Visible to the public Biblio

Filters: Keyword is privacy protection  [Clear All Filters]
Yan, Chenyang, Zhang, Yulei, Wang, Hongshuo, Yu, Shaoyang.  2020.  A Safe and Efficient Message Authentication Scheme In The Internet Of Vehicles. 2020 International Conference on Information Science, Parallel and Distributed Systems (ISPDS). :10—13.
In order to realize the security authentication of information transmission between vehicle nodes in the vehicular ad hoc network, based on the certificateless public key cryptosystem and aggregate signature, a privacy-protected certificateless aggregate signature scheme is proposed, which eliminates the complicated certificate maintenance cost. This solution also solves the key escrow problem. By Communicating with surrounding nodes through the pseudonym of the vehicle, the privacy protection of vehicle users is realized. The signature scheme satisfies the unforgeability of an adaptive selective message attack under a random prophetic machine. The scheme meets message authentication, identity privacy protection, resistance to reply attacks.
Xu, Yizheng.  2020.  Application Research Based on Machine Learning in Network Privacy Security. 2020 International Conference on Computer Information and Big Data Applications (CIBDA). :237—240.
As the hottest frontier technology in the field of artificial intelligence, machine learning is subverting various industries step by step. In the future, it will penetrate all aspects of our lives and become an indispensable technology around us. Among them, network security is an area where machine learning can show off its strengths. Among many network security problems, privacy protection is a more difficult problem, so it needs more introduction of new technologies, new methods and new ideas such as machine learning to help solve some problems. The research contents for this include four parts: an overview of machine learning, the significance of machine learning in network security, the application process of machine learning in network security research, and the application of machine learning in privacy protection. It focuses on the issues related to privacy protection and proposes to combine the most advanced matching algorithm in deep learning methods with information theory data protection technology, so as to introduce it into biometric authentication. While ensuring that the loss of matching accuracy is minimal, a high-standard privacy protection algorithm is concluded, which enables businesses, government entities, and end users to more widely accept privacy protection technology.
Khokhlov, I., Reznik, L..  2020.  What is the Value of Data Value in Practical Security Applications. 2020 IEEE Systems Security Symposium (SSS). :1—8.

Data value (DV) is a novel concept that is introduced as one of the Big Data phenomenon features. While continuing an investigation of the DV ontology and its relationship with the data quality (DQ) on the conceptual level, this paper researches possible applications and use of the DV in the practical design of security and privacy protection systems and tools. We present a novel approach to DV evaluation that maps DQ metrics into DV value. Developed methods allow DV and DQ use in a wide range of application domains. To demonstrate DQ and DV concept employment in real tasks we present two real-life scenarios. The first use case demonstrates the DV use in crowdsensing application design. It shows up how DV can be calculated by integrating various metrics characterizing data application functionality, accuracy, and security. The second one incorporates the privacy consideration into DV calculus by exploring the relationship between privacy, DQ, and DV in the defense against web-site fingerprinting in The Onion Router (TOR) networks. These examples demonstrate how our methods of the DV and DQ evaluation may be employed in the design of real systems with security and privacy consideration.

Zhang, M., Chen, Y., Huang, J..  2020.  SE-PPFM: A Searchable Encryption Scheme Supporting Privacy-Preserving Fuzzy Multikeyword in Cloud Systems. IEEE Systems Journal. :1–9.
Cloud computing provides an appearing application for compelling vision in managing big-data files and responding queries over a distributed cloud platform. To overcome privacy revealing risks, sensitive documents and private data are usually stored in the clouds in a cipher-based manner. However, it is inefficient to search the data in traditional encryption systems. Searchable encryption is a useful cryptographic primitive to enable users to retrieve data in ciphertexts. However, the traditional searchable encryptions provide lower search efficiency and cannot carry out fuzzy multikeyword queries. To solve this issue, in this article, we propose a searchable encryption that supports privacy-preserving fuzzy multikeyword search (SE-PPFM) in cloud systems, which is built by asymmetric scalar-product-preserving encryptions and Hadamard product operations. In order to realize the functionality of efficient fuzzy searches, we employ Word2vec as the primitive of machine learning to obtain a fuzzy correlation score between encrypted data and queries predicates. We analyze and evaluate the performance in terms of token of multikeyword, retrieval and match time, file retrieval time and matching accuracy, etc. The experimental results show that our scheme can achieve a higher efficiency in fuzzy multikeyword ciphertext search and provide a higher accuracy in retrieving and matching procedure.
Gupta, S., Buduru, A. B., Kumaraguru, P..  2020.  imdpGAN: Generating Private and Specific Data with Generative Adversarial Networks. 2020 Second IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA). :64–72.
Generative Adversarial Network (GAN) and its variants have shown promising results in generating synthetic data. However, the issues with GANs are: (i) the learning happens around the training samples and the model often ends up remembering them, consequently, compromising the privacy of individual samples - this becomes a major concern when GANs are applied to training data including personally identifiable information, (ii) the randomness in generated data - there is no control over the specificity of generated samples. To address these issues, we propose imdpGAN-an information maximizing differentially private Generative Adversarial Network. It is an end-to-end framework that simultaneously achieves privacy protection and learns latent representations. With experiments on MNIST dataset, we show that imdpGAN preserves the privacy of the individual data point, and learns latent codes to control the specificity of the generated samples. We perform binary classification on digit pairs to show the utility versus privacy trade-off. The classification accuracy decreases as we increase privacy levels in the framework. We also experimentally show that the training process of imdpGAN is stable but experience a 10-fold time increase as compared with other GAN frameworks. Finally, we extend imdpGAN framework to CelebA dataset to show how the privacy and learned representations can be used to control the specificity of the output.
Wang, Z., Chen, L..  2020.  Re-encrypted Data Access Control Scheme Based on Blockchain. 2020 IEEE 6th International Conference on Computer and Communications (ICCC). :1757–1764.
Nowadays, massive amounts of data are stored in the cloud, how to access control the cloud data has become a prerequisite for protecting the security of cloud data. In order to address the problems of centralized control and privacy protection in current access control, we propose an access control scheme based on the blockchain and re-encryption technology, namely PERBAC-BC scheme. The access control policy is managed by the decentralized and immutability characteristics of blockchain, while the re-encryption is protected by the trusted computing characteristic of blockchain and the privacy is protected by the identity re-encryption technology. The overall structure diagram and detailed execution flow of the scheme are given in this paper. Experimental results show that, compared with the traditional hybrid encryption scheme, the time and space consumption is less when the system is expanded. Then, the time and space performance of each part of the scheme is simulated, and the security of blockchain is proved. The results also show that the time and space performance of the scheme are better and the security is stronger, which has certain stability and expandability.
Esmeel, T. K., Hasan, M. M., Kabir, M. N., Firdaus, A..  2020.  Balancing Data Utility versus Information Loss in Data-Privacy Protection using k-Anonymity. 2020 IEEE 8th Conference on Systems, Process and Control (ICSPC). :158—161.

Data privacy has been an important area of research in recent years. Dataset often consists of sensitive data fields, exposure of which may jeopardize interests of individuals associated with the data. In order to resolve this issue, privacy techniques can be used to hinder the identification of a person through anonymization of the sensitive data in the dataset to protect sensitive information, while the anonymized dataset can be used by the third parties for analysis purposes without obstruction. In this research, we investigated a privacy technique, k-anonymity for different values of on different number columns of the dataset. Next, the information loss due to k-anonymity is computed. The anonymized files go through the classification process by some machine-learning algorithms i.e., Naive Bayes, J48 and neural network in order to check a balance between data anonymity and data utility. Based on the classification accuracy, the optimal values of and are obtained, and thus, the optimal and can be used for k-anonymity algorithm to anonymize optimal number of columns of the dataset.

Fan, M., Yu, L., Chen, S., Zhou, H., Luo, X., Li, S., Liu, Y., Liu, J., Liu, T..  2020.  An Empirical Evaluation of GDPR Compliance Violations in Android mHealth Apps. 2020 IEEE 31st International Symposium on Software Reliability Engineering (ISSRE). :253—264.

The purpose of the General Data Protection Regulation (GDPR) is to provide improved privacy protection. If an app controls personal data from users, it needs to be compliant with GDPR. However, GDPR lists general rules rather than exact step-by-step guidelines about how to develop an app that fulfills the requirements. Therefore, there may exist GDPR compliance violations in existing apps, which would pose severe privacy threats to app users. In this paper, we take mobile health applications (mHealth apps) as a peephole to examine the status quo of GDPR compliance in Android apps. We first propose an automated system, named HPDROID, to bridge the semantic gap between the general rules of GDPR and the app implementations by identifying the data practices declared in the app privacy policy and the data relevant behaviors in the app code. Then, based on HPDROID, we detect three kinds of GDPR compliance violations, including the incompleteness of privacy policy, the inconsistency of data collections, and the insecurity of data transmission. We perform an empirical evaluation of 796 mHealth apps. The results reveal that 189 (23.7%) of them do not provide complete privacy policies. Moreover, 59 apps collect sensitive data through different measures, but 46 (77.9%) of them contain at least one inconsistent collection behavior. Even worse, among the 59 apps, only 8 apps try to ensure the transmission security of collected data. However, all of them contain at least one encryption or SSL misuse. Our work exposes severe privacy issues to raise awareness of privacy protection for app users and developers.

Wang, J., Wang, A..  2020.  An Improved Collaborative Filtering Recommendation Algorithm Based on Differential Privacy. 2020 IEEE 11th International Conference on Software Engineering and Service Science (ICSESS). :310–315.
In this paper, differential privacy protection method is applied to matrix factorization method that used to solve the recommendation problem. For centralized recommendation scenarios, a collaborative filtering recommendation model based on matrix factorization is established, and a matrix factorization mechanism satisfying ε-differential privacy is proposed. Firstly, the potential characteristic matrix of users and projects is constructed. Secondly, noise is added to the matrix by the method of target disturbance, which satisfies the differential privacy constraint, then the noise matrix factorization model is obtained. The parameters of the model are obtained by the stochastic gradient descent algorithm. Finally, the differential privacy matrix factorization model is used for score prediction. The effectiveness of the algorithm is evaluated on the public datasets including Movielens and Netflix. The experimental results show that compared with the existing typical recommendation methods, the new matrix factorization method with privacy protection can recommend within a certain range of recommendation accuracy loss while protecting the users' privacy information.
Tojiboev, R., Lee, W., Lee, C. C..  2020.  Adding Noise Trajectory for Providing Privacy in Data Publishing by Vectorization. 2020 IEEE International Conference on Big Data and Smart Computing (BigComp). :432—434.

Since trajectory data is widely collected and utilized for scientific research and business purpose, publishing trajectory without proper privacy-policy leads to an acute threat to individual data. Recently, several methods, i.e., k-anonymity, l-diversity, t-closeness have been studied, though they tend to protect by reducing data depends on a feature of each method. When a strong privacy protection is required, these methods have excessively reduced data utility that may affect the result of scientific research. In this research, we suggest a novel approach to tackle this existing dilemma via an adding noise trajectory on a vector-based grid environment.

Yu, Y., Li, H., Fu, Y., Wu, X..  2020.  A Dynamic Updating Method for Release of Privacy Protected Data Based on Privacy Differences in Relational Data. 2020 International Conference on Computer Information and Big Data Applications (CIBDA). :23—27.

To improve dynamic updating of privacy protected data release caused by multidimensional sensitivity attribute privacy differences in relational data, we propose a dynamic updating method for privacy protection data release based on the multidimensional privacy differences. By adopting the multi-sensitive bucketization technology (MSB), this method performs quantitative classification of the multidimensional sensitive privacy difference and the recorded value, provides the basic updating operation unit, and thereby realizes dynamic updating of privacy protection data release based on the privacy difference among relational data. The experiment confirms that the method can secure the data updating efficiency while ensuring the quality of data release.

Yang, H., Huang, L., Luo, C., Yu, Q..  2020.  Research on Intelligent Security Protection of Privacy Data in Government Cyberspace. 2020 IEEE 5th International Conference on Cloud Computing and Big Data Analytics (ICCCBDA). :284—288.

Based on the analysis of the difficulties and pain points of privacy protection in the opening and sharing of government data, this paper proposes a new method for intelligent discovery and protection of structured and unstructured privacy data. Based on the improvement of the existing government data masking process, this method introduces the technologies of NLP and machine learning, studies the intelligent discovery of sensitive data, the automatic recommendation of masking algorithm and the full automatic execution following the improved masking process. In addition, the dynamic masking and static masking prototype with text and database as data source are designed and implemented with agent-based intelligent masking middleware. The results show that the recognition range and protection efficiency of government privacy data, especially government unstructured text have been significantly improved.

Lu, X., Guan, Z., Zhou, X., Du, X., Wu, L., Guizani, M..  2019.  A Secure and Efficient Renewable Energy Trading Scheme Based on Blockchain in Smart Grid. 2019 IEEE 21st International Conference on High Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science and Systems (HPCC/SmartCity/DSS). :1839—1844.
Nowadays, with the diversification and decentralization of energy systems, the energy Internet makes it possible to interconnect distributed energy sources and consumers. In the energy trading market, the traditional centralized model relies entirely on trusted third parties. However, as the number of entities involved in the transactions grows and the forms of transactions diversify, the centralized model gradually exposes problems such as insufficient scalability, High energy consumption, and low processing efficiency. To address these challenges, we propose a secure and efficient energy renewable trading scheme based on blockchain. In our scheme, the electricity market trading model is divided into two levels, which can not only protect the privacy, but also achieve a green computing. In addition, in order to adapt to the relatively weak computing power of the underlying equipment in smart grid, we design a credibility-based equity proof mechanism to greatly improve the system availability. Compared with other similar distributed energy trading schemes, we prove the advantages of our scheme in terms of high operational efficiency and low computational overhead through experimental evaluations. Additionally, we conduct a detailed security analysis to demonstrate that our solution meets the security requirements.
Ma, Y., Bai, X..  2019.  Comparison of Location Privacy Protection Schemes in VANETs. 2019 12th International Symposium on Computational Intelligence and Design (ISCID). 2:79–83.
Vehicular Ad-hoc Networks (VANETs) is a traditional mobile ad hoc network (MANET) used on traffic roads and it is a special mobile ad hoc network. As an intelligent transportation system, VANETs can solve driving safety and provide value-added services. Therefore, the application of VANETs can improve the safety and efficiency of road traffic. Location services are in a crucial position for the development of VANETs. VANETs has the characteristics of open access and wireless communication. Malicious node attacks may lead to the leakage of user privacy in VANETs, thus seriously affecting the use of VANETs. Therefore, the location privacy issue of VANETs cannot be ignored. This paper classifies the attack methods in VANETs, and summarizes and compares the location privacy protection techniques proposed in the existing research.
Zhou, Liming, Shan, Yingzi.  2019.  Multi-branch Source Location Privacy Protection Scheme Based on Random Walk in WSNs. 2019 IEEE 4th International Conference on Cloud Computing and Big Data Analysis (ICCCBDA). :543–547.
In many applications, source nodes send the sensing information of the monitored objects and the sinks receive the transmitted data. Considering the limited resources of sensor nodes, location privacy preservation becomes an important issue. Although many schemes are proposed to preserve source or sink location security, few schemes can preserve the location security of source nodes and sinks. In order to solve this problem, we propose a novel of multi-branch source location privacy protection method based on random walk. This method hides the location of real source nodes by setting multiple proxy sources. And multiple neighbors are randomly selected by the real source node as receivers until a proxy source receives the packet. In addition, the proxy source is chosen randomly, which can prevent the attacker from obtaining the location-related data of the real source node. At the same time, the scheme sets up a branch interference area around the base station to interfere with the adversary by increasing routing branches. Simulation results describe that our scheme can efficiently protect source and sink location privacy, reduce the communication overhead, and prolong the network lifetime.
Zhang, Shuaipeng, Liu, Hong.  2019.  Environment Aware Privacy-Preserving Authentication with Predictability for Medical Edge Computing. 2019 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC). :90–96.
With the development of IoT, smart health has significantly improved the quality of people's life. A large amount of smart health monitoring system has been proposed, which provides an opportunity for timely and efficient diagnosis. Nevertheless, most of them ignored the impact of environment on patients' health. Due to the openness of the communication channel, data security and privacy preservation are crucial problems to be solved. In this work, an environment aware privacy-preserving authentication protocol based on the fuzzy extractor and elliptic curve cryptography (ecc) is designed for health monitoring system with mutual authentication and anonymity. Edge computing unit can authenticate all environmental sensors at one time. Fuzzy synthetic evaluation model is utilized to evaluate the environment equality with the patients' temporal health index (THI) as an assessment factor, which can help to predict the appropriate environment. The session key is established for secure communication based on the predicted result. Through security analysis, the proposed protocol can prevent common attacks. Moreover, performance analysis shows that the proposed protocol is applicable for resource-limited smart devices in edge computing health monitoring system.
Dong, Guishan, Chen, Yuxiang, Fan, Jia, Liu, Dijun, Hao, Yao, Wang, Zhen.  2018.  A Privacy-User-Friendly Scheme for Wearable Smart Sensing Devices Based on Blockchain. 2018 IEEE 15th International Conference on Mobile Ad Hoc and Sensor Systems (MASS). :481–486.
Wearable smart sensing devices presently become more and more popular in people's daily life, which also brings serious problems related to personal data privacy. In order to provide users better experiences, wearable smart sensing devices are collecting users' personal data all the time and uploading the data to service provider to get computing services, which objectively let service provider master each user's condition and cause a lot of problems such as spam, harassing call, etc. This paper designs a blockchain based scheme to solve such problems by cutting off the association between user identifier and its sensing data from perspective of shielding service providers and adversaries. Firstly, privacy requirements and situations in smart sensing area are reviewed. Then, three key technologies are introduced in the scheme including its theories, purposes and usage. Next, the designed protocol is shown and analyzed in detail. Finally, security analysis and engineering feasibility of the scheme are given. This scheme will give user better experience from privacy protection perspective in smart sensing area.
Han, Xu, Liu, Yanheng, Wang, Jian.  2018.  Modeling and analyzing privacy-awareness social behavior network. IEEE INFOCOM 2018 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). :7–12.
The increasingly networked human society requires that human beings have a clear understanding and control over the structure, nature and behavior of various social networks. There is a tendency towards privacy in the study of network evolutions because privacy disclosure behavior in the network has gradually developed into a serious concern. For this purpose, we extended information theory and proposed a brand-new concept about so-called “habitual privacy” to quantitatively analyze privacy exposure behavior and facilitate privacy computation. We emphasized that habitual privacy is an inherent property of the user and is correlated with their habitual behaviors. The widely approved driving force in recent modeling complex networks is originated from activity. Thus, we propose the privacy-driven model through synthetically considering the activity impact and habitual privacy underlying the decision process. Privacy-driven model facilitates to more accurately capture highly dynamical network behaviors and figure out the complex evolution process, allowing a profound understanding of the evolution of network driven by privacy.
Lan, Jian, Gou, Shuai, Gu, Jiayi, Li, Gang, Li, Qin.  2019.  IoT Trajectory Data Privacy Protection Based on Enhanced Mix-zone. 2019 IEEE 3rd Advanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC). :942–946.
Trajectory data in the Internet of Things contains many behavioral information of users, and the method of Mix-zone can be used to separate the association among the user's movement trajectories. In this paper, the weighted undirected graph is used to establish a mathematical model for the Mix-zone, and a user flow-based algorithm is proposed to estimate the probability of migration between nodes in the graph. In response to the attack method basing on the migration probability, the traditional Mix-zone is improved. Finally, an algorithms for adaptively building enhanced Mix-zone is proposed and the simulation using real data sets shows the superiority of the algorithm.
Sultangazin, Alimzhan, Tabuada, Paulo.  2019.  Symmetries and privacy in control over the cloud: uncertainty sets and side knowledge*. 2019 IEEE 58th Conference on Decision and Control (CDC). :7209–7214.
Control algorithms, like model predictive control, can be computationally expensive and may benefit from being executed over the cloud. This is especially the case for nodes at the edge of a network since they tend to have reduced computational capabilities. However, control over the cloud requires transmission of sensitive data (e.g., system dynamics, measurements) which undermines privacy of these nodes. When choosing a method to protect the privacy of these data, efficiency must be considered to the same extent as privacy guarantees to ensure adequate control performance. In this paper, we review a transformation-based method for protecting privacy, previously introduced by the authors, and quantify the level of privacy it provides. Moreover, we also consider the case of adversaries with side knowledge and quantify how much privacy is lost as a function of the side knowledge of the adversary.
Liu, Hongling.  2019.  Research on Feasibility Path of Technology Supervision and Technology Protection in Big Data Environment. 2019 International Conference on Intelligent Transportation, Big Data Smart City (ICITBS). :293–296.
Big data will bring revolutionary changes from life to thinking for society as a whole. At the same time, the massive data and potential value of big data are subject to many security risks. Aiming at the above problems, a data privacy protection model for big data platform is proposed. First, the data privacy protection model of big data for data owners is introduced in detail, including protocol design, logic design, complexity analysis and security analysis. Then, the query privacy protection model of big data for ordinary users is introduced in detail, including query protocol design and query mode design. Complexity analysis and safety analysis are performed. Finally, a stand-alone simulation experiment is built for the proposed privacy protection model. Experimental data is obtained and analyzed. The feasibility of the privacy protection model is verified.
Yang, Xudong, Gao, Ling, Wang, Hai, Zheng, Jie, Guo, Hongbo.  2019.  A Semantic k-Anonymity Privacy Protection Method for Publishing Sparse Location Data. 2019 Seventh International Conference on Advanced Cloud and Big Data (CBD). :216—222.

With the development of location technology, location-based services greatly facilitate people's life . However, due to the location information contains a large amount of user sensitive informations, the servicer in location-based services published location data also be subject to the risk of privacy disclosure. In particular, it is more easy to lead to privacy leaks without considering the attacker's semantic background knowledge while the publish sparse location data. So, we proposed semantic k-anonymity privacy protection method to against above problem in this paper. In this method, we first proposed multi-user compressing sensing method to reconstruct the missing location data . To balance the availability and privacy requirment of anonymity set, We use semantic translation and multi-view fusion to selected non-sensitive data to join anonymous set. Experiment results on two real world datasets demonstrate that our solution improve the quality of privacy protection to against semantic attacks.

Liu, Bo, Xiong, Jian, Wu, Yiyan, Ding, Ming, Wu, Cynthia M..  2019.  Protecting Multimedia Privacy from Both Humans and AI. 2019 IEEE International Symposium on Broadband Multimedia Systems and Broadcasting (BMSB). :1—6.
With the development of artificial intelligence (AI), multimedia privacy issues have become more challenging than ever. AI-assisted malicious entities can steal private information from multimedia data more easily than humans. Traditional multimedia privacy protection only considers the situation when humans are the adversaries, therefore they are ineffective against AI-assisted attackers. In this paper, we develop a new framework and new algorithms that can protect image privacy from both humans and AI. We combine the idea of adversarial image perturbation which is effective against AI and the obfuscation technique for human adversaries. Experiments show that our proposed methods work well for all types of attackers.
Xiong, Chen, Chen, Hua, Cai, Ming, Gao, Jing.  2019.  A Vehicle Trajectory Adversary Model Based on VLPR Data. 2019 5th International Conference on Transportation Information and Safety (ICTIS). :903–912.
Although transport agency has employed desensitization techniques to deal with the privacy information when publicizing vehicle license plate recognition (VLPR) data, the adversaries can still eavesdrop on vehicle trajectories by certain means and further acquire the associated person and vehicle information through background knowledge. In this work, a privacy attacking method by using the desensitized VLPR data is proposed to link the vehicle trajectory. First the road average speed is evaluated by analyzing the changes of traffic flow, which is used to estimate the vehicle's travel time to the next VLPR system. Then the vehicle suspicion list is constructed through the time relevance of neighboring VLPR systems. Finally, since vehicles may have the same features like color, type, etc, the target trajectory will be located by filtering the suspected list by the rule of qualified identifier (QI) attributes and closest time method. Based on the Foshan City's VLPR data, the method is tested and results show that correct vehicle trajectory can be linked, which proves that the current VLPR data publication way has the risk of privacy disclosure. At last, the effects of related parameters on the proposed method are discussed and effective suggestions are made for publicizing VLPR date in the future.
Shi, Yang, Wang, Xiaoping, Fan, Hongfei.  2017.  Light-weight white-box encryption scheme with random padding for wearable consumer electronic devices. IEEE Transactions on Consumer Electronics. 63:44–52.
Wearable devices can be potentially captured or accessed in an unauthorized manner because of their physical nature. In such cases, they are in white-box attack contexts, where the adversary may have total visibility on the implementation of the built-in cryptosystem, with full control over its execution platform. Dealing with white-box attacks on wearable devices is undoubtedly a challenge. To serve as a countermeasure against threats in such contexts, we propose a lightweight encryption scheme to protect the confidentiality of data against white-box attacks. We constructed the scheme's encryption and decryption algorithms on a substitution-permutation network that consisted of random secret components. Moreover, the encryption algorithm uses random padding that does not need to be correctly decrypted as part of the input. This feature enables non-bijective linear transformations to be used in each encryption round to achieve strong security. The required storage for static data is relatively small and the algorithms perform well on various devices, which indicates that the proposed scheme satisfies the requirements of wearable computing in terms of limited memory and low computational power.