• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.17 no.11
• /
• pp.3182-3203
• /
• 2023

With the growing adoption of cloud-based technologies, maintaining the privacy and security of cloud data has become a pressing issue. Privacy-preserving encryption schemes are a promising approach for achieving cloud data security, but they require careful design and implementation to be effective. The integrated approach to cloud data security that we suggest in this work uses CogniGate: the orchestrated permissions protocol, index trees, blockchain key management, and unique Opacus encryption. Opacus encryption is a novel homomorphic encryption scheme that enables computation on encrypted data, making it a powerful tool for cloud data security. CogniGate Protocol enables more flexibility and control over access to cloud data by allowing for fine-grained limitations on access depending on user parameters. Index trees provide an efficient data structure for storing and retrieving encrypted data, while blockchain key management ensures the secure and decentralized storage of encryption keys. Performance evaluation focuses on key aspects, including computation cost for the data owner, computation cost for data sharers, the average time cost of index construction, query consumption for data providers, and time cost in key generation. The results highlight that the integrated approach safeguards cloud data while preserving privacy, maintaining usability, and demonstrating high performance. In addition, we explore the role of differential privacy in our integrated approach, showing how it can be used to further enhance privacy protection without compromising performance. We also discuss the key management challenges associated with our approach and propose a novel blockchain-based key management system that leverages smart contracts and consensus mechanisms to ensure the secure and decentralized storage of encryption keys.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.7 no.5
• /
• pp.1272-1290
• /
• 2013

Privacy-preserving collaborative filtering schemes are becoming increasingly popular because they handle the information overload problem without jeopardizing privacy. However, they may be susceptible to shilling or profile injection attacks, similar to traditional recommender systems without privacy measures. Although researchers have proposed various privacy-preserving recommendation frameworks, it has not been shown that such schemes are resistant to profile injection attacks. In this study, we investigate two memory-based privacy-preserving collaborative filtering algorithms and analyze their robustness against several shilling attack strategies. We first design and apply formerly proposed shilling attack techniques to privately collected databases. We analyze their effectiveness in manipulating predicted recommendations by experimenting on real data-based benchmark data sets. We show that it is still possible to manipulate the predictions significantly on databases consisting of masked preferences even though a few of the attack strategies are not effective in a privacy-preserving environment.

• International Journal of Computer Science & Network Security
• /
• v.22 no.4
• /
• pp.340-350
• /
• 2022

The big data term refers to the great volume of data and complicated data structure with difficulties in collecting, storing, processing, and analyzing these data. Big data analytics refers to the operation of disclosing hidden patterns through big data. This information and data set cloud to be useful and provide advanced services. However, analyzing and processing this information could cause revealing and disclosing some sensitive and personal information when the information is contained in applications that are correlated to users such as location-based services, but concerns are diminished if the applications are correlated to general information such as scientific results. In this work, a survey has been done over security and privacy challenges and approaches in big data. The challenges included here are in each of the following areas: privacy, access control, encryption, and authentication in big data. Likewise, the approaches presented here are privacy-preserving approaches in big data, access control approaches in big data, encryption approaches in big data, and authentication approaches in big data.

• IEIE Transactions on Smart Processing and Computing
• /
• v.2 no.5
• /
• pp.282-296
• /
• 2013

With the emergence of cloud computing, more and more sensitive user data are outsourced to remote storage servers. The privacy of users' access pattern to the data should be protected to prevent un-trusted storage servers from inferring users' private information or launching stealthy attacks. Meanwhile, the privacy protection schemes should be efficient as cloud users often use thin client devices to access the data. In this paper, we propose a lightweight scheme to protect the privacy of data access pattern. Comparing with existing state-of-the-art solutions, our scheme incurs less communication and computational overhead, requires significantly less storage space at the user side, while consuming similar storage space at the server. Rigorous proofs and extensive evaluations have been conducted to show that the proposed scheme can hide the data access pattern effectively in the long run after a reasonable number of accesses have been made.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2006.06a
• /
• pp.765-773
• /
• 2006

In ubiquitous environment, private enterprise or public institution's privacy data are sometimes exposed to hackers because of the lack of the sense of information security. We apply secret sharing scheme to solve the privacy problems. But, the existing secret sharing scheme are not suitable for the management of large a quantity of data because that required operation of large capacity. In this paper, We propose new secret sharing scheme for privacy data management. Our scheme makes high-speed operation possible, and it also allows for set weight for each secret pieces depending on weight of participants. The scheme proposed in this paper makes it efficient to collect and manage secure privacy data in ubiquitous environment.

• Journal of Information Processing Systems
• /
• v.16 no.1
• /
• pp.83-95
• /
• 2020

Because sensor nodes have limited resources in wireless sensor networks, data aggregation can efficiently reduce communication overhead and extend the network lifetime. Although many existing methods are particularly useful for data aggregation applications, they incur unbalanced communication cost and waste lots of sensors' energy. In this paper, we propose a privacy-preserving, energy-saving data aggregation scheme (EBPP). Our method can efficiently reduce the communication cost and provide privacy preservation to protect useful information. Meanwhile, the balanced energy of the nodes can extend the network lifetime in our scheme. Through many simulation experiments, we use several performance criteria to evaluate the method. According to the simulation and analysis results, this method can more effectively balance energy dissipation and provide privacy preservation compared to the existing schemes.

• Journal of the Korea Society of Computer and Information
• /
• v.25 no.4
• /
• pp.113-121
• /
• 2020

With the rapid development of information and communication technology (ICT), various sensors are being embedded in wearable devices. Consequently, these devices can continuously collect data including health data from individuals. The collected health data can be used not only for healthcare services but also for analyzing an individual's lifestyle by combining with other external data. This helps in making an individual's life more convenient and healthier. However, collecting health data may lead to privacy issues since the data is personal, and can reveal sensitive insights about the individual. Thus, in this paper, we present a method to collect an individual's health data from a smart band in a privacy-preserving manner. We leverage the local differential privacy to achieve our goal. Additionally, we propose a way to find feature points from health data. This allows for an effective trade-off between the degree of privacy and accuracy. We carry out experiments to demonstrate the effectiveness of our proposed approach and the results show that, with the proposed method, the error rate can be reduced upto 77%.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.8
• /
• pp.2948-2966
• /
• 2014

To promote recommendation services through prediction quality, some privacy-preserving collaborative filtering solutions are proposed to make e-commerce parties collaborate on partitioned data. It is almost probable that two parties hold ratings for the same users and items simultaneously; however, existing two-party privacy-preserving collaborative filtering solutions do not cover such overlaps. Since rating values and rated items are confidential, overlapping ratings make privacy-preservation more challenging. This study examines how to estimate predictions privately based on partitioned data with overlapped entries between two e-commerce companies. We consider both user-based and item-based collaborative filtering approaches and propose novel privacy-preserving collaborative filtering schemes in this sense. We also evaluate our schemes using real movie dataset, and the empirical outcomes show that the parties can promote collaborative services using our schemes.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.9 no.12
• /
• pp.5189-5208
• /
• 2015

To address the contradiction between data aggregation and data security in wireless sensor networks, a Recoverable Privacy-preserving Integrity-assured Data Aggregation (RPIDA) scheme is proposed based on privacy homomorphism and aggregate message authentication code. The proposed scheme provides both end-to-end privacy and data integrity for data aggregation in WSNs. In our scheme, the base station can recover each sensing data collected by all sensors even if these data have been aggregated by aggregators, thus can verify the integrity of all sensing data. Besides, with these individual sensing data, base station is able to perform any further operations on them, which means RPIDA is not limited in types of aggregation functions. The security analysis indicates that our proposal is resilient against typical security attacks; besides, it can detect and locate the malicious nodes in a certain range. The performance analysis shows that the proposed scheme has remarkable advantage over other asymmetric schemes in terms of computation and communication overhead. In order to evaluate the performance and the feasibility of our proposal, the prototype implementation is presented based on the TinyOS platform. The experiment results demonstrate that RPIDA is feasible and efficient for resource-constrained sensor nodes.

• Journal of Digital Convergence
• /
• v.14 no.12
• /
• pp.1-12
• /
• 2016

Today, with the popularity of smart phones and the proliferation of SNS, anyone is exposed to the risk of personal information leakage. Unlike the prior studies of privacy, this research aims to identify the privacy factors affecting the provision intention of individual information from the SNS Users. This study also analyses how the perceived privacy risks and corporate trust affect the provision intention of individual information. The analysis results of empirical data show that despite experiencing the privacy leakage such as direct hacking and being aware of the risk, people are providing firms with personal information. The most influential variables to perceived privacy risk are information privacy policy, information privacy concern, previous privacy experience and information privacy awareness in the decreasing order of importance. Those to the corporate trust are information privacy policy, information privacy awareness, previous privacy concern and information privacy experience. Besides, the corporate trust and the perceived privacy risk also affect the provision intention of personal information. Finally, this study proposes the implications for personal information privacy.