Publishing datasets plays an essential role in open data research and promoting transparency of government agencies. However, such data publication might reveal users' private information. One of the ...most sensitive sources of data is spatiotemporal trajectory datasets. Unfortunately, merely removing unique identifiers cannot preserve the privacy of users. Adversaries may know parts of the trajectories or be able to link the published dataset to other sources for the purpose of user identification. Therefore, it is crucial to apply privacy preserving techniques before the publication of spatiotemporal trajectory datasets. In this paper, we propose a robust framework for the anonymization of spatiotemporal trajectory datasets termed as machine learning based anonymization (MLA). By introducing a new formulation of the problem, we are able to apply machine learning algorithms for clustering the trajectories and propose to use <inline-formula><tex-math notation="LaTeX">k</tex-math> <mml:math><mml:mi>k</mml:mi></mml:math><inline-graphic xlink:href="shaham-ieq1-2964658.gif"/> </inline-formula>-means algorithm for this purpose. A variation of <inline-formula><tex-math notation="LaTeX">k</tex-math> <mml:math><mml:mi>k</mml:mi></mml:math><inline-graphic xlink:href="shaham-ieq2-2964658.gif"/> </inline-formula>-means algorithm is also proposed to preserve the privacy in overly sensitive datasets. Moreover, we improve the alignment process by considering multiple sequence alignment as part of the MLA. The framework and all the proposed algorithms are applied to T-Drive, Geolife, and Gowalla location datasets. The experimental results indicate a significantly higher utility of datasets by anonymization based on MLA framework.
Lightweight anonymity protocols in the network layer are promising in terms of high throughput and low latency. The realistic and weak assumption of local adversaries deletes the need for hop-by-hop ...encryption of onion routing, and this contributes to high throughput and low latency. Among them, PHI and its successor dPHI are promising due to the fact that path-setup packets for anonymous paths are forwarded according to IP routing. This feature enables easy deployment of the protocol on the Internet infrastructure. However, PHI and dPHI are vulnerable to adversaries such as malicious ASes who compromise servers for path setup, called helpers, and malicious ASes who leverage topological information and routing policies of the IP network. The paper resolves the vulnerabilities in the two steps. In the first step, we design attacks that leverage the vulnerabilities to break anonymity. In the second step, we extend dPHI to mitigate such attacks by adding a new server called a guard. The extended protocol is called gPHI, and gPHI is resilient against adversaries who perform such attacks. This paper designs gPHI and validates its resilience through formal proof and simulation.
In wireless medical sensor network (WMSN), bio-sensors are implanted within the patient body to sense the sensitive information of a patient which later on can be transmitted to the remote medical ...centers for further processing. The patient’s data can be accessed using WMSN by medical professionals from anywhere across the globe with the help of Internet. As the patient sensitive information is transmitted over an insecure WMSN, so providing a secure access and privacy of the patient’s data are challenging issues in WMSN environments. However, in literature, to provide secure data access, few user authentication protocols exist. Most of these existing protocols may not be applicable to WMSNs for providing user’s anonymity. To fill these gaps, in this article, we propose an architecture for patient monitoring health-care system in WMSN and then design an anonymity-preserving mutual authentication protocol for mobile users. We used the AVISPA tool to simulate the proposed protocol. The results obtained indicate that the proposed authentication protocol resists the existing well known attacks. In addition, the BAN logic model confirms mutual authentication feature of the proposed protocol. Moreover, an informal cryptanalysis is also given, which ensures that the proposed protocol withstands all known attacks. We perform a comparative discussion of the proposed protocol against the existing protocols and the comparative results demonstrate that the proposed protocol is efficient and robust. Specifically, the proposed protocol is not only effective in providing robustness against common security threats, but it also offers an efficient login, robust mutual authentication, and user-friendly password change.
•A robust and anonymous user authentication protocol is designed to monitor patient health using wireless medical sensor networks.•The security validation and authentication proof of the proposed protocol is done using AVISPA tool and BAN logic.•The proposed protocol has superior performance than the existing protocols.
With the development of cloud computing and wireless body area networks (WBANs), wearable equipments are able to become new intelligent terminals to provide services for users, which plays an ...important role to improve the human health-care service. However, The traditional WBANs devices have limited computing and storage capabilities. These restrictions limit the services that WBANs can provide to users. Thus the concept of Cloud-aided WBANs has been proposed to enhance the capabilities of WBANs. In addition, due to the openness of the cloud computing environment, the protection of the user's physiological information and privacy remains a major concern. In previous authentication protocols, few of them can protect the user's private information in insecure channel. In this paper, we propose a cloud-aided lightweight certificateless authentication protocol with anonymity for wireless body area networks. Our protocol ensures that no one can obtain user's real identity except for the network manager in the registration phase. Moreover, in the authentication phase, the network manager cannot know the user's real identity. Note that, through the security analysis, we can conclude that our protocol can provide stronger security protection of private information than most of existing schemes in insecure channel.
Wireless Sensor Network (WSN) is a very important part of Internet of Things (IoT), especially in e-healthcare applications. Among them, wireless medical sensor networks (WMSNs) have been used in the ...personalized healthcare systems (PHSs). In recent years, professionals use their mobile devices to access the data collected from sensors which are placed in or on patients’ bodies. Due to the danger of wireless transmission circumstance, the security of the data which are collected by the sensors and also transmitted to the doctors faces challenges. In the past decade, many authentication schemes for WMSNs are proposed. However, security disadvantages have been found in such schemes. To overcome the historical security problems, we propose a robust and lightweight authentication scheme for WMSNs, which meets the common security requirements, and keeps away user tracking from attackers. The popular tool Proverif is employed to express that our scheme resists the simulated attacks. Also, the informal security analysis is demonstrated. With the comparison to several very recent schemes and simulation by NS-3, the proposed scheme is suitable for PHSs.
•A lightweight two-factor authentication scheme using WMSNs away from being tracked is presented.•We use the famous tool Proverif to prove that our scheme is secure against the common attacks.•The informal analysis and performance comparison with recent schemes show that ours is the best.•The simulation with NS-3 shows that our scheme is applicable for practice.
Focus group methodology generates distinct ethical challenges that do not correspond fully to those raised by one-to-one interviews. This paper explores, in both conceptual and practical terms, three ...key issues: consent; confidentiality and anonymity; and risk of harm. The principal challenge in obtaining consent lies in giving a clear account of what will take place in the group, owing to unpredictability of the discussion and interaction that will occur. As consent can be seen in terms of creating appropriate expectations in the participant, this may therefore be hard to achieve. Moreover, it is less straightforward for the participant to revoke consent than in one-to-one interviews. Confidentiality and anonymity are potentially problematic because of the researcher’s limited control over what participants may subsequently communicate outside the group. If the group discussion encourages over-disclosure by some participants, this problem becomes more acute. Harm in a focus group may arise from the discussion of sensitive topics, and this may be amplified by the public nature of the discussion. A balance should be struck between avoiding or closing down potentially distressing discussion and silencing the voices of certain participants to whom such discussion may be important or beneficial. As a means of addressing the above issues, we outline some strategies that can be adopted in the consent process, in a preliminary briefing session, during moderation of the focus group, and in a subsequent debriefing, and suggest that these strategies can be employed synergistically so as to reinforce each other.
Fog computing is a modern computing platform that connects the cloud with the edge smart devices located at the edge of the network. The fog computing platform has several characteristics desirable ...for Internet of Things (IoT) systems, such as the efficient data access, low latency, and location awareness. Data aggregation is a common operation in IoT systems. However, for data aggregation applications in the fog-enhanced IoT environment, how to efficiently preserve the privacy of sensitive data is a major concern. To address this challenge, we propose APPA: a device-oriented Anonymous Privacy-Preserving scheme with Authentication for data aggregation applications in fog-enhanced IoT systems, which also supports multi-authority to manage smart devices and fog nodes locally. In APPA scheme, the anonymity and authenticity of the device is guaranteed with pseudonym and pseudonym certificate, which can be updated autonomously. Taking the advantage of a local certification authority, the pseudonym management can be shifted to specialized fogs at the network edge, which provide real-time service for device registration and update. The data privacy can be ensured during data aggregation by using the Paillier algorithm. Detailed security analysis is conducted to show that our scheme can achieve security and privacy-preservation properties in the fog-enhanced IoT systems. Additionally, we compare our scheme with existing schemes to demonstrate the effectiveness and efficiency of our proposed scheme in terms of low computational complexity and communication overhead.
•We present a DKM scheme to protect the users’ trajectory privacy for continuous LBSs.•We design the location selection mechanism to obfuscate the users’ real query location.•We utilize the dynamic ...pseudonym mechanism and K-anonymity to improve the users’ trajectory privacy on the LSP.•We employ multiple anonymizers to solve the single point failure and the performance bottleneck in STTP.
Location-based services (LBSs) have increasingly provided by a broad range of devices and applications, but one associated risk is location disclosure. To solve this problem, a commonly method is to adopt K-anonymity in the centralized architecture based on a single trusted anonymizer. However, this strategy may compromise user privacy involving continuous LBSs. In this study, we propose a dual-K mechanism (DKM) to protect the users’ trajectory privacy for continuous LBSs. The proposed DKM method firstly inserted multiple anonymizers between the user and the location service provider (LSP), and K query locations are sent to different anonymizers to achieve K-anonymity. Simultaneously, we combined the dynamic pseudonym and the location selection mechanisms to improve user trajectory privacy. Hence, neither the LSP nor the anonymizer can obtain the user trajectory. Security analyses demonstrates that our proposed scheme can effectively enhance user trajectory privacy protection, and the simulation results prove that the DKM scheme can preserve user trajectory privacy with low overhead on a single anonymizer.
The fusion of mobile devices and social networks is stimulating a wider use of Location Based Service (LBS) and makes it become an important part in our daily life. However, the problem of privacy ...leakage has become a main factor that hinders the further development of LBS. When a LBS user sends queries to the LBS server, the user’s personal privacy in terms of identity and location may be leaked to the attacker. To protect user’s privacy, Niu et al. proposed an algorithm named enhanced-Dummy Location Selection (en-DLS). In this paper, we introduce two attacks to en-DLS, namely long-term statistical attack (LSA) and regional statistical attack (RSA). In the proposed attacks, an attacker can obtain the privacy contents of a user by analyzing LBS historical data, which causes en-DLS to be invalid for user’s privacy protection. Furthermore, this paper proposes a set of privacy protection schemes against both LSA and RSA. For LSA, we propose two protection methods named multiple user name (MNAME) and same user name (SNAME). To solve the regional privacy issue, we divide the map into various regions with different requirements on privacy protection. For this purpose, four levels of protection requirements (PLs) are defined, and true location is protected by allocating a certain number of positions from the dummies according to the location’s PL. Performance analysis and simulation results show that our proposed methods can completely avoid the vulnerabilities of en-DLS to both LSA and RSA, and incur marginal increase of communication overhead and computational cost.
•According to the rule of activity of most users, we introduce LSA by using the historical data. For the attack, we give out two methods to preserve user’s privacy.•We divide the regions in the map into different PLs according to the privacy requirement. We design algorithm to make the regions of high level to be dummies at a high rate and the regions of low level at a low rate. The problem that the attacker can violate the privacy of a particular region by analyzing the historical data is solved.•We analyze the ability to preserve user’s privacy by entropy. The internal relation among the frequency of user’s LBS query, the division of regions in the map, and the length of the interval of historical information collected is discussed.
Achieving low latency and providing real-time services are two of several key challenges in conventional cloud-based smart grid systems, and hence, there has been an increasing trend of moving to ...edge computing. While there have been a number of cryptographic protocols designed to facilitate secure communications in smart grid systems, existing protocols generally do not support conditional anonymity and flexible key management. Thus, in this article, we introduce a blockchain-based mutual authentication and key agreement protocol for edge-computing-based smart grid systems. Specifically, leveraging blockchain, the protocol can support efficient conditional anonymity and key management, without the need for other complex cryptographic primitives. The security analysis shows that the protocol achieves reasonable security assurance, and the comparative summary for security and efficiency also suggests the potential of the proposed protocol in a smart grid deployment.