Privacy Mechanisms Research Articles

The evolution of identity management using the example of web-based applications

Abstract The typical identity management (IdM) techniques used in web-based applications are about to change from application-specific means for identification, authentication and authorization towards the support of standardized, secure and privacy friendly mechanisms for Single Sign-On (SSO). In this paper we outline the different phases of this evolution, which started with the introduction of standardized interfaces for authentication and authorization and allowed to shift these sensitive tasks from the application towards the web application server. In a second phase the interfaces were extended to support authentication and authorization in distributed systems and feature SSO-techniques. The third phase adds identification and aims at providing more security for distributed authentication infrastructures and finally there is a trend towards providing more privacy friendly mechanisms for identity management in the future.

“Sexualized Online Bullying” Through an Equality Lens: Missed Opportunity in AB v. Bragg?

In AB v. Bragg, the Supreme Court of Canada ruled that fifteen-year-old AB should be allowed to use a pseudonym in seeking an order to disclose the identity of her online attacker. By framing the case as one pitting the privacy interests of a youthful victim of sexualized online bullying against principles protecting the free press and open courts, the SCC approached but ultimately skirted the central issue of equality. Without undermining the important precedent that AB achieved for youthful targets of online sexualized bullying, the author explores the case as a missed opportunity to examine the discriminatory tropes and structural inequalities that undergird the power of this kind of bullying. Viewed through an equality lens, enhanced access to pseudonymity for targets is not necessarily about privacy per se, but rather an interim measure to respond to the equality-undermining effects of sexualized online bullying—a privacy mechanism in service of equality.

Differentially Private Filtering

Emerging systems such as smart grids or intelligent transportation systems often require end-user applications to continuously send information to external data aggregators performing monitoring or control tasks. This can result in an undesirable loss of privacy for the users in exchange of the benefits provided by the application. Motivated by this trend, this paper introduces privacy concerns in a system theoretic context, and addresses the problem of releasing filtered signals that respect the privacy of the user data streams. Our approach relies on a formal notion of privacy from the database literature, called differential privacy, which provides strong privacy guarantees against adversaries with arbitrary side information. Methods are developed to approximate a given filter by a differentially private version, so that the distortion introduced by the privacy mechanism is minimized. Two specific scenarios are considered. First, the notion of differential privacy is extended to dynamic systems with many participants contributing independent input signals. Kalman filtering is also discussed in this context, when a released output signal must preserve differential privacy for the measured signals or state trajectories of the individual participants. Second, differentially private mechanisms are described to approximate stable filters when participants contribute to a single event stream, extending previous work on differential privacy under continual observation.

A High Secure And Efficient Data Acquistion Mechanism In Vehicular Ad Hoc Networks(Vanets)

Recent advances in wireless inter-vehicle communication systems enable the establishment of Vehicular Ad-hoc Networks (VANET) and create significant opportunities for the deployment of a wide variety of applications and services to vehicles. VANETs enable vehicles to communicate with each other and with road side units (RSU). The deployment of vehicular communication systems is strongly dependent on their security and privacy features. Security and privacy are major research concerns in VANETs due to the frequent vehicles movement, time critical response and hybrid architecture of VANETs that make them different than other Ad hoc networks. In order to meet performance goals, it is widely agreed that vehicular ad hoc networks must rely heavily on node-to-node communication, thus allowing for malicious data traffic. At the same time, the easy access to information afforded by VANETs potentially enables the difficult security goal of data validation. Here a suite of novel security and privacy mechanism is proposed using the HARDY function, i.e. hierarchical-based encryption function, and thus evaluating and improving the performance.

Impossibility of Differentially Private Universally Optimal Mechanisms

The notion of a universally utility-maximizing privacy mechanism was introduced by Ghosh, Roughgarden, and Sundararajan [Proceedings of STOC, 2009]. These are mechanisms that guarantee optimal utility to a large class of information consumers, simultaneously, while preserving privacy. They demonstrated, quite surprisingly, a case where such a universally utility-maximizing privacy mechanism exists, when the information consumers are Bayesian. This result was later extended by Gupte and Sundararajan [Proceedings of PODS, 2010] to risk-averse consumers. Both positive results deal with mechanisms (approximately) computing a single count query (i.e., the number of individuals satisfying a specific property in a given population). We show that such universally optimal mechanisms do not exist for some natural extensions of count queries, both for Bayesian and risk-averse consumers. For the Bayesian case, we go further and give a characterization of those functions that admit universally optimal mechanisms, showing that a universally optimal mechanism exists, essentially, only for a (single) count query. At the heart of our proof is a representation of a query function by its privacy constraint graph whose edges correspond to values resulting by applying the query function to neighboring databases.

Preserving Location Privacy in Geosocial Applications

Using geosocial applications, such as FourSquare, millions of people interact with their surroundings through their friends and their recommendations. Without adequate privacy protection, however, these systems can be easily misused, for example, to track users or target them for home invasion. In this paper, we introduce LocX, a novel alternative that provides significantly improved location privacy without adding uncertainty into query results or relying on strong assumptions about server security. Our key insight is to apply secure user-specific, distance-preserving coordinate transformations to all location data shared with the server. The friends of a user share this user's secrets so they can apply the same transformation. This allows all location queries to be evaluated correctly by the server, but our privacy mechanisms guarantee that servers are unable to see or infer the actual location data from the transformed data or from the data access. We show that LocX provides privacy even against a powerful adversary model, and we use prototype measurements to show that it provides privacy with very little performance overhead, making it suitable for today's mobile devices.

Security and privacy mechanism for health internet of things

The rapid development of technologies towards Internet of Things (IoT), has led to new circumstances at all levels of the social environment. In healthcare in particular, the use of IoT concepts and technologies make diagnose and monitor more convenient for the physicians and patients. As mobile applications solutions are widely accepted because the easy to use, secure healthcare service is a new demand for mobile solutions. To protect the privacy and security for patients in the domain of healthcare towards IoT, a systematic mechanism is needed. This article proposes a novel security and privacy mechanism for Health Internet of Things (Health-IoT) to solve above problems. Health-IoT is promising for both traditional healthcare industry and the information and communication technologies (ICTs) industry. From the view of trustworthiness, interactive vector was proposed to communicate the end-devices and application brokers. The aim is to establish a trust IoT application market (IAM), feature of application in marketplace and behavior of applications on end-devices can be exchanged in mathematical value to establish the connection between market and users.

Conflicts between Intrusion Detection and Privacy Mechanisms for Wireless Sensor Networks

Both active and passive attackers pose a threat for wireless sensor networks. So, intrusion detection systems and privacy mechanisms must be deployed, usually at the same time. Yet this coexistence might result in the malfunction or inefficiency of one of these components. Several techniques and principles can help minimize such problems.

Improving user content privacy on social networks using rights management systems

Currently, millions and millions of users are using online social networks to share their thoughts, experiences and content with online friends. Documents, videos, music and pictures are shared online, relying on the privacy and security controls offered by the social network platforms, with little control from the end user. This creates serious privacy concerns, since the control over the content shared online on the social network is out of the hands of the user. In this paper, the authors propose an approach for content privacy shared on social networks that is user-centric and not based on the social network platform. In order to achieve that, an architecture based on a rights management platform capable of enforcing the necessary security and privacy mechanisms that extend the original controls provided by the social network platform will be presented. That way, users will be able to control their privacy settings and protect their own content, even when they are no longer part of the social network (suspending or deleting its account).

Privacy protection method for fine-grained urban traffic modeling using mobile sensors

With the ubiquitous nature of mobile sensing technologies, privacy issues are becoming increasingly important, and need to be carefully addressed. Data needs for transportation modeling and privacy protection should be deliberately balanced for different applications. This paper focuses on developing privacy mechanisms that would simultaneously satisfy privacy protection and data needs for fine-grained urban traffic modeling applications using mobile sensors. To accomplish this, a virtual trip lines (VTLs) zone-based system and related filtering approaches are developed. Traffic-knowledge-based adversary models are proposed and tested to evaluate the effectiveness of such a privacy protection system by making privacy attacks. The results show that in addition to ensuring an acceptable level of privacy, the released datasets from the privacy-enhancing system can also be applied to urban traffic modeling with satisfactory results. Albeit application-specific, such a “Privacy-by-Design” approach would hopefully shed some light on other transportation applications using mobile sensors.

An effective privacy preserving algorithm for neighborhood-based collaborative filtering

As a popular technique in recommender systems, Collaborative Filtering (CF) has been the focus of significant attention in recent years, however, its privacy-related issues, especially for the neighborhood-based CF methods, cannot be overlooked. The aim of this study is to address these privacy issues in the context of neighborhood-based CF methods by proposing a Private Neighbor Collaborative Filtering (PNCF) algorithm. This algorithm includes two privacy preserving operations: Private Neighbor Selection and Perturbation. Using the item-based method as an example, Private Neighbor Selection is constructed on the basis of the notion of differential privacy, meaning that neighbors are privately selected for the target item according to its similarities with others. Recommendation-Aware Sensitivity and a re-designed differential privacy mechanism are introduced in this operation to enhance the performance of recommendations. A Perturbation operation then hides the true ratings of selected neighbors by adding Laplace noise. The PNCF algorithm reduces the magnitude of the noise introduced from the traditional differential privacy mechanism. Moreover, a theoretical analysis is provided to show that the proposed algorithm can resist a KNN attack while retaining the accuracy of recommendations. The results from experiments on two real datasets show that the proposed PNCF algorithm can obtain a rigid privacy guarantee without high accuracy loss.

Did You Want Privacy With That?: Personal Data Protection in Mobile Devices

Smartphones and mobile devices make desktops and laptops seem clunky in comparison, but do they protect privacy? Here, the author examines the mechanisms for mobile device privacy, from operating system approaches to what users should know about risks.

An Efficient Protocol for Privacy and Authentication for Resource-Constrained Devices in Wireless Networks

The authors envision a scenario for security of wireless networks that include and integrate nodes of all different capabilities, including tiny sensors or similarly battery-powered, resource-constrained tiny nodes. However, the existing Wireless Protected Access (WPA) protocol that supports security services for wireless networks today may not be suitable for such resource-constrained, low-end nodes since its existing authentication and privacy mechanisms are complex and computationally intensive. In this work, the authors propose an efficient protocol for authentication and privacy in wireless networks using identity-based encryption (IBE) techniques. Specifically, the authors propose an enhanced and extended version of the WPA protocol by incorporating IBE based authentication methods in the existing WPA protocol at the link layer level. The enhanced WPA protocol can be used for small and resource-constrained wireless devices to integrate them in existing wireless networks. Their proposed protocol is proven to be secure against common attacks and vulnerabilities in wireless networks. Also, the authors’ analysis of the protocol shows that it is feasible and efficient in terms of computation, communication, and storage overheads to support many resource-constrained devices.

Towards a societal scale environmental sensing network with public participation

Information acquisition is the prerequisite for environmental management, while insufficient information caused by sparse monitoring stations would result in improper management. Increasingly widespread distribution of consumer electronics equipped with various sensors can enhance the ability to gather and share data. In this study, a Collaborative Environmental Sensing Network (CESN) pattern is proposed, and its structure is clearly described. A Public Participation for Environmental Noise Monitoring (PPENM) project was conducted to illustrate the efficiency of this pattern, and PPENM implementation and the temporal-spatial properties of participators were analyzed. Results show that participators increased rapidly, reaching 32,140 in less than 14 months. The number of records shared by participants from cities all over China reached 531,608, and the participators were most active in the developed cities (e.g., Shanghai, Beijing, and Guangzhou), the most distributed from 8 AM to 11 PM. Based on these results, we conclude that CESN can be formed during a short time and provide a cost-effective alternative approach to collect data at large scales, but that data credibility, privacy, and incentive mechanisms will be the major challenges. †Co-first author.

Ensuring Privacy and Security in Data Sharing under Cloud Environment

An important application of data sharing in cloud environment is the storage and retrieval of Patient Health Records (PHR) that maintain the patient’s personal and diagnosis information. These records should be maintained with privacy and security for safe retrieval. The privacy mechanism protects the sensitive attributes. The security schemes are used to protect the data from public access. The data are allowed to be accessed only by authorized individuals. Each party is assigned with access permission for a set of attributes. Data owners update the patient data into third party cloud data centers. The attribute based encryption (ABE) scheme is used to secure these patient records. Multiple owners are allowed to access the same data values. The Multi Authority Attribute Based Encryption (MA-ABE) scheme is used to provide multiple authority based access control mechanism due to its vast access. The MA-ABE model is not tuned to provide identity based access mechanism. Distributed storage model is not supported in the MA-ABE model.The proposed system is designed to provide identity based encryption facility. The attribute based encryption scheme is enhanced to handle distributed attribute based encryption process. Data update and key management operations are tuned for multi user access environment.

A Framework for Secure and Efficient Data Acquisition in Vehicular Ad Hoc Networks

Intervehicular communication lies at the core of a number of industry and academic research initiatives that aim at enhancing the safety and efficiency of transportation systems. Vehicular ad hoc networks (VANETs) enable vehicles to communicate with each other and with roadside units (RSUs). Service-oriented vehicular networks are special types of VANETs that support diverse infrastructure-based commercial services, including Internet access, real-time traffic management, video streaming, and content distribution. Many forms of attacks against service-oriented VANETs that attempt to threaten their security have emerged. The success of data acquisition and delivery systems depends on their ability to defend against the different types of security and privacy attacks that exist in service-oriented VANETs. This paper introduces a system that takes advantage of the RSUs that are connected to the Internet and that provide various types of information to VANET users. We provide a suite of novel security and privacy mechanisms in our proposed system and evaluate its performance using the ns2 software. We show, by comparing its results to those of another system, its feasibility and efficiency.

PREDICT: Privacy and Security Enhancing Dynamic Information Collection and Monitoring

In this paper, we present an overview of our ongoing project PREDICT (Privacy and secuRity Enhancing Dynamic Information Collection and moniToring). The overall aim of the project is to develop a framework with algorithms and mechanisms for privacy and security enhanced dynamic data collection, aggregation, and analysis with feedback loops. We discuss each of our research thrusts with research challenges and potential solutions, and report some preliminary results.

Improving Content Privacy on Social Networks Using Open Digital Rights Management Solutions

Among Internet users, the social networks have gained a huge popularity. Millions of users are part of some online social network in order to share their own experiences and content with others. Documents, videos, music and pictures are among some of the most shared content types online, relying on the privacy and security controls that are offered by the social network platform. In this equation, the end-user has little control, resulting in serious privacy concerns – once content is shared on the social network, is out of end-user hands and they cannot enforce their own privacy rules.A different approach for social networks shared content privacy is proposed in this paper - centered on the user and not on the social network platform. To ensure this, an architecture based on an open rights management platform is presented. This architecture will enforce the necessary security and privacy mechanisms extending the original controls provided by the social network platform. That way, users will be able to control the disclosure and protection of their content, even when they are no longer part of the social network (because they have deleted or suspended their accounts).

An efficient privacy preserving Pub-Sub system for ubiquitous computing

The Pub/Sub middleware has gained a lot of attention in the design and development of ubiquitous applications. The issue of privacy is of serious concern for applying the Pub/Sub to ubiquitous computing. The design of the privacy mechanism should consider the required efficiency of event dissemination in the underlying Pub/Sub middleware. In this paper, we address these challenges among ubiquitous applications by applying the proposed privacy-aware Pub/Sub middleware, which provides high performance and scalability with parameterised and prioritised attributes. It is able to provide fast and dynamic privacy management with low extra overhead.

Toward Private Joins on Outsourced Data

In an outsourced database framework, clients place data management responsibilities with specialized service providers. Of essential concern in such frameworks is data privacy. Potential clients are reluctant to outsource sensitive data to a foreign party without strong privacy assurances beyond policy “fine prints.” In this paper, we introduce a mechanism for executing general binary JOIN operations (for predicates that satisfy certain properties) in an outsourced relational database framework with computational privacy and low overhead—the first, to the best of our knowledge. We illustrate via a set of relevant instances of JOIN predicates, including: range and equality (e.g., for geographical data), Hamming distance (e.g., for DNA matching), and semantics (i.e., in health-care scenarios—mapping antibiotics to bacteria). We experimentally evaluate the main overhead components and show they are reasonable. The initial client computation overhead for 100,000 data items is around 5 minutes and our privacy mechanisms can sustain theoretical throughputs of several million predicate evaluations per second, even for an unoptimized OpenSSL-based implementation.