An intelligent and privacy-enhanced data sharing strategy for blockchain-empowered Internet of Things

With the development of the Internet of Things (IoT), the massive data sharing between IoT devices improves the Quality of Service (QoS) and user experience in various IoT applications. However, data sharing may cause serious privacy leakages to data providers. To address this problem, in this study, data sharing is realized through model sharing, based on which a secure data sharing mechanism, called BP2P-FL, is proposed using peer-to-peer federated learning with the privacy protection of data providers. In addition, by introducing the blockchain to the data sharing, every training process is recorded to ensure that data providers offer high-quality data. For further privacy protection, the differential privacy technology is used to disturb the global data sharing model. The experimental results show that BP2P-FL has high accuracy and feasibility in the data sharing of various IoT applications.     

CPFinder: Finding an unknown caller's profession from anonymized mobile phone data

Identifying an unfamiliar caller's profession is important to protect citizens' personal safety and property. Owing to the limited data protection of various popular online services in some countries, such as taxi hailing and ordering takeouts, many users presently encounter an increasing number of phone calls from strangers. The situation may be aggravated when criminals pretend to be such service delivery staff, threatening the user individuals as well as the society. In addition, numerous people experience excessive digital marketing and fraudulent phone calls because of personal information leakage. However, previous works on malicious call detection only focused on binary classification, which does not work for the identification of multiple professions. We observed that web service requests issued from users' mobile phones might exhibit their application preferences, spatial and temporal patterns, and other profession-related information. This offers researchers and engineers a hint to identify unfamiliar callers. In fact, some previous works already leveraged raw data from mobile phones (which includes sensitive information) for personality studies. However, accessing users' mobile phone raw data may violate the more and more strict private data protection policies and regulations (e.g., General Data Protection Regulation). We observe that appropriate statistical methods can offer an effective means to eliminate private information and preserve personal characteristics, thus enabling the identification of the types of mobile phone callers without privacy concerns. In this paper, we develop CPFinder —- a system that exploits privacy-preserving mobile data to automatically identify callers who are divided into four categories of users: taxi drivers, delivery and takeouts staffs, telemarketers and fraudsters, and normal users (other professions). Our evaluation of an anonymized dataset of 1,282 users over a period of 3 months in Shanghai City shows that the CPFinder can achieve accuracies of more than 75.0% and 92.4% for multiclass and binary classifications, respectively.     

LBS系统的私密性研究

定位服务的关键在于对用户位置信息的使用,而位置信息与个人隐私密切相关,为了防止位置信息的滥用,定位系统需要充分考虑用户的私密性保护。论文针对不同类型的业务分析了私密性保护的需求,并根据定位系统的体系结构提出了私密性保护的必要方面,最后结合定位流程描述了私密性控制的实现。     

Attacks and improvements on the RFID authentication protocols based on matrix

Most of the Radio Frequency IDentification (RFID) authentication protocols, proposed to preserve security and privacy, are analysed to show that they can not provide security against some passive or active attacks. In this paper, the security of two matrix-based protocols, proposed by Karthikeyan and Nesterenko (KN protocol) and Ramachandra et al. (RRS protocol) that conform to Electronic Product Code Class-1 Generation-2 (EPC Class-1 Gen-2) standard, are investigated. Using the linear relationship of multiplication of matrix and vector, we point out that both protocols can not provide scalability, and they are vulnerable to passive impersonation attack. In addition, both protocols are totally insecure if the adversary can compromise one tag to extract the secrets. A modified lightweight matrix-based authentication protocol is presented, which can resist mainly common attacks on an RFID authentication system including eavesdropping, relay attack, desynchronization attack, impersonation attack and tag tracking attack. The new protocol also has the desirable scalability property and can keep secure under compromising attack.     

Face Threat and Facework Strategies When Family (Health) Secrets Are Revealed: A Comparison of South Korea and the United States

This study examined face threat and facework strategies when people witness family members disclosing sensitive health information to family outsiders. Korean and U.S. participants were expected to view these situations differently based on Confucian versus individualist identity and in‐group privacy norms. Korean and U.S. college samples evaluated vignettes in which health information was disclosed to family outsiders. Koreans regarded the situations as more face threatening and endorsed dominating facework in these situations to a greater extent than did Americans. The 2 cultures also showed strong similarities. Results confirmed the cultural basis of privacy expectations but contradicted some accounts of culturally based facework. Koreans did not consistently endorse indirect facework, nor did Americans show notable directness in response to privacy violations.     

User location privacy protection mechanism for location-based services

With the rapid development of the Internet of Things (IoT), Location-Based Services (LBS) are becoming more and more popular. However, for the users being served, how to protect their location privacy has become a growing concern. This has led to great difficulty in establishing trust between the users and the service providers, hindering the development of LBS for more comprehensive functions. In this paper, we first establish a strong identity verification mechanism to ensure the authentication security of the system and then design a new location privacy protection mechanism based on the privacy proximity test problem. This mechanism not only guarantees the confidentiality of the user’s information during the subsequent information interaction and dynamic data transmission, but also meets the service provider’s requirements for related data.     

一种用例驱动的需求关注点分离的方法

用例驱动技术从行为者的角度建立用例，旨在减少软件开发的复杂度．然而，由于OO技术的不足，不同用例之间存在关注点的横切与缠结，从而使得软件开发更加复杂．本文提出了一种用例驱动的方法——UCD／Theme方法．该方法利用面向方面技术实现关注点在需求阶段的分离．ATM案例分析展示了该方法的可行性．     

Oblivious Transfers and Privacy Amplification

Oblivious transfer (OT) is an important primitive in cryptography. In chosen one-out-of-two string OT, a sender offers two strings, one of which the other party, called the receiver, can choose to read, not learning any information about the other string. The sender on the other hand does not obtain any information about the receivers choice. We consider the problem of reducing this primitive to OT for single bits. Previous attempts to doing this were based on self-intersecting codes. We present a new technique for the same task, based on so-called privacy amplification. It is shown that our method has two important advantages over the previous approaches. First, it is more efficient in terms of the number of required realizations of bit OT, and second, the technique even allows for reducing string OT to (apparently) much weaker primitives. An example of such a primitive is universal OT, where the receiver can adaptively choose what type of information he wants to obtain about the two bits sent by the sender subject to the only constraint that some, possibly very small, uncertainty must remain about the pair of bits.     

Assessing mobile phone communication utility preferences in a social support network

While it is generally accepted that the mobile cell phone has become ubiquitous within society for communicating, the actual use of the utilities on a phone have not been reported. Understanding how communication patterns are changing in society as a result of the mobile cell phone will enable the development and/or modification of existing cell phone utilities, the concept of privacy, and a mobile literacy research domain. To explore mobile cell phone utility use, 99 people completed a mobile phone usage questionnaire. Key results from the questionnaire are physical location when using a mobile cell phone, the length of communication episodes, the usage of phone utilities and existing privacy concerns related to mobile cell phones.     

信息社会的理念与发展

首先介绍了信息社会的基本特征，并围绕信息的接入、信息的发布、知识产权、隐私权、信息安全和文化多元性等阐述了信息伦理的内容和概念。最后介绍了信息对人类生活的影响，主要包括交往方式、信息处理方式、学习方式、商业运作方式、医疗方式、产品设计方式、科研方式和政府工作方式等。