User's Private Information Research Articles

Decoupling Online Ride-Hailing Services: A Privacy Protection Scheme Based on Decentralized Identity

Online ride-hailing services have become a vital component of urban transportation worldwide due to their convenience and flexibility. However, the expansion of their user base has dramatically heightened the risks of user privacy information leakage. Among these risks, the privacy leakage problem caused by the direct correlation between user (driver and passenger) identity information and location-based ride information is of particular concern. This paper proposes a novel privacy protection scheme for ride-hailing services. In this scheme, decentralized identities are employed for user authentication, separating the identity registration service from the ride-hailing platform, thereby preventing the platform from obtaining user privacy data. The scheme also employs a fuzzy matching strategy based on location Points of Interest (POI) and a ciphertext-policy attribute-based hybrid encryption algorithm to hide the user’s precise location and restrict access to location information. Crucially, the scheme achieves the complete decoupling of identity registration services and location-based ride services on the ride-hailing platform, ensuring that users’ real identities and ride data cannot be directly associated, effectively protecting user privacy. Within the decoupled architecture, regulatory authorities are established to handle emergencies within ride-hailing services. Through simulation experiments and security analysis, this scheme is demonstrated to be both feasible and practical, providing a new privacy protection solution for the ride-hailing industry.

A privacy protection scheme to resist ring selection attack in peer-to-peer double auction V2V electricity transaction for charging stations

With the development of Electric Vehicles (EVs), the number of public charging piles cannot meet the immediate charging needs of EV users sometimes. The charging stations provide flexible electricity transaction schemes for users by managing charging piles and Vehicle-to-Vehicle (V2V). Users can freely choose transaction partners and submit transaction plans to multiple charging stations. The mobility of EVs results in users randomly selecting rings multiple times, which may cause them to appear in different rings. Attackers can link multiple transaction plans and infer user privacy information. The leakage of transaction information may threaten the fairness of transactions. Aiming at the above situations, a privacy protection scheme to resist ring selection attack in Peer-to-Peer double auction V2V electricity transaction for charging stations is proposed. Firstly, the ring signcryption algorithm is improved to resist ring selection attack. Secondly, a real identity verification algorithm is designed to track malicious users. Theoretical analysis proves that the security of the proposed privacy protection scheme. The elliptic curve point multiplication is used in the scheme to improve computational efficiency. Experiments show that this scheme has low computational and communication costs. Verification cost increases slowly with the increase of the number of ring members.

A Higher Performance Data Backup Scheme Based on Multi-Factor Authentication.

Remote data backup technology avoids the risk of data loss and tampering, and has higher security compared to local data backup solutions. However, the data transmission channel for remote data backup is not secure, and the backup server cannot be fully trusted, so users usually encrypt the data before uploading it to the remote server. As a result, how to protect this encryption key is crucial. We design a User-Centric Design (UCD) data backup scheme based on multi-factor authentication to protect this encryption key. Our scheme utilizes a secret sharing scheme to divide the encryption key into three parts, which are stored in the laptop, the smart card, and the server. The encryption key can be easily reconstructed from any two parts with user's private information password, identity and biometrics. As long as the biometrics has enough entropy, our scheme can resist replay attacks, impersonation user attacks, impersonation server attacks, malicious servers and offline password guessing attacks.

Enhancing privacy policy comprehension through Privacify: A user-centric approach using advanced language models

As the digital age advances, the collection, usage, and dissemination of personal data have become critical concerns for users, regulators, and the cybersecurity community. Questions surrounding the extent of identifiable data collection, its usage, sharing, selling, and the mechanisms of consent are increasingly central to discussions on user data privacy. These issues highlight the need for effective management and comprehension of privacy policies. To this end, this paper introduces Privacify— a production-ready web application designed to enhance the accessibility and understandability of privacy policies, thus empowering users to make more informed decisions about their data. At its backend, Privacify leverages a combination of text segmentation, summarization using Large Language Model (LLM), and map-reduce technologies to facilitate BASE analysis for single-document insights and WRT and REV for comprehensive cross-document analysis. Designed with a user-centric approach, Privacify features an intuitive interface that presents all relevant user privacy information in easy-to-understand language, complete with a detailed explainability component. This design not only simplifies privacy policies but also aids users in effortlessly navigating complex privacy terms, significantly boosting their ability to protect and manage their personal information. Our evaluation employs robust methodologies, including reliability and accuracy assessments, alongside rigorous functionality verification through ROUGE metrics and human analysis, validating the system’s efficacy and performance. Privacify’s architecture promotes scalability, replicability, and seamless deployment, advancing the domain of user data protection through improved privacy comprehension.

Application of energy combined thermal comfort in intelligent building management in complex environments

The efficient operation of heating ventilation and air conditioning systems relies on advanced control strategies. However, current control methods are often limited by issues such as uncertain system parameter information and spatial coupling constraints related to the supply rate of the air supply fan. To this end, an energy joint thermal comfort management method for complex environments in multiple regions is proposed. The long-term total cost minimization of the system is established, and then the Lyapunov optimization technology is used to design the distributed control algorithm. Simulation validation shows that the proposed method reduces the energy cost by an average of 11.24% compared to other methods with a thermal discomfort cost coefficient of 0. The average temperature deviation in the area is improved by 0.15 °C and 0.68 °C, respectively. The method saves more than 10% of the total energy cost under different thermal perturbations with an average total temperature deviation of 0.04 °C. The results indicate that the proposed energy joint thermal comfort management method can flexibly balance energy costs and user thermal comfort without knowing any prior information of system parameters, which can also greatly protect user privacy information. This method has application value in the control of heating ventilation and air conditioning systems in complex environments such as commercial buildings.

Machine learning-based detection of the man-in-the-middle attack in the physical layer of 5G networks

Fifth generation communication networks (5G) has received a great deal of attention from academia and industry alike, which will enable a wide variety of vertical applications by connecting heterogeneous devices and machines. Assessing availability and reliability in many circumstances and environments is critical. Researchers have recently focused on investigating and analyzing new multimedia networks with artificial intelligence (AI) technologies to achieve higher data rates and secure communication traffic between parties. User information privacy and security are of vital importance and of growing concerns that present evolving challenges to overcome in preventing attacks. Man-in-the-middle (MITM) attack is considered one of the most common attacks, where an attacker can impersonate one of the parties in a communication system to steal user data or forge the malicious data. Due to the limitation of using conventional cryptographic techniques for mobile networks and similar systems, new methods have been introduced to validate and authenticate transmitted signals dynamically, depending on the physical layer. In this paper, we present the distance-time directional delay (DTDD) model to detect the MITM attack in a variety of contexts and scenario. Indoor hotspots (InH) and urban micro-cellular (UMi) propagation environments were investigated to verify the reliability of the proposed approaches using realistic 5G millimeter-wave configurations and system setups. Simulations have been constructed based on the mmWave 5G channel simulator tool NYUSIM, in conjunction with a collection of machine learning algorithms (ML) including the extreme gradient boosting (XGBoost) and light gradient boosting machine (LGBM) as the core of the presented models and methodologies. Numerical simulations results produced a detection accuracy approaching 100% in the InH environment scenario, whereas for UMi environment scenario, a detection accuracy approaching 99% was attained.

ARS-Chain: A Blockchain-Based Anonymous Reputation-Sharing Framework for E-Commerce Platforms

E-commerce platforms incorporate reputation systems that allow buyers to rate sellers after transactions. However, existing reputation systems face challenges such as privacy leakage, linkability, and multiple rating attacks. The feedback data can inadvertently expose user information privacy because they reveal the buyers’ identities and preferences, which deters a significant number of users from providing their ratings. Moreover, malicious actors can exploit data analysis and machine learning techniques to mine user privacy from the rating data, posing serious threats to user security and trust. This study introduces ARS-Chain, a pioneering and secure blockchain-driven anonymous reputation-sharing framework tailored for e-commerce platforms. The core of ARS-Chain is a dynamic ring addition mechanism with linkable ring signatures (LRS), where the number of LRS rings is dynamically added in alignment with the evolving purchase list, and LRS link tags are constructed with the LRS rings and item identifiers. Further, a consortium blockchain is introduced to store these anonymous ratings on e-commerce platforms. As a result, ARS-Chain ensures full anonymity while achieving cross-platform reputation sharing, making rating records unlinkable, and effectively countering multiple rating attacks. The experimental results confirm that ARS-Chain significantly enhances user information privacy protection while maintaining system performance, having an important impact on the construction of trust mechanisms for e-commerce platforms.

Efficient and secure privacy protection scheme and consensus mechanism in MEC enabled e-commerce consortium blockchain

The application of blockchain technology to the field of e-commerce has solved many dilemmas, such as low transparency of transactions, hidden risks of data security and high payment costs. Mobile edge computing(MEC) can provide computational power for blockchain, and can meet the demand for high real-time and low latency in e-commerce transaction systems. However, there are still some constraints in the MEC enabled e-commerce consortium blockchain, such as the leakage of user privacy information, low security of consensus algorithm and other security issues. In this paper, we propose a secure transaction model suitable for MEC enabled e-commerce consortium blockchain, aiming to ensure the efficiency of system transaction processing while improving the security of users’ privacy information and transaction data. The model adopts the lightweight Paillier encryption algorithm to protect the security of user privacy information and transaction data to prevent the leakage of user privacy information, and optimizes the security of leader election phase of Raft consensus algorithm by introducing the shamir secret sharing protocol to improve the anti-Byzantine failure capabilities of Raft consensus algorithm. The effectiveness of the scheme proposed in this paper is demonstrated by experimental simulations.

Implementation on Anti-Theft Mobile Tracking and Monitoring System

The rapid proliferation of mobile devices has led to a significant increase in the cases of mobile theft and unauthorized access to personal data. To address these security concerns, an “Antitheft Mobile Tracking and Monitoring System” is proposed. The application aims to enhance the security of mobile devices by providing users with the means to track and recover their stolen or lost devices. The Antitheft Mobile Tracking and Monitoring System offers a comprehensive solution to combat mobile theft and enhance device security. By combining real-time GPS tracking, image capturing and use of mail protocols to facilitate them has provided it with capabilities with strong authentication measures, the system provides users with effective tools to mitigate the risks associated with mobile device theft. As mobile devices continue to play an integral role in modern life, such security measures are essential to protect user privacy and personal information. The widespread adoption of mobile devices has revolutionized the way we communicate, work, and access information. With this technological advancement, however, comes an unfortunate increase in the incidents of mobile theft and unauthorized access to personal data. The loss of a mobile device not only represents a financial setback but also exposes users to potential breaches of their privacy and security. This real-time tracking capability enables users and authorized personnel, such as law enforcement agencies, to pinpoint the device's location accurately. Key Words: GPS technology, Real-time Notification, SMTP, Authentication.

Cross-domain knowledge collaboration for blending-target domain adaptation

Unsupervised domain adaptation (UDA) avoids expensive data annotation for the unlabeled target domains by fully utilizing the knowledge of existing source domain. In practice, the target data are usually highly heterogeneous that mix multiple latent domains. And sometimes the source data involve the user private information which is forbidden to access directly. To this end, this paper tackles the blending-target data under the source-available setting, and for the first time under the source-free setting. Specifically, we devise a novel Cross-domain Knowledge Collaboration (CdKC) framework, which mainly includes a prediction network and an adaptation network. The complementarity of two networks are exploited to explore the intrinsic structure in targets. Specifically, CdKC is capable of learning domain-invariant space, and disentangling domain-specific feature simultaneously to boost the UDA performance greatly. A total of 12 tasks are conducted on three visual datasets to verify the superior performance of CdKC by comparing with the state-of-the-art models designed under 4 different UDA settings. The experiments demonstrate that the accuracy of CdKC model still exceeds D-CGCT 0.4% on Office dataset and 1.2% on Office–Home dataset although D-CGCT can access source data and domain labels of targets that CdKC cannot do. It verifies the effectiveness of CdKC although under much looser source and target domain restrictions.

An Anonymous and Supervisory Cross-chain Privacy Protection Protocol for Zero-trust IoT Application

Internet of things (IoT) development tends to reduce the reliance on centralized servers. The zero-trust distributed system combined with blockchain technology has become a hot topic in IoT research. However, distribution data storage services and different blockchain protocols make network interoperability and cross-platform more complex. Relay chain is a promising cross-chain technology that solves the complexity and compatibility issues associated with blockchain cross-chain transactions by utilizing relay blockchains as cross-chain connectors. Yet relay chain cross-chain transactions need to collect asset information and implement asset transactions via two-way peg. Due to the release of user transaction information, there is the issue of privacy leakage. In this article, we propose a cross-chain privacy protection protocol based on the Groth16 zero-knowledge proof algorithm and coin-mixing technology, which changes the authentication mechanism and uses a combination of generating functions to map virtual external addresses in transactions. It allows fast cross-chain anonymous transactions while hiding the genuine user’s address. The experiment shows that, in a zero-trust IoT context, our scheme can effectively protect user privacy information, accomplish controlled transaction traceability operations, and guarantee cross-chain transaction security.

A Survey on Anti-Theft Mobile Tracking and Monitoring System

The rapid proliferation of mobile devices has led to a significant increase in the cases of mobile theft and unauthorized access to personal data. To address these security concerns, an “Antitheft Mobile Tracking and Monitoring System” is proposed. The application aims to enhance the security of mobile devices by providing users with the means to track and recover their stolen or lost devices. The Antitheft Mobile Tracking and Monitoring System offers a comprehensive solution to combat mobile theft and enhance device security. By combining real-time GPS tracking, image capturing and use of mail protocols to facilitate them has provided it with capabilities with strong authentication measures, the system provides users with effective tools to mitigate the risks associated with mobile device theft. As mobile devices continue to play an integral role in modern life, such security measures are essential to protect user privacy and personal information. The widespread adoption of mobile devices has revolutionized the way we communicate, work, and access information. With this technological advancement, however, comes an unfortunate increase in the incidents of mobile theft and unauthorized access to personal data. The loss of a mobile device not only represents a financial setback but also exposes users to potential breaches of their privacy and security. This real-time tracking capability enables users and authorized personnel, such as law enforcement agencies, to pinpoint the device's location accurately.

A Blockchain-Based Secure Searching Strategy for Metadata in Mobile Edge Computing

With intelligent devices’ prevalence, mobile edge computing technology can effectively process the massive data in the Internet of Things (IoT). The metadata produced in mobile edge computing plays a role in colossal data management. However, it also includes lots of user privacy information. Traditional privacy protection solutions sacrifice the metadata’s availability or are incompatible with the distributed environment. To overcome this dilemma, we propose a blockchain-based secure searching strategy for metadata (BSSMeta) in mobile edge computing. By leveraging a lightweight proxy re-encryption scheme and a decentralized key generation method on the blockchain, BSSMeta keeps the security of the metadata searching tasks. Meanwhile, a master-slave smart contract method and a buffer uploading strategy are proposed for the efficiency of the searching and uploading processes. As a byproduct, BSSMeta also supports searching metadata in a multi-user environment and gives users access control to metadata. Finally, we provide a security analysis of BSSMeta and implement a prototype on the Hyperledger Fabric platform. The results of experiments on various workloads show that BSSMeta is feasible and flexible in security and efficiency.

Asynchronous distributed charging protocol for plug-in electric vehicles

The proliferation of plug-in electric vehicles (PEVs) advocates a distributed paradigm for coordinating PEV charging. Unlike existing primal-dual decomposition or consensus methods, this paper proposes a cutting-plane-based distributed algorithm considering a peer-to-peer (P2P) communication network, which enables asynchronous coordination among PEVs. First, an equivalent surrogate model is established by exploiting the duality of the original optimization problem, which masks the private information of individual users by equivalent transformation. Then, a cutting-plane based algorithm is derived to solve the surrogate problem in a distributed manner with intrinsic superiority to cope with various asynchrony. Critical implementation issues, including distributed initialization, distributed cutting-plane generation, and localized stopping criteria, are discussed in detail. Numerical tests on IEEE 37- and 123-node feeders with actual data illustrate that the proposed method is resilient to several asynchronies and admits the plug-and-play operation mode. The proposed methodology is expected to provide an alternative path toward the robust protocol for PEV charging.

A Novel Traffic Obfuscation Technology for Smart Home

With the widespread popularity of smart home devices and the emergence of smart home integration platforms such as Google, Amazon, and Xiaomi, the smart home industry is in a stage of vigorous development. While smart homes provide users with convenient and intelligent living, the problem of smart home devices leaking user privacy has become increasingly prominent. Smart home devices give users the ability to remotely control home devices, but they also reflect user home activities in traffic data, which brings the risk of privacy leaks. Potential attackers can use traffic classification technology to analyze traffic characteristics during traffic transmission (e.g., at the traffic exit of a smart home gateway) and infer users’ private information, such as their home activities, causing serious consequences of privacy leaks. To address the above problems, this paper focuses on research on privacy protection technology based on traffic obfuscation. By using traffic obfuscation technology to obscure the true traffic of smart home devices, it can prevent malicious traffic listeners from analyzing user privacy information based on traffic characteristics. We propose an enhanced smart home traffic obfuscation method called SHTObfuscator (Smart Home Traffic Obfuscator) based on the virtual user technology concept and a virtual user behavior construction method based on logical integrity. By injecting traffic fingerprints of different device activities into the real traffic environment of smart homes as obfuscating traffic, attackers cannot distinguish between the real device working status and user behavior privacy in the current home, effectively reducing the effect of traffic classification attack models. The protection level can be manually or automatically adjusted, achieving a balance between privacy protection and bandwidth overhead. The experimental results show that under the highest obfuscation level, the obfuscation method proposed in this paper can effectively reduce the classification effect of the attack model from 95% to 25%.

Information privacy culture in Croatian libraries

PurposeThe research aims to establish the predictors of the acceptance of technical and organizational measures for the protection of personal data to ensure information privacy in Croatian libraries, starting from the constructs of the APCO Macro Model.Design/methodology/approachTwo data collection methods were used: the online survey questionnaire method and the analysis of the websites of independent libraries in the Republic of Croatia.FindingsThe results show that the acceptance of measures for personal data protection by a library manager is mostly influenced by perceived knowledge, while culture and trust have a positive correlation of moderate strength. Awareness has a low positive correlation, and privacy experience is not statistically related to the acceptance of measures. There is no statistically significant difference in the acceptance of measures for the protection of personal data concerning age and work experience in the profession. There is a statistically significant correlation between compliance with the principle of transparency and the size of the library.Originality/valueThe study is valuable as it examined the characteristics of the culture of information privacy in libraries and determined the existence and impact of factors that influence ensuring the information privacy of users in Croatian libraries.

Data Sharing Mechanism and Strategy for Multi-Service Integration for Smart Grid

The new power system is an energy interconnection network based on renewable energy generation. Information interconnection, data security, and reliability are the basis for the digital transformation of the power grid. Data sharing, lifecycle management, security, and user information privacy are issues that need to be addressed urgently. This paper analyzes the characteristics of the multi-combination of power grid data across services and introduces smart contract, cross-chain, and security encryption-related technologies. Based on the effective combination of smart contract and CP-ABE, data sharing schemes, including data sharing mechanism and data access control model are designed. Given this scheme, the blockchain system’s overall architecture is proposed, including the main chain, side chain, data sharing, and cross-chain information interaction. Finally, the underlying blockchain service platform is built using the Hyperledger open-source framework. We deploy the platform to verify the feasibility of the scheme according to the requirements of the data center, trust center, and blockchain-distributed nodes.

Machine Learning Approach for Detection of Phishing Website

Abstract: Phishing attacks are the easiest way to get sensitive information from innocent users. The purpose of phishing is to obtain critical information like the private information of users. Phishing sites pretend to be relevant sites and it is more difficult to distinguish these sites. It is one of the greatest threats that every individual and management has ever faced. URLs are referred to as web pages through which users locate pieces of information on the Internet. This paper focuses on phishing website detection which is important for the prevention of our sensitive information. There are different types of websites with different features. Therefore, we need to use a specific set of features on websites to protect against phishing. A machine learning model has been proposed to detect phishing websites. To detect phishing sites, we proposed the machine learning model. The essential objective of this paper is to classify the various algorithm of machine learning by extracting and analyzing various features of legitimate and phishing URLs.

Understanding the adoption of digital conferencing tools: Unpacking the impact of privacy concerns and incident response efficacy

Since working from home has become a new norm for many individuals worldwide, digital-conferencing tools have increased in popularity. To date, few studies have investigated how the adoption of digital-conferencing tools relates to user information privacy concerns against security incidents and coping appraisal. This paper utilizes an integrated IUIPC and Privacy Calculus model to explore the impact of privacy concerns, incident response efficacy, trust, and risk involved in digital conferencing adoption. To test the proposed model, we administer a survey to 212 participants and find that perceived benefits, trusting beliefs, and personal Internet interest increase intention to use digital conferencing software while risk beliefs decrease behavioral intentions. In addition, we find incident response efficacy to be a salient construct in explaining users’ trusting beliefs. The study provides recommendations for digital conferencing service providers on how to improve consumer adoption through strengthened security practices and incident response strategies.

Integrated demand-side management for multi-energy system based on non-cooperative game and multi-energy pricing

This paper proposes an integrated demand-side management (IDSM) approach based on non-cooperative game and multi-energy pricing strategy for a regional integrated energy system (RIES). On the demand side, the competition among multi-energy users was modeled as a non-cooperative energy consumption game, and the conditions to ensure the existence and uniqueness of the Nash equilibrium of the non-cooperative game were given. Considering the privacy of user information, a distributed multi energy consumption control algorithm based on dual theory and gradient descent method was designed to search for the optimal multi-energy consumption and the multi-energy daily retail price. In addition, for the energy supply side, the scheduling strategy of energy hub (EH) was proposed based on linear programming (LP) theory to optimize equipment operation. The results show that this approach can enable users and EH to coordinate optimization, so as to reduce the peak-to-average ratio (PAR) and energy cost of the system, and ensure the balance between supply and demand of multi-energy.