Enforcing Privacy in Decentralized Mobile Social Networks

Similar documents
CLUSTER BASED ANONYMIZATION FOR PRIVACY PRESERVATION IN SOCIAL NETWORK DATA COMMUNITY

Distributed Data Anonymization with Hiding Sensitive Node Labels

A Secure and Dynamic Multi-keyword Ranked Search Scheme over Encrypted Cloud Data

Void main Technologies

Differential Privacy. Seminar: Robust Data Mining Techniques. Thomas Edlich. July 16, 2017

P2P Social Networks With Broadcast Encryption Protected Privacy

Sensitive Label Privacy Protection on Social Network Data

A Review on Privacy Preserving Data Mining Approaches

Outsourcing Privacy-Preserving Social Networks to a Cloud

Introduction to and calibration of a conceptual LUTI model based on neural networks

Privacy in Statistical Databases

Privacy Preserving Data Publishing: From k-anonymity to Differential Privacy. Xiaokui Xiao Nanyang Technological University

Identifying Close Friends on the Internet

IEEE 2013 JAVA PROJECTS Contact No: KNOWLEDGE AND DATA ENGINEERING

An Approach for Privacy Preserving in Association Rule Mining Using Data Restriction

Attribute-based encryption with encryption and decryption outsourcing

Data Anonymization. Graham Cormode.

Cryptography & Data Privacy Research in the NSRC

Implementation of Privacy Mechanism using Curve Fitting Method for Data Publishing in Health Care Domain

Survey Paper on Giving Privacy to Sensitive Labels

Privacy Preserving Ranked Multi-Keyword Search for Multiple Data Owners in Cloud Computing

La Science du Secret sans Secrets

Comparison and Analysis of Anonymization Techniques for Preserving Privacy in Big Data

Privacy-Preserving. Introduction to. Data Publishing. Concepts and Techniques. Benjamin C. M. Fung, Ke Wang, Chapman & Hall/CRC. S.

Introduction Types of Social Network Analysis Social Networks in the Online Age Data Mining for Social Network Analysis Applications Conclusion

INTRODUCTION TO CLOAKWARE/TRS TECHNOLOGY

Course Curriculum for Master Degree in Network Engineering and Security

Review on Techniques of Collaborative Tagging

Peer To Peer Communication Using Heterogeneous Networks

Cryptography & Data Privacy Research in the NSRC

Computer Based Image Algorithm For Wireless Sensor Networks To Prevent Hotspot Locating Attack

IDENTITY DISCLOSURE PROTECTION IN DYNAMIC NETWORKS USING K W STRUCTURAL DIVERSITY ANONYMITY

Partition Based Perturbation for Privacy Preserving Distributed Data Mining

Abstract. Asia-pacific Journal of Convergent Research Interchange Vol.2, No.2, June 30 (2016), pp

A compact Aggregate key Cryptosystem for Data Sharing in Cloud Storage systems.

An Adaptive Algorithm for Range Queries in Differential Privacy

NETWORKING. 8. ITDNW08 Congestion Control for Web Real-Time Communication

Differential Privacy. CPSC 457/557, Fall 13 10/31/13 Hushiyang Liu

An Overview of Secure Multiparty Computation

Exploring graph mining approaches for dynamic heterogeneous networks

Cover Page. The handle holds various files of this Leiden University dissertation.

An Access Control Model for Collaborative Management of Shared Data in OSNS

Formal Methods and Cryptography

PROBLEM FORMULATION AND RESEARCH METHODOLOGY

CS573 Data Privacy and Security. Differential Privacy. Li Xiong

Computer-based Tracking Protocols: Improving Communication between Databases

Leveraging Social Links for Trust and Privacy

Privacy Challenges in Big Data and Industry 4.0

PrivApprox. Privacy- Preserving Stream Analytics.

P2P Contents Distribution System with Routing and Trust Management

Survey Result on Privacy Preserving Techniques in Data Publishing

Secure Remote Storage Using Oblivious RAM

Fine-Grained Data Sharing Supporting Attribute Extension in Cloud Computing

Yi Song, Panagiotis Karras, Qian Xiao and Stephane Bressan

Convex and Distributed Optimization. Thomas Ropars

Raunak Rathi 1, Prof. A.V.Deorankar 2 1,2 Department of Computer Science and Engineering, Government College of Engineering Amravati

Privacy-Preserving Sensor Cloud. Hung Dang, Yun Long Chong, Francois Brun, Ee-Chien Chang School of Computing National University of Singapore

Accountability in Privacy-Preserving Data Mining

Trustworthy user authentication, authorization, data integrity AND consent management

Cyber Defense & Network Assurance (CyberDNA) Center. Professor Ehab Al Shaer, Director of CyberDNA Center UNC Charlotte

A FUZZY BASED APPROACH FOR PRIVACY PRESERVING CLUSTERING

EFFICIENT RETRIEVAL OF DATA FROM CLOUD USING DATA PARTITIONING METHOD FOR BANKING APPLICATIONS [RBAC]

A Case For OneSwarm. Tom Anderson University of Washington.

Privacy-Preserving Machine Learning

The Applicability of the Perturbation Model-based Privacy Preserving Data Mining for Real-world Data

Reconstruction-based Classification Rule Hiding through Controlled Data Modification

CSC 5930/9010 Cloud S & P: Cloud Primitives

Research Statement. Yehuda Lindell. Dept. of Computer Science Bar-Ilan University, Israel.

Mechanisms of Multiparty Access Control in Online Social Network

Computer Security CS 526

Guarding user Privacy with Federated Learning and Differential Privacy

Sybil defenses via social networks

Integrating OpenID with proxy re-encryption to enhance privacy in cloud-based identity services

DECENTRALIZED ATTRIBUTE-BASED ENCRYPTION AND DATA SHARING SCHEME IN CLOUD STORAGE

Void main Technologies

Research Article Structural Attack to Anonymous Graph of Social Networks

Sanitization of call detail records via differentially-private Bloom filters

Developing the ERS Collaboration Framework

CCP: Conflicts Check Protocol for Bitcoin Block Security 1

Recommendation System for Location-based Social Network CS224W Project Report

Anonymization of Network Traces Using Noise Addition Techniques

A Procedural Based Encryption Technique for Accessing Data on Cloud

Encryption Vision & Strategy

User Control Mechanisms for Privacy Protection Should Go Hand in Hand with Privacy-Consequence Information: The Case of Smartphone Apps

IMPROVING DATA SECURITY USING ATTRIBUTE BASED BROADCAST ENCRYPTION IN CLOUD COMPUTING

PPKM: Preserving Privacy in Knowledge Management

Privacy and Security in Cloud-based ML

This tutorial has been prepared for computer science graduates to help them understand the basic-to-advanced concepts related to data mining.

S. Indirakumari, A. Thilagavathy

Edge Anonymity in Social Network Graphs

EFFICIENT DATA SHARING WITH ATTRIBUTE REVOCATION FOR CLOUD STORAGE

Implementation of Decentralized Access Control with Anonymous Authentication in Cloud

Secure Multiparty Computation

Improved Upper and Lower Bound Heuristics for Degree Anonymization in Social Networks

Reciprocal Access Direct for Online Social Networks: Model and Mechanisms

Computational Geometry for Imprecise Data

Dynamic Data in terms of Data Mining Streams

communication Claudia Díaz Katholieke Universiteit Leuven Dept. Electrical Engineering g ESAT/COSIC October 9, 2007 Claudia Diaz (K.U.

Internet Traffic Classification Using Machine Learning. Tanjila Ahmed Dec 6, 2017

Key Protection for Endpoint, Cloud and Data Center

Transcription:

Enforcing Privacy in Decentralized Mobile Social Networks Hiep H. Nguyen 1, Abdessamad Imine 1, and Michaël Rusinowitch 1 LORIA/INRIA Nancy-Grand Est France {huu-hiep.nguyen,michael.rusinowitch}@inria.fr,abdessamad.imine@loria.fr Abstract. This position paper first summarizes work done by the first author on location privacy and differential privacy. These techniques will help to solve privacy problems in decentralized mobile social networks, which is the main theme of his PhD research. The paper then briefly reviews the state-of-the-art in privacy-preservation of social graphs and clarifies the lack of attention to graph sharing in decentralized setting. Finally, some initial ideas on how to realize such soft decentralized access controls are described. 1 Motivation The prevalent architectures of social networks mainly rely on the central repository of user data, so users must trade their privacy for free service. The centralized setting makes offline data processing operations(e.g. publishing a anonymized version of a social graph) easier and attracts a lot of interest in the security community. Parallel to this line of research, there also exists another line dedicated to decentralized alternatives 1 in which users manage their own data and access policies. Shifting from the free-service (centralized) paradigm to the user-centric (decentralized) one should, in principle, increase user confidence or trust, but understanding how to properly share information in this architecture remains a huge challenge in user privacy preservation. For example, early efforts such as Diaspora 2 and Persona [3] protect user privacy at the cost of less utility. As a specific sub-problem, anonymizing social network data is more challenging [13] than anonymizing relational data. First, it is harder to model the adversarial background knowledge. Vertex/edge labels, neighborhood graphs and the like can be used to re-identify individuals, not only the conventional quasiidentifiers. Second, to measure information loss in perturbed network data is not easy because nodes and edges are not independent as items in tabular data. Third, anonymization techniques in social network data usually ask for deeper understanding of affects caused by a single graph modification. In decentralized settings, those anonymization challenges may be exacerbated as we need the collaboration of users to reach a global (noisy) view of the social graph. 1 http://en.wikipedia.org/wiki/comparison of software and protocols for distributed social networking 2 https://diasporafoundation.org/

2 Nguyen et al. 1.1 Thesis s objectives Privacy in social networks involves privacy requirements for identities, links, contents, activities disclosure-resistance. The early vision of the PhD thesis is on understanding intrinsic difficulties of decentralized mobile social networks and to propose mechanisms for privacy-preserving data sharing (e.g. partial friend list sharing). We aim to start with simple models with several assumptions about the attacker s knowledge and dynamics of networks. While there are many structural attacks in centralized setting [2], we witness little similar research on those attacks in the decentralized one. One important reason may be due to the lack of the global view of the social graph; hence we conjecture that there will be different attack scenarios. We seek for an appropriate combination of cryptography and anonymization techniques to address the problem. Our ultimate objective is to make significant contributions both theoretically and empirically to the development of decentralized alternatives to the current online social networks (OSN). The two following subsections summarize two main contributions of the first author in his master course. In each subsection, an anticipated application of the corresponding technique will be presented. 1.2 Location Privacy Anonymization methods (e.g. k-anonymity) are extensively used in location privacy with a typical configuration of a anonymizer between the LBS server and mobile users. By cloaking user locations into bigger sets satisfying certain thresholds, users true locations are concealed. Privacy in this setting means privacy by blending yourself in a crowd. MeshCloak [8] brings novelties in the cloaking problem by leveraging the real street maps for cloaking purpose. It tries to solve a harder problem of continuous queries which guarantees the privacy even in consecutive queries. Compared to previous work on the same problem, it produces much smaller cloaking areas, so reducing the processing burden at the LBS server. To formally quantify the privacy level of the new model, MeshCloak takes into account the stronger attackers knowledge by modelling user moving patterns based on time-homogeneous semi-markov process with dwelling time at states. Specifically, each user with historical traces and a moving speed has a mobility profile. Under the assumption that the attacker may construct such mobility profiles and mount maximum likelihood attacks, MeshCloak still achieves high level of privacy (measured as high incorrectness of attacks). Our technique and the anonymization methods applied to the publication of whole social graphs [11] are similar in the sense of hiding by blending protected objects into bigger sets. Meanwhile, existing techniques in [8] may help us in problems related to dynamics in social networks (arrival/leave of nodes as well as creation/deletion of links). 1.3 Differential Privacy The second work [9] is on differential privacy [5], specifically applied to linear counting queries [7]. Differential privacy is an in-focus paradigm for publishing

Enforcing Privacy in Decentralized Mobile Social Networks 3 useful statistical information over sensitive data with rigorous privacy guarantees. It requires that the outcome of any analysis on database is not influenced substantially by the existence of any individual (so the name differential). Differential privacy has been successfully applied to a wide range of data analysis tasks. The comparative study [9] juxtaposes the state-of-the-art schemes and identifies advantages/disadvantages of each one as well as proposes improvements for better scalability and lower injected noise. With strong theoretical foundations, differential privacy is a promising tool for formulating and solving certain privacy issues in both centralized/decentralized and offline/online settings for data publication within social networks [11]. 2 Privacy Preservation of Social Graphs Social graphs considered in the state-of-the-art vary in a wide range, from unlabeled, simple, undirected ones to data-rich ones. This section reviews a few typical privacy-preserving techniques in centralized and decentralized settings. 2.1 Centralized setting Thereisalargebody ofworkfocusingonhowtosharesocialgraphsownedbyorganizations without revealing the identities or links between users involved. The existing anonymization methods fall into four main categories. The methods of first category provide k-anonymity by deterministic edge additions or deletions, assuming attacker s background knowledge regarding some property of its target node. The second category includes random additions, deletions and switches of edges to prevent the reidentification of nodes or edges. The methods falling in the third category assign probabilities to edges to add uncertainty to the original graph. Finally, the fourth class of techniques cluster together nodes into supernodes of size at least k. Note that the last two classes of schemes induce possible world models, i.e., we can retrieve graph samples that are consistent with the anonymized output graph. 2.2 Decentralized setting Decentralized social networks consist of federated and distributed models. In distributed setting, the social graph is split between many holders, and even between users in which each node only knows his friends. To privately aggregate the global graph, we need collaborative privacy-preserving sharing mechanisms. Unfortunately, not much attention has been given to this topic except in a few works, for example [10]. In tabular data aggregation, the distributed sharing problem seems easier and exposes a lot of efficient mechanisms, e.g. [1]. As we aim at mechanisms for decentralized social networks, the access control on networkdata is ofimportance. One ofour concernsis how to devise soft access policies via collaborative anonymization. An anticipated scenario, presented in the next section, is that given different trust levels between a user and his friends, the user adds different noises to his true friend list before transmitting them to his neighbors.

4 Nguyen et al. 3 Ongoing Work At the early stage of the thesis, we survey the state-of-the-art of privacy-preserving methods in decentralized social networks as well as in the centralized ones. Privacy protection techniques can be classified roughly as cryptography-based and anonymization-based. Cryptographic primitives support a wide range of OSN-related operations like encryption to a group, group key revocation with attribute-based encryption (ABE) [3], searching on encrypted data, secure multiparty computation. However, this set of solutions incur unavoidable trade-off between secrecy, performance and complexity. Anonymization techniques while avoiding costly encryption may have other intricacies in designing online protocols, e.g. protocol for establishing a trust relationship, controlling the boundary of shared data (even in noisy forms). In addition, new protocols in our models require deliberate choice of replication schemes and consistency models. Fig. 1: Autonomous sharing of friend lists with trust-based soft access control We propose initial ideas of autonomous relationship sharing (highly sensitive data) via trust-based access control. Fig. 1 depicts the sharing model under the assumption of Clone2Clone-like[6] distributed social networks. Each mobile user possesses one clone in the cloud for high availability and may allow the clone to perform actions on behalf of him. We assume an overlay trust network[4] between users to guide the sharing activity. Intuitively, each user determines the amount of noise added to his true friend list based on the trust levels (fairness) to a friend and then sends out the noisy friend list. The friend list should get noisier (monotonicity) as propagating within the network. Our goal is to allow each user to get friend lists from many sources, directly or indirectly, and to properly reconstruct the(noisy) global graph for his own purposes. An interesting question is how to guarantee the convergence of information in aggregated graph. We may start with several metrics such as randomness [12] and apply mining techniques for uncertain graphs to quantify the remaining utility in the graph. 4 Conclusion Parallel to the success of centralized social network services based on the freemium model, decentralized alternatives have also been proposed as a response from the

Enforcing Privacy in Decentralized Mobile Social Networks 5 research community in order to better address privacy concerns of users. Following this direction, our methodology is to see first the big picture of decentralized social networks by studying their challenges and opportunities. We then aim to formalize problems of moderate size that can be stated and solved efficiently using both tools in cryptography and anonymization. One such in-focus problem is the collaborative and autonomous relationship sharing in cloud-based peerto-peer architectures. References 1. D. Alhadidi, N. Mohammed, B. C. Fung, and M. Debbabi. Secure distributed framework for achieving ε-differential privacy. In Privacy Enhancing Technologies, pages 120 139. Springer, 2012. 2. L. Backstrom, C. Dwork, and J. Kleinberg. Wherefore art thou r3579x?: anonymized social networks, hidden patterns, and structural steganography. In Proceedings of the 16th international conference on World Wide Web, pages 181 190. ACM, 2007. 3. R. Baden, A. Bender, N. Spring, B. Bhattacharjee, and D. Starin. Persona: an online social network with user-defined privacy. In ACM SIGCOMM Computer Communication Review, volume 39, pages 135 146. ACM, 2009. 4. B. Carminati, E. Ferrari, and A. Perego. Enforcing access control in web-based social networks. ACM Transactions on Information and System Security (TISSEC), 13(1):6, 2009. 5. C. Dwork. A firm foundation for private data analysis. Communications of the ACM, 54(1):86 95, 2011. 6. S. Kosta, V. C. Perta, J. Stefa, P. Hui, and A. Mei. Clone2clone (c2c): Peer-to-peer networking of smartphones on the cloud. In 5th USENIX Workshop on Hot Topics in Cloud Computing (HotCloud13), 2013. 7. C.Li,M. Hay,V.Rastogi, G.Miklau, anda.mcgregor. Optimizinglinear counting queries under differential privacy. In PODS, pages 123 134. ACM, 2010. 8. H.Nguyen,D.Chae, J. Kim, andj. Kim. Meshcloak: Amap-basedlocation privacy model for continuous query in mobile services. Manuscript. 9. H. Nguyen and J. Kim. A comparison of differentially private linear counting queries. Manuscript. 10. T. Tassa and D. J. Cohen. Anonymization of centralized and distributed social networks by sequential clustering. Knowledge and Data Engineering, IEEE Transactions on, 25(2):311 324, 2013. 11. X. Wu, X. Ying, K. Liu, and L. Chen. A survey of privacy-preservation of graphs and social networks. In Managing and mining graph data, pages 421 453. Springer, 2010. 12. X. Ying and X. Wu. On randomness measures for social networks. In SDM, volume 9, pages 709 720. SIAM, 2009. 13. B. Zhou and J. Pei. Preserving privacy in social networks against neighborhood attacks. In Data Engineering, 2008. ICDE 2008. IEEE 24th International Conference on, pages 506 515. IEEE, 2008.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback