PURA-SCIS Protocol: A Novel Solution for Cloud-Based Information Sharing Protection for Sectoral Organizations

Over recent years, the incidence of data breaches and cyberattacks has increased significantly. This has highlighted the need for sectoral organizations to share information about such events so that lessons can be learned to mitigate the prevalence and severity of cyber incidents against other organizations. Sectoral organizations embody a governance relationship between cross-sector public and private entities, called public-private partnerships (PPPs). However, organizations are hesitant to share such information due to a lack of trust and business-critical confidentially issues. This problem occurs because of the absence of any protocols that guarantee privacy protection and protect sensitive information. To address this issue, this paper proposes a novel protocol, Putra-Ramli Secure Cyber-incident Information Sharing (PURA-SCIS), to secure cyber incident information sharing. PURA-SCIS has been designed to offer exceptional data and privacy protection and run on the cloud services of sectoral organizations. The relationship between organizations in PURA-SCIS is symmetrical, where the entities must collectively maintain the security of classified cyber incident information. Furthermore, the organizations must be legitimate entities in the PURA-SCIS protocol. The Scyther tool was used for protocol verification in PURA-SCIS. The experimental results showed that the proposed PURA-SCIS protocol provided good security properties, including public verifiability for all entities, blockless verification, data privacy preservation, identity privacy preservation and traceability, and private information sharing. PURA-SCIS also provided a high degree of confidentiality to protect the security and integrity of cyber-incident-related information exchanged among sectoral organizations via cloud services.

Download Full-text

Personalized trajectory privacy-preserving method based on sensitive attribute generalization and location perturbation

Intelligent Data Analysis ◽

10.3233/ida-205306 ◽

2021 ◽

Vol 25 (5) ◽

pp. 1247-1271

Author(s):

Chuanming Chen ◽

Wenshi Lin ◽

Shuanggui Zhang ◽

Zitong Ye ◽

Qingying Yu ◽

...

Keyword(s):

Private Information ◽

Privacy Protection ◽

Privacy Preservation ◽

Background Knowledge ◽

Sensitive Information ◽

Frequent Patterns ◽

Trajectory Data ◽

Preservation Method ◽

Sensitive Attribute ◽

Theoretical Analyses

Trajectory data may include the user’s occupation, medical records, and other similar information. However, attackers can use specific background knowledge to analyze published trajectory data and access a user’s private information. Different users have different requirements regarding the anonymity of sensitive information. To satisfy personalized privacy protection requirements and minimize data loss, we propose a novel trajectory privacy preservation method based on sensitive attribute generalization and trajectory perturbation. The proposed method can prevent an attacker who has a large amount of background knowledge and has exchanged information with other attackers from stealing private user information. First, a trajectory dataset is clustered and frequent patterns are mined according to the clustering results. Thereafter, the sensitive attributes found within the frequent patterns are generalized according to the user requirements. Finally, the trajectory locations are perturbed to achieve trajectory privacy protection. The results of theoretical analyses and experimental evaluations demonstrate the effectiveness of the proposed method in preserving personalized privacy in published trajectory data.

Download Full-text

Laniakea: an open solution to provide Galaxy “on-demand” instances over heterogeneous cloud infrastructures

GigaScience ◽

10.1093/gigascience/giaa033 ◽

2020 ◽

Vol 9 (4) ◽

Cited By ~ 1

Author(s):

Marco Antonio Tangaro ◽

Giacinto Donvito ◽

Marica Antonacci ◽

Matteo Chiara ◽

Pietro Mandreoli ◽

...

Keyword(s):

Data Privacy ◽

Optimal Solution ◽

Cloud Services ◽

Single Server ◽

Software Infrastructure ◽

Public And Private ◽

Complete Control ◽

Platform As A Service ◽

On Demand ◽

Demand Service

Abstract Background While the popular workflow manager Galaxy is currently made available through several publicly accessible servers, there are scenarios where users can be better served by full administrative control over a private Galaxy instance, including, but not limited to, concerns about data privacy, customisation needs, prioritisation of particular job types, tools development, and training activities. In such cases, a cloud-based Galaxy virtual instance represents an alternative that equips the user with complete control over the Galaxy instance itself without the burden of the hardware and software infrastructure involved in running and maintaining a Galaxy server. Results We present Laniakea, a complete software solution to set up a “Galaxy on-demand” platform as a service. Building on the INDIGO-DataCloud software stack, Laniakea can be deployed over common cloud architectures usually supported both by public and private e-infrastructures. The user interacts with a Laniakea-based service through a simple front-end that allows a general setup of a Galaxy instance, and then Laniakea takes care of the automatic deployment of the virtual hardware and the software components. At the end of the process, the user gains access with full administrative privileges to a private, production-grade, fully customisable, Galaxy virtual instance and to the underlying virtual machine (VM). Laniakea features deployment of single-server or cluster-backed Galaxy instances, sharing of reference data across multiple instances, data volume encryption, and support for VM image-based, Docker-based, and Ansible recipe-based Galaxy deployments. A Laniakea-based Galaxy on-demand service, named Laniakea@ReCaS, is currently hosted at the ELIXIR-IT ReCaS cloud facility. Conclusions Laniakea offers to scientific e-infrastructures a complete and easy-to-use software solution to provide a Galaxy on-demand service to their users. Laniakea-based cloud services will help in making Galaxy more accessible to a broader user base by removing most of the burdens involved in deploying and running a Galaxy service. In turn, this will facilitate the adoption of Galaxy in scenarios where classic public instances do not represent an optimal solution. Finally, the implementation of Laniakea can be easily adapted and expanded to support different services and platforms beyond Galaxy.

Download Full-text

Privacy protection in mobile crowd sensing: a survey

World Wide Web ◽

10.1007/s11280-019-00745-2 ◽

2019 ◽

Vol 23 (1) ◽

pp. 421-452 ◽

Cited By ~ 1

Author(s):

Yongfeng Wang ◽

Zheng Yan ◽

Wei Feng ◽

Shushu Liu

Keyword(s):

Privacy Protection ◽

Data Privacy ◽

Large Scale ◽

System Structure ◽

Smart Devices ◽

Future Research ◽

Sensitive Information ◽

Mobile Crowd Sensing ◽

Crowd Sensing ◽

Mobile Crowd

AbstractThe unprecedented proliferation of mobile smart devices has propelled a promising computing paradigm, Mobile Crowd Sensing (MCS), where people share surrounding insight or personal data with others. As a fast, easy, and cost-effective way to address large-scale societal problems, MCS is widely applied into many fields, e.g., environment monitoring, map construction, public safety, etc. Despite the popularity, the risk of sensitive information disclosure in MCS poses a serious threat to the participants and limits its further development in privacy-sensitive fields. Thus, the research on privacy protection in MCS becomes important and urgent. This paper targets the privacy issues of MCS and conducts a comprehensive literature research on it by providing a thorough survey. We first introduce a typical system structure of MCS, summarize its characteristics, propose essential requirements on privacy on the basis of a threat model. Then, we survey existing solutions on privacy protection and evaluate their performances by employing the proposed requirements. In essence, we classify the privacy protection schemes into four categories with regard to identity privacy, data privacy, attribute privacy, and task privacy. Besides, we review the achievements on privacy-preserving incentives in MCS from four viewpoints of incentive measures: credit incentive, auction incentive, currency incentive, and reputation incentive. Finally, we point out some open issues and propose future research directions based on the findings from our survey.

Download Full-text

Privacy Preserving Spatio-Temporal Databases Based on k-Anonymity

Science & Technology Development Journal - Engineering and Technology ◽

10.32508/stdjet.v3isi1.517 ◽

2020 ◽

Vol 3 (SI1) ◽

pp. SI82-SI94

Author(s):

Anh Tuan Truong

Keyword(s):

Data Mining ◽

Privacy Protection ◽

Location Privacy ◽

Location Based Services ◽

Sensitive Information ◽

User Privacy ◽

Location Data ◽

Related Information ◽

Spatio Temporal ◽

Location Privacy Protection

The development of location-based services and mobile devices has lead to an increase in the location data. Through the data mining process, some valuable information can be discovered from location data. In the other words, an attacker may also extract some private (sensitive) information of the user and this may make threats against the user privacy. Therefore, location privacy protection becomes an important requirement to the success in the development of location-based services. In this paper, we propose a grid-based approach as well as an algorithm to guarantee k-anonymity, a well-known privacy protection approach, in a location database. The proposed approach considers only the information that has significance for the data mining process while ignoring the un-related information. The experiment results show the effectiveness of the proposed approach in comparison with the literature ones.

Download Full-text

Data Privacy Preservation and Security Approaches for Sensitive Data in Big Data

10.3233/apc210221 ◽

2021 ◽

Author(s):

Rohit Ravindra Nikam ◽

Rekha Shahapurkar

Keyword(s):

Data Mining ◽

Data Analytics ◽

Data Privacy ◽

Privacy Preservation ◽

Large Data ◽

Research Area ◽

Data Sets ◽

Sensitive Information ◽

Sensitive Data ◽

Data Mining Techniques

Data mining is a technique that explores the necessary data is extracted from large data sets. Privacy protection of data mining is about hiding the sensitive information or identity of breach security or without losing data usability. Sensitive data contains confidential information about individuals, businesses, and governments who must not agree upon before sharing or publishing his privacy data. Conserving data mining privacy has become a critical research area. Various evaluation metrics such as performance in terms of time efficiency, data utility, and degree of complexity or resistance to data mining techniques are used to estimate the privacy preservation of data mining techniques. Social media and smart phones produce tons of data every minute. To decision making, the voluminous data produced from the different sources can be processed and analyzed. But data analytics are vulnerable to breaches of privacy. One of the data analytics frameworks is recommendation systems commonly used by e-commerce sites such as Amazon, Flip Kart to recommend items to customers based on their purchasing habits that lead to characterized. This paper presents various techniques of privacy conservation, such as data anonymization, data randomization, generalization, data permutation, etc. such techniques which existing researchers use. We also analyze the gap between various processes and privacy preservation methods and illustrate how to overcome such issues with new innovative methods. Finally, our research describes the outcome summary of the entire literature.

Download Full-text

D2D Big Data Privacy-Preserving Framework Based on (a, k)-Anonymity Model

Mathematical Problems in Engineering ◽

10.1155/2019/2076542 ◽

2019 ◽

Vol 2019 ◽

pp. 1-11 ◽

Cited By ~ 1

Author(s):

Jie Wang ◽

Hongtao Li ◽

Feng Guo ◽

Wenyin Zhang ◽

Yifeng Cui

Keyword(s):

Big Data ◽

Private Information ◽

Data Privacy ◽

Privacy Preservation ◽

Computing Time ◽

Privacy Preserving ◽

D2d Communication ◽

Group Data ◽

Big Data Privacy ◽

Daunting Challenge

As a novel and promising technology for 5G networks, device-to-device (D2D) communication has garnered a significant amount of research interest because of the advantages of rapid sharing and high accuracy on deliveries as well as its variety of applications and services. Big data technology offers unprecedented opportunities and poses a daunting challenge to D2D communication and sharing, where the data often contain private information concerning users or organizations and thus are at risk of being leaked. Privacy preservation is necessary for D2D services but has not been extensively studied. In this paper, we propose an (a, k)-anonymity privacy-preserving framework for D2D big data deployed on MapReduce. Firstly, we provide a framework for the D2D big data sharing and analyze the threat model. Then, we propose an (a, k)-anonymity privacy-preserving framework for D2D big data deployed on MapReduce. In our privacy-preserving framework, we adopt (a, k)-anonymity as privacy-preserving model for D2D big data and use the distributed MapReduce to classify and group data for massive datasets. The results of experiments and theoretical analysis show that our privacy-preserving algorithm deployed on MapReduce is effective for D2D big data privacy protection with less information loss and computing time.

Download Full-text

Overview of Privacy Protection Technology Based on Database Application

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.241-244.2816 ◽

2012 ◽

Vol 241-244 ◽

pp. 2816-2821 ◽

Cited By ~ 2

Author(s):

Hai Fang Wei ◽

Bei Zhan Wang ◽

Xiang Deng ◽

Ai Hua Wu

Keyword(s):

Data Mining ◽

Privacy Protection ◽

Data Privacy ◽

Sensitive Information ◽

Basic Principles ◽

Database Application ◽

Research Results ◽

Depth Analysis ◽

Protection Technology ◽

Future Direction

With the emergence and development of data applications such as database and data mining, how to protect data privacy and prevent disclosure of sensitive information has become one of the major challenges we are facing now. Privacy protection technologies need to protect data privacy without compromising data applications. The research results of privacy protection field are summarized, and the basic principles and features of various types of privacy protection technologies are described. After the in-depth analysis and comparison of existing technologies, this paper points out the future direction of the privacy protection technology.

Download Full-text

A Sub Chunk-Confusion Based Privacy Protection Mechanism for Association Rules in Cloud Services

International Journal of Software Engineering and Knowledge Engineering ◽

10.1142/s0218194016400015 ◽

2016 ◽

Vol 26 (04) ◽

pp. 539-562 ◽

Cited By ~ 2

Author(s):

Yuliang Shi ◽

Zhongmin Zhou ◽

Lizhen Cui ◽

Shijun Liu

Keyword(s):

Association Rules ◽

Privacy Protection ◽

Data Privacy ◽

Cloud Services ◽

Protection Mechanism ◽

Security Issues ◽

Computing Services ◽

Real World Applications ◽

Protection Technology ◽

Cloud Computing Services

In cloud computing services, according to the customized privacy protection policy by the tenant and the sub chunk-confusion based on privacy protection technology, we can partition the tenant’s data into many chunks and confuse the relationships among chunks, which makes the attacker cannot infer tenant’s information by simply combining attributes. But it still has security issues. For example, with the amount of data growing, there may be a few hidden association rules among some attributes of the data chunks. Through these rules, it is possible to get some of the privacy information of the tenant. To address this issue, the paper proposes a privacy protection mechanism based on chunk-confusion privacy protection technology for association rules. The mechanism can detect unidimensional and multidimensional attributes association rules, hide them by adding fake data, re-chunking and re-grouping, and then ensure the privacy of tenant’s data. In addition, this mechanism also provides evaluation formulas. They filter detected association rules, remove the invalid and improve system performance. They also evaluate the effect of privacy protection. The experimental evaluation proves that the mechanism proposed in this paper can better protect the data privacy of tenant and has feasibility and practicality in real world applications.

Download Full-text

It Takes Two to Tango

European Journal of Risk Regulation ◽

10.1017/s1867299x00004517 ◽

2015 ◽

Vol 6 (2) ◽

pp. 208-218 ◽

Cited By ~ 1

Author(s):

Heiko Borchert

Keyword(s):

Information Sharing ◽

Information Management ◽

Private Information ◽

Critical Infrastructure ◽

Infrastructure Development ◽

Critical Infrastructure Protection ◽

Public And Private ◽

Public And Private Stakeholders ◽

Core Issues

This article focuses on the information requirements of public and private stakeholders engaged in critical infrastructure protection (CIP).With its emphasis on information management rather than information sharing, the article builds on existing research suggesting that the notion of information sharing inadvertently renders cooperation more difficult as it evokes impressions of information “dominance” rather than joint information ownership. The article proposes a joint public-private information management agenda based on core issues providing actionable information to tackle immediate threats and crosscutting issues looking at the long-term issues that are relevant to understand the overall context in which critical infrastructure development occurs.

Download Full-text

When Machine Learning Meets Privacy

ACM Computing Surveys ◽

10.1145/3436755 ◽

2021 ◽

Vol 54 (2) ◽

pp. 1-36

Author(s):

Bo Liu ◽

Ming Ding ◽

Sina Shaham ◽

Wenny Rahayu ◽

Farhad Farokhi ◽

...

Keyword(s):

Machine Learning ◽

Privacy Protection ◽

Data Privacy ◽

Privacy Preservation ◽

Research Progress ◽

Future Research ◽

Surveillance Systems ◽

Smart Healthcare ◽

Wide Range ◽

Depth Analysis

The newly emerged machine learning (e.g., deep learning) methods have become a strong driving force to revolutionize a wide range of industries, such as smart healthcare, financial technology, and surveillance systems. Meanwhile, privacy has emerged as a big concern in this machine learning-based artificial intelligence era. It is important to note that the problem of privacy preservation in the context of machine learning is quite different from that in traditional data privacy protection, as machine learning can act as both friend and foe. Currently, the work on the preservation of privacy and machine learning are still in an infancy stage, as most existing solutions only focus on privacy problems during the machine learning process. Therefore, a comprehensive study on the privacy preservation problems and machine learning is required. This article surveys the state of the art in privacy issues and solutions for machine learning. The survey covers three categories of interactions between privacy and machine learning: (i) private machine learning, (ii) machine learning-aided privacy protection, and (iii) machine learning-based privacy attack and corresponding protection schemes. The current research progress in each category is reviewed and the key challenges are identified. Finally, based on our in-depth analysis of the area of privacy and machine learning, we point out future research directions in this field.

Download Full-text