Visible to the public Adversary Models and Privacy, 2014

SoS Newsletter- Advanced Book Block


SoS Logo

Adversary Models and Privacy


The need to understand adversarial behavior in light of new technologies is always important. Using models to understand their behavior is an important element in the Science of Security, particularly in the context of threats to privacy—data privacy, location privacy, and other forms. The research presented here was performed in 2014 and recovered on June 30, 2015.

Wei Wang; Qian Zhang, “A Stochastic Game for Privacy Preserving Context Sensing on Mobile Phone,” INFOCOM, 2014 Proceedings IEEE, vol., no., pp. 2328, 2336, April 27 2014-May 2 2014. doi:10.1109/INFOCOM.2014.6848177
Abstract: The proliferation of sensor-equipped smartphones has enabled an increasing number of context-aware applications that provide personalized services based on users' contexts. However, most of these applications aggressively collect users sensing data without providing clear statements on the usage and disclosure strategies of such sensitive information, which raises severe privacy concerns and leads to some initial investigation on privacy preservation mechanisms design. While most prior studies have assumed static adversary models, we investigate the context dynamics and call attention to the existence of intelligent adversaries. In this paper, we first identify the context privacy problem with consideration of the context dynamics and malicious adversaries with capabilities of adjusting their attacking strategies, and then formulate the interactive competition between users and adversaries as a zero-sum stochastic game. In addition, we propose an efficient minimax learning algorithm to obtain the optimal defense strategy. Our evaluations on real smartphone context traces of 94 users validate the proposed algorithm.
Keywords: data privacy; learning (artificial intelligence);minimax techniques; smart phones; stochastic games; ubiquitous computing; attacking strategy; context dynamics; context privacy problem; context-aware application; disclosure strategy; intelligent adversary; interactive competition; minimax learning algorithm; mobile phone; optimal defense strategy; personalized services; privacy preservation mechanisms design; privacy preserving context sensing; sensor-equipped smartphones; static adversary model; user context; user sensing data; zero-sum stochastic game; Context; Context-aware services; Games; Privacy; Sensors; Smart phones; Stochastic processes (ID#: 15-6301)

Ren-Hung Hwang; Fu-Hui Huang, “SocialCloaking: A Distributed Architecture for K-Anonymity Location Privacy Protection,” Computing, Networking and Communications (ICNC), 2014 International Conference on, vol., no., pp. 247, 251, 3-6 Feb. 2014. doi:10.1109/ICCNC.2014.6785340
Abstract: As location information becomes commonly available in smart phones, applications of Location Based Service (LBS) has also become very popular and are widely used by smart phone users. Since the query of LBS contains user's location, it raises a privacy concern of exposure of user's location. K-anonymity is a commonly adopted technique for location privacy protection. In the literature, a centralized architecture which consists of a trusted anonymity server is widely adopted. However, this approach exhibits several apparent weaknesses, such as single point of failure, performance bottleneck, serious security threats, and not trustable to users, etc. In this paper, we re-examine the location privacy protection problem in LBS applications. We first provide an overview of the problem itself, to include types of query, privacy protection methods, adversary models, system architectures, and their related works in the literature. We then discuss the challenges of adopting a distributed architecture which does not need to set up a trusted anonymity server and propose a solution by combining unique features of structured peer-to-peer architecture and trust relationships among users of their on-line social networking relations.
Keywords: data privacy; mobile computing; query processing; social networking (online); trusted computing; K-anonymity location privacy protection; LBS query; SocialCloaking; adversary model; centralized architecture; distributed architecture; failure point; location information; location-based service; on-line social networking relation; security threat; smart phones; structured peer-to-peer architecture; system architecture; trust relationship; trusted anonymity server; user location; Computer architecture; Mobile communication; Mobile handsets; Peer-to-peer computing; Privacy; Servers; Trajectory; Distributed Anonymity Server Architecture; Location Based Service; Location Privacy; Peer-to-Peer; Social Networking (ID#: 15-6302)

Kulkarni, S.; Saha, S.; Hockenbury, R., “Preserving Privacy in Sensor-Fog Networks,” Internet Technology and Secured Transactions (ICITST), 2014 9th International Conference for, vol., no., pp. 96, 99, 8-10 Dec. 2014. doi:10.1109/ICITST.2014.7038785
Abstract: To address the privacy-utility tradeoff associated with wireless sensor networks in general, and a smart television remote in particular, we study and test usability factors and privacy aspects associated with the current framework models of a TV remote, and port the paradigm of Fog computing to arrive at an optimal solution. A Fog node, being closer to the end-devices not only mitigates the problem of latency but also enables computationally expensive operations, which were earlier possible only at cloud-side. We explore various adversary models, which can potentially compromise our framework and suggest measures to help avoid them.
Keywords: digital television; distributed algorithms; public key cryptography; wireless sensor networks; TV remote; fog computing; privacy; public key cryptography; sensor-fog network; smart television remote; wireless sensor network; Accelerometers; Accuracy; Computational modeling; Feature extraction; Privacy; Public key cryptography; TV; fog; smart; utility (ID#: 15-6303)

Kui Xu; Danfeng Yao; Perez-Quinones, M.A.; Link, C.; Geller, E.S., “Role-Playing Game for Studying User Behaviors in Security: A Case Study on Email Secrecy,” Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), 2014 International Conference on, vol., no., pp.18, 26, 22-25 Oct. 2014. doi: (not provided)
Abstract: Understanding the capabilities of adversaries (e.g., how much the adversary knows about a target) is important for building strong security defenses. Computing an adversary's knowledge about a target requires new modeling techniques and experimental methods. Our work describes a quantitative analysis technique for modeling an adversary's knowledge about private information at workplace. Our technical enabler is a new emulation environment for conducting user experiments on attack behaviors. We develop a role-playing cyber game for our evaluation, where the participants take on the adversary role to launch ID theft attacks by answering challenge questions about a target. We measure an adversary's knowledge based on how well he or she answers the authentication questions about a target. We present our empirical modeling results based on the data collected from a total of 36 users.
Keywords: Internet; behavioural sciences computing; computer games; data privacy; message authentication; unsolicited e-mail; ID theft attack; email secrecy; quantitative analysis technique; role-playing cyber game; security defenses; user behavior; Authentication; Educational institutions; Electronic mail; Games; Privacy; Servers; Social network services (ID#: 15-6304)

Nagendrakumar, S.; Aparna, R.; Ramesh, S., “A Non-Grouping Anonymity Model for Preserving Privacy in Health Data Publishing,” Science Engineering and Management Research (ICSEMR), 2014 International Conference on, vol., no., pp. 1, 6,
27-29 Nov. 2014. doi:10.1109/ICSEMR.2014.7043554
Abstract: Publishing health data may jeopardize privacy breaches, since they contain sensitive information about the individuals. Privacy preserving data publishing (PPDP) addresses the problem of revealing sensitive data when extracting the useful data. The existing privacy models are group based anonymity models. Hence, these models consider the privacy of the individual only in a group based manner. And those groups are the hunting ground for the adversaries. All data re-identification attacks are based on the group of records. The root cause behind our approach is that the k-anonymity problem can be viewed as a clustering approach. Though the k-anonymity problem does not insist on the number of clusters, it requires that each group must contain at least k-records. We propose a Non-Grouping Anonymity model; this gives a basic level of anonymization that prevents an individual being re-identified from their published data.
Keywords: data privacy; electronic publishing; medical information systems; pattern clustering; security of data; PPDP; anonymization; clustering approach; data re-identification attacks; group based anonymity model; health data publishing privacy; k-anonymity problem; nongrouping anonymity model; privacy breaches; privacy model; privacy preserving data publishing; sensitive data; sensitive information; Data models; Data privacy; Loss measurement; Privacy; Publishing; Taxonomy; Vegetation; Anonymity; Privacy in Data Publishing; data Privacy; data Utility (ID#: 15-6305)

Tiwari, P.K.; Chaturvedi, S., “Publishing Set Valued Data via M-Privacy,” Advances in Engineering and Technology Research (ICAETR), 2014 International Conference on, vol., no., pp. 1, 6, 1-2 Aug. 2014. doi:10.1109/ICAETR.2014.7012814
Abstract: It is very important to achieve security of data in distributed databases. With increasing in the usability of distributed database security issues regarding it are also going to be more complex. M-privacy is a very effective technique which may be used to achieve security of distributed databases. Set-valued data provides huge opportunities for a variety of data mining tasks. Most of the present data publishing techniques for set-valued data are refers to horizontal division based privacy models. Differential privacy method is totally opposite to horizontal based privacy method; it provides higher privacy guarantee and it is also sovereign of an adversary's environment information and computational capability. Set-valued data have high dimensionality so not any single existing data publishing approach for differential privacy can be applied for both utility and scalability. This work provided detailed information about this new threat, and gave some assistance to resolve it. At the start we introduced the concept of m-privacy. This concept guarantees that the anonymous data will satisfies a given privacy check next to any group of up to m colluding data providers. After it we presented heuristic approach for exploiting the monotonicity of confidentiality constraints for proficiently inspecting m-privacy given a cluster of records. Next, we have presented a data provider-aware anonymization approach with adaptive m-privacy inspection strategies to guarantee high usefulness and m-privacy of anonymized data with effectiveness. Finally, we proposed secured multi-party calculation protocols for set valued data publishing with m-privacy.
Keywords: data mining; data privacy; distributed databases; adaptive m-privacy inspection strategies; anonymous data; computational capability; confidentiality constraints monotonicity; data mining tasks; data provider-aware anonymization approach; data security; distributed database security; environment information; heuristic approach; horizontal division based privacy models; privacy check; privacy guarantee; privacy method; secured multiparty calculation protocols; set-valued data publishing techniques; threat; Algorithm design and analysis; Computational modeling; Data privacy; Distributed databases; Privacy; Publishing; Taxonomy; privacy; set-valued dataset (ID#: 15-6306)

Hui Cui; Yi Mu; Man Ho Au, “Public-Key Encryption Resilient against Linear Related-Key Attacks Revisited,” Trust, Security and Privacy in Computing and Communications (TrustCom), 2014 IEEE 13th International Conference on, vol., no., pp. 268, 275, 24-26 Sept. 2014. doi:10.1109/TrustCom.2014.37
Abstract: Wee (PKC'12) proposed a generic public-key encryption scheme in the setting of related-key attacks. Bellare, Paterson and Thomson (Asiacrypt'12) provided a framework enabling related-key attack (RKA) secure cryptographic primitives for a class of non-linear related-key derivation functions. However, in both of their constructions, the instantiations to achieve the full (not weak) RKA security are given under the scenario regarding the private key composed of single element. In other words, each element of the private key shares the same modification. However, this is impractical in real world. In this paper, we concentrate on the security of public-key encryption schemes under linear related-key attacks in the setting of multielement private keys (that is, the private key is composed of more than one element), where an adversary is allowed to tamper any part of this private key stored in a hardware device, and subsequently observes the outcome of a public key encryption system under this targeted modified private key. We define the security model for RKA secure public-key encryption schemes as chosen-cipher text and related-key attack (CC-RKA) security, which means that a public-key encryption scheme remains secure even when an adversary is allowed to issue the decryption oracle on linear shifts of any component of the private key. After that, we present a detailed public key encryption schemes with the private key formed of several elements, of which the CC-RKA security is under the decisional BDH assumption in the standard model.
Keywords: public key cryptography; Asiacrypt12; CC-RKA security; PKC12; chosen-cipher text; decisional BDH assumption; decryption oracle; linear related-key secure cryptographic primitives; multielement private keys; nonlinear related-key derivation functions; public-key encryption; standard model; Encryption; Hardware; Identity-based encryption; Resistance; Linear related-key attack; Public-key encryption (ID#: 15-6307)

Oya, S.; Troncosoy, C.; Perez-Gonzalez, F., “Understanding the Effects of Real-World Behavior in Statistical Disclosure Attacks,” Information Forensics and Security (WIFS), 2014 IEEE International Workshop on, vol., no., pp. 72, 77, 3-5 Dec. 2014. doi:10.1109/WIFS.2014.7084306
Abstract: High-latency anonymous communication systems prevent passive eavesdroppers from inferring communicating partners with certainty. However, disclosure attacks allow an adversary to recover users' behavioral profiles when communications are persistent. Understanding how the system parameters affect the privacy of the users against such attacks is crucial. Earlier work in the area analyzes the performance of disclosure attacks in controlled scenarios, where a certain model about the users' behavior is assumed. In this paper, we analyze the profiling accuracy of one of the most efficient disclosure attack, the least squares disclosure attack, in realistic scenarios. We generate real traffic observations from datasets of different nature and find that the models considered in previous work do not fit this realistic behavior. We relax previous hypotheses on the behavior of the users and extend previous performance analyses, validating our results with real data and providing new insights into the parameters that affect the protection of the users in the real world.
Keywords: data privacy; least squares approximations; security of data; statistical analysis; high-latency anonymous communication systems; least squares disclosure attack; passive eavesdroppers; profiling accuracy; real-world behavior; statistical disclosure attacks; user privacy; Analytical models; Approximation methods; Conferences; Electronic mail; Forensics; Performance analysis; Receivers; anonymity; mixes; performance analysis (ID#: 15-6308)

Ramachandran, S.; Chithan, S.; Ravindran, S., “A Cost-Effective Approach Towards Storage and Privacy Preserving for Intermediate Data Sets in Cloud Environment,” Recent Trends in Information Technology (ICRTIT), 2014 International Conference on, vol., no., pp. 1, 5, 10-12 April 2014. doi:10.1109/ICRTIT.2014.6996145
Abstract: Cloud computing offers pay-as-you-go model, where users only pay for their resource consumption. Many large applications utilize cloud computing. These applications generate a lot of essential intermediate results for future purpose. Storing all intermediate results is not a cost efficient approach. At the same time adversary may refer multiple intermediate result to steal the information. Likewise encrypting every part of intermediate results will increase computation cost for the user. The main aim of the system is to provide a cost effective approach for storing and providing privacy for the intermediate results.
Keywords: cloud computing; data privacy; cloud environment; computation cost; cost efficient approach; intermediate data set; pay-as-you-go model; privacy preservation; resource consumption; storage preservation; Cloud computing; Computational efficiency; Computational modeling; Data privacy; Encryption; Privacy; storage strategy (ID#: 15-6309)

Sidorov, V.; Wee Keong Ng, “Model of an Encrypted Cloud Relational Database Supporting Complex Predicates in WHERE Clause,” Cloud Computing (CLOUD), 2014 IEEE 7th International Conference on, vol., no., pp. 667, 672, June 27 2014–July 2 2014. doi:10.1109/CLOUD.2014.94
Abstract: Even though the concept of a Database-as-a-Service (DaaS) is becoming more popular and offers significant expenditure cuts, enterprises are still reluctant to migrate their data storing and processing to the cloud. One of the reasons to that is a lack of solid security guarantees. Encrypted database is one of the major approaches to address the security of cloud data processing. However, in order to provide processing capabilities over encrypted data, multiple techniques need to be combined and adjusted to work together. This paper introduces a modular and extensible framework model of an encrypted database, which makes it possible to execute a wide range of queries, including those with complex arithmetic expressions, retaining data privacy even with an adversary gaining full access to the database server. Proposed model could be used as a basis for encrypted database systems with various functional requirements.
Keywords: cloud computing; cryptography; relational databases; DaaS; WHERE clause; cloud data processing security; cloud relational database encryption; database-as-a-service; Data models; Databases; Encryption; Numerical models; Servers; cloud database security; complex query predicates; querying encrypted data (ID#: 15-6310)

Ajish, S.; Rajasree, R., “Secure Mail using Visual Cryptography (SMVC),” Computing, Communication and Networking Technologies (ICCCNT), 2014 International Conference on, vol., no., pp. 1, 7, 11-13 July 2014. doi:10.1109/ICCCNT.2014.6963148
Abstract: The E-mail messaging is one of the most popular uses of the Internet and the multiple Internet users can exchange messages within short span of time. Although the security of the E-mail messages is an important issue, no such security is supported by the Internet standards. One well known scheme, called PGP (Pretty Good Privacy) is used for personal security of E-mail messages. There is an attack on CFB Mode Encryption as used by OpenPGP. To overcome the attacks and to improve the security a new model is proposed which is "Secure Mail using Visual Cryptography". In the secure mail using visual cryptography the message to be transmitted is converted into a gray scale image. Then (2, 2) visual cryptographic shares are generated from the gray scale image. The shares are encrypted using A Chaos-Based Image Encryption Algorithm Using Wavelet Transform and authenticated using Public Key based Image Authentication method. One of the shares is send to a server and the second share is send to the recipient’s mail box. The two shares are transmitted through two different transmission medium so man in the middle attack is not possible. If an adversary has only one out of the two shares, then he has absolutely no information about the message. At the receiver side the two shares are fetched, decrypted and stacked to generate the grey scale image. From the grey scale image the message is reconstructed.
Keywords: chaos; data privacy; electronic mail; image processing; message authentication; public key cryptography; wavelet transforms;(2, 2) visual cryptography; CFB mode encryption; Internet standards; OpenPGP; SMVC; chaos-based image encryption algorithm; e-mail messaging; gray scale image; personal security; pretty good privacy; public key based image authentication method; receipent mail box; receiver side; secure mail using visual cryptography; transmission medium; wavelet transform; Electronic mail; Encryption; Heuristic algorithms; Receivers; Visualization; Wavelet transforms; chaos based image encryption algorithm; dynamic s-box algorithm; low frequency wavelet coefficient; pretty good privacy; visual cryptography; wavelet decomposition (ID#: 15-6311)

Pandit, A.; Polina, P.; Kumar, A., “CLOPRO: A Framework for Context Cloaking Privacy Protection,” Communication Systems and Network Technologies (CSNT), 2014 Fourth International Conference on, vol., no., pp. 782, 787, 7-9 April 2014. doi:10.1109/CSNT.2014.164
Abstract: Smartphones, loaded with users' personal information have become the primary computing device for many. This makes privacy an increasingly important issue. To protect the privacy of the context based service users we propose CLOPRO framework (Context Cloaking Privacy Protection) using two non-colluding servers. Each service request has three parameters: identity, context and actual query. The proposed, integrated framework achieves the identity privacy, the context privacy, and the query privacy to reduce the risk of an adversary linking all of the three parameters. The methodology used is as follows: A group of users having a similar query are clustered together, a unique id for each cluster of users is created ensuring identity privacy. The centroid of the location coordinates replaces the actual location for the users in the cluster for location privacy, the query abstraction at multiple levels ensures the query privacy. The refined query is then sent to the service provider for processing. The effectiveness of the proposed approach is established by analyzing CLOPRO privacy protection model and comparing it with the other approaches.
Keywords: data protection; pattern clustering; query processing; smart phones; CLOPRO privacy protection model; context based service users; context cloaking privacy protection; context privacy; identity privacy; noncolluding servers; query abstraction; query privacy; smartphones; Clustering algorithms; Context; Mobile communication; Mobile handsets; Privacy; Servers; Time factors; Abstraction; Anonymization; Clustering; Context Cloaking; Location Based Services; Privacy Protection (ID#: 15-6312)

Paverd, A.; Martin, A.; Brown, I., “Privacy-Enhanced Bi-Directional Communication in the Smart Grid Using Trusted Computing,” Smart Grid Communications (SmartGridComm), 2014 IEEE International Conference on, vol., no., pp. 872, 877, 3-6 Nov. 2014. doi:10.1109/SmartGridComm.2014.7007758
Abstract: Although privacy concerns in smart metering have been widely studied, relatively little attention has been given to privacy in bi-directional communication between consumers and service providers. Full bi-directional communication is necessary for incentive-based demand response (DR) protocols, such as demand bidding, in which consumers bid to reduce their energy consumption. However, this can reveal private information about consumers. Existing proposals for privacy-enhancing protocols do not support bi-directional communication. To address this challenge, we present a privacy-enhancing communication architecture that incorporates all three major information flows (network monitoring, billing and bi-directional DR) using a combination of spatial and temporal aggregation and differential privacy. The key element of our architecture is the Trustworthy Remote Entity (TRE), a node that is singularly trusted by mutually distrusting entities. The TRE differs from a trusted third party in that it uses Trusted Computing approaches and techniques to provide a technical foundation for its trustworthiness. A automated formal analysis of our communication architecture shows that it achieves its security and privacy objectives with respect to a previously-defined adversary model. This is therefore the first application of privacy-enhancing techniques to bi-directional smart grid communication between mutually distrusting agents.
Keywords: data privacy; energy consumption; incentive schemes; invoicing; power engineering computing; power system measurement; protocols; smart meters; smart power grids; trusted computing; TRE; automated formal analysis; bidirectional DR information flow; billing information flow; differential privacy; energy consumption reduction; incentive-based demand response protocol; network monitoring information flow; privacy-enhanced bidirectional smart grid communication architecture; privacy-enhancing protocol; smart metering; spatial aggregation; temporal aggregation; trusted computing; trustworthy remote entity; Bidirectional control; Computer architecture; Monitoring; Privacy; Protocols; Security; Smart grids (ID#: 15-6313)

Minami, K., “Preventing Denial-of-Request Inference Attacks in Location-Sharing Services," Mobile Computing and Ubiquitous Networking (ICMU), 2014 Seventh International Conference on, vol., no., pp. 50, 55, 6-8 Jan. 2014. doi:10.1109/ICMU.2014.6799057
Abstract: Location-sharing services (LSSs), such as Google Latitude, have been popular recently. However, location information is sensitive and access to it must be controlled carefully. We previously study an inference problem against an adversary who performs inference based on a Markov model that represents a user's mobility patterns. However, the Markov model does not capture the fact that a denial of a request enforced by the LSS itself implies that a target user is visiting some private location. In this paper, we develop an algorithmic model for representing this new class of inference attacks and conduct experiments with a real location dataset to show that threats posed by the denial-of-request inference attacks are significantly real.
Keywords: Global Positioning System; Markov processes; telecommunication security; Google Latitude; LSS; Markov model; denial-of-request inference attacks prevention; location-sharing services; private location; user mobility patterns; Global Positioning System; Hospitals; Inference algorithms; Libraries; Privacy; Trajectory (ID#: 15-6314)

Lopez, J.M.; Ruebsamen, T.; Westhoff, D., “Privacy-Friendly Cloud Audits with Somewhat Homomorphic and Searchable Encryption,” Innovations for Community Services (I4CS), 2014 14th International Conference on, vol., no., pp. 95, 103, 4-6 June 2014. doi:10.1109/I4CS.2014.6860559
Abstract: In this paper, we provide privacy enhancements for a software agent-based audit system for clouds. We also propose a general privacy enhancing cloud audit concept which, we do present based on a recently proposed framework. This framework introduces the use of audit agents for collecting digital evidence from different sources in cloud environments. Obviously, the elicitation and storage of such evidence leads to new privacy concerns of cloud customers, since it may reveal sensitive information about the utilization of cloud services. We remedy this by applying Somewhat Homomorphic Encryption (SHE) and Public-Key Searchable Encryption (PEKS) to the collection of digital evidence. By considering prominent audit event use cases we show that the amount of cleartext information provided to an evidence storing entity and subsequently to a third-party auditor can be shaped in a good balance taking into account both, i) the customers' privacy and ii) the fact that stored information may need to have probative value. We believe that the administrative domain responsible for an evidence storing database falls under the adversary model "honest-but-curious" and thus should perform query responses from the auditor with respect to a given cloud audit use case by purely performing operations on encrypted digital evidence data.
Keywords: cloud computing; public key cryptography; software agents; PEKS; SHE; cloud computing; cloud services; privacy-friendly cloud audits; public-key searchable encryption; searchable encryption; software agent-based audit system; somewhat homomorphic encryption; third-party auditor; Encryption; IP networks; Monitoring; Privacy; Public key; Audit; Cloud Computing; Computing on Encrypted Data; Evidence; Searchable Encryption; Somewhat Homomorphic Encryption (ID#: 15-6315)

Srihari Babu, D.V.; Reddy, P.C., “Secure Policy Agreement for Privacy Routing in Wireless Communication System,” Control, Instrumentation, Communication and Computational Technologies (ICCICCT), 2014 International Conference on, vol., no., pp. 739, 744, 10-11 July 2014. doi:10.1109/ICCICCT.2014.6993057
Abstract: Security and privacy are major issues which risk the wireless communication system in successful operation employment in Adhoc and Sensor networks. Message confidentiality can be assured through successful message or content encryption, but it is very difficult to address the source location privacy. A number of schemes and polices have been proposed to protect privacy in wireless networks. Many security schemes are offered but none of those provide complete security property for data packets and control packets. This paper proposes a secure policy agreement approach for open-privacy routing in wireless communication using location-centric communication model to achieve efficient security and privacy against both Internal and External adversary pretenders. To evaluate the performance of our proposal we analyze the security, privacy and performance comparisons to alternate techniques. Simulation result shows an improvisation in proposed policy and it is more efficient and offers better privacy when compare to the prior works.
Keywords: ad hoc networks; cryptography; data privacy; telecommunication network routing; wireless channels; wireless sensor networks; ad hoc networks; complete security property; content encryption; control packets; data packets; external adversary pretenders; internal adversary pretenders; location-centric communication; message confidentiality; message encryption; open-privacy routing; secure policy agreement; sensor networks; source location privacy; successful operation employment; wireless communication system; Mobile ad hoc networks; Privacy; Public key; Routing; Routing protocols; MANET; Privacy Routing; Secure policy; Wireless Communication (ID#: 15-6316)

Zheng Jiangyu; Tan Xiaobin; Cliff, Z.; Niu Yukun; Zhu Jin, “A Cloaking-Based Approach to Protect Location Privacy in Location-Based Services,” Control Conference (CCC), 2014 33rd Chinese, vol., no., pp. 5459, 5464, 28-30 July 2014. doi:10.1109/ChiCC.2014.6895872
Abstract: With the widespread use of mobile devices, the location-based service (LBS) applications become increasingly popular, which introduces the new security challenge to protect user's location privacy. On one hand, a user expects to report his own location as far as possible away from his real location to protect his location privacy. On the other hand, in order to obtain high quality of service (QoS), users are required to report their locations as accurate as possible. To achieve the dedicated tradeoff between privacy requirement and QoS requirement, we propose a novel approach based on cloaking technique. We also discuss the disadvantage of the traditional general system model and propose an improved model. The basic idea of our approach is to select a sub-area from the generated cloaking area as user's reported location. The sub-area may not contain a user's real location, which prevents an adversary from performing attack with side information. Specifically, by defining an objective function with a novel location privacy metric and a QoS metric, we are able to convert the privacy issue to an optimization problem. Then, location privacy metric and QoS metric are given. To reduce the complexity of the optimization, a heuristic algorithm is proposed. Through privacy-preserving analysis and comparison with related work [8], we demonstrate the effectiveness and efficiency of our approach.
Keywords: data protection; invisibility cloaks; mobility management (mobile radio); optimisation; quality of service; smart phones; telecommunication security; QoS metric; cloaking-based approach; heuristic algorithm; location privacy metric; location-based services; mobile devices; optimization problem; privacy preserving analysis; privacy requirement; security; user location privacy protection; Complexity theory; Heuristic algorithms; Measurement; Optimization; Privacy; Quality of service; Servers; Cloaking Area; Location Privacy; Location-based Services; k-anonymity (ID#: 15-6317)

Sam, M.M.; Vijayashanthi, N.; Sundhari, A., “An Efficient Pseudonymous Generation Scheme with Privacy Preservation for Vehicular Communication,” Intelligent Computing Applications (ICICA), 2014 International Conference on, vol., no., pp. 109, 117, 6-7 March 2014. doi:10.1109/ICICA.2014.32
Abstract: Vehicular Ad-Hoc Network (VANET) communication has recently become an increasingly popular research topic in the area of wireless networking as well as the automotive industries. The goal of VANET research is to develop a vehicular communication system to enable quick and cost efficient distribution of data for the benefit of passengers safety and comfort. But location privacy in vanet is still an imperative issue. To overcome this privacy, a popular approach that is recommended in vanet is that vehicles periodically change their pseudonyms when they broadcast safety messages. An Effective pseudonym changing at proper location(e.g., a road intersection when the traffic light turns red or a free parking lot near a shopping mall) (PCP) strategy to achieve the provable location privacy. In addition, we use Bilinear Pairing for self-delegated key generation. Current threat model primarily considers that an adversary can track a vehicle that can utilize more character factors to track a vehicle and to explore new location-privacy-enhanced techniques under such a stronger threat model.
Keywords: telecommunication security; vehicular ad hoc networks; VANET communication; VANET research; bilinear pairing; effective pseudonym changing; location-privacy-enhanced techniques; privacy preservation; pseudonymous generation scheme; road intersection; self-delegated key generation; vehicular ad-hoc network; vehicular communication; vehicular communication system; wireless networking; Analytical models; Authentication; Privacy; Roads; Safety; Vehicles; Vehicular ad hoc networks; Group- Signature-Based (GSB); Pseudonym Changing at Proper Location (PCP); RoadSide Units (RSUs); Trusted Authority (TA) (ID#: 15-6318)

Depeng Li; Aung, Z.; Williams, J.; Sanchez, A., “P2DR: Privacy-Preserving Demand Response System in Smart Grids,” Computing, Networking and Communications (ICNC), 2014 International Conference on, vol., no., pp. 41, 47, 3-6 Feb. 2014. doi:10.1109/ICCNC.2014.6785302
Abstract: Demand response programs are widely used to balance the supply and the demand in smart grids. They result in a reliable electric power system. Unfortunately, the privacy violation is a pressing challenge and increasingly affects the demand response programs because of the fact that power usage and operational data can be misused to infer personal information of customers. Without a consistent privacy preservation mechanism, adversaries can capture, model and divulge customers' behavior and activities at almost every level of society. This paper investigates a set of new privacy threat models focusing on financial rationality verse inconvenience. Furthermore, we design and implement a privacy protection protocol based on attributed-based encryptions. To demonstrate its feasibility, the protocol is adopted in several kinds of demand response programs. Real-world experiments show that our scheme merely incurs a substantially light overhead, but can address the formidable privacy challenges that customers are facing in demand response systems.
Keywords: cryptographic protocols; data privacy; power system reliability; smart power grids; P2DR; attributed-based encryptions; customer personal information; financial rationality verse inconvenience; operational data; power usage; privacy protection protocol; privacy threat; privacy-preserving demand response system; reliable electric power system; smart grids; substantially light overhead; supply demand balance; Control systems; Data privacy; Encryption; Load management; Protocols; Consumer privacy; Demand Response; Privacy Preservation; Smart Grids (ID#: 15-6319)

Gaofeng He; Ming Yang; Xiaodan Gu; Junzhou Luo; Yuanyuan Ma, “A Novel Active Website Fingerprinting Attack against Tor Anonymous System,” Computer Supported Cooperative Work in Design (CSCWD), Proceedings of the 2014 IEEE 18th International Conference on, vol., no., pp. 112, 117, 21-23 May 2014. doi:10.1109/CSCWD.2014.6846826
Abstract: Tor is a popular anonymizing network and the existing work shows that it can preserve users' privacy from website fingerprinting attacks well. However, based on our extensive analysis, we find it is the overlap of web objects in returned web pages that make the traffic features obfuscated, thus degrading the attack detection rate. In this paper, we propose a novel active website fingerprinting attack under Tor's local adversary model. The main idea resides in the fact that the attacker can delay HTTP requests originated from users for a certain period to isolate responding traffic segments containing different web objects. We deployed our attack in PlanetLab and the experiment lasted for one month. The SVM multi-classification algorithm was then applied on the collected datasets with the introduced features to identify the visited website among 100 top ranked websites in Alexa. Compared to the stat-of-the-art work, the classification result is improved from 48.5% to 65% by delaying at most 10 requests. We also analyzed the timing characteristics of Tor traffic to prove the stealth of our attack. The research results show that anonymity in Tor is not as strong as expected and should be enhanced in the future.
Keywords: Web sites; pattern classification; security of data; support vector machines; Alexa; HTTP requests; PlanetLab; SVM multiclassification algorithm; Tor anonymous system; Tor traffic; Web objects; Web pages; novel active Website fingerprinting attack; timing characteristics; traffic features; Accuracy; Browsers; Delays; Fingerprint recognition; Protocols; Support vector machines; Tor; active website fingerprinting; anonymous communication; pattern recognition; privacy; traffic analysis (ID#: 15-6320)

Le Ny, J.; Touati, A.; Pappas, G.J., “Real-Time Privacy-Preserving Model-Based Estimation of Traffic Flows,” Cyber-Physical Systems (ICCPS), 2014 ACM/IEEE International Conference on, vol., no., pp. 92, 102, 14-17 April 2014.  doi:10.1109/ICCPS.2014.6843714
Abstract: Road traffic information systems rely on data streams provided by various sensors, e.g., loop detectors, cameras, or GPS, containing potentially sensitive location information about private users. This paper presents an approach to enhance real-time traffic state estimators using fixed sensors with a privacy-preserving scheme providing formal guarantees to the individuals traveling on the road network. Namely, our system implements differential privacy, a strong notion of privacy that protects users against adversaries with arbitrary side information. In contrast to previous privacy-preserving schemes for trajectory data and location-based services, our procedure relies heavily on a macroscopic hydrodynamic model of the aggregated traffic in order to limit the impact on estimation performance of the privacy-preserving mechanism. The practicality of the approach is illustrated with a differentially private reconstruction of a day of traffic on a section of I-880 North in California from raw single-loop detector data.
Keywords: data privacy; real-time systems; road traffic; state estimation; traffic information systems; data streams; real-time privacy-preserving model; real-time traffic state estimators; road network; road traffic information systems; traffic flow estimation; Data privacy; Density measurement; Detectors; Privacy; Roads; Vehicles; Differential privacy; intelligent transportation systems; privacy-preserving data assimilation (ID#: 15-6321)

Mardziel, P.; Alvim, M.S.; Hicks, M.; Clarkson, M.R., “Quantifying Information Flow for Dynamic Secrets,” Security and Privacy (SP), 2014 IEEE Symposium on, vol., no., pp. 540, 555, 18-21 May 2014. doi:10.1109/SP.2014.41
Abstract: A metric is proposed for quantifying leakage of information about secrets and about how secrets change over time. The metric is used with a model of information flow for probabilistic, interactive systems with adaptive adversaries. The model and metric are implemented in a probabilistic programming language and used to analyze several examples. The analysis demonstrates that adaptivity increases information flow.
Keywords: cryptography; high level languages; interactive systems; probability; dynamic secrets; information flow; information leakage; interactive systems; probabilistic programming language; probabilistic systems; Adaptation models; Automata; Context; History; Measurement; Probabilistic logic; Security; dynamic secret; gain function; probabilistic programming; quantitative information flow; vulnerability (ID#: 15-6322)

Chaohui Du; Guoqiang Bai, “Attacks on Physically-Embedded Data Encryption for Embedded Devices,” Trust, Security and Privacy in Computing and Communications (TrustCom), 2014 IEEE 13th International Conference on, vol., no., pp. 967, 972, 24-26 Sept. 2014. doi:10.1109/TrustCom.2014.128
Abstract: Data encryption is the primary method to protect embedded devices in the hostile environment. The security of the traditional data encryption algorithms relies on keeping the keys secret and they always require a lot of arithmetic and logical computations, which may be not suitable for area critical or power critical embedded devices. At TrustCom 2013, Hou et al. Proposed to use a physical unclonable function (PUF) to build a novel physically-embedded data encryption (PEDE) for embedded devices. The PEDE is lightweight since all it does is xor-ing the plaintext with the output of a PUF. As the PUF is unique and unclonable, only the original physical device can decrypt the cipher text. Without possessing the original PEDE device, adversaries could not determine anything about the plaintext even if both the secret key and the cipher text are available to them. In this paper, we show that the existing PEDE architecture is sensitive to environmental variations, which leads to the fact that the decrypted plaintext does not equal to the original plaintext. Besides the lack of reliability, we also show that the existing PEDE architecture is vulnerable to known-plaintext attack and modeling attack. To address these issues, we propose a secure and robust PEDE architecture.
Keywords: cryptography; PEDE architecture; arithmetic computations; cipher text; embedded devices; known-plaintext attack; logical computations; modeling attack; physically-embedded data encryption; secret key; Computer architecture; Delays; Encryption; Generators; Robustness; Embedded device; Encryption; Known-plaintext attack; Modeling attack; Physical effect; Physical unclonable function; Reliability; Security (ID#: 15-6323)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.