PDF(1409 KB)
隐私计算——概念、计算框架及其未来发展趋势
Fenghua Li, Hui Li, Ben Niu, Jinjun Chen
工程(英文) ›› 2019, Vol. 5 ›› Issue (6) : 1179-1192.
PDF(1409 KB)
PDF(1409 KB)
隐私计算——概念、计算框架及其未来发展趋势
Privacy Computing: Concept, Computing Framework, and Future Development Trends
随着信息技术的快速发展和个性化服务的不断演进,大型互联网公司在服务用户过程中积累了海数据。此外,数据的频繁跨境、跨系统、跨生态圈交互已成为常态,加剧了隐私信息在不同信息系统中有意/无意留存,但随之而来的隐私信息保护短板效应、隐私侵犯追踪溯源难等问题越来越严重,致使现有的隐私保护方案不能提供体系化的保护。本文从信息采集、存储、处理、发布(含交换)、销毁等全生命周期的各个环节角度出发,阐明了现有常见应用场景下隐私保护算法的局限性,提出了隐私计算理论及关键技术体系,其核心内容包括:隐私计算框架、隐私计算形式化定义、隐私计算应遵循的四个原则、算法设计准则、隐私保护效果评估、隐私计算语言等内容。最后以四个应用场景为示例描述了隐私计算的普适性应用,并展望了隐私计算的未来研究方向和待解决问题,期待指引开放环境下用户隐私保护等方面的理论与技术研究。
With the rapid development of information technology and the continuous evolution of personalized services, huge amounts of data are accumulated by large Internet companies in the process of serving users. Moreover, dynamic data interactions increase the intentional/unintentional persistence of private information in different information systems. However, problems such as the cask principle of preserving private information among different information systems and the difficulty of tracing the source of privacy violations are becoming increasingly serious. Therefore, existing privacy-preserving schemes cannot provide systematic privacy preservation. In this paper, we examine the links of the information life-cycle, such as information collection, storage, processing, distribution, and destruction. We then propose a theory of privacy computing and a key technology system that includes a privacy computing framework, a formal definition of privacy computing, four principles that should be followed in privacy computing, algorithm design criteria, evaluation of the privacy-preserving effect, and a privacy computing language. Finally, we employ four application scenarios to describe the universal application of privacy computing, and discuss the prospect of future research trends. This work is expected to guide theoretical research on user privacy preservation within open environments.
隐私计算 / 隐私信息描述 / 隐私度量 / 隐私保护效果评估 / 隐私计算语言
Privacy computing / Private information description / Privacy metric / Evaluation of the privacy-preserving effect / Privacy computing language
| [1] |
Scherzer H, Canetti R, Karger PA, Krawczyk H, Rabin T, Toll DC. Authenticating mandatory access controls and preserving privacy for a high-assurance smart card. In: Proceedings of the 8th European Symposium on Research in Computer Security; 2003 Oct 13–15; Gjøvik, Norway. Berlin: Springer; 2003. p. 181–200.
|
| [2] |
Lindqvist H. Mandatory access control [dissertation]. Umeå: Umeå University; 2006.
|
| [3] |
McCune JM, Jaeger T, Berger S, Caceres R, Sailer R. Shamon: a system for distributed mandatory access control. In: Proceedings of the 22nd Annual Computer Security Applications Conference; 2006 Dec 11–15; Miami Beach, FL, USA. New York: IEEE; 2006. p. 23–32.
|
| [4] |
Slamanig D. Dynamic accumulator based discretionary access control for outsourced storage with unlinkable access. In: Proceedings of the 16th International Conference on Financial Cryptography and Data Security; 2012 Feb 27–Mar 2; Kralendijk, Bonaire. Berlin: Springer; 2012. p. 215–22.
|
| [5] |
Sandhu R, Munawer Q. How to do discretionary access control using roles. In: Proceedings of the 3rd ACM Workshop on Role-based Access Control. 1998 Oct 22–23; Fairfax, VA, USA. New York: ACM; 1998. p. 47–54.
|
| [6] |
Li N. Discretionary access control. In: Van Tilborg HCA, Jajodia S, editors. Encyclopedia of cryptography and security. Cham: Springer; 2011. p. 353–6.
|
| [7] |
Sandhu R, Coyne E, Feinstein H, Youman C. Role-based access control models. IEEE J Comput 1996;29(2):38–47.
|
| [8] |
Dafa-Alla A, Kim E, Ryu K, Heo Y. PRBAC: an extended role based access control for privacy preserving data mining. In: Proceedings of the 4th Annual ACIS International Conference on Computer and Information Science; 2005 Jul 14– 16; Jeju, Korea. New York: IEEE; 2005. p. 68–73.
|
| [9] |
Li F, Li Z, Han W, Wu T, Chen L, Guo Y, et al. Cyberspace-oriented access control: a cyberspace characteristics based model and its policies. IEEE Internet Things J 2019;6(2):1471–83.
|
| [10] |
Li F, Sun Z, Li A, Niu B, Li H, Cao G. HideMe: privacy-preserving photo sharing on social networks. In: Proceedings of the 2019 IEEE International Conference on Computer Communications; 2019 Apr 29–May 2; Paris, France. New York: IEEE; 2019.
|
| [11] |
Goyal V, Pandey O, Sahai A, Waters B. Attribute-based encryption for finegrained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security. 2006 Oct 30–Nov 3; Alexandria, VA, USA. New York: ACM; 2006. p. 89–98.
|
| [12] |
Bethencourt J, Sahai A, Waters B. Ciphertext-policy attribute-based encryption. In: Proceedings of 2007 IEEE Symposium on Security and Privacy; 2007 May 20–23; Berkeley, CA, USA. New York: IEEE; 2007. p. 321–34.
|
| [13] |
Shao J, Lu R, Lin X. Fine: a fine-grained privacy-preserving location-based service framework for mobile devices. In: Proceedings of IEEE International Conference on Computer Communications; 2014 Apr 27–May 2; Toronto, ON, Canada. New York: IEEE; 2014. p. 244–52.
|
| [14] |
Sweeney L. k-anonymity: a model for protecting privacy. Int J Uncertain Fuzziness Knowl Based Syst 2002;10(05):557–70.
|
| [15] |
LeFevre K, DeWitt DJ, Ramakrishnan R. Incognito: efficient full-domain kanonymity. In: Proceedings of the 2005 ACM SIGMOD International Conference on Management of Data; 2005 Jun 14–16; Baltimore, Maryland. New York: ACM; 2005. p. 49–60.
|
| [16] |
Niu B, Li Q, Zhu X, Cao G, Li H. Achieving k-anonymity in privacy-aware location-based services. In: Proceedings of the IEEE International Conference on Computer Communications; 2014 Apr 27–May 2; Toronto, ON, Canada. New York: IEEE; 2014. p. 754–62.
|
| [17] |
Niu B, Li Q, Zhu X, Cao G, Li H. Enhancing privacy through caching in locationbased services. In: Proceedings of the 2015 IEEE International Conference on Computer Communications; 2015 Apr 26–May 1; Kowloon, China. New York: IEEE; 2015. p. 1017–25.
|
| [18] |
Machanavajjhala A, Gehrke J, Kifer D, Venkitasubramaniam M. L-diversity: privacy beyond k-anonymity. In: Proceedings of the 22nd International Conference on Data Engineering; 2016 Apr 3–7; Atlanta, GA, USA. New York: IEEE; 2006. p. 24–24.
|
| [19] |
Liu F, Hua KA, Cai Y. Query I-diversity in location-based services. In: Proceedings of the 10th International Conference on Mobile Data Management: Systems, Services and Middleware; 2009 May 18–20; Taipei, China. New York: IEEE; 2009. p. 436–42.
|
| [20] |
Li N, Li T, Venkatasubramanian S. t-closeness: privacy beyond k-anonymity and I-diversity. In: Proceedings of the 23rd International Conference on Data Engineering; 2007 Apr 15–20; Istanbul, Turkey. New York: IEEE; 2007. p. 106–15.
|
| [21] |
Rebollo-Monedero D, Forne J, Domingo-Ferrer J. From t-closeness-like privacy to postrandomization via information theory. IEEE Trans Knowl Data Eng 2010;22(11):1623–36.
|
| [22] |
Dwork C. Differential privacy: a survey of results. In: Agrawal M, Du D, Duan Z, Li A, editors. Theory and applications of models of computation. Berlin: Springer; 2008. p. 1–19.
|
| [23] |
McSherry F, Talwar K. Mechanism design via differential privacy. In: Proceedings of the 48th IEEE Symposium on Foundations of Computer Science; 2007 Oct 21–23; Providence, RI, USA. New York: IEEE; 2007. p. 94–103.
|
| [24] |
Dewri R. Local differential perturbations: location privacy under approximate knowledge attackers. IEEE Trans Mobile Comput 2013;12(12):2360–72.
|
| [25] |
Blum A, Ligett K, Roth A. A learning theory approach to noninteractive database privacy. J Assoc Comput Mach 2013;60(2):1–25.
|
| [26] |
Rivest RL, Adleman L, Dertouzos ML. On data banks and privacy homomorphisms. In: Foundations of secure computation 1978;4(11):169–80.
|
| [27] |
Zhu H, Liu F, Li H. Efficient and privacy-preserving polygons spatial query framework for location-based services. IEEE Internet Things J 2017;4 (2):536–45.
|
| [28] |
Paillier P. Public-key cryptosystems based on composite degree residuosity classes. In: Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques; 1999 May 2–6; Prague, Czech Republic. Berlin: Springer; 1999. p. 223–38.
|
| [29] |
Lu R, Liang X, Li X, Lin X, Shen X. EPPA: an efficient and privacy-preserving aggregation scheme for secure smart grid communications. IEEE Trans Parallel Distrib Syst 2012;23(9):1621–31.
|
| [30] |
Gentry C. A fully homomorphic encryption scheme [dissertation]. Stanford: Stanford University; 2009.
|
| [31] |
Bayer-Fluckiger E. Ideal lattices. In: Wüstholz G, editor. A panorama of number theory or the view from Baker’s garden. Cambridge: Cambridge University Press; 2002. p. 168–84.
|
| [32] |
Brakerski Z, Gentry C, Vaikuntanathan V. (Leveled) fully homomorphic encryption without bootstrapping. In: Proceedings of the 3rd Innovations in Theoretical Computer Science Conference; 2012 Jan 8–10; Cambridge, MA, USA. New York: ACM; 2012. p. 309–25.
|
| [33] |
Lopez-Alt A, Tromer E, Vaikuntanathan V. On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption. In: Proceedings of the 44th Annual ACM Symposium on Theory of Computing; 2012 May 19–22; New York, NY, USA. New York: ACM; 2012. p. 1219–34.
|
| [34] |
Gentry C, Sahai A, Waters B. Homomorphic encryption from learning with errors: conceptually-simpler, asymptotically-faster, attribute-based. In: Canetti R, Garay JA, editors. Collection of advances in cryptology. Berlin: Springer; 2013. p. 75–92.
|
| [35] |
Zhu H, Wang F, Lu R, Liu F, Fu G, Li H. Efficient and privacy-preserving proximity detection schemes for social applications. IEEE Internet Things J 2017:2947–57.
|
| [36] |
Ye M, Yin P, Lee WC, Lee DL. Exploiting geographical influence for collaborative point-of-interest recommendation. In: Proceedings of the 34th International ACM SIGIR Conference on Research and Development in Information Retrieval; 2011 Jul 24–28; Beijing, China. New York: ACM; 2011. p. 325–34.
|
| [37] |
Huang X, Liu J, Tang S, Xiang Y, Liang K, Xu L, et al. Cost-effective authentic and anonymous data sharing with forward security. IEEE Trans Comput 2015;64 (4):971–83.
|
| [38] |
Li J, Zhang Y, Chen X, Xiang Y. Secure attribute-based data sharing for resourcelimited users in cloud computing. Comput Secur 2018;72:1–12.
|
| [39] |
Oya S, Troncoso C, P’erez-Gonz’alez F. Back to the drawing board: revisiting the design of optimal location privacy-preserving mechanisms. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security; 2017 Oct 30–Nov 3; Dallas, TX, USA. New York: ACM; 2017. p. 1959–72.
|
| [40] |
Ma CYT, Yau DKY. On information-theoretic measures for quantifying privacy protection of time-series data. In: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security; 2015 Apr 14–17; Singapore, Singapore. New York: ACM; 2015. p. 427–38.
|
| [41] |
Cuff P, Yu L. Differential privacy as a mutual information constraint. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security; 2016 Oct 24–28; Vienna, Austria. New York: ACM; 2016. p. 43–54.
|
| [42] |
Jorgensen Z, Yu T, Cormode G. Conservative or liberal? personalized differential privacy. In: Proceeding of the 31th International Conference on Data Engineering; 2015 Apr 13–17; Seoul, Korea. New York: IEEE; 2015. p. 1023–34.
|
| [43] |
Asoodeh S, Alajaji F, Linder T. Notes on information-theoretic privacy. In: Proceedings of the 52nd Annual Allerton Conference on Communication, Control, and Computing; 2014 Sep 30–Oct 3; Monticello, IL, USA. New York: IEEE; 2015. p. 1272–8.
|
| [44] |
Zhao Y, Wagner I. On the strength of privacy metrics for vehicular communication. IEEE Trans Mobile Comput 2019;18(2):390–403.
|
| [45] |
Gervais A, Shokri R, Singla A, Capkun S, Lenders V. Quantifying web-search privacy. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security; 2014 Nov 3–7; Scottsdale, AZ, USA. New York: ACM; 2014. p. 966–77.
|
| [46] |
Cao Y, Yoshikawa M, Xiao Y, Xiong L. Quantifying differential privacy in continuous data release under temporal correlations. IEEE Trans Knowl Data Eng 2019;31(7):1281–95.
|
| [47] |
Luo C, Liu X, Xue W, Shen Y, Li J, Hu W, et al. Predictable privacy-preserving mobile crowd sensing: a tale of two roles. IEEE/ACM Trans Netw 2019;27 (1):361–74.
|
| [48] |
Yang D, Qu B, Cudré-Mauroux P. Privacy-preserving social media data publishing for personalized ranking-based recommendation. IEEE Trans Knowl Data Eng 2019;31(3):507–20.
|
| [49] |
Shokri R, Theodorakopoulos G, LeBoudec JY, Hubaux JP. Quantifying location privacy. In: Proceedings of the 2011 IEEE Symposium on Security and privacy; 2011 May 22–25; Berkeley, CA, USA. New York: IEEE; 2011. p. 247–62.
|
| [50] |
Shokri R, Theodorakopoulos G, Troncoso C, Hubaux JP, Le Boudec JY. Protecting location privacy: optimal strategy against localization attacks. In: Proceedings of the 2012 ACM SIGSAC Conference on Computer and Communications Security; 2012 Oct 16–18; Raleigh, NC, USA. New York: ACM; 2012. p. 617–27.
|
| [51] |
Kiekintveld C, Marecki J, Tambe M. Approximation methods for infinite bayesian stackelberg games: modeling distributional payoff uncertainty. In: Proceedings of the 10th International Conference on Autonomous Agents and Multiagent Systems; 2011 May 2–6; Taipei, China. New York: ACM; 2011. p. 1005–12.
|
| [52] |
Zhao P, Jiang H, Lui J, Wang C, Zeng F, Xiao F, et al. P3 -LOC: a privacy-preserving paradigm-driven framework for indoor localization. IEEE/ACM Trans Netw 2018;26(6):2856–69.
|
| [53] |
Zhang T, Li X, Zhang Q. Location privacy protection: a power allocation approach. IEEE Trans Commun 2019;67(1):748–61.
|
| [54] |
Srinivasan A, Wu J, Zhu W. Safe: secure and big data-adaptive framework for efficient cross-domain communication. In: Proceedings of the 1st International Workshop on Privacy and Security of Big Data; 2014 Nov 7; Shanghai, China. New York: ACM; 2014. p. 19–28.
|
| [55] |
Wu X, Wu T, Khan M, Ni Q, Dou W. Game theory based correlated privacy preserving analysis in big data. IEEE Trans Big Data. Early Access 2017. doi:10.1109/TBDATA.2017.2701817
|
| [56] |
Zhang Z, He S, Chen J, Zhang J. REAP: an efficient incentive mechanism for reconciling aggregation accuracy and individual privacy in crowdsensing. IEEE Trans Inf Forensics Security 2018;13(12):2995–3007.
|
| [57] |
Chaudhari P, Das ML. Privacy preserving searchable encryption with finegrained access control. IEEE Trans Cloud Comput. Early Access 2019. doi: 10.1109/TCC.2019.2892116.
|
/
| 〈 |
|
〉 |
