Anonymous Mechanism Research Articles

Unlinkable and Revocable Signcryption Scheme for VANETs

Vehicular ad-hoc networks (VANETs) can significantly improve the level of urban traffic management. However, the sender unlinkability has become an intricate issue in the field of VANETs’ encryption. As the sender signcrypts a message, the receiver has to use the sender’s identity or public key to decrypt it. Consequently, the sender can be traced using the same identity or public key, which poses some security risks to the sender. To address this issue, we present an unlinkable and revocable signcryption scheme (URSCS), where an efficient and powerful signcryption mechanism is adopted for communication. The sender constructs a polynomial to generate a unique session key for each communication, which is then transmitted to a group of receivers, enabling the same secret message to be sent to multiple receivers. Each time a secret message is sent, a new key pair is generated, and an anonymization mechanism is introduced to conceal the true identity of the vehicle, thus preventing malicious attackers from tracing the sender through the public key or the real identity. With the introduction of the identification public key, this scheme supports either multiple receivers or a single receiver, where the receiver can be either road side units (RSUs) or vehicles. Additionally, a complete revocation mechanism is constructed with extremely low communication overhead, utilizing the Chinese remainder theorem (CRT). Formal and informal security analyses demonstrate that our URSCS scheme meets the expected security and privacy requirements of VANETs. The performance analysis shows that our URSCS scheme outperforms other represented schemes.

Decentralized Federated Recommendation with Privacy-aware Structured Client-level Graph

Recommendation models are deployed in a variety of commercial applications to provide personalized services for users. However, most of them rely on the users’ original rating records that are often collected by a centralized server for model training, which may cause privacy issues. Recently, some centralized federated recommendation models are proposed for the protection of users’ privacy, which however requires a server for coordination in the whole process of model training. As a response, we propose a novel privacy-aware decentralized federated recommendation (DFedRec) model, which is lossless compared with the traditional model in recommendation performance and is thus more accurate than other models in this line. Specifically, we design a privacy-aware structured client-level graph for the sharing of the model parameters in the process of model training, which is a one-stone-two-bird strategy, i.e., it protects users’ privacy via some randomly sampled fake entries and reduces the communication cost by sharing the model parameters only with the related neighboring users. With the help of the privacy-aware structured client-level graph, we propose two novel collaborative training mechanisms in the setting without a server, including a batch algorithm DFedRec(b) and a stochastic one DFedRec(s), where the former requires the anonymity mechanism while the latter does not. They are both equivalent to probabilistic matrix factorization trained in a centralized server and are thus lossless. We then provide formal analysis of privacy guarantee of our methods and conduct extensive empirical studies on three public datasets with explicit feedback, which show the effectiveness of our DFedRec, i.e., it is privacy aware, communication efficient, and lossless.

DBCPCA:Double-layer blockchain-assisted conditional privacy-preserving cross-domain authentication for VANETs

Ensuring secure authentication between participating entities in VANETs has emerged as a critical challenge. Most of existing schemes mainly consider authentication issue in single administrative domain and suffer from various limitations that include privacy-preserving and malicious entity tracking. This paper proposes a double-layer blockchain-assisted conditional privacy-preserving cross-domain authentication scheme (DBCPCA) that leverages blockchain technology and certificate-less signatures to address these challenges. In DBCPCA, the upper-layer blockchain is used in cross-domain authentication by sharing inter-domain information among multiple different administrative domains. The lower-layer blockchain is employed in intra-domain authentication. In DBCPCA, we also introduce an anonymity mechanism to protect the real identity of a vehicle while enabling the system to trace a malicious vehicle, thereby addressing conditional privacy-preserving concerns. In addition, a security analysis of the proposed scheme demonstrates that it can meet our specified security objectives. Finally, we make a detailed experimental comparison with the most relative solutions such as BCPPA and BCGS. The results show that the DBCPCA scheme reduces the time cost by at least 66.68 % compared to the BCPPA scheme during the signature generation phase. During the signature verification phase, the DBCPCA scheme reduces the time cost by at least 62.39 % compared to the BCGS scheme.

A Secure Authentication Protocol Supporting Efficient Handover for UAV

Unmanned Aerial Vehicles (UAVs) are increasingly pivotal in operations such as flood rescue, wildfire surveillance, and covert military endeavors, with their integration into the Internet of Things (IoT) networks broadening the scope of services they provide. Amidst this expansion, security concerns for UAVs have come to the forefront, particularly in open communication environments where they face authentication challenges and risks of sensitive data, including location information, being exposed to unauthorized parties. To address these issues, we propose a secure and lightweight authentication scheme that combines the use of anonymity mechanisms and Physical Unclonable Functions (PUFs). Specifically, we employ pseudo- and temporary identities to maintain the anonymity of UAVs, while also utilizing PUF technology to strengthen the security of Ground Station Servers (GSSs) against physical threats. Rigorous validation through ProVerif and the Random Oracle (ROR) Model indicates our scheme’s superior performance over existing protocols in terms of both efficiency and security.

Blockchain based mobile communication data privacy protection algorithm for cellular networks

The rapid development of mobile communication technology not only brings great convenience to users, but also brings the risk of user data privacy leakage. Due to the broadcasting nature of mobile communication transmission, open wireless interfaces have become a security vulnerability for mobile devices such as mobile phones, which can be easily eavesdropped. This article studied a data privacy protection algorithm suitable for mobile communication in cellular networks based on the anonymous mechanism of blockchain. This article first analyzes the overall framework and anonymity technology of blockchain data from the perspective of privacy and queryability. Then, based on blockchain technology, consistency mechanisms, privacy control, and access rights management are designed. Finally, mobile communication data privacy protection algorithms are designed and implemented through data encryption and verification. The latency of transactions under different task volumes and throughput at different nodes were analyzed to verify the reliability of several anonymous mechanisms in cellular network mobile communication data privacy protection in blockchain. Based on the experimental results, it was concluded that the reliability range of CryptoNote and the zero coin and zero currency protocol mechanism in the specified nodes was between 92 and 99%. This article utilized blockchain technology to distribute mobile communication data in nodes and achieve decentralized data transmission, thus protecting the privacy of wireless network communication data. By analyzing the reliability of anonymous mechanisms based on blockchain in mobile communication nodes, it was concluded that this method had certain research value.

FPGA Live Migration of Content‐Based Anonymization Mechanism with Network Consistency

In smart communities, data are aggregated, and various services are provided based on it. When considering the optimization of service delivery through cooperative processing between the edge and the cloud in smart communities, it is essential to realize network transparent edge services due to the constraints of not touching end devices in order to improve user convenience and additional cost reduction. Moreover, considering the minimization of service provision and service delivery latency at the edge, it is desirable to use field‐programmable gate arrays (FPGAs), which have lower power consumption, lower latency, and higher throughput than conventional processors. Additionally, to advance towards even lower latency, the distribution of processing load is important, and service migration is necessary for this purpose. Service migration is generally used to increase service availability, and even for edge services, service migration is important because the distribution of processing and the location where the service should be provided changes over time due to user mobility. When considering network transparency, service migration should be performed on the communication path between the end device and the cloud. Furthermore, to enhance service transparency, it is essential to maintain communication consistency for continuous service provision and minimize service downtime. Therefore, this study proposes a migration mechanism with FPGAs to satisfy these requirements. As an example of a real application, we target a network‐transparent data anonymization application to protect the privacy of data providers and evaluate the proposed architecture based on the reality of latency and other factors. © 2023 Institute of Electrical Engineer of Japan and Wiley Periodicals LLC.

A Triple Real-Time Trajectory Privacy Protection Mechanism Based on Edge Computing and Blockchain in Mobile Crowdsourcing

With the rapid development of the Internet of Things (IoT) and the rapid popularization of 5G networks, the data that needs to be processed in Mobile Crowdsourcing (MCS) system is increasing every day. Traditional cloud computing can no longer meet the needs of crowdsourcing for real-time data and processing efficiency, thus, edge computing was born. Edge computing can be calculated at the edge of network so that greatly improve the efficiency and real-time performance of data processing. In addition, most of the existing privacy protection technologies are based on the trusted third parties. Therefore, in view of the semi-trustworthiness of edge servers and the transparency of blockchain, this paper proposes a triple real-time trajectory privacy protection mechanism (T-LGEB) based on edge computing and blockchain. Through combining the localized differential privacy and multiple probability extension mechanism, the T-LGEB mechanism is proposed to send the requests and data to the edge server in this paper. Then, through the spatio-temporal dynamic pseudonym mechanism proposed in the paper, the entire trajectory of task participants is divided into multiple unrelated trajectory segments with different pseudonymous identities in order to protect the trajectory privacy of task participants while ensuring high data availability and real-time data. Through a large number of experiments and comparative analysis on multiple real data sets, the proposed T-LGEB has extremely high privacy protection capabilities and data availability, and the resource consumption caused is relatively low.

Unlinkable Signcryption Scheme for Multi-Receiver in VANETs

An increasing number of researchers are turning their attention to signcryption, particularly in the context of multi-receiver communication scenarios, due to its ability to simultaneously provide authentication, integrity, and confidentiality of messages. However, existing signcryption schemes have not been able to fully implement sender unlinkability. Specifically, when a sender signcrypts a secret message and obtains the corresponding ciphertext, the intended recipient must use the sender’s identity or public key to complete the unsigncryption process and retrieve the plaintext. Consequently, the recipient can link the sender via the same identity or public key. To address this issue, we present an Unlinkable Signcryption Scheme for Multi-Receiver (USS-MR). With Chinese Remainder Theorem (CRT), our USS-MR enables a vehicle to send the same secret message to a group of RoadSide Units (RSUs). Additionally, when a new message requires signcryption, the vehicle generates a new key pair, making it impossible for any RSU to link the vehicle through its public key. In our USS-MR, we have adopted a pseudonym mechanism to provide conditional privacy, which hides the real identity of the vehicle through the use of pseudonyms and avoids linking it to the identity. Moreover, if a vehicle is found to engage in malicious behavior, it will not only be tracked but also subjected to revocation. Comprehensive security analyses demonstrate that our USS-MR satisfies various security, privacy, and functionality requirements and effectively resists common attacks in Vehicular Ad-hoc Networks (VANETs). Finally, our USS-MR demonstrates certain advantages in terms of computation and communication when compared to relevant studies. In particular, our USS-MR maintains a consistent communication burden of <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$388$</tex-math> </inline-formula> bytes.

CPAHP: Conditional Privacy-Preserving Authentication Scheme With Hierarchical Pseudonym for 5G-Enabled IoV

As a representative application scenario of the Internet of Things (IoT), the Internet of Vehicles (IoV) plays an important function in the area of intelligent transportation. However, data traffic exchanged in IoV is usually correlated with plenty of sensitive information, thus leading to privacy leakage. Nevertheless, if all personal data about vehicles are completely protected, it will be hard to trace the real identities of malicious vehicles, which also raises other security issues in IoV. In addition, existing schemes are not fully suitable for 5G-enabled IoV due to their complex structure and high computation requirements. In order to realize more efficient communication and anonymous authentication of vehicles with superior security, we propose a conditional privacy-preserving authentication scheme with hierarchical pseudonyms (CPAHP) in 5G-enabled IoV, which is based on the elliptic curve Diffie-Hellman (ECDH) problem. Through the hierarchical pseudonym mechanism, CPAHP can protect the real identities and movement tracks of vehicles. Whereas, if vehicles have malicious behaviors, their real identities can be recovered through the corresponding pseudonyms. Furthermore, by taking advantage of a batch verification method, receivers can easily cope with a huge influx of messages in a short space of time. Moreover, by introducing blockchain technology, traffic information can be shared smoothly among all vehicles. Through the security analysis and performance evaluation, it is demonstrated that CPAHP can not only meet the security requirements but also provide higher computational efficiency.

A provable secure and lightweight ECC-based authenticated key agreement scheme for edge computing infrastructure in smart grid

With the gradual maturity of Smart Grid (SG), security challenges become the most important issues that need to be addressed urgently. In recent years, many schemes adopt mutual authentication and key agreement to ensure secure communication in SG. However, most existing methods have their own shortcomings in either security or efficiency which make them difficult to satisfy the security requirements of SG. In this paper, we propose a provable secure and lightweight authenticated key agreement scheme based on the Elliptic Curve Cryptosystem (ECC) for the cloud-edge-end collaboration SG communication network. The proposed scheme can guarantee the security of the communication and provide anonymity for both the edge server and the smart meters. The anonymity of the smart meters can be provided by a pseudonym mechanism. By rigorous security analysis, the proposed scheme can resist to the typical attacks including replay attacks and identity forgery attacks. The security properties are also evaluated by using the Canetti and Krawczyk (CK) adversary model. The performance simulation results denotes that the proposed scheme not only owns stronger security functions but also improves computation efficiency by 24.5% on average than other four schemes. By simulation results, the proposed scheme has been shown to hold high efficiency.

Physically Secure and Conditional-Privacy Authenticated Key Agreement for VANETs

To avoid physically extracting secrets from the storage of devices, Physical Unclonable Function (PUF) is used in various authentication schemes. In these schemes, after the devices are registered on the Trusted Authority (TA), the subsequent authentication still must need the help of the TA. And these devices usually don't move. Due to the high mobility of vehicles, frequent involvement with the TA becomes expensive and impractical in motion. As a result, these schemes are not well suited to VANETs where devices move at high speeds. Motivated from this, we propose a physically secure and conditional-privacy authenticated key agreement scheme for VANETs. In the proposed scheme, PUF is utilized to prevent the physical extraction of secrets from vehicles and RSUs. Unlike others using PUF, the proposed scheme does not require the TA's participation during the authentication between the vehicles and RSUs. Meanwhile, the proposed scheme provides conditional-privacy with pseudonym mechanism, which enables the anonymity of legitimate vehicles and the tracking of malicious vehicles. Then, formal and informal security analysis show that the proposed scheme meets the expected goals and is secure against several known attacks in VANETs. Finally, compared with relevant studies, the proposed scheme has certain advantages in computation burden and communication burden.

PCAS: Cryptanalysis and improvement of pairing-free certificateless aggregate signature scheme with conditional privacy-preserving for VANETs

Certificateless aggregate signature (CLAS) is an effective approach for the multiple authentications in multi-users and multi-information environments like the vehicular ad hoc networks (VANETs), which can address the certificate management issue in the traditional public key cryptography (PKC) and solve the key escrow problem in identity-based cryptography (IBC). In recent years, a new CLAS mechanism (LICLAS) is presented for the authentication of sensors in healthcare wireless medical sensor networks (HWMSNs). In this paper, we make an analysis and prove that LICLAS is not able to against forgery attacks. Thus, we present an improved CLAS scheme (PCAS) for vehicle authentication in VANETs, which satisfies the privacy and security requirements. PCAS constructs the signature algorithm based on Elliptic Curve Cryptography (ECC) to avoid bilinear pairing and Map-to-Hash function operations. In order to further improve security and efficiency of PCAS, the vehicle key generation and signature algorithm is revised. The pseudonym mechanism is also adopted to achieve conditional privacy preservation. Besides, PCAS allows to execute a batch verification of messages, where RSUs may verify the aggregated signatures from vehicles to reduce time overhead. Under the assumption that the elliptic curve discrete logarithm problem (ECDLP) is hard, PCAS is proved to be existentially unforgeable against adaptive chosen message attacks in the random oracle model. Through the performance analysis, under the same time complexity, PCAS is shown to more effective. Compared with LICLAS, for a single message and 2000 messages, the transmission overhead of PCAS is reduced by 25% and 25% respectively, and the computation overhead is reduced by 16.56% and 25.34% respectively.

Collusion-proof mechanisms for multi-unit procurement

A principal wants to procure multiple homogeneous units from finitely many agents. Each agent has an increasing and convex cost function, whose exact shape is unknown to the principal. Utility is quasilinear in money. We study which mechanisms are strategy-proof and robust to collusion, both when the agents can exchange money and physical units (reallocation-proofness) and when they cannot (group strategy-proofness). To achieve reallocation-proofness, the principal must offer the agents a fixed price per unit. While group-strategy-proof mechanisms can be more complex, they are inefficient and run the risk of procuring no units at all. We characterize the set of group-strategy-proof and anonymous mechanisms with a uniform price. A standout feature is that the number of potential prices is bounded above by the number of agents.

Traceable one-time address solution to the interactive blockchain for digital museum assets

Blockchain systems often use public keys or addresses as pseudonym accounts to protect the identity of users. However, as the blockchain system is transparent, an adversary can analyze all the public keys or addresses and obtain some real information about users, making the pseudonym mechanism ineffective. CryptoNote V2.0 is the first blockchain system to introduce a one-time address technology to enable the true anonymity of a user. But it does not have rigorous security proof. Moreover, due to application requirements, for one thing, users need anonymity. For another, administrators need to trace the identity of anonymous users. Therefore, a traceable one-time address scheme for the interactive system of digital museum items is proposed to fulfill these concerns. It allows the recipient to receive transactions anonymously, and a supervisor can trace the identity of a user efficiently. Two security models are defined and two corresponding instances are constructed. We prove that our instances are secure in IND-PK-CPA/IND-PK-CCA mode, respectively. Analysis and experiments show that the proposed schemes are effective in tracing the long-term identity of a recipient. Finally, the challenges of user privacy protection are enhanced with the advancement of the integration of digital museum asset interactions with blockchain. We build a blockchain system for Digital Museum assets and implement our two scheme instances in it. The system can integrate museum heritage resources around the world, share data based on blockchain, provide a large number of interactions and collections, and achieve large-scale exhibitions.

The Conflict and Balance between Public Disclosure of Judicial Documents and Personal Data Protection: An Examination of the Anonymization Mechanism

The Conflict and Balance between Public Disclosure of Judicial Documents and Personal Data Protection: An Examination of the Anonymization Mechanism

Experiments and Analyses of Anonymization Mechanisms for Trajectory Data Publishing.

With the advancing of location-detection technologies and the increasing popularity of mobile phones and other location-aware devices, trajectory data is continuously growing. While large-scale trajectories provide opportunities for various applications, the locations in trajectories pose a threat to individual privacy. Recently, there has been an interesting debate on the reidentifiability of individuals in the Science magazine. The main finding of Sánchez et al. is exactly opposite to that of De Montjoye et al., which raises the first question: “what is the true situation of the privacy preservation for trajectories in terms of reidentification?” Furthermore, it is known that anonymization typically causes a decline of data utility, and anonymization mechanisms need to consider the trade-off between privacy and utility. This raises the second question: “what is the true situation of the utility of anonymized trajectories?” To answer these two questions, we conduct a systematic experimental study, using three real-life trajectory datasets, five existing anonymization mechanisms (i.e., identifier anonymization, grid-based anonymization, dummy trajectories, k-anonymity and ε-differential privacy), and two practical applications (i.e., travel time estimation and window range queries). Our findings reveal the true situation of the privacy preservation for trajectories in terms of reidentification and the true situation of the utility of anonymized trajectories, and essentially close the debate between De Montjoye et al. and Sánchez et al. To the best of our knowledge, this study is among the first systematic evaluation and analysis of anonymized trajectories on the individual privacy in terms of unicity and on the utility in terms of practical applications.Supplementary InformationThe online version contains supplementary material available at 10.1007/s11390-022-2409-x.

Cloud-Assisted Privacy Protection Energy Trading Based on IBS and Homomorphic Encryption in IIoT

The decentralized and tamper-proof features of blockchain technology can solve the problems of low compatibility, poor flexibility, and single point of failure in the traditional Industrial Internet of Things (IIoT). However, the transparency of the blockchain ledger makes the privacy disclosure of users a huge security risk. Given the privacy leakage problem exposed in the existing energy trading scheme based on the blockchain, this paper creatively proposes a privacy protection scheme for IIoT energy trading based on an identity-based signature (IBS) and homomorphic encryption. On the premise of satisfying the transaction traceability and verifiability, this scheme uses IBS technology to provide an anonymous mechanism for energy trading nodes and utilizes Paillier homomorphic encryption to prevent the disclosure of transaction amounts. To meet the high-concurrency and high-throughput energy trading requirements in IIoT, moreover, the proposed scheme combines the off-chain storage with cloud assistance and the off-chain transaction based on PCN to reduce redundant data written into the blockchain and to improve the concurrent trading efficiency, respectively. The security analysis and performance evaluation results show that the proposed scheme can realize the dual privacy protection of identities and transaction amounts in the trading process at the cost of reasonable calculation.

A Cross-Domain Authentication Scheme Based on Cooperative Blockchains Functioning With Revocation for Medical Consortiums

Regional medical consortium systems facilitates medical information sharing. However, many security issues exposed by the dominant centralized architectures, such as single points of failure, unauthorized operations and illegal access, are increasingly apparent constraints on the security and efficiency of data sharing across domains. Even more, any malicious operation detected, effective measures should be executed promptly for identity tracing. In this paper, we propose a secure and efficient cross-domain authentication scheme based on two cooperative blockchains (BCs) for medical consortium systems. Specifically, an intra-domain BC records any legal users’ registration and authentication information while an inter-domain BC is responsible for writing users’ cross-domain authentication information. In each domain, the general hospital acts as a trusted third service provider to achieve cross-chain interactions. For the entire cross-domain authentication procedure, anonymity mechanism is utilized to enhance security, and to trace malicious users, the improved chameleon hash is used in the intra-domain BC to redact the state of the user, and blacklist merkle tree is extended in the inter-domain BC to protect different domains’ services from illegal accessing. In addition, security analysis and performance evaluation are completely given to prove the superior security features and performance compared with other schemes.

Privacy Preserving Parallel Distributed Data Stream Anonymization

Sustainable stream processing algorithms have gained popularity in recent years. Flow control is a way of searching and modifying real-time data streams. Missing values are ubiquitous in real-world data streams, making data stream privacy challenging to safeguard. On the other hand, most privacy preservation methods need not take absent values into account when developed. They can anonymize data in certain study, however this results in data loss. This research proposes a unique parallel distributed approach for protecting privacy while using incomplete data streams. This method uses a production computational system to continually anonymize data streams, using clustering to construct each tuple. It clusters data in partial and complete forms using variable and array dimensions as similarity metrics. In order to prevent values and outliers’ pollution, a generalization approach that is based on more than matches is used. The experiments used real data to compare current systems with varied settings. This research will cover several anonymization mechanisms and their advantages. There are also drawbacks. Finally, we will explore the future of continuous data anonymization research.

A privacy preserving data aggregation and query for metro passenger flow via mobile crowdsensing

SummaryWith the popularity of mobile Internet networks and mobile terminal equipment, mobile crowdsensing (MCS) has become a popular and economical way of data collection, sharing, and query services. However, the existing privacy‐preserving query schemes MCS‐based less consider the sensing user's privacy leakage at data aggregation phase and querier's privacy leakage at query service phase simultaneously. In this article, we propose a novel privacy‐preserving aggregation and query scheme applied in metro passenger flow via MCS, which achieves the metro passenger flow acquisition and query service and protects the sensing user's identity and location privacy as well as the querier's query privacy. We exploit Paillier cryptosystem and pseudonym mechanism to prevent the privacy leakage, and utilize secure kNN algorithm to protect the query privacy. Meanwhile, we achieve the sensing user accountability based on digital signature algorithm and credible management. The privacy analysis demonstrates that our scheme satisfies the privacy‐preserving and security requirements. The performance evaluation and experimental result show the efficiency of our scheme in practice.