Anonymity and Privacy 2015

 

 
SoS Logo

Anonymity and Privacy

2015



Minimizing privacy risk is one of the major problems attendant on the development of social media and hand-held smart phone technologies. K-anonymity is one main method for anonymizing data. Many of the articles cited here focus on k-anonymity to ensure privacy. Others look at elliptic keys and privacy enhancing techniques more generally. These articles were presented in 2015. The Science of Security topics addressed include privacy, governance-based collaboration, resiliency, and metrics.




Ward, J.R.; Younis, M., “Base Station Anonymity Distributed Self-Assessment in Wireless Sensor Networks,” Intelligence and Security Informatics (ISI), 2015 IEEE International Conference on, vol., no., pp. 103, 108, 27-29 May 2015. doi:10.1109/ISI.2015.7165947

Abstract: In recent years, Wireless Sensor Networks (WSNs) have become valuable assets to both the commercial and military communities with applications ranging from industrial control on a factory floor to reconnaissance of a hostile border. In most applications, the sensors act as data sources and forward information generated by event triggers to a central sink or base station (BS). The unique role of the BS makes it a natural target for an adversary that desires to achieve the most impactful attack possible against a WSN with the least amount of effort. Even if a WSN employs conventional security mechanisms such as encryption and authentication, an adversary may apply traffic analysis techniques to identify the BS. This motivates a significant need for improved BS anonymity to protect the identity, role, and location of the BS. Previous work has proposed anonymity-boosting techniques to improve the BS’s anonymity posture, but all require some amount of overhead such as increased energy consumption, increased latency, or decreased throughput. If the BS understood its own anonymity posture, then it could evaluate whether the benefits of employing an anti-traffic analysis technique are worth the associated overhead. In this paper we propose two distributed approaches to allow a BS to assess its own anonymity and correspondingly employ anonymity-boosting techniques only when needed. Our approaches allow a WSN to increase its anonymity on demand, based on real-time measurements, and therefore conserve resources. The simulation results confirm the effectiveness of our approaches.

Keywords: security of data; wireless sensor networks; WSN; anonymity-boosting techniques; anti-traffic analysis technique; base station; base station anonymity distributed self-assessment; conventional security mechanisms; improved BS anonymity; Current measurement; Energy consumption; Entropy; Protocols; Sensors; Wireless sensor networks; anonymity; location privacy

(ID#: 15-6515)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7165947&isnumber=7165923

 

Kangsoo Jung; Seongyong Jo; Seog Park, “A Game Theoretic Approach for Collaborative Caching Techniques in Privacy Preserving Location-Based Services,” Big Data and Smart Computing (BigComp), 2015 International Conference on, vol., no., pp. 59, 62, 9-11 Feb. 2015. doi:10.1109/35021BIGCOMP.2015.7072852

Abstract: The number of users who use location-based services (LBS) is increasing rapidly along with the proliferation of mobile devices such as the smartphone. However, LBS users have concerned about their privacy because the collected individual location information can pose a privacy violation. Therefore, it is no wonder that a lot of research is being conducted on topic such as location k-anonymity and pseudonym to prevent privacy threats. However, existing research has several limitations when applied to real world applications. In this paper, we propose a novel architecture to preserve the location privacy in LBS using the Virtual Individual Server (VIS) to overcome drawbacks in existing techniques. We also introduce the collaborative caching technique which shares extra query results among users to mitigate privacy/performance tradeoffs. Game theory is used to overcome the free rider problem that can occur during the sharing process. Simulation results show that the proposed technique achieves sufficient privacy protection and reduces system performance degradation.

Keywords: data privacy; game theory; mobile computing; smart phones; LBS; VIS; collaborative caching technique; free rider problem; game theoretic approach; location information; location k-anonymity; mobile devices; privacy preserving location-based services; privacy protection; privacy threats; privacy violation; smartphone; virtual individual server; Electronic countermeasures; Frequency modulation; Integrated circuits; Caching; Location-based service; Privacy (ID#: 15-6516)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7072852&isnumber=7072806

 

Abuzneid, A.-S.; Sobh, T.; Faezipour, M., “An Enhanced Communication Protocol for Anonymity and Location Privacy in WSN,” Wireless Communications and Networking Conference Workshops (WCNCW), 2015 IEEE, vol., no., pp. 91, 96, 9-12 March 2015. doi:10.1109/WCNCW.2015.7122535

Abstract: Wireless sensor networks (WSNs) consist of many sensors working as hosts. These sensors can sense a phenomenon and represent it in a form of data. There are many applications for WSNs such as object tracking and monitoring where the objects need protection. Providing an efficient location privacy solution would be challenging to achieve due to the exposed nature of the WSN. The communication protocol needs to provide location privacy measured by anonymity, observability, capture-likelihood and safety period. We extend this work to allow for countermeasures against semi-global and global adversaries. We present a network model that is protected against a sophisticated passive and active attacks using local, semi-global, and global adversaries.

Keywords: protocols; telecommunication security; wireless sensor networks; WSN; active attacks; anonymity; capture-likelihood; communication protocol enhancement; global adversaries; local adversaries; location privacy; object tracking; observability; passive attacks; safety period; semiglobal adversaries; wireless sensor networks; Conferences; Energy efficiency; Internet of things; Nickel; Privacy; Silicon; Wireless sensor networks; WSN; contextual privacy; privacy; sink privacy; source location privacy (ID#: 15-6517)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7122535&isnumber=7122513

 

Ammar, Nariman; Malik, Zaki; Medjahed, Brahim; Alodib, Mohammed, “K-Anonymity Based Approach for Privacy-Preserving Web Service Selection,” Web Services (ICWS), 2015 IEEE International Conference on, vol., no., pp. 281, 288, June 27 2015–July 2 2015. doi:10.1109/ICWS.2015.46

Abstract: To guarantee privacy in service oriented environments, it is essential to check for compatibility between a client’s privacy requirements and a Web service privacy policies before invoking the Web service operation. In this paper, we focus on privacy at the Web service operation level. We present an approach that integrates k-Anonymity into a privacy management framework using Web Services Conversation Language (WSCL) definitions. In particular, we use the notion of k-Anonymity to determine the extent to which the invocation of an operation can be inferred if one knows that a downstream operation was invoked. We provide both a formal definition as well as an implementation of the proposed approach.

Keywords: Arrays; Data privacy; Government; Phase change materials; Privacy; Silicon; Web services; K-Anonymity; Service selection; privacy (ID#: 15-6518)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7195580&isnumber=7195533

 

Niu, B.; Xiaoyan Zhu; Weihao Li; Hui Li; Yingjuan Wang; Zongqing Lu, “A Personalized Two-Tier Cloaking Scheme for Privacy-Aware Location-Based Services,” Computing, Networking and Communications (ICNC), 2015 International Conference on, vol., no., pp. 94, 98, 16-19 Feb. 2015. doi:10.1109/ICCNC.2015.7069322

Abstract: The ubiquity of modern mobile devices with GPS modules and Internet connectivity such as 3G/4G techniques have resulted in rapid development of Location-Based Services (LBSs). However, users enjoy the convenience provided by the untrusted LBS server at the cost of their privacy. To protect user’s sensitive information against adversaries with side information, we design a personalized spatial cloaking scheme, termed TTcloak, which provides k-anonymity for user’s location privacy, 1-diversity for query privacy and desired size of cloaking region for mobile users in LBSs, simultaneously. TTcloak uses Dummy Query Determining (DQD) algorithm and Dummy Location Determining (DLD) algorithm to find out a set of realistic cells as candidates, and employs a CR-refinement Module (CRM) to guarantee that dummy users are assigned into the cloaking region with desired size. Finally, thorough security analysis and empirical evaluation results verify our proposed TTcloak.

Keywords:  3G mobile communication; 4G mobile communication; Global Positioning System; Internet; data privacy; mobile computing; mobility management (mobile radio); telecommunication security; telecommunication services;3G techniques; 4G techniques; CR-refinement module; CRM; DLD algorithm; DQD algorithm; GPS modules; Internet connectivity; LBS server; TTcloak; cloaking region; dummy location determining algorithm; dummy query determining algorithm; dummy users; mobile users; modern mobile devices; personalized spatial cloaking scheme; personalized two-tier cloaking scheme; privacy-aware location-based services; query privacy; security analysis; user location privacy; Algorithm design and analysis; Complexity theory; Entropy; Mobile radio mobility management; Privacy; Servers (ID#: 15-6519)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7069322&isnumber=7069279

 

Firoozjaei, M.D.; Jaegwan Yu; Hyoungshick Kim, “Privacy Preserving Nearest Neighbor Search Based on Topologies in Cellular Networks,” Advanced Information Networking and Applications Workshops (WAINA), 2015 IEEE 29th International Conference on, vol., no., pp. 146, 149, 24-27 March 2015. doi:10.1109/WAINA.2015.22

Abstract: As the popularity of location-based services (LBSes) is increasing, the location privacy has become a main concern. Among the rich collection of location privacy techniques, the spatial cloaking is one of the most popular techniques. In this paper, we propose a new spatial cloaking technique to hide a user’s location under a cloaking of the serving base station (SeNB) and anonymize SeNB with a group of dummy locations in the neighboring group of another base station as central eNB (CeNB). Unlike the most existing approaches for selecting a dummy location, such as the center of a virtual circle, we select a properly chosen dummy location from real locations of eNBs to minimize side information for an adversary. Our experimental results show that the proposed scheme can achieve a reasonable degree of accuracy (>96%) for nearest neighbor services while providing a high level of location privacy.

Keywords: cellular neural nets; data privacy; mobile computing; CeNB; LBSes; SeNB; base station; cellular networks; central eNB; dummy location; location privacy techniques; location-based services; privacy preserving nearest neighbor search; serving base station; spatial cloaking technique; virtual circle; Conferences; Google; Monte Carlo methods; Nearest neighbor searches; Network topology; Privacy; Topology; Location-based service (LBS); anonymity; eNode B (eNB); spatial cloaking (ID#: 15-6520)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7096162&isnumber=7096097

 

Lindenberg, Pierre Pascal; Bo-Chao Cheng; Yu-Ling Hsueh, “Novel Location Privacy Protection Strategies for Location-Based Services,” Ubiquitous and Future Networks (ICUFN), 2015 Seventh International Conference on, vol., no., pp. 866, 870, 7-10 July 2015. doi:10.1109/ICUFN.2015.7182667

Abstract: The usage of Location-Based Services (LBS) holds a potential privacy issue when people exchange their locations for information relative to these locations. While most people perceive these information exchange services as useful, others do not, because an adversary might take advantage of the users’ sensitive data. In this paper, we propose k-path, an algorithm for privacy protection for continuous location tracking-typed LBS. We take inspiration in k-anonymity to hide the user location or trajectory among k locations or trajectories. We introduce our simulator as a tool to test several strategies to hide users’ locations. Afterwards, this paper will give an evaluation about the effectiveness of several approaches by using the simulator and data provided by the GeoLife data set.

Keywords: Data privacy; History; Mobile radio mobility management; Privacy; Sensitivity; Trajectory; Uncertainty; Location-Based Service; k-anonymity (ID#: 15-6521)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7182667&isnumber=7182475

 

Amin, R.; Biswas, G.P., “Anonymity Preserving Secure Hash Function Based Authentication Scheme for Consumer USB Mass Storage Device,” Computer, Communication, Control and Information Technology (C3IT), 2015 Third International Conference on, vol., no., pp. 1, 6, 7-8 Feb. 2015. doi:10.1109/C3IT.2015.7060190

Abstract: A USB (Universal Serial Bus) mass storage device, which makes a (USB) device accessible to a host computing device and enables file transfers after completing mutual authentication between the authentication server and the user. It is also very popular device because of its portability, large storage capacity and high transmission speed. To protect the privacy of a file transferred to a storage device, several security protocols have been proposed but none of them is completely free from security weaknesses. Recently He et al. proposed a multi-factor based security protocol which is efficient but the protocol is not applicable for practical implementation, as they does not provide password change procedure which is an essential phase in any password based user authentication and key agreement protocol. As the computation and implementation of the cryptographic one-way hash function is more trouble-free than other existing cryptographic algorithms, we proposed a light weight and anonymity preserving three factor user authentication and key agreement protocol for consumer mass storage devices and analyzes our proposed protocol using BAN logic. Furthermore, we have presented informal security analysis of the proposed protocol and confirmed that the protocol is completely free from security weaknesses and applicable for practical implementation.

Keywords: cryptographic protocols; file organisation; BAN logic; USB device; anonymity preserving secure hash function based authentication scheme; anonymity preserving three factor user authentication; authentication server; consumer USB mass storage device; consumer mass storage devices; cryptographic algorithms; cryptographic one-way hash function; file transfers; host computing device; informal security analysis; key agreement protocol; multifactor based security protocols; password based user authentication; password change procedure; storage capacity; universal serial bus mass storage device; Authentication; Cryptography; Protocols; Servers; Smart cards; Universal Serial Bus; Anonymity; Attack; File Secrecy; USB MSD; authentication (ID#: 15-6522)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7060190&isnumber=7060104

 

Mingming Guo; Pissinou, N.; Iyengar, S.S., “Pseudonym-Based Anonymity Zone Generation for Mobile Service with Strong Adversary Model,” Consumer Communications and Networking Conference (CCNC), 2015 12th Annual IEEE, vol., no., pp. 335, 340, 9-12 Jan. 2015. doi:10.1109/CCNC.2015.7157998

Abstract: The popularity of location-aware mobile devices and the advances of wireless networking have seriously pushed location-based services into the IT market. However, moving users need to report their coordinates to an application service provider to utilize interested services that may compromise user privacy. In this paper, we propose an online personalized scheme for generating anonymity zones to protect users with mobile devices while on the move. We also introduce a strong adversary model, which can conduct inference attacks in the system. Our design combines a geometric transformation algorithm with a dynamic pseudonyms-changing mechanism and user-controlled personalized dummy generation to achieve strong trajectory privacy preservation. Our proposal does not involve any trusted third-party and will not affect the existing LBS system architecture. Simulations are performed to show the effectiveness and efficiency of our approach.

Keywords: authorisation; data privacy; mobile computing; IT market; LBS system architecture; anonymity zone generation; application service provider; dynamic pseudonyms-changing mechanism; geometric transformation algorithm; inference attacks; location-aware mobile devices; location-based services; mobile devices; mobile service; online personalized scheme; pseudonym-based anonymity zone generation; strong-adversary model; strong-trajectory privacy preservation; user data protection; user privacy; user-controlled personalized dummy generation; wireless networking; Computational modeling; Privacy; Quality of service; Anonymity Zone; Design; Geometric; Location-based Services; Pseudonyms; Trajectory Privacy Protection (ID#: 15-6523)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7157998&isnumber=7157933

 

Sharma, V.; Chien-Chung Shen, “Evaluation of an Entropy-Based K-Anonymity Model for Location Based Services,” Computing, Networking and Communications (ICNC), 2015 International Conference on, vol., no., pp. 374, 378, 16-19 Feb. 2015. doi:10.1109/ICCNC.2015.7069372

Abstract: As the market for cellular telephones, and other mobile devices, keeps growing, the demand for new services arises to attract the end users. Location Based Services (LBS) are becoming important to the success and attractiveness of next generation wireless systems. To access location-based services, mobile users have to disclose their location information to service providers and third party applications. This raises privacy concerns, which have hampered the widespread use of LBS. Location privacy mechanisms include Anonymization, Obfuscation, Policy Based Scheme, k-anonymity and Adding Fake Events. However most existing solutions adopt the k-anonymity principle. We propose an entropy based location privacy mechanism to protect user information against attackers. We look at the effectiveness of the technique in a continuous LBS scenarios, i.e., where users are moving and recurrently requesting for Location Based Services, we also evaluate the overall performance of the system with its drawbacks.

Keywords: data protection; mobile handsets; mobility management (mobile radio); next generation networks; LBS; cellular telephone; entropy-based k-anonymity model evaluation; location based service; location privacy mechanism; mobile device; mobile user; next generation wireless system; policy based scheme; user information protection; Computational modeling; Conferences; Entropy; Measurement; Mobile communication; Privacy; Query processing; Location Based Services (LBS); entropy; k-anonymity; privacy (ID#: 15-6524)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7069372&isnumber=7069279

 

Papapetrou, E.; Bourgos, V.F.; Voyiatzis, A.G., “Privacy-Preserving Routing in Delay Tolerant Networks Based on Bloom Filters,” World of Wireless, Mobile and Multimedia Networks (WoWMoM), 2015 IEEE 16th International Symposium on, vol., no., pp. 1, 9, 14-17 June 2015. doi:10.1109/WoWMoM.2015.7158148

Abstract: Privacy preservation in opportunistic networks, such as disruption and delay tolerant networks, constitutes a very challenging area of research. The wireless channel is vulnerable to malicious nodes that can eavesdrop data exchanges. Moreover, all nodes in an opportunistic network can act as routers and thus, gain access to sensitive information while forwarding data. Node anonymity and data protection can be achieved using encryption. However, cryptography-based mechanisms are complex to handle and computationally expensive for the participating (mobile) nodes. We propose SimBet-BF, a privacy-preserving routing algorithm for opportunistic networks. The proposed algorithm builds atop the SimBet algorithm and uses Bloom filters so as to represent routing as well as other sensitive information included in data packets. SimBet-BF provides anonymous communication and avoids expensive cryptographic operations, while the functionality of the SimBet algorithm is not significantly affected. In fact, we show that the required security level can be achieved with a negligible routing performance trade-off.

Keywords: delay tolerant networks; delays; radio networks; telecommunication network routing; telecommunication security; Bloom filters; SimBet algorithm; cryptography based mechanisms; eavesdrop data exchanges; expensive cryptographic operations; malicious nodes; mobile nodes; opportunistic networks; privacy preserving routing algorithm; wireless channel; Cryptography; Measurement; Peer-to-peer computing; Privacy; Protocols; Routing (ID#: 15-6525)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7158148&isnumber=7158105

 

Christin, D.; Bub, D.M.; Moerov, A.; Kasem-Madani, S., “A Distributed Privacy-Preserving Mechanism for Mobile Urban Sensing Applications,” Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP), 2015 IEEE Tenth International Conference on, vol., no., pp. 1, 6, 7-9 April 2015. doi:10.1109/ISSNIP.2015.7106932

Abstract: In urban sensing applications, participants carry mobile devices that collect sensor readings annotated with spatiotemporal information. However, such annotations put the participants’ privacy at stake, as they can reveal their whereabouts and habits to the urban sensing campaign administrators. A solution to protect the participants’ privacy is to apply the concept of k-anonymity. In this approach, the reported participants’ locations are modified such that at least k - 1 other participants appear to share the same location, and hence become indistinguishable from each other. In existing implementations of k-anonymity, the participants need to reveal their precise locations to either a third party or other participants in order to find k - 1 other participants. As a result, the participants’ location privacy may still be endangered in case of ill-intentioned third-party administrators and/or participants. We tackle this challenge by proposing a novel approach that supports the participants in their search for other participants without disclosing their exact locations to any other parties. To evaluate our approach, we conduct a threat analysis and study its feasibility by means of extensive simulations using a real-world dataset.

Keywords: mobile handsets; sensors; distributed privacy-preserving mechanism; k-anonymity; mobile urban sensing applications; real-world dataset; threat analysis (ID#: 15-6526)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7106932&isnumber=7106892

 

Rahman, M.; Sampangi, R.V.; Sampalli, S., “Lightweight Protocol for Anonymity and Mutual Authentication in RFID Systems,” Consumer Communications and Networking Conference (CCNC), 2015 12th Annual IEEE, vol., no., pp. 910, 915, 9-12 Jan. 2015. doi:10.1109/CCNC.2015.7158097

Abstract: Radio Frequency Identification (RFID) technology is rapidly making its way to next generation automatic identification systems. Despite encouraging prospects of RFID technology, security threats and privacy concerns limit its widespread deployment. Security in passive RFID tag based systems is a challenge owing to the severe resource restrictions. In this paper, we present a lightweight anonymity / mutual authentication protocol that uses a unique choice of pseudorandom numbers to achieve basic security goals, i.e. confidentiality, integrity and authentication. We validate our protocol by security analysis.

Keywords: cryptographic protocols; data integrity; radiofrequency identification; confidentiality; integrity; lightweight anonymity protocol; mutual authentication protocol; next generation automatic Identification systems; passive RFID tag system security; pseudorandom numbers; radio frequency identification technology; security analysis; Authentication; Passive RFID tags; Privacy; Protocols; Servers; Anonymity; Mutual Authentication; RFID Security; Security (ID#: 15-6527)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7158097&isnumber=7157933

 

Chaudhari, Manali; Dharawath, Srinu, “Toward a Statistical Framework for Source Anonymity in Sensor Network Using Quantitative Measures,” Innovations in Information, Embedded and Communication Systems (ICIIECS), 2015 International Conference on, vol., no., pp. 1, 5, 19-20 March 2015. doi:10.1109/ICIIECS.2015.7193169

Abstract: In some applications in sensor network the location and privacy of certain events must remain anonymous or undetected even by analyzing the network traffic. In this paper the framework for modeling, investigating and evaluating the sensor network is suggested and results are charted. Suggested two folded structure introduces the notion of “interval indistinguishability” which gives a quantitative evaluation to form anonymity in sensor network and secondly it charts source anonymity to statistical problem of binary hypothesis checking with nuisance parameters. The system is made energy efficient by enhancing the available techniques for choosing cluster head. The energy efficiency of the sensor network is charted.

Keywords: Conferences; Energy efficiency; Privacy; Protocols; Technological innovation; Wireless sensor networks; Binary Hypothesis; Interval Indistinguishability; Wireless Sensor Network; residual energy (ID#: 15-6528)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7193169&isnumber=7192777

 

Seungsoo Baek; Seung-Hyun Seo; Seungjoo Kim, “Preserving Biosensor Users’ Anonymity over Wireless Cellular Network,” Ubiquitous and Future Networks (ICUFN), 2015 Seventh International Conference on, vol., no., pp. 470, 475, 7-10 July 2015. doi:10.1109/ICUFN.2015.7182588

Abstract: A wireless body sensor network takes a significant part in mobile E-healthcare monitoring service. Major concerns for patient’s sensitive information are related to secure data transmission and preserving anonymity. So far, most researchers have only focused on security or privacy issues related to wireless body area network (WBAN) without considering all the communication vulnerabilities. However, since bio data sensed by biosensors travel over both WBAN and the cellular network, it is required to study about a privacy-enhanced scheme that covers all the secure communications. In this paper, we first point out the weaknesses of previous work in [9]. Then, we propose a novel privacy-enhanced E-healthcare monitoring scheme in wireless cellular network. Our proposed scheme provides anonymous communication between a patient and a doctor in a wireless cellular network satisfying security requirements.

Keywords: Bioinformatics; Cloning; Cloud computing; Medical services; Mobile communication; Smart phones; Wireless communication; Anonymity; E-healthcare; Privacy; Unlinkability; Wireless body area network; Wireless cellular network (ID#: 15-6529)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7182588&isnumber=7182475

 

Jagdale, B.N.; Patil, M.S., “Emulating Cryptographic Operations for Secure Routing in Ad-Hoc Network,” Pervasive Computing (ICPC), 2015 International Conference on, vol., no., pp. 1, 4, 8-10 Jan. 2015. doi:10.1109/PERVASIVE.2015.7086969

Abstract: MANET is used by many researchers to provide security and to implement protocols for secure routing. Privacy and security are important in applications like Military and Law-Enforcement MANETs. Communication in MANET is more susceptible due to broadcasting nature of radio transmission. It is necessary to provide security against inside and outside adversaries. There are many existing schemes which provide privacy preserving routing. These schemes do not offer complete unlink ability and unobservability. We propose unobservable secure routing protocol where data packets and control packets are completely protected. It achieves content unobservability by applying group signature and ID-based encryption. This protocol works in two stages anonymous key establishment and unobservable route discovery. We implement unobservable secure routing protocol with security algorithms RSA, AES, DES with AODV in NS-2 and compare it with AODV. Our protocol is more efficient than existing schemes.

Keywords: cryptographic protocols; data privacy; mobile ad hoc networks; routing protocols; telecommunication security; AES security algorithms; AODV security algorithms; DES security algorithms; ID-based encryption; NS-2 simulation; RSA security algorithms; anonymous key establishment; control packets; cryptographic operations; data packets; group signature; law-enforcement MANETs; mobile ad hoc network; privacy preserving routing; radio transmission; secure routing protocol; unobservable route discovery; Cryptography; Delays; Mobile ad hoc networks; Protocols; Routing; MANET; anonymity; group signature; privacy; routing; security; unobservability (ID#: 15-6530)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7086969&isnumber=7086957

 

Wallace, Bruce; Goubran, Rafik A.; Knoefel, Frank; Marshall, Shawn; Porter, Michelle; Harlow, Madelaine; Puli, Akshay, “Automation of the Validation, Anonymization, and Augmentation of Big Data from a Multi-year Driving Study,” Big Data (BigData Congress), 2015 IEEE International Congress on, vol., no., pp. 608, 614, June 27 2015–July 2 2015. doi:10.1109/BigDataCongress.2015.93

Abstract: The Candrive/Ozcandrive project is a long term study that is now entering its sixth year focused on improving the safety of older drivers. The study includes 256 older drivers in the Ottawa area and is an example of a longitudinal study that generates big data sensor information recorded from the participant vehicles. This paper uses the Can drive data and proposes solutions that would enable differential privacy including a theoretical open access model for the data using k anonymity techniques for any combination of 7 parameters that have identifiable attributes. The dataset includes an in-vehicle sensor that captures Global Positioning System (GPS) and On Board Diagnostics II (OBDII) data for every second that the vehicle is operating. The resulting data set includes hundreds to thousands of hours of data for each of the study vehicles. The paper discusses methods to address the challenge of transitioning a large data set of GPS and other raw sensor samples to data ready to analyze. Automated methods to detect and correct any issues in the individual data samples along with the needed tools to adapt the raw sensor data into formats that can be easily processed are shown. The paper provides solutions to ensure k anonymity based privacy of the study participant’s identity for seven parameters including location of their home through vehicle location information or through a combination of the sensor information. The paper presents mechanisms to augment the captured sensor data through fusion with external data resources to bring added information to the data set including weather information, road information from mapping sources and day/night status. The paper will present the performance applicability for analysis of the resulting dataset within a cloud computing architecture.

Keywords: Data privacy; Engines; Meteorology; Privacy; Roads; Vehicles; Differential Privacy; Global Positioning System (GPS); data analytics; driving; k-Anonymity (ID#: 15-6531)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7207277&isnumber=7207183

 

Kosugi, T.; Hayafuji, T.; Mambo, M., “On the Traceability of the Accountable Anonymous Channel,” Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, vol., no., pp. 6, 11, 24-26 May 2015. doi:10.1109/AsiaJCIS.2015.29

Abstract: Anonymous channels guaranteeing anonymity of senders such as Tor are effective for whistle-blowing and other privacy sensitive scenarios. However, there is a risk of being abused for illegal activities. As a countermeasure to illegal activities using an anonymous channel, it is natural to construct an accountable anonymous channel which can revoke anonymity of senders when an unlawful message was sent out from them. In this paper, we point out that an accountable anonymous channel THEMIS does not provide anonymity in a perfect way and there is a possibility that attackers can identify senders even if messages are not malicious. Feasibility of tracing senders is analyzed by using simulation. Moreover, we give a simple remedy of the flaw in THEMIS.

Keywords: computer network security; cryptographic protocols; data privacy; THEMIS accountable anonymous channel traceability; attacker possibility; illegal activity; privacy sensitive scenario; sender anonymity; sender tracing; unlawful message; whistle-blowing scenario; Art; Encryption; Mathematical model; Payloads; Public key; Receivers (ID#: 15-6532)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153848&isnumber=7153836

 

Reddy, J.M.; Hota, C., “Heuristic-Based Real-Time P2P Traffic Identification,” Emerging Information Technology and Engineering Solutions (EITES), 2015 International Conference on, vol., no., pp. 38, 43, 20-21 Feb. 2015. doi:10.1109/EITES.2015.16

Abstract: Peer-to-Peer (P2P) networks have seen a rapid growth, spanning diverse applications like online anonymity (Tor), online payment (Bit coin), file sharing (Bit Torrent), etc. However, the success of these applications has raised concerns among ISPs and Network administrators. These types of traffic worsen the congestion of the network, and create security vulnerabilities. Hence, P2P traffic identification has been researched actively in recent times. Early P2P traffic identification approaches were based on port-based inspection. Presently, Deep Packet Inspection (DPI) is a prominent technique used to identify P2P traffic. But it relies on payload signatures which are not resilient against port masquerading, traffic encryption and NATing. In this paper, we propose a novel P2P traffic identification mechanism based on the host behaviour from the transport layer headers. A set of heuristics was identified by analysing the off-line datasets collected in our test bed. This approach is privacy preserving as it does not examine the payload content. The usefulness of these heuristics is shown on real-time traffic traces received from our campus backbone, where in the best case only 0.20% of flows were unknown.

Keywords: cryptography; data privacy; peer-to-peer computing; telecommunication security; telecommunication traffic; Bit coin ;DPI; ISP; NATing; P2P network; P2P traffic identification mechanism; bit torrent; deep packet inspection; file sharing; heuristic-based real-time P2P traffic identification; network administrator; off-line dataset; online anonymity; online payment; payload signature; peer-to-peer network; port masquerading; port-based inspection; privacy preserving; real-time traffic; security vulnerability; traffic encryption; transport layer header; Accuracy; Internet; Payloads; Peer-to-peer computing; Ports (Computers); Protocols; Servers (ID#: 15-6533)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7083382&isnumber=7082065

 

Daubert, J.; Grube, T.; Muhlhauser, M.; Fischer, M., “Internal Attacks in Anonymous Publish-Subscribe P2P Overlays,” Networked Systems (NetSys), 2015 International Conference and Workshops on, vol., no., pp. 1, 8, 9-12 March 2015. doi:10.1109/NetSys.2015.7089074

Abstract: Privacy, in particular anonymity, is desirable in Online Social Networks (OSNs) like Twitter, especially when considering the threat of political repression and censorship. P2P-based publish-subscribe is a well suited paradigm for OSN scenarios as users can publish and follow topics of interest. However, anonymity in P2P-based publish-subscribe (pub-sub) has been hardly analyzed so far. Research on add-on anonymization systems such as Tor mostly focuses on large scale traffic analysis rather than malicious insiders. Therefore, we analyze colluding insider attackers in more detail that operate on the basis of timing information. For that, we model a generic anonymous pub-sub system, present an attacker model, and discuss timing attacks. We analyze these attacks by a realistic simulation model and discuss potential countermeasures. Our findings indicate that even few malicious insiders are capable to disclose a large number of participants, while an attacker using large amounts of colluding nodes achieves only minor additional improvements.

Keywords: data privacy; overlay networks; peer-to-peer computing; social networking (online); OSN; P2P-based publish-subscribe; Twitter; add-on anonymization system; anonymous publish-subscribe P2P overlays; colluding insider attackers; generic anonymous pub-sub system; internal attacks; online social networks; peer-to-peer overlay; timing information; Delays; Mathematical model; Protocols; Publish-subscribe; Subscriptions; Topology (ID#: 15-6534)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7089074&isnumber=7089054

 

Carnielli, A.; Aiash, M., “Will ToR Achieve Its Goals in the ‘Future Internet’? An Empirical Study of Using ToR with Cloud Computing,” Advanced Information Networking and Applications Workshops (WAINA), 2015 IEEE 29th International Conference on, vol., no., pp. 135, 140, 24-27 March 2015. doi:10.1109/WAINA.2015.78

Abstract: With the wide development and deployment of mobile devices and gadgets, a larger number of users go online in so many aspects of their daily lives. The challenge is to enjoy the conveniences of online activities while limiting privacy scarifies. In response to the increasing number of online-hacking scandals, mechanisms for protecting users privacy continue to evolve. An example of such mechanisms is the Onion Router (ToR), a free software for enabling online anonymity and resisting censorship. Despite the fact that ToR is a dominant anonymizerin the current Internet, the emergence of new communication and inter-networking trends such as Cloud Computing, Software Defined Networks and Information Centric Networks places a question mark whether ToR will fulfil its promises with these trend of the “Future Internet”. This paper aims at answering the question by implementing ToR on a number of Cloud platforms and discussing the security properties of ToR.

Keywords: cloud computing; data protection; security of data; Internet; ToR; communication trends; dominant anonymizer; information centric networks; internetworking trends; mobile devices; mobile gadgets; online activities; online anonymity; online-hacking scandals; security properties; software defined networks; the onion router; user privacy protection; Cloud computing; IP networks; Public key; Relays; Servers (ID#: 15-6535)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7096160&isnumber=7096097

 


Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.