Qian Wang,Zhiwei Xu,Shengzhi Qu

DOI: https://doi.org/10.4304/jsw.6.10.1945-1952

2011-01-01

Journal of Software

Abstract:k-anonymity is an important model in the field of privacy protection and it is an effective method to prevent privacy disclosure in micro-data release. However, it is ineffective for the attribute disclosure by the homogeneity attack. The existing models based on k-anonymity have solved this problem to a certain extent, but they did not distinguish the different values of the sensitive attribute, processed a series of unnecessary generalization and expanded the information loss when they protect the sensitive attribute. Based on k-anonymity, this paper proposed a model based on average leakage probability and probability difference of sensitive attribute value. It is not only an effective method to deal with the problem of attributes disclosure that k-anonymity cannot deal, but also to realize different levels of protection to the various sensitive attribute values. It has reduced the generalization to the data in the most possibility during the procedure and ensures the most effectiveness of quasi-identifier attributes. Greedy generalization algorithm based on the generalization information loss is also proposed in this paper. To choose the generalization attributes, the information loss is considered and the importance of generalization attribute to sensitive attribute is accounted as well. Comparison experiment and performance experiment are made to the proposed model. The experiment results show that the model is feasible.

Taeho Jung,Xiang-Yang Li,Zhiguo Wan,Meng Wan

DOI: https://doi.org/10.1109/tifs.2014.2368352

IF: 7.231

2016-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Cloud computing is a revolutionary computing paradigm, which enables flexible, on-demand, and low-cost usage of computing resources, but the data is outsourced to some cloud servers, and various privacy concerns emerge from it. Various schemes based on the attribute-based encryption have been proposed to secure the cloud storage. However, most work focuses on the data contents privacy and the access control, while less attention is paid to the privilege control and the identity privacy. In this paper, we present a semianonymous privilege control scheme AnonyControl to address not only the data privacy, but also the user identity privacy in existing access control schemes. AnonyControl decentralizes the central authority to limit the identity leakage and thus achieves semianonymity. Besides, it also generalizes the file access control to the privilege control, by which privileges of all operations on the cloud data can be managed in a fine-grained manner. Subsequently, we present the AnonyControl-F, which fully prevents the identity leakage and achieve the full anonymity. Our security analysis shows that both AnonyControl and AnonyControl-F are secure under the decisional bilinear Diffie-Hellman assumption, and our performance evaluation exhibits the feasibility of our schemes.

Weien Chen,Yongzhi Cao,Hanpin Wang

DOI: https://doi.org/10.1016/j.ins.2015.06.018

IF: 8.1

2015-01-01

Information Sciences

Abstract:Conditional anonymity, in comparison to classical strong anonymity, provides a novel perspective on anonymity and has been applied to analyzing anonymizing protocols. While the existing research on conditional anonymity is limited to the probabilistic setting, in this paper we introduce the notion of set-theoretic conditional anonymity by considering the threat from non-probabilistic adversary. Then we refine the understanding of the relationship between strong anonymity and conditional anonymity. Moreover, in order to quantitatively evaluate system's degree of anonymity, we propose a metric for set-theoretic conditional anonymity and a variant of an existing metric for probabilistic conditional anonymity. We formally show that a system will lose more (at best preserve equal) anonymity when adversary obtains more observable outputs from the system, which confirms the intuition that observations reveal sensitive information. (C) 2015 Elsevier Inc. All rights reserved.

Jin Li,Kui Ren,Bo Zhu,Zhiguo Wan

DOI: https://doi.org/10.1007/978-3-642-04474-8_28

2009-01-01

Abstract:As a new public key primitive, attribute-based encryption (ABE) is envisioned to be a promising tool for implementing fine-grained access control. To further address the concern of user access privacy, privacy-aware ABE schemes are being developed to achieve hidden access policy recently. For the purpose of secure access control, there is, how- ever, still one critical functionality missing in the existing ABE schemes, which is user accountability. Currently, no ABE scheme can completely prevent the problem of illegal key sharing among users. In this paper, we tackle this problem by firstly proposing the notion of accountable, anony- mous, and ciphertext-policy ABE (CP-A 3 BE, in short) and then giving out a concrete construction. We start by improving the state-of-the-art of anonymous CP-ABE to obtain shorter public parameters and ciphertext length. In the proposed CP-A 3 BE construction, user accountability can be achieved in black-box model by embedding additional user-specific information into the attribute private key issued to that user, while still maintaining hidden access policy. The proposed constructions are prov- ably secure.

Shucheng Yu,Kui Ren,Wenjing Lou

DOI: https://doi.org/10.1016/j.comnet.2009.09.009

IF: 5.493

2009-01-01

Computer Networks

Abstract:In many applications, it is desired to dynamically establish temporary multicast groups for secure message delivery. It is also often the case that the group membership information itself is sensitive and needs to be well protected. However, existing solutions either fail to address the issue of membership anonymity or do not scale well for dynamically established groups. In this paper, we propose a highly scalable solution for dynamical multicast group setup with group membership anonymity. In the proposed solution, scalability and membership anonymity are achieved via a novel design that integrates techniques such as ciphertext-policy attribute-based encryption (CP-ABE). In our design, multicast groups are specified through group member attributes. As these attributes are potentially able to be shared by unlimited number of group members, our proposed scheme scales well. Also, high level of membership anonymity is guaranteed such that every group member knows nothing but his own group membership only. The complexity of our proposed scheme in terms of computational overhead and ciphertext size is O(n), where n is the number of attributes and independent to the group size.

Mingquan Ye,Xindong Wu,Xuegang Hu,Donghui Hu

DOI: https://doi.org/10.1016/j.knosys.2013.01.007

IF: 8.139

2013-01-01

Knowledge-Based Systems

Abstract:Identity disclosure is one of the most serious privacy concerns in many data mining applications. A well-known privacy model for protecting identity disclosure is k-anonymity. The main goal of anonymizing classification data is to protect individual privacy while maintaining the utility of the data in building classification models. In this paper, we present an approach based on rough sets for measuring the data quality and guiding the process of anonymization operations. First, we make use of the attribute reduction theory of rough sets and introduce the conditional entropy to measure the classification data quality of anonymized datasets. Then, we extend conditional entropy under single-level granulation to hierarchical conditional entropy under multi-level granulation, and study its properties by dynamically coarsening and refining attribute values. Guided by these properties, we develop an efficient search metric and present a novel algorithm for achieving k-anonymity, Hierarchical Conditional Entropy-based Top-Down Refinement (HCE-TDR), which combines rough set theory and attribute value taxonomies. Theoretical analysis and experiments on real world datasets show that our algorithm is efficient and improves data utility.

Sai Wu,Xiaoli Wang,Sheng Wang,Zhenjie Zhang,Anthony K. H. Tung

DOI: https://doi.org/10.1109/tkde.2013.93

IF: 9.235

2014-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:In crowdsourcing database, human operators are embedded into the database engine and collaborate with other conventional database operators to process the queries. Each human operator publishes small HITs (Human Intelligent Task) to the crowdsourcing platform, which consists of a set of database records and corresponding questions for human workers. The human workers complete the HITs and return the results to the crowdsourcing database for further processing. In practice, published records in HITs may contain sensitive attributes, probably causing privacy leakage so that malicious workers could link them with other public databases to reveal individual private information. Conventional privacy protection techniques, such as K-Anonymity , can be applied to partially solve the problem. However, after generalizing the data, the result of standard K-Anonymity algorithms may render uncontrollable information loss and affects the accuracy of crowdsourcing. In this paper, we first study the tradeoff between the privacy and accuracy for the human operator within data anonymization process. A probability model is proposed to estimate the lower bound and upper bound of the accuracy for general K-Anonymity approaches. We show that searching the optimal anonymity approach is NP-Hard and only heuristic approach is available. The second contribution of the paper is a general feedback-based K-Anonymity scheme. In our scheme, synthetic samples are published to the human workers, the results of which are used to guide the selection on anonymity strategies. We apply the scheme on Mondrian algorithm by adaptively cutting the dimensions based on our feedback results on the synthetic samples. We evaluate the performance of the feedback-based approach on U.S. census dataset, and show that given a predefined $K$ , our proposal outperforms standard K-Anonymity approaches on retaining the effectiveness of crowdsourcing.

Yang Xu,Quanrun Zeng,Guojun Wang,Cheng Zhang,Ju Ren,Yaoxue Zhang

DOI: https://doi.org/10.1007/978-3-030-05345-1_31

2018-01-01

Abstract:The emerging attribute-based access control (ABAC) mechanism is an expressive, flexible, and manageable authorization technique that is particularly suitable for current distributed, inconstant and complex service-oriented scenarios. Unfortunately, the inevitable disclosure of attributes that carry sensitive information bring significant risks to users' privacy, which obstructs the further development and popularization of the ABAC severely. In this paper, we propose an effective privacy-preserving ABAC (P-ABAC) scheme to defend against privacy leakage risks of users' attributes. In the P-ABAC approach, the necessary sensitive attributes are securely handled on the service requester side by using the homomorphic encryption method for privacy protection. And meanwhile, the service provider is still able to make accurate access decisions according to the received attribute ciphertext and pre-set policies with the help of the homomorphic encryption-based secure multi-party computation techniques, while learning no privacy information. The theoretical analysis proves that our model contributes to making an efficient and effective ABAC model with the enhanced privacy-protection feature.

Jian Xu,Wei Wang,Jian Pei,Xiaoyuan Wang,Baile Shi,Ada Wai-Chee Fu

DOI: https://doi.org/10.1145/1233321.1233324

2006-01-01

ACM SIGKDD Explorations Newsletter

Abstract:Privacy becomes a more and more serious concern in applications involving microdata. Recently, efficient anonymization has attracted much research work. Most of the previous methods use global recoding, which maps the domains of the quasi-identifier attributes to generalized or changed values. However, global recoding may not always achieve effective anonymization in terms of discernability and query answering accuracy using the anonymized data. Moreover, anonymized data is often used for analysis. As well accepted in many analytical applications, different attributes in a data set may have different utility in the analysis. The utility of attributes has not been considered in the previous methods. In this paper, we study the problem of utility-based anonymization. First, we propose a simple framework to specify utility of attributes. The framework covers both numeric and categorical data. Second, we develop two simple yet efficient heuristic local recoding methods for utility-based anonymization. Our extensive performance study using both real data sets and synthetic data sets shows that our methods outperform the state-of-the-art multidimensional global recoding methods in both discernability and query answering accuracy. Furthermore, our utility-based method can boost the quality of analysis using the anonymized data.

Taeho Jung,Xiang-Yang Li,Zhiguo Wan

2012-01-01

Abstract:Cloud computing is a revolutionary computing paradigm which enables flexible, on-demand and low-cost usage of computing resources. However, those advantages, ironically, are the causes of security and privacy problems, which emerge because the data owned by different users are stored in some cloud servers instead of under their own control. To deal with security problems, various schemes based on the Attribute- Based Encryption (ABE) have been proposed recently. However, the privacy problem of cloud computing is yet to be solved. This paper presents an anonymous privilege control scheme AnonyControl to address the user and data privacy problem in a cloud. By using multiple authorities in cloud computing system, our proposed scheme achieves anonymous cloud data access, finegrained privilege control, and more importantly, tolerance to up to (N -2) authority compromise. Our security and performance analysis show that AnonyControl is both secure and efficient for cloud computing environment.

Ang Gao,Zeng-zhi Li

DOI: https://doi.org/10.1587/transfun.E96.A.724

2013-01-01

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences

Abstract:In order to improve user's privacy in multi-authority Attribute-Based Encryption (ABE), we propose a solution which hides user's attributes by privacy homomorphism, such that not only the "external" adversary fails to access the private attribute of one user by eavesdropping on communications, but also the "internal" Attribute Authorities (AA), who are responsible for issuing attribute keys, are unable to build a full profile with all of the user's attributes by pooling their information on the user's ID. Meanwhile, the use of ID is essential to defend against collusion attack on ABE. Benefiting from privacy homomorphism, by which we distribute the part of the interpolation for the shares abstracted by the hidden attributes into each AA, the performance of the proposed scheme is higher than those of existing ABE schemes.

Zhen Li,Xiaojun Ye

DOI: https://doi.org/10.1007/978-3-540-77048-0_11

2007-01-01

Abstract:In recent years, a privacy model called k-anonymity has gained popularity in the microdata releasing. As the microdata may contain multiple sensitive attributes about an individual, the protection of multiple sensitive attributes has become an important problem. Different from the existing models of single sensitive attribute, extra associations among multiple sensitive attributes should be invested. Two kinds of disclosure scenarios may happen because of logical associations. The Q&S Diversity is checked to prevent the foregoing disclosure risks, with an α Requirement definition used to ensure the diversity requirement. At last, a two-step greedy generalization algorithm is used to carry out the multiple sensitive attributes processing which deal with quasi-identifiers and sensitive attributes respectively. We reduce the overall distortion by the measure of Masking SA.

Xiaojun Ye,Lei Jin,Bin Li

DOI: https://doi.org/10.1109/isecs.2008.113

2008-01-01

Abstract:For improving the usability of the anonymous result, it is important to comply with the hierarchical structure when generalizing quasi-identifying attributes with hierarchical characteristics. We propose an unrestricted multi-dimensional anonymization model which combines global recoding and local recoding methods. The bottom-up anonymization algorithm with the minimal coverage subgraph constraint and the anonymization metric are proposed. The experiment results justify the effectiveness and scalability of this model.

Zhanyi Jiao,Steven Kou,Yang Liu,Ruodu Wang

DOI: https://doi.org/10.48550/arXiv.2208.07533

2022-08-16

Theoretical Economics

Abstract:We study an axiomatic framework for anonymized risk sharing. In contrast to traditional risk sharing settings, our framework requires no information on preferences, identities, private operations and realized losses from the individual agents, and thereby it is useful for modeling risk sharing in decentralized systems. Four axioms natural in such a framework -- actuarial fairness, risk fairness, risk anonymity, and operational anonymity -- are put forward and discussed. We establish the remarkable fact that the four axioms characterizes the conditional mean risk sharing rule, revealing the unique and prominent role of this popular risk sharing rule among all others in relevant applications of anonymized risk sharing. Several other properties and their relations to the four axioms are studied, as well as their implications in rationalizing the design of Bitcoin mining pools.

Xiaojun Ye,Yawei Zhang,Ming Liu

DOI: https://doi.org/10.1109/WAIM.2008.22

2008-01-01

Abstract:One important privacy principle is that an individual has the freedom to decide his/her own privacy preferences, which should be taken into account when data holders release their privacy preserving micro data. Nevertheless, current related k-anonymity model research focuses on protecting individual private information by using pre-defined constraint parameters specified by data holders. This paper introduces a personalized (α, k) model by introducing a vector for describing individual personalized privacy requirements corresponding to each value in the domain of sensitive attributes by data respondents, and propose an efficiency anonymization algorithm which combines the top down specialization for quasi-identifier anonymization and the local recoding technique for the sensitive attribute generalization based on its attribute taxonomy tree. Experimental results show that this approach can meet better personalized privacy requirements and keep the information loss low.

Min Wu,Xiaojun Ye

DOI: https://doi.org/10.1109/WI-IATW.2006.135

2006-01-01

Abstract:Privacy preservation is an important and challenging problem in microdata release. As a de-identification model, k-anonymity has gained much attention recently. While focusing on identity disclosures, k-anonymity does not well resolve attribute disclosures. In this paper we focus on the sensitive attribute disclosures in k-anonymity and propose an ordinal distance based sensitivity aware diversity metric. We assume the more diversity the sensitive attribute assumes in an equivalence class in a k-anonymized table, the less inference channel there is in the equivalence class

Wei Jiang,Chris Clifton

DOI: https://doi.org/10.1007/s00778-006-0008-z

2006-08-05

The VLDB Journal

Abstract:Abstractk-anonymity provides a measure of privacy protection by preventing re-identification of data to fewer than a group of k data items. While algorithms exist for producing k-anonymous data, the model has been that of a single source wanting to publish data. Due to privacy issues, it is common that data from different sites cannot be shared directly. Therefore, this paper presents a two-party framework along with an application that generates k-anonymous data from two vertically partitioned sources without disclosing data from one site to the other. The framework is privacy preserving in the sense that it satisfies the secure definition commonly defined in the literature of Secure Multiparty Computation.

computer science, information systems, hardware & architecture

Yuxin Deng

DOI: https://doi.org/10.1016/j.entcs.2005.05.047

2007-01-01

Electronic Notes in Theoretical Computer Science

Abstract:Anonymity means that the identity of the user performing a certain action is maintained secret. The protocols for ensuring anonymity often use random mechanisms which can be described probabilistically. In this paper we propose a notion of weak probabilistic anonymity, where weak refers to the fact that some amount of probabilistic information may be revealed by the protocol. This information can be used by an observer to infer the likeliness that the action has been performed by a certain user. The aim of this work is to study the degree of anonymity that the protocol can still ensure, despite the leakage of information. We illustrate our ideas by using the example of the dining cryptographers with biased coins. We consider both the cases of nondeterministic and probabilistic users. Correspondingly, we propose two notions of weak anonymity and we investigate their respective dependencies on the biased factor of the coins.

Abdul Majeed,Seong Oun Hwang

DOI: https://doi.org/10.1109/access.2024.3510332

IF: 3.9

2024-12-11

IEEE Access

Abstract:In the modern era, personal data published by data owners play a vital role in decision-making, resource allocation, disease mitigation, and/or epidemiological analysis. However, if the published data do not truly reflect the characteristics of the underlying population from all perspectives, informed decisions cannot be made, leading to disproportionally fewer benefits for some marginal populations. Unfortunately, existing anonymization techniques often dilute/erase the representation of various populations, especially minor and super-minor groups, in the anonymized data, which inadvertently propagates inequity in subsequently published data analytics. To address these technical problems, in this paper, we implement a homophily, diversity- and t-closeness-based anonymity algorithm that effectively solves the privacy-equity trade-off (i.e., preserving privacy while representing all population groups, regardless of major/minor status) in anonymized data. We implement an automated method to identify equity-vulnerable attributes from the original data to protect the values against dilution/deletion. We develop a clustering method that considers both homophily and diversity among records, and that constructs compact, diverse, and balanced clusters. We employed the t-closeness principle to ensure a balanced distribution of equity-vulnerable attribute values in all clusters. We implement a flexible generalization scheme that performs only the required generalization of attributes to keep functional relationships similar between anonymized and real data. Rigorous experiments are performed on seven real-life benchmark datasets to justify the feasibility of our algorithm. Compared with the state-of-the-art method, our algorithm can lower privacy risks by up to 41.98% and enhance data quality by up to 36.72%. From an equity preservation point of view, it shows a 28.43% improvement over its counterpart, and equity losses in most cases are marginally lower than the original data.

computer science, information systems,telecommunications,engineering, electrical & electronic

Raymond Chi-Wing Wong,Yubao Liu,Jian Yin,Zhilan Huang,Ada Wai-Chee Fu,Jian Pei

DOI: https://doi.org/10.1007/978-3-540-72524-4_75

2007-01-01

Abstract:Privacy-preserving data publication for data mining is to protect sensitive information of individuals in published data while the distortion to the data is minimized. Recently, it is shown that (α, k )- anonymity is a feasible technique when we are given some sensitive attribute(s) and quasi-identifier attributes. In previous work, generalization of the given data table has been used for the anonymization. In this paper, we show that we can project the data onto two tables for publishing in such a way that the privacy protection for (α, k )-anonymity can be achieved with less distortion. In the two tables, one table contains the undisturbed non-sensitive values and the other table contains the undisturbed sensitive values. Privacy preservation is guaranteed by the lossy join property of the two tables. We show by experiments that the results are better than previous approaches.