Showing papers on "Information privacy published in 2016"
Proceedings Article•
19 Jun 2016TL;DR: It is shown that the cloud service is capable of applying the neural network to the encrypted data to make encrypted predictions, and also return them in encrypted form, which allows high throughput, accurate, and private predictions.
Abstract: Applying machine learning to a problem which involves medical, financial, or other types of sensitive data, not only requires accurate predictions but also careful attention to maintaining data privacy and security. Legal and ethical requirements may prevent the use of cloud-based machine learning solutions for such tasks. In this work, we will present a method to convert learned neural networks to CryptoNets, neural networks that can be applied to encrypted data. This allows a data owner to send their data in an encrypted form to a cloud service that hosts the network. The encryption ensures that the data remains confidential since the cloud does not have access to the keys needed to decrypt it. Nevertheless, we will show that the cloud service is capable of applying the neural network to the encrypted data to make encrypted predictions, and also return them in encrypted form. These encrypted predictions can be sent back to the owner of the secret key who can decrypt them. Therefore, the cloud service does not gain any information about the raw data nor about the prediction it made. We demonstrate CryptoNets on the MNIST optical character recognition tasks. CryptoNets achieve 99% accuracy and can make around 59000 predictions per hour on a single PC. Therefore, they allow high throughput, accurate, and private predictions.
1,246 citations
TL;DR: The success of the Internet of Things and rich cloud services have helped create the need for edge computing, in which data processing occurs in part at the network edge, rather than completely in the cloud.
Abstract: The success of the Internet of Things and rich cloud services have helped create the need for edge computing, in which data processing occurs in part at the network edge, rather than completely in the cloud. Edge computing could address concerns such as latency, mobile devices' limited battery life, bandwidth costs, security, and privacy.
938 citations
TL;DR: The authors summarizes and draws connections among diverse streams of theoretical and empirical research on the economics of privacy, focusing on the economic value and consequences of protecting and disclosing personal information, and on consumers' understanding and decisions regarding the tradeoffs associated with the privacy and the sharing of personal data.
Abstract: This article summarizes and draws connections among diverse streams of theoretical and empirical research on the economics of privacy. We focus on the economic value and consequences of protecting and disclosing personal information, and on consumers' understanding and decisions regarding the trade-offs associated with the privacy and the sharing of personal data. We highlight how the economic analysis of privacy evolved over time, as advancements in information technology raised increasingly nuanced and complex issues associated with the protection and sharing of personal information. We find and highlight three themes that connect diverse insights from the literature. First, characterizing a single unifying economic theory of privacy is hard, because privacy issues of economic relevance arise in widely diverse contexts. Second, there are theoretical and empirical situations where the protection of privacy can both enhance, and detract from, individual and societal welfare. Third, in digital economies, consumers' ability to make informed decisions about their privacy is severely hindered, because consumers are often in a position of imperfect or asymmetric information regarding when their data is collected, for what purposes, and with what consequences. We conclude the article by highlighting some of the ongoing issues in the privacy debate of interest to economists.
665 citations
01 Nov 2016
TL;DR: A Systematic Literature Review on the blockchain is conducted to gather knowledge on the current uses of this technology and to document its current degree of integrity, anonymity and adaptability, and to found 18 use cases of blockchain in the literature.
Abstract: In the Internet of Things (IoT) scenario, the block-chain and, in general, Peer-to-Peer approaches could play an important role in the development of decentralized and dataintensive applications running on billion of devices, preserving the privacy of the users. Our research goal is to understand whether the blockchain and Peer-to-Peer approaches can be employed to foster a decentralized and private-by-design IoT. As a first step in our research process, we conducted a Systematic Literature Review on the blockchain to gather knowledge on the current uses of this technology and to document its current degree of integrity, anonymity and adaptability. We found 18 use cases of blockchain in the literature. Four of these use cases are explicitly designed for IoT. We also found some use cases that are designed for a private-by-design data management. We also found several issues in the integrity, anonymity and adaptability. Regarding anonymity, we found that in the blockchain only pseudonymity is guaranteed. Regarding adaptability and integrity, we discovered that the integrity of the blockchain largely depends on the high difficulty of the Proof-of-Work and on the large number of honest miners, but at the same time a difficult Proof-of-Work limits the adaptability. We documented and categorized the current uses of the blockchain, and provided a few recommendations for future work to address the above-mentioned issues.
604 citations
TL;DR: This paper highlights the major security requirements in BSN-based modern healthcare system and proposes a secure IoT-based healthcare system using BSN, called B SN-Care, which can efficiently accomplish those requirements.
Abstract: Advances in information and communication technologies have led to the emergence of Internet of Things (IoT). In the modern health care environment, the usage of IoT technologies brings convenience of physicians and patients, since they are applied to various medical areas (such as real-time monitoring, patient information management, and healthcare management). The body sensor network (BSN) technology is one of the core technologies of IoT developments in healthcare system, where a patient can be monitored using a collection of tiny-powered and lightweight wireless sensor nodes. However, the development of this new technology in healthcare applications without considering security makes patient privacy vulnerable. In this paper, at first, we highlight the major security requirements in BSN-based modern healthcare system. Subsequently, we propose a secure IoT-based healthcare system using BSN, called BSN-Care, which can efficiently accomplish those requirements.
544 citations
01 Dec 2016
TL;DR: This paper proposes a security framework that integrates the blockchain technology with smart devices to provide a secure communication platform in a smart city.
Abstract: A smart city uses information technology to integrate and manage physical, social, and business infrastructures in order to provide better services to its dwellers while ensuring efficient and optimal utilization of available resources. With the proliferation of technologies such as Internet of Things (IoT), cloud computing, and interconnected networks, smart cities can deliver innovative solutions and more direct interaction and collaboration between citizens and the local government. Despite a number of potential benefits, digital disruption poses many challenges related to information security and privacy. This paper proposes a security framework that integrates the blockchain technology with smart devices to provide a secure communication platform in a smart city.
491 citations
TL;DR: This study explores the critical roles of two sets of factors: the sensitivity of the context within which the private information is disclosed and the customer's personality and indicates that context moderates the parameters and path structure of the trust model.
313 citations
TL;DR: Patients with low health literacy were less likely to use HIT tools or perceive them as easy or useful, but they perceived information on HIT as private, and health literacy score was positively associated with trust in health care.
Abstract: Background: Approximately one-half of American adults exhibit low health literacy and thus struggle to find and use health information. Low health literacy is associated with negative outcomes including overall poorer health. Health information technology (HIT) makes health information available directly to patients through electronic tools including patient portals, wearable technology, and mobile apps. The direct availability of this information to patients, however, may be complicated by misunderstanding of HIT privacy and information sharing. Objective: The purpose of this study was to determine whether health literacy is associated with patients’ use of four types of HIT tools: fitness and nutrition apps, activity trackers, and patient portals. Additionally, we sought to explore whether health literacy is associated with patients’ perceived ease of use and usefulness of these HIT tools, as well as patients’ perceptions of privacy offered by HIT tools and trust in government, media, technology companies, and health care. This study is the first wide-scale investigation of these interrelated concepts. Methods: Participants were 4974 American adults (n=2102, 42.26% male, n=3146, 63.25% white, average age 43.5, SD 16.7 years). Participants completed the Newest Vital Sign measure of health literacy and indicated their actual use of HIT tools, as well as the perceived ease of use and usefulness of these applications. Participants also answered questions regarding information privacy and institutional trust, as well as demographic items. Results: Cross-tabulation analysis indicated that adequate versus less than adequate health literacy was significantly associated with use of fitness apps (P=.02), nutrition apps (P<.001), activity trackers (P<.001), and patient portals (P<.001). Additionally, greater health literacy was significantly associated with greater perceived ease of use and perceived usefulness across all HIT tools after controlling for demographics. Regarding privacy perceptions of HIT and institutional trust, patients with greater health literacy often demonstrated decreased privacy perceptions for HIT tools including fitness apps (P<.001) and nutrition apps (P<.001). Health literacy was negatively associated with trust in government (P<.001), media (P<.001), and technology companies (P<.001). Interestingly, health literacy score was positively associated with trust in health care (P=.03). Conclusions: Patients with low health literacy were less likely to use HIT tools or perceive them as easy or useful, but they perceived information on HIT as private. Given the fast-paced evolution of technology, there is a pressing need to further the understanding of how health literacy is related to HIT app adoption and usage. This will ensure that all users receive the full health benefits from these technological advances, in a manner that protects health information privacy, and that users engage with organizations and providers they trust. [J Med Internet Res 2016;18(10):e264]
294 citations
TL;DR: It is argued that the general hypothesis of the framework offers clear directions for further empirical research and theory building about privacy concerns in smart cities, and that it provides a sensitizing instrument for local governments to identify the absence, presence, or emergence of privacy concerns among their citizens.
284 citations
TL;DR: This paper presents the first attribute-based keyword search scheme with efficient user revocation (ABKS-UR) that enables scalable fine-grained (i.e., file-level) search authorization and formalizes the security definition and proves the proposed AB KS-UR scheme selectively secure against chosen-keyword attack.
Abstract: Search over encrypted data is a critically important enabling technique in cloud computing, where encryption-before-outsourcing is a fundamental solution to protecting user data privacy in the untrusted cloud server environment. Many secure search schemes have been focusing on the single-contributor scenario, where the outsourced dataset or the secure searchable index of the dataset are encrypted and managed by a single owner, typically based on symmetric cryptography. In this paper, we focus on a different yet more challenging scenario where the outsourced dataset can be contributed from multiple owners and are searchable by multiple users, i.e., multi-user multi-contributor case. Inspired by attribute-based encryption (ABE), we present the first attribute-based keyword search scheme with efficient user revocation (ABKS-UR) that enables scalable fine-grained (i.e., file-level) search authorization. Our scheme allows multiple owners to encrypt and outsource their data to the cloud server independently. Users can generate their own search capabilities without relying on an always online trusted authority. Fine-grained search authorization is also implemented by the owner-enforced access policy on the index of each file. Further, by incorporating proxy re-encryption and lazy re-encryption techniques, we are able to delegate heavy system update workload during user revocation to the resourceful semi-trusted cloud server. We formalize the security definition and prove the proposed ABKS-UR scheme selectively secure against chosen-keyword attack. To build confidence of data user in the proposed secure search system, we also design a search result verification scheme. Finally, performance evaluation shows the efficiency of our scheme.
279 citations
TL;DR: An overview of the battle ground by defining the roles and operations of privacy systems and the effort of privacy study from the perspectives of different disciplines, respectively is presented.
Abstract: One of the biggest concerns of big data is privacy. However, the study on big data privacy is still at a very early stage. We believe the forthcoming solutions and theories of big data privacy root from the in place research output of the privacy discipline. Motivated by these factors, we extensively survey the existing research outputs and achievements of the privacy field in both application and theoretical angles, aiming to pave a solid starting ground for interested readers to address the challenges in the big data case. We first present an overview of the battle ground by defining the roles and operations of privacy systems. Second, we review the milestones of the current two major research categories of privacy: data clustering and privacy frameworks. Third, we discuss the effort of privacy study from the perspectives of different disciplines, respectively. Fourth, the mathematical description, measurement, and modeling on privacy are presented. We summarize the challenges and opportunities of this promising topic at the end of this paper, hoping to shed light on the exciting and almost uncharted land.
TL;DR: A mobile-cloud framework is presented, which is an active approach to eradicate the data over-collection, which means smartphones apps collect users' data more than its original function while within the permission scope.
Abstract: In smart city, all kinds of users’ data are stored in electronic devices to make everything intelligent. A smartphone is the most widely used electronic device and it is the pivot of all smart systems. However, current smartphones are not competent to manage users’ sensitive data, and they are facing the privacy leakage caused by data over-collection. Data over-collection, which means smartphones apps collect users’ data more than its original function while within the permission scope, is rapidly becoming one of the most serious potential security hazards in smart city. In this paper, we study the current state of data over-collection and study some most frequent data over-collected cases. We present a mobile-cloud framework, which is an active approach to eradicate the data over-collection. By putting all users’ data into a cloud, the security of users’ data can be greatly improved. We have done extensive experiments and the experimental results have demonstrated the effectiveness of our approach.
TL;DR: To improve the efficiency of big data feature learning, the paper proposes a privacy preserving deep computation model by offloading the expensive operations to the cloud by using the BGV encryption scheme and employing cloud servers to perform the high-order back-propagation algorithm on the encrypted data efficiently forDeep computation model training.
Abstract: To improve the efficiency of big data feature learning, the paper proposes a privacy preserving deep computation model by offloading the expensive operations to the cloud. Privacy concerns become evident because there are a large number of private data by various applications in the smart city, such as sensitive data of governments or proprietary information of enterprises. To protect the private data, the proposed model uses the BGV encryption scheme to encrypt the private data and employs cloud servers to perform the high-order back-propagation algorithm on the encrypted data efficiently for deep computation model training. Furthermore, the proposed scheme approximates the Sigmoid function as a polynomial function to support the secure computation of the activation function with the BGV encryption. In our scheme, only the encryption operations and the decryption operations are performed by the client while all the computation tasks are performed on the cloud. Experimental results show that our scheme is improved by approximately 2.5 times in the training efficiency compared to the conventional deep computation model without disclosing the private data using the cloud computing including ten nodes. More importantly, our scheme is highly scalable by employing more cloud servers, which is particularly suitable for big data.
TL;DR: This paper covers uses of privacy by taking existing methods such as HybrEx, k-anonymity, T-closeness and L-diversity and its implementation in business and presents recent techniques of privacy preserving in big data.
Abstract: Big data is a term used for very large data sets that have more varied and complex structure. These characteristics usually correlate with additional difficulties in storing, analyzing and applying further procedures or extracting results. Big data analytics is the term used to describe the process of researching massive amounts of complex data in order to reveal hidden patterns or identify secret correlations. However, there is an obvious contradiction between the security and privacy of big data and the widespread use of big data. This paper focuses on privacy and security concerns in big data, differentiates between privacy and security and privacy requirements in big data. This paper covers uses of privacy by taking existing methods such as HybrEx, k-anonymity, T-closeness and L-diversity and its implementation in business. There have been a number of privacy-preserving mechanisms developed for privacy protection at different stages (for example, data generation, data storage, and data processing) of a big data life cycle. The goal of this paper is to provide a major review of the privacy preservation mechanisms in big data and present the challenges for existing mechanisms. This paper also presents recent techniques of privacy preserving in big data like hiding a needle in a haystack, identity based anonymization, differential privacy, privacy-preserving big data publishing and fast anonymization of big data streams. This paper refer privacy and security aspects healthcare in big data. Comparative study between various recent techniques of big data privacy is also done as well.
01 Jan 2016
TL;DR: A corpus of 115 privacy policies with manual annotations for 23K fine-grained data practices is introduced and the process of using skilled annotators and a purpose-built annotation tool to produce the data is described.
Abstract: Website privacy policies are often ignored by Internet users, because these documents tend to be long and difficult to understand. However, the significance of privacy policies greatly exceeds the attention paid to them: these documents are binding legal agreements between website operators and their users, and their opaqueness is a challenge not only to Internet users but also to policy regulators. One proposed alternative to the status quo is to automate or semi-automate the extraction of salient details from privacy policy text, using a combination of crowdsourcing, natural language processing, and machine learning. However, there has been a relative dearth of datasets appropriate for identifying data practices in privacy policies. To remedy this problem, we introduce a corpus of 115 privacy policies (267K words) with manual annotations for 23K fine-grained data practices. We describe the process of using skilled annotators and a purpose-built annotation tool to produce the data. We provide findings based on a census of the annotations and show results toward automating the annotation procedure. Finally, we describe challenges and opportunities for the research community to use this corpus to advance research in both privacy and language technologies.
TL;DR: This work allows an individual user to enforce all her privacy requirements before any sensitive data is uploaded to the cloud, enables developers of cloud services to integrate privacy functionality already into the development process of cloud Services, and offers users a transparent and adaptable interface for configuring their privacy requirements.
01 Dec 2016
TL;DR: This tutorial paper gives a systems and control perspective on the topic of privacy preserving data analysis, with a particular emphasis on the processing of dynamic data as well as data exchanged in networks.
Abstract: As intelligent automation and large-scale distributed monitoring and control systems become more widespread, concerns are growing about the way these systems collect and make use of privacy-sensitive data obtained from individuals. This tutorial paper gives a systems and control perspective on the topic of privacy preserving data analysis, with a particular emphasis on the processing of dynamic data as well as data exchanged in networks. Specifically, we consider mechanisms enforcing differential privacy, a state-of-the-art definition of privacy initially introduced to analyze large, static datasets, and whose guarantees hold against adversaries with arbitrary side information. We discuss in particular how to perform tasks such as signal estimation, consensus and distributed optimization between multiple agents under differential privacy constraints.
TL;DR: This paper proposes a privacy-preserving scheme for IDR programs in the smart grid, which enables the DR provider to compute individual demand curtailments and DR rewards while preserving customer privacy.
Abstract: The advanced metering infrastructure (AMI) in the smart grid provides real-time information to both grid operators and customers, exploiting the full potential of demand response (DR). However, it introduces new privacy threats to customers. Prior works have proposed privacy-preserving methods in the AMI, such as temporal or spatial aggregation. A main assumption in these works is that fine-grained data do not need to be attributable to individuals. However, this assumption does not hold in incentive-based demand response (IDR) programs where fine-grained metering data are required to analyze individual demand curtailments, and hence, need to be attributable. In this paper, we propose a privacy-preserving scheme for IDR programs in the smart grid, which enables the DR provider to compute individual demand curtailments and DR rewards while preserving customer privacy. Moreover, a customer can reveal his/her identity and prove ownership of his/her power usage profile in certain situations, such as legal disputes. We achieve both privacy and efficiency in our scheme through a combination of several cryptographic primitives, such as identity-committable signatures and partially blind signatures. As far as we know, we are the first to identify and address privacy issues for IDR programs in the smart grid.
TL;DR: This paper addresses the opportunities of Big Data in healthcare together with issues of responsibility and accountability and aims to pave the way for public policy to support a balanced agenda that safeguards personal information while enabling the use of data to improve public health.
Abstract: Research on large shared medical datasets and data-driven research are gaining fast momentum and provide major opportunities for improving health systems as well as individual care. Such open data can shed light on the causes of disease and effects of treatment, including adverse reactions side-effects of treatments, while also facilitating analyses tailored to an individual's characteristics, known as personalized or "stratified medicine." Developments, such as crowdsourcing, participatory surveillance, and individuals pledging to become "data donors" and the "quantified self" movement (where citizens share data through mobile device-connected technologies), have great potential to contribute to our knowledge of disease, improving diagnostics, and delivery of -healthcare and treatment. There is not only a great potential but also major concerns over privacy, confidentiality, and control of data about individuals once it is shared. Issues, such as user trust, data privacy, transparency over the control of data ownership, and the implications of data analytics for personal privacy with potentially intrusive inferences, are becoming increasingly scrutinized at national and international levels. This can be seen in the recent backlash over the proposed implementation of care.data, which enables individuals' NHS data to be linked, retained, and shared for other uses, such as research and, more controversially, with businesses for commercial exploitation. By way of contrast, through increasing popularity of social media, GPS-enabled mobile apps and tracking/wearable devices, the IT industry and MedTech giants are pursuing new projects without clear public and policy discussion about ownership and responsibility for user-generated data. In the absence of transparent regulation, this paper addresses the opportunities of Big Data in healthcare together with issues of responsibility and accountability. It also aims to pave the way for public policy to support a balanced agenda that safeguards personal information while enabling the use of data to improve public health.
TL;DR: The infrastructure of big data and the state-of-the-art privacy-preserving mechanisms in each stage of the big data life cycle are illustrated and the challenges for existing mechanisms are presented.
Abstract: In recent years, big data have become a hot research topic. The increasing amount of big data also increases the chance of breaching the privacy of individuals. Since big data require high computational power and large storage, distributed systems are used. As multiple parties are involved in these systems, the risk of privacy violation is increased. There have been a number of privacy-preserving mechanisms developed for privacy protection at different stages (e.g., data generation, data storage, and data processing) of a big data life cycle. The goal of this paper is to provide a comprehensive overview of the privacy preservation mechanisms in big data and present the challenges for existing mechanisms. In particular, in this paper, we illustrate the infrastructure of big data and the state-of-the-art privacy-preserving mechanisms in each stage of the big data life cycle. Furthermore, we discuss the challenges and future research directions related to privacy preservation in big data.
Posted Content•
TL;DR: In this article, the authors survey the existing literature in security and privacy sub-space in ICN and explore three broad areas: security threats, privacy risks, and access control enforcement mechanisms.
Abstract: Information-Centric Networking (ICN) is a new networking paradigm, which replaces the widely used host-centric networking paradigm in communication networks (e.g., Internet, mobile ad hoc networks) with an information-centric paradigm, which prioritizes the delivery of named content, oblivious of the contents origin. Content and client security are more intrinsic in the ICN paradigm versus the current host centric paradigm where they have been instrumented as an after thought. By design, the ICN paradigm inherently supports several security and privacy features, such as provenance and identity privacy, which are still not effectively available in the host-centric paradigm. However, given its nascency, the ICN paradigm has several open security and privacy concerns, some that existed in the old paradigm, and some new and unique. In this article, we survey the existing literature in security and privacy research sub-space in ICN. More specifically, we explore three broad areas: security threats, privacy risks, and access control enforcement mechanisms.
We present the underlying principle of the existing works, discuss the drawbacks of the proposed approaches, and explore potential future research directions. In the broad area of security, we review attack scenarios, such as denial of service, cache pollution, and content poisoning. In the broad area of privacy, we discuss user privacy and anonymity, name and signature privacy, and content privacy. ICN's feature of ubiquitous caching introduces a major challenge for access control enforcement that requires special attention. In this broad area, we review existing access control mechanisms including encryption-based, attribute-based, session-based, and proxy re-encryption-based access control schemes. We conclude the survey with lessons learned and scope for future work.
TL;DR: The analysis showed that self-presentation and personalized services positively influence consumers' perceived benefits, which in turn positively affects the intention to disclose personal information, and two paths of the direct effects on perceived benefits and risks that induce the ultimate intention to disclosures via mobile apps were proposed and empirically tested.
25 May 2016
TL;DR: A holistic view of the challenges of and issues related to preserving IoT privacy, as well as the existing solutions is provided, identified as the key solution for many IoT privacy issues.
Abstract: The Internet of Things (IoT) is the current evolutionary paradigm of networking and the key driving force toward a smart world. Although privacy in the IoT is highly regarded to ensure the protection of users and personal information from the perspective of individual or cooperative users, it's insufficiently studied. As members of the always-connected paradigm of the massive IoT world, people can scarcely control the disclosure of their personal information. The biggest challenge is to allow users to experience the best utilization of IoT-based products and services with the fewest privacy threats and failures. This article provides a holistic view of the challenges of and issues related to preserving IoT privacy, as well as the existing solutions. Privacy by design (PbD) is identified as the key solution for many IoT privacy issues. The article also discusses hot topics in IoT privacy and future research directions.
TL;DR: This paper designs an efficient homomorphic encryption scheme and a secure comparison scheme, which is used to build an association rule mining solution and demonstrates that the run time in each of the solutions is only one order higher than that in the best non-privacy-preserving data mining algorithms.
Abstract: Association rule mining and frequent itemset mining are two popular and widely studied data analysis techniques for a range of applications. In this paper, we focus on privacy-preserving mining on vertically partitioned databases. In such a scenario, data owners wish to learn the association rules or frequent itemsets from a collective data set and disclose as little information about their (sensitive) raw data as possible to other data owners and third parties. To ensure data privacy, we design an efficient homomorphic encryption scheme and a secure comparison scheme. We then propose a cloud-aided frequent itemset mining solution, which is used to build an association rule mining solution. Our solutions are designed for outsourced databases that allow multiple data owners to efficiently share their data securely without compromising on data privacy. Our solutions leak less information about the raw data than most existing solutions. In comparison to the only known solution achieving a similar privacy level as our proposed solutions, the performance of our proposed solutions is three to five orders of magnitude higher. Based on our experiment findings using different parameters and data sets, we demonstrate that the run time in each of our solutions is only one order higher than that in the best non-privacy-preserving data mining algorithms. Since both data and computing work are outsourced to the cloud servers, the resource consumption at the data owner end is very low.
TL;DR: This work demonstrates a non-conventional and computationally efficient method leveraging distributing computing and strong cryptography to provide comprehensive protection over individual-level and summary data and discusses the practical implications of the solution for large-scale studies and applications from various disciplines, including genetic and biomedical studies, smart grid, network analysis, etc.
Abstract: As one of the most popular statistical and machine learning models, logistic regression with regularization has found wide adoption in biomedicine, social sciences, information technology, and so on. These domains often involve data of human subjects that are contingent upon strict privacy regulations. Concerns over data privacy make it increasingly difficult to coordinate and conduct large-scale collaborative studies, which typically rely on cross-institution data sharing and joint analysis. Our work here focuses on safeguarding regularized logistic regression, a widely-used statistical model while at the same time has not been investigated from a data security and privacy perspective. We consider a common use scenario of multi-institution collaborative studies, such as in the form of research consortia or networks as widely seen in genetics, epidemiology, social sciences, etc. To make our privacy-enhancing solution practical, we demonstrate a non-conventional and computationally efficient method leveraging distributing computing and strong cryptography to provide comprehensive protection over individual-level and summary data. Extensive empirical evaluations on several studies validate the privacy guarantee, efficiency and scalability of our proposal. We also discuss the practical implications of our solution for large-scale studies and applications from various disciplines, including genetic and biomedical studies, smart grid, network analysis, etc.
TL;DR: It is revealed that young adults do understand and care about the potential risks associated with disclosing information online and engage in at least some privacy-protective behaviors on social media, but they feel that once information is shared, it is ultimately out of their control.
Abstract: Based on focus group interviews, we considered how young adults’ attitudes about privacy can be reconciled with their online behavior. The “privacy paradox” suggests that young people claim to care about privacy while simultaneously providing a great deal of personal information through social media. Our interviews revealed that young adults do understand and care about the potential risks associated with disclosing information online and engage in at least some privacy-protective behaviors on social media. However, they feel that once information is shared, it is ultimately out of their control. They attribute this to the opaque practices of institutions, the technological affordances of social media, and the concept of networked privacy, which acknowledges that individuals exist in social contexts where others can and do violate their privacy.
TL;DR: The modular framework design of Health Fog is capable of engaging data from multiple resources together with adequate level of security and privacy using existing cryptographic primitives, and reduces the extra communication cost that is usually found high in similar systems.
Abstract: In the past few years the role of e-health applications has taken a remarkable lead in terms of services and features inviting millions of people with higher motivation and confidence to achieve a healthier lifestyle. Induction of smart gadgetries, people lifestyle equipped with wearables, and development of IoT has revitalized the feature scale of these applications. The landscape of health applications encountering big data need to be replotted on cloud instead of solely relying on limited storage and computational resources of handheld devices. With this transformation, the outcome from certain health applications is significant where precise, user-centric, and personalized recommendations mimic like a personal care-giver round the clock. To maximize the services spectrum from these applications over cloud, certain challenges like data privacy and communication cost need serious attention. Following the existing trend together with an ambition to promote and assist users with healthy lifestyle we propose a framework of Health Fog where Fog computing is used as an intermediary layer between the cloud and end users. The design feature of Health Fog successfully reduces the extra communication cost that is usually found high in similar systems. For enhanced and flexible control of data privacy and security, we also introduce the cloud access security broker (CASB) as an integral component of Health Fog where certain polices can be implemented accordingly. The modular framework design of Health Fog is capable of engaging data from multiple resources together with adequate level of security and privacy using existing cryptographic primitives.
01 Jan 2016
TL;DR: Survey results that suggest a relationship between two types of user privacy concerns and how users control personal information are discussed are discussed.
Abstract: Users struggle to protect personal information while completing transactions requiring a modicum of trust in today's e-business environment. E-businesses argue that they need personal information t...
TL;DR: To enable cloud servers to perform secure search without knowing the actual data of both keywords and trapdoors, a novel secure search protocol is systematically constructed and a novel additive order and privacy preserving function family is proposed.
Abstract: With the advent of cloud computing, it has become increasingly popular for data owners to outsource their data to public cloud servers while allowing data users to retrieve this data. For privacy concerns, secure searches over encrypted cloud data has motivated several research works under the single owner model. However, most cloud servers in practice do not just serve one owner; instead, they support multiple owners to share the benefits brought by cloud computing. In this paper, we propose schemes to deal with privacy preserving ranked multi-keyword search in a multi-owner model (PRMSM). To enable cloud servers to perform secure search without knowing the actual data of both keywords and trapdoors, we systematically construct a novel secure search protocol. To rank the search results and preserve the privacy of relevance scores between keywords and files, we propose a novel additive order and privacy preserving function family. To prevent the attackers from eavesdropping secret keys and pretending to be legal data users submitting searches, we propose a novel dynamic secret key generation protocol and a new data user authentication protocol. Furthermore, PRMSM supports efficient data user revocation. Extensive experiments on real-world datasets confirm the efficacy and efficiency of PRMSM.