私数据加密,依据密钥分发算法为用户分发密钥,通过密钥转换,将加密后的隐私数据上传到分布式数据库,利用数据库验证用户的令牌是否包含隐私数据的信息,建立令牌请求机制,实现隐私数据的细粒度安全访问控制。实验结果表明,经过文中方法控制后,分布式数据库的响应性能有所提高,在保证正确性的同时,还可以提高对恶意访问行为的控制能力,具有较高的实际应用价值。

面向非独立同分布数据的车联网多阶段联邦学习机制

车联网在智慧城市建设中扮演着不可或缺的角色,汽车不仅仅是交通工具,更是大数据时代信息采集和传输的重要载体.随着车辆采集的数据量飞速增长和人们隐私保护意识的增强,如何在车联网环境中确保用户数据安全,防止数据泄露,成为亟待解决的难题.联邦学习采用“数据不动模型动”的方式,为保护用户隐私和实现良好性能提供了可行方案.然而,受限于采集设备、地域环境、个人习惯的差异,多台车辆采集的数据通常表现为非独立同分布(non-independent and identically distributed,non-IID)数据,而传统的联邦学习算法在non-IID数据环境中,其模型收敛速度较慢.针对这一挑战,提出了一种面向non-IID数据的车联网多阶段联邦学习机制,称为FedWO.第1阶段采用联邦平均算法,使得全局模型快速达到一个基本的模型准确度;第2阶段采用联邦加权多方计算,依据各车辆的数据特性计算其在全局模型中的权重,聚合后得到性能更优的全局模型,同时采用传输控制策略,减少模型传输带来的通信开销;第3阶段为个性化计算阶段,车辆利用各自的数据进行个性化学习,微调本地模型获得与本地数据更匹配的模型.实验采用了驾驶行为数据集进行实验评估,结果表明相较于传统方法,在non-IID数据场景下,FedWO机制保护了数据隐私,同时提高了算法的准确度.

工作场所隐私缺失会导致工作脱离行为吗?———一项基于情感事件理论的研究

越来越多的企业开始采用开放式和共享式的办公空间设计,而开放式和共享式办公空间设计导致的一个关键问题就是办公场所隐私缺失。本研究基于情感事件理论,通过对210名员工进行时间间隔为两周的两阶段问卷调查,探析了工作场所隐私缺失会怎样通过消极情绪影响到员工的工作脱离行为。最终得到的研究结果表明:工作场所隐私缺失会对员工的工作脱离行为产生显著的正向影响,消极情绪在两者之间发挥部分中介作用。此外,控制点调节了工作场所隐私缺失与消极情绪之间的关系:相较于内控制点个体,外控制点个体更容易受到工作场所隐私缺失的消极影响,其消极情绪的增加更为明显,对工作脱离行为的影响也更强烈。

互联网自助医疗诊断中数据隐私保护方案研究

目的/意义针对互联网自助医疗诊断中易泄漏患者隐私的痛点,设计一套安全的数据隐私保护方案,既保护患者医疗健康数据,又提供准确的诊断和治疗建议。方法/过程医疗机构存储的疾病数据和患者医疗健康数据,经同态加密和隐私保护控制技术处理后上传至云服务器,云服务器计算患者医疗健康数据与医疗机构疾病数据之间的相似度并匹配患者疾病情况,将治疗方法发送给患者。结果/结论基于同态加密和隐私保护访问控制设计的医疗数据隐私保护方案,在互联网自助医疗诊断中能够有效保护患者隐私,同时提供准确的医疗诊断和治疗建议。

差分隐私增强的大米区块链品控模型

[目的/意义]针对传统大米品质监管追溯系统中存在的品控数据链机制不够完善、品控信息可追溯程度不足、数据上链效率低及隐私信息泄露等问题,提出一种差分隐私增强的大米区块链品控模型。[方法]首先,结合大米全产业链,设计数据传输流程,涵盖种植、收购、加工、仓储和销售等各环节,有效保证品控数据链的连续性;其次,为解决上链数据量大、上链效率低问题,将大米全产业链各环节关键品控数据存储于星际文件系统(InterPlanetary File System, IPFS),然后将存储完成后返回的哈希值上链;最后,为提高品控模型信息可追溯程度,将种植环节关键品控数据中涉及隐私的部分信息通过差分隐私(Differential Privacy)处理后展示给用户,模糊化个体数据,以提高品控信息可信度,同时也保护了农户种植隐私。基于该品控模型,设计了差分隐私增强的大米区块链品控系统,并在相关大米企业实际运行。[结果与讨论]经测试,差分隐私增强的大米区块链品控系统全产业链单环节数据完成存储平均耗时1.125 s,信息追溯查询平均耗时0.691 s。与传统大米品质监管追溯系统相比,单环节数据存储时间缩短6.64%,信息追溯查询时间缩短16.44%。[结论]研究提出的模型不仅提高了品控数据连续性和信息可追溯程度,同时保护了农户的隐私,还在一定程度上提升了品控数据存储及信息追溯查询的效率,可为大米品质监管与信息追溯系统的设计和改进提供参考。

服务机器人属性对消费者实现型幸福感的影响研究

当今,机器人越来越多地出现于商业场所,服务中的人际交互转变为人机交互,是否同样能给消费者带来幸福感呢?基于自我决定理论,本文探讨服务机器人属性对消费者实现型幸福感的影响。通过对255份问卷样本数据进行实证分析,结果发现:服务机器人属性对消费者实现型幸福感有显著正向影响;自我控制在服务机器人属性和实现型幸福感间起中介作用;消费者的社交焦虑正向调节服务机器人属性与实现型幸福感的关系,并且加强了自我控制在服务机器人属性与实现型幸福感之间的中介作用;感知隐私风险负向调节了服务机器人属性与实现型幸福感的关系,并且削弱了自我控制在服务机器人属性与实现型幸福感之间的中介作用。

支持受控共享的医疗数据隐私保护方案

患者医疗健康数据信息的合理利用促进了医学研究机构的发展。针对目前患者与医疗研究机构间共享医疗数据隐私易泄露,以及患者对医疗数据的使用情况不可控的问题,提出一种支持受控共享的医疗数据隐私保护方案。首先,将区块链与代理服务器结合设计医疗数据受控共享模型,区块链矿工节点分布式构造代理重加密密钥,使用代理服务器存储和转换医疗数据密文,利用代理重加密技术在保护患者隐私的同时实现医疗数据安全共享。其次,设计用户权限动态调整机制,由患者与区块链授权管理节点交互通过授权列表来更新医疗数据访问权限,实现患者对医疗数据的可控共享。最后,安全性分析表明,所提方案可以在医疗数据隐私保护的同时,实现医疗数据动态共享,并且可以抵抗共谋攻击。性能分析表明,该方案在通信开销、计算开销方面具有优势,适用于患者或医院与研究机构间的数据受控共享。