Chao Wu

DOI: https://doi.org/10.1016/j.techsoc.2024.102457

IF: 6.879

2024-01-01

Technology in Society

Abstract:In recent years, data privacy has attracted increasing public concerns, especially with public scandals from top Internet companies, emerging over inappropriate data collection, lack of transparency in data usage, and manipulation of users' preferences. This has led to responsive efforts from multiple sectors of society to constrain the violation of individuals’ data privacy. Among these efforts, the regulations like GDPR are the most influential, which are believed to be able to change the foundation of the whole data ecosystem. The main concern of current regulation is data transparency, designed to enable individuals to make rational decisions about their data. However, I argue that transparency cannot mitigate a key issue of data privacy, which is the right of receiving benefits from data. This issue is getting severe with the rapid development of the data economy and will become the essential problem of social welfare and fairness in the AI era. I further point out that the key to solving this issue is to migrate the current centralized data utilization paradigm to a new decentralized paradigm. Based on the recent technical advancements, I propose an applicable pathway to implement such a paradigm. And to realize a fair and sustainable data eco-system, joint efforts should be made within this paradigm.

Prashant Agrawal,Anubhutie Singh,Malavika Raghavan,Subodh Sharma,Subhashis Banerjee

DOI: https://doi.org/10.48550/arXiv.2006.04654

2020-06-08

Abstract:Governments around the world are trying to build large data registries for effective delivery of a variety of public services. However, these efforts are often undermined due to serious concerns over privacy risks associated with collection and processing of personally identifiable information. While a rich set of special-purpose privacy-preserving techniques exist in computer science, they are unable to provide end-to-end protection in alignment with legal principles in the absence of an overarching operational architecture to ensure purpose limitation and protection against insider attacks. This either leads to weak privacy protection in large designs, or adoption of overly defensive strategies to protect privacy by compromising on utility. In this paper, we present an operational architecture for privacy-by-design based on independent regulatory oversight stipulated by most data protection regimes, regulated access control, purpose limitation and data minimisation. We briefly discuss the feasibility of implementing our architecture based on existing techniques. We also present some sample case studies of privacy-preserving design sketches of challenging public service applications.

Cryptography and Security,Computers and Society

Rakib Ul Haque,A.S.M. Touhidul Hasan,Apubra Daria,Abdur Rasool,Hui Chen,Qingshan Jiang,Yuqing Zhang

DOI: https://doi.org/10.1016/j.jnca.2023.103696

IF: 7.574

2023-08-01

Journal of Network and Computer Applications

Abstract:Patients often visit several hospitals to obtain medication, generating a significant volume of data. Moreover, hospitals use different data analytic techniques to improve healthcare services, leading to patient data privacy. However, no integrated architecture has a trustworthy data repository and secure communication protocols to store and share the data with various parties (e.g., hospitals and data analysts) for different healthcare services. This study proposes an innovative three-tier secure and distributed privacy-preserving healthcare architecture that addresses the aforementioned challenges. The first tier introduces a trustworthy data repository called custodian, where the data owner stores encrypted data and offer real-time privacy-preserving health monitoring service. The second tier provides Elliptic Curve Cryptography-based authentication for secure data exchange between the data owner and the hospital. The third tier utilizes smart contracts and local differential privacy ( L D P ) for secure machine learning model training. All transactions are recorded on the blockchain and managed by a smart contract. Security analysis shows that the proposed framework ensures privacy, security, and data integrity. Performance analysis is done based on score metrics, scalability metrics, and formal analysis. A transaction takes 0.00121 s in the first tier, and in the second tier, it takes 0.1267 s. The third tier uses ɛ − L D P with a privacy budget of ɛ = 3 on Random Forest and achieves 97%, 83%, and 74% accuracy on breast cancer, heart disease, and diabetic datasets. This accuracy is higher than the previous state-of-the-art methods. Moreover, the proposed healthcare framework ensures privacy, security and outperforms the previous state-of-the-art methods.

computer science, interdisciplinary applications, software engineering, hardware & architecture

Vishal Gupta,Ashutosh Saxena

DOI: https://doi.org/10.48550/arXiv.1012.2633

2010-12-13

Databases

Abstract:Data Management portfolio within an organization has seen an upsurge in initiatives for compliance, security, repurposing and storage within and outside the organization. When such initiatives are being put to practice care must be taken while granting access to data repositories for analysis and mining activities. Also, initiatives such as Master Data Management, cloud computing and self service business intelligence have raised concerns in the arena of regulatory compliance and data privacy, especially when a large data set of an organization are being outsourced for testing, consolidation and data management. Here, an approach is presented where a new service layer is introduced, by data governance group, in the architecture for data management and can be used for preserving privacy of sensitive information.

Subhashis Banerjee

DOI: https://doi.org/10.48550/arXiv.1801.05313

2018-01-16

Computers and Society

Abstract:Privacy protection in digital databases does not demand that data should not be collected, stored or used, but that there should be guarantees that the data can only be used for pre-approved and legitimate purposes. We argue that a data protection law based on traditional understanding of privacy protection and detection of privacy infringements is unlikely to be successful, and that what is required is a law based on an understanding of the architectural requirements of authorisation, audit and access control in real-time. Despite the protection principles being sound, privacy protection in digital databases has been less than effective, anywhere, mainly because of weak enforcement methods.

Yuan Tian,Biao Song,Eui-nam Huh

DOI: https://doi.org/10.1145/1821748.1821827

2009-01-01

Abstract:Privacy issue is receiving a great deal of attention since the need of privacy is increasing and new threats are emerging. The growing concern of users for their personal information has made it critical to implant effective technologies for privacy and data management. A common way for privacy preservation is restricting access to data like the classic Role-based Access Control (RBAC) Model. But the RBAC is limited as it does not provide users enough flexibilities and functionalities. In order to minimize the disclosure of data and support higher flexibilities for users to manage their privacy information, this paper provides a privacy data graph based on the traditional RBAC model to illustrate the linkage between data elements. Moreover, the notion of purpose is added to specify the intended usage of data and allow users to set personal privacy preferences through purpose. A case study in the healthcare domain is provided. As our model is generic, it can be also adapted to other fields. A detailed view of our proposed privacy system with experimental result is provided.

Rajesh Sharma,Deepak Subramanian,Satish N. Srirama

DOI: https://doi.org/10.48550/arXiv.1410.5696

2014-10-21

Abstract:The digitization of the medical data has been a sensitive topic. In modern times laws such as the HIPAA provide some guidelines for electronic transactions in medical data to prevent attacks and fraudulent usage of private information. In our paper, we explore an architecture that uses hybrid computing with decentralized key management and show how it is suitable in preventing a special form of re-identification attack that we name as the re-assembly attack. This architecture would be able to use current infrastructure from mobile phones to server certificates and cloud based decentralized storage models in an efficient way to provide a reliable model for communication of medical data. We encompass entities including patients, doctors, insurance agents, emergency contacts, researchers, medical test laboratories and technicians. This is a complete architecture that provides patients with a good level of privacy, secure communication and more direct control.

Cryptography and Security,Computers and Society

Amen Faridoon,M. Tahar Kechadi

2024-03-26

Abstract:The abundance of data has transformed the world in every aspect. It has become the core element in decision making, problem solving, and innovation in almost all areas of life, including business, science, healthcare, education, and many others. Despite all these advances, privacy and security remain critical concerns of the healthcare industry. It is important to note that healthcare data can also be a liability if it is not managed correctly. This data mismanagement can have severe consequences for patients and healthcare organisations, including patient safety, legal liability, damage to reputation, financial loss, and operational inefficiency. Healthcare organisations must comply with a range of regulations to protect patient data. We perform a classification of data governance elements or components in a manner that thoroughly assesses the healthcare data chain from a privacy and security standpoint. After deeply analysing the existing literature, we propose a conceptual privacy and security driven healthcare data governance framework.

Cryptography and Security

K Koel Ghorai,JM Jan Smits,Pradeep Ray,Maarten Kluitman

2015-01-01

Abstract:Online health data sharing and transfer has become easier and more efficient than ever before, but at the same time this has brought about new challenges for the privacy and protection of personal data. Transfer of sensitive health as well as personal data between organizations and countries requires high level of protection and privacyand any breach in that can result in considerable damage to an organization's reputation. In spiteof existing methodologies for privacy impact assessment(PIA) for developing privacy-by-design processes, none of them combine the business as well as legal aspects for assessing the technological requirements before or during the development of privacy and security platforms. e-Authentication and e-Authorization techniques are used by various organizations to address privacy related issues. Using a combined business and legal framework in addition to existing PIAs can simplify the analysis of as-is and to-be business processes and this can be used by business or legal analysts as well as organizations to assess the privacyrequirements as well as legislations before developing service-by-design platforms . In this paper we propose a unique framework that combines business and legal aspects of any health related business process pertaining to protection and privacy of sensitive data exchange. To be able to map the privacy requirements in the context of data sharing across organizations, a general conceptual framework involving a combination of business process as well as legal components has been developed. This framework provides organizations a comprehensive approach for considering legal regulations as well as factors that may affect privacy and security of sensitive data like health data in their business processes. In this paper, we have provided an example of an as-is healthcare customer registration process for German Red Cross and how the framework can be used to assess the requirements for a to-be customer registration processin the context of European privacy laws.

Farida Habib Semantha,Sami Azam,Bharanidharan Shanmugam,Kheng Cher Yeo,Abhijith Reddy Beeravolu

DOI: https://doi.org/10.1109/access.2021.3134873

IF: 3.9

2021-01-01

IEEE Access

Abstract:Privacy has become an increasingly significant apprehension in today’s rapidly changing economy primarily for personal and sensitive user data. The levels of personal data violation are increasing day by day however privacy-preserving frameworks are available. This paper conducted an in-depth analysis of contemporary frameworks to identify the key mechanisms to produce a sophisticated data privacy framework to reduce the rate of data breach particularly for the Patient Record Management System (PRMS). There are several studies available that stated healthcare data privacy, still, complete data protection solution with the application of privacy by design towards patients’ health data by ensuring privacy in each layer of the PRMS are quite limited, which is the focus of this study. PRMS manages personal and sensitive data while delivering healthcare services to the patients and as such, have also the potential to carry significant risks to the privacy of their data. A novel conceptual framework with three distinct and sequential phases is suggested in this research, each of which is defined in a distinct section. The first phase is defined as the planning to identify the key limitations of contemporary frameworks so these can be minimized to ensure privacy in each layer of data processing. The second phase incorporates the key components of data privacy to satisfy the efficiency and effectiveness of the proposed framework. Finally, the third phase is the implementation of the selected requirements of the assessment phase to prevent privacy incursion events in PRMS. The complete framework is anticipated to deliver a sophisticated resistance in contradiction to the continuous data breaches in the patients’ information domain.

computer science, information systems,telecommunications,engineering, electrical & electronic

XIE Anming,JIN Tao,ZHOU Tao

DOI: https://doi.org/10.11959/j.issn.2096-0271.2017048

2017-01-01

Abstract:With the development of big data,there are many difficulties to protect personal information.De-identification removes identifiable information from a dataset so that individual data cannot be linked with specific individuals.De-identification thus helps to balance the contradictory goals of sharing personal information while protecting privacy.De-identification architecture on personal information was proposed.The specifications on implementing a de-identification process were described.On the basis of big data security standard system,some suggestions were proposed to develop de-identification standards.

Koel Ghorai,Jan M. Smits,Pradeep Kanta Ray,Maarten Kluitman

DOI: https://doi.org/10.2139/ssrn.2683285

2015-01-01

SSRN Electronic Journal

Abstract:Online health data sharing and transfer has become easier and more efficient than ever before, but at the same time this has brought about new challenges for the privacy and protection of personal data. Transfer of sensitive health as well as personal data between organizations and countries requires high level of protection and privacy and any breach in that can result in considerable damage to an organization's reputation. In spite of existing methodologies for privacy impact assessment(PIA) for developing privacy-by-design processes, none of them combine the business as well as legal aspects for assessing the technological requirements before or during the development of privacy and security platforms. e-Authentication and e-Authorization techniques are used by various organizations to address privacy related issues. Using a combined business and legal framework in addition to existing PIAs can simplify the analysis of as-is and to-be business processes and this can be used by business or legal analysts as well as organizations to assess the privacy requirements as well as legislations before developing service-by-design platforms . In this paper we propose a unique framework that combines business and legal aspects of any health related business process pertaining to protection and privacy of sensitive data exchange. To be able to map the privacy requirements in the context of data sharing across organizations, a general conceptual framework involving a combination of business process as well as legal components has been developed. This framework provides organizations a comprehensive approach for considering legal regulations as well as factors that may affect privacy and security of sensitive data like health data in their business processes. In this paper, we have provided an example of an as-is healthcare customer registration process for German Red Cross and how the framework can be used to assess the requirements for a to-be customer registration process in the context of European privacy laws.

Yuan Tian,Biao Song,Mohammad Mehedi Hassan,Eui-Nam Huh

DOI: https://doi.org/10.3837/tiis.2012.10.016

2012-01-01

KSII Transactions on Internet and Information Systems

Abstract:The growing concern for the protection of personal information has made it critical to implement effective technologies for privacy and data management. By observing the limitations of existing approaches, we found that there is an urgent need for a flexible, privacy-aware system that is able to meet the privacy preservation needs at both the role levels and the personal levels. We proposed a conceptual system that considered these two requirements: a graph-based, access control model to safeguard patient privacy. We present a case study of the healthcare field in this paper. While our model was tested in the field of healthcare, it is generic and can be adapted to use in other fields. The proof-of-concept demos were also provided with the aim of valuating the efficacy of our system. In the end, based on the hospital scenarios, we present the experimental results to demonstrate the performance of our system, and we also compared those results to existing privacy-aware systems. As a result, we ensured a high quality of medical care service by preserving patient privacy.

DOI: https://doi.org/10.35940/ijitee.f1317.0486s419

2019-07-26

International Journal of Innovative Technology and Exploring Engineering

Abstract:Information, which is not a fear till 2000, was the precept criteria for man or woman regarding safety and protection a brief time later. these days enormous measure of information is being created for always it is a check to deal with it. it is being used by numerous groups to take large options from the beyond facts to interrupt down thefuture. This tremendous diploma of facts is referred to as as huge statistics. in spite of the fact that there are numerous common calculations in presence, for giving safety and safety in large records it's miles attending to be tough because of its traits (quantity, range and Veracity). This paper demonstrates the investigation of common techniques handy, troubles to protection and safety of big records and protection saving processes like anonymization, randomization, differential safety, word and assent and so on.

J. Uma Maheswari,S. Vijayalakshmi,Rajiv Gandhi N,Laith H. Alzubaidi,Khonimkulov Anvar,R. Elangovan

DOI: https://doi.org/10.1051/e3sconf/202339904040

2023-01-01

E3S Web of Conferences

Abstract:The globe has adopted the cloud computing environment, which organizes data and manages space for data storage, processing, and access. This technical development has brought up questions regarding data security and privacy in cloud computing environments, though. The purpose of this abstract is to offer a thorough review of the issues, solutions, and future developments related to data privacy and security in cloud computing. Keeping data private and secure while it is being processed and stored in outside data centres is the main difficulty in cloud computing systems. The abstract discusses the dangers of insider threats, data breaches, and illegal access to sensitive information. It digs further into the legal and compliance criteria that businesses must follow in order to protect user data in the cloud. In result, data privacy and security in cloud computing environments remain critical concerns for organizations and individuals alike. In the survey the overview of how to use cloud storage globally and its challenges, solution and future innovation is well explained. It underscores the importance of robust encryption, access controls, user awareness, and emerging technologies in safeguarding data in the cloud. By addressing these concerns, organizations can leverage the power of cloud computing while maintaining the confidentiality, integrity, and availability of their data.

Mangore Anirudh K,Dr. M Roberts Masillamani

DOI: https://doi.org/10.14419/ijet.v7i4.19.28279

2018-11-27

International Journal of Engineering and Technology

Abstract:This paper represents the prototype of health monitoring system using Big Data. this brings several Advantage to the healthcare industry by way of providing timely patient care services, proactive disease detection, real-time monitoring among others. The major challenge faced by healthcare providers on safeguarding the confidentiality of patients’ data.if confidentiality is not well maintained, people may be unable to share their data. Because security has been investigated as a new dimension, “veracity,” in big data, we aim to exploit new challenges of big data in terms of security and devote our attention toward efficient and privacy-preserving computing in the big data era. Specifically, we primary formalize the basic architecture of big data analytics, identify the corresponding privacy requirements, and introduce an efficient and privacy Triple DES as an example in response to data mining’s efficiency and privacy requirements in the big data era. The results of this research exhibit that the proposed system has better secured database access and maintain privacy for all patient data than the traditional database.

Praveen Banasode,Sunita Padmannavar

DOI: https://doi.org/10.1109/fabs52071.2021.9702689

2021-12-21

Abstract:the revolution caused by the advanced analysis features of Internet of Things and big data have made a big turnaround in the digital world. Data analysis is not only limited to collect useful data but also useful in analyzing information quickly. Therefore, most of the variants of the shared system based on the parallel structural model are explored simultaneously as the appropriate big data storage library stimulates researchers’ interest in the distributed system. Due to the emerging digital technologies, different groups such as healthcare facilities, financial institutions, e-commerce, food service and supply chain management generate a surprising amount of information. Although the process of statistical analysis is essential, it can cause significant security and privacy issues. Therefore, the analysis of data privacy protection is very important. Using the platform, technology should focus on providing Advanced Cryptography Policy (ACP). This research explores different security risks, evolutionary mechanisms and risks of privacy protection. It further recommends the post-statistical modern privacy protection act to manage data privacy protection in binary format, because it is kept confidential by the user. The user authentication program has already filed access restrictions. To maintain this purpose, everyone’s attitude is to achieve a changing identity. This article is designed to protect the privacy of users and propose a new system of restoration of controls.

P. Geetha,Chandrakant Naikodi,Suresh Lakshmi Narasimha Setty

DOI: https://doi.org/10.1007/978-981-15-0372-6_19

2019-12-03

Abstract:Technological advancements in the field of Big Data and IoT have led to unprecedented growth in digital data. Data is collected from multiple distributed sources by business organizations, government agencies, and healthcare sectors. Data collected is mined to uncover valuable data, and the insights they provide are used by these organizations for optimized decision making. Data thus amassed may also contain sensitive personal information of individuals that are at risk of disclosure during analytics. Hence, there is a need for a privacy-aware system that enforces sensitive data protection. But such a system constrains the usefulness of data. Study shows that although significant findings do exist for balancing these contradicting objectives, the efficacy and scalability of these solutions continue to challenge the research community, given the volume of Big Data. Assessing the appropriate blend of these objectives for mutual benefit of organizations and customers requires leveraging the benefit of the modern tools and technologies in the Big Data ecosystem. This research study extensively reviews the previous work in the direction of privacy preserved Big Data analytics, and the review is first of its kind in exploring the challenges that have to be overcome in striking a balance between data value, privacy, scalability, and performance.

Mohamed Elkawkagy,E. Elwan,Albandari Al Sumait,Heba Elbeh,Sumayh S. Aljameel

DOI: https://doi.org/10.1109/access.2024.3357943

IF: 3.9

2024-02-13

IEEE Access

Abstract:The exponential growth of big data has ushered in transformative possibilities across various sectors, but it has also raised formidable privacy concerns. This article delves into the pressing need for enhancing big data privacy and explores innovative approaches to address this critical issue. In recent years, big data has been characterized by its immense volume, high velocity, and diverse data sources. These attributes have enabled organizations to gain unprecedented insights but have also exposed sensitive information to potential breaches. As such, ensuring the privacy of individuals and sensitive data within big data sets has emerged as a paramount concern. This article first elucidates the multifaceted nature of big data privacy, emphasizing its encompassment of privacy, confidentiality, integrity, and availability. It also acknowledges the challenges posed by existing privacy-preserving techniques, which often fall short of providing comprehensive protection for large and diverse data sets. The core focus of this article lies in presenting novel strategies and technologies designed to improve big data privacy. This article presents an innovative framework that combines advanced encryption methods, including fine-grained encryption techniques and differential privacy mechanisms specifically designed for the distinct traits of big data, like noisy techniques. To achieve this, the dataset undergoes categorization into key attributes, sensitive attributes, quasi attributes, and insensitive attributes. Subsequently, the fine-grained technique encrypts key and sensitive attributes, while the differential privacy mechanism encrypts the quasi attributes. To further substantiate the effectiveness of the proposed technique, this article references to empirical findings that demonstrate tangible improvements in big data privacy protection.

computer science, information systems,telecommunications,engineering, electrical & electronic

Mandar Khoje

DOI: https://doi.org/10.14445/22312803/IJCTT-V71I11P107

2023-12-06

Abstract:In today's digital age, the imperative to protect data privacy and security is a paramount concern, especially for business-to-business (B2B) enterprises that handle sensitive information. These enterprises are increasingly constructing data platforms, which are integrated suites of technology solutions architected for the efficient management, processing, storage, and data analysis. It has become critical to design these data platforms with mechanisms that inherently support data privacy and security, particularly as they encounter the added complexity of safeguarding unstructured data types such as log files and text documents. Within this context, data masking stands out as a vital feature of data platform architecture. It proactively conceals sensitive elements, ensuring data privacy while preserving the information's value for business operations and analytics. This protective measure entails a strategic two-fold process: firstly, accurately pinpointing the sensitive data that necessitates concealment, and secondly, applying sophisticated methods to disguise that data effectively within the data platform infrastructure. This research delves into the nuances of embedding advanced data masking techniques within the very fabric of data platforms and an in-depth exploration of how enterprises can adopt a comprehensive approach toward effective data masking implementation by exploring different identification and anonymization techniques.

Cryptography and Security,Software Engineering