隐私计算研究范畴及发展趋势

doi:10.11959/j.issn.1000-436x.2016078

摘要/Abstract

摘要：

随着移动互联网、云计算和大数据技术的广泛应用，电商、搜索、社交网络等服务在提供便利的同时，大数据分析使用户隐私泄露的威胁日益凸显，不同系统隐私保护策略和能力的差异性使隐私的延伸管理更加困难，同一信息的隐私保护需求随时间变化需要多种隐私保护方案的组合协同。目前已有的各类隐私保护方案大多针对单一场景，隐私缺乏定量化的定义，隐私保护的效果、隐私泄露的利益损失以及隐私保护方案融合的复杂性三者之间的关系刻画缺乏系统的计算模型。因此，在分析隐私保护研究现状的基础上，提出隐私计算的概念，对隐私计算的内涵加以界定，从隐私信息的全生命周期讨论隐私计算研究范畴，并从隐私计算模型、隐私保护场景适应的密码理论、隐私控制与抗大数据分析的隐私保护、基于信息隐藏的隐私保护以及支持高并发的隐私保护服务架构等方面展望隐私计算的发展趋势。

关键词: 隐私计算, 度量, 形式化描述, 隐私感知

Abstract:

s: With the widespread application of mobile Internet, cloud computing and big data technologies, people enjoy the convenience of electronic business, information retrieval, social network and other services, whereas the threats of privacy leaks are ever growing due to the use of big data analytics. The differences of privacy protection strategy and ability in different systems bring more difficulties in privacy extended management. In addition, the requirements of pro-tecting the same information at different time need the combination of various privacy protection schemes. However, nearly all the current privacy protection schemes are ing at a single case, which lacks systematic and quantized pri-vacy characterization. Furthermore, there is no systematic computing model describing the relationship between the pro-tection level, profit and loss of privacy leaks and the complexity of integrated privacy protection methods. Based on the analysis on the research status of privacy protection, the concept and connotation of privacy computing is proposed and defined. Then the privacy computing research category will be discussed from the whole life cycle of information privacy protection. Finally, some research directions of privacy computing are given, including privacy computing model, context adaptive cryptology for privacy protection, big data a lytics resisted privacy control and protection, privacy protection based on information hiding and system architecture for high concurrent privacy preserving services.

Key words: privacy computing, quantification, formal description, privacy awareness

李凤华,李晖,贾焰,俞能海,翁健. 隐私计算研究范畴及发展趋势[J]. 通信学报, 2016, 37(4): 1-11.

Feng-hua LI,Hui LI,Yan JIA,Neng-hai YU,Jian WENG. Privacy computing:concept, connotation and its research trend[J]. Journal on Communications, 2016, 37(4): 1-11.

图/表 2

参考文献 88

[1]	CULNAN M J , ARMSTRONG P K . Information privacy concerns, procedural fairness, and impersonal trust: an empirical investigation[J]. Organization Science, 1999,10(1): 104-115.
[2]	DINEV T , HART P . Privacy concerns and internet use-a model of trade-off factors[C]// Academy of Management,c 2003: 1-6.
[3]	LI H , SARATHY R , XU H . Understanding situational online informa-tion disclosure as a privacy calculus[J]. Journal of Computer Informa-tion Systems, 2010,51(1): 62-71.
[4]	KEHR F , KOWATSCH T , WENTZEL D , et al. Blissfully ignorant: the effects of general privacy concerns, general institutional trust, and af-fect in the privacy calculus[J]. Information Systems Jour l, 2015,25(6): 607-635.
[5]	MACHANAVAJJHALA A , KIFER D , GEHRKE J , et al. l-diversity:privacy beyond k-anonymity[J]. ACM Transactions on Knowledge Discovery from Data(TKDD), 2007,1(1): 3.
[6]	AGRAWAL D , AGGARWAL C C . On the design and quantification of privacy preserving data mining algorithms[C]// The 20th ACM SIG-MOD-SIGACT-SIGART Symposium on Principles of Database Sys-tems. ACM, c2001: 247-255.
[7]	LIU K , KARGUPTA H , RYAN J . Random projection-based multiplic-ative data perturbation for privacy preserving distrib data min-ing[J]. IEEE Transactions on Knowledge and Data Engineering, 2006,18(1): 92-106.
[8]	OLIVEIRA S R M , ZAIANE O R . Privacy preserving clustering by data transformation[C]// The 18th Brazilian Symposium on Databases. c2003: 304-318.
[9]	OLIVEIRA S R M , ZAIANE O R . Privacy preserving clustering by object similarity-based representation and dimensionality reduction transformation[C]// The Workshop on Privacy and Security Aspects of Data Mining. c2004: 21-30.
[10]	OLIVEIRA S R M , ZAIANE O R . Privacy preserving frequent itemset mining[C]// The IEEE International Conference on Privacy, Security and Data Mining-Volume 14, Australian Computer Society. c2002: 43-54.
[11]	OLIVEIRA S R M , ZAIANE O R . Protecting sensitive knowledge by data sanitiza-tion[C]// IEEE. c2003: 613-616.
[12]	SAYGIN Y , VERYKIOS V S , ELMAGARMID A K . Privacy preserv-ing association rule mining[C]// Research Issues in Data Engineering:Engineering E-Commerce/E-Business Systems. c2002: 151-158.
[13]	CHANG L W , MOSKOWITZ I S . An integrated framework for data-base privacy protection[M]. Springer US, 2002.
[14]	SWEENEY L . k-anonymity: a model for protecting privacy[J]. Inter-national Journal on Uncertainty, Fuzziness and Knowledge Based Systems, 2002,10(5): 557-570.
[15]	LI N H , LI T C , VENKATASUBRAMANIAN S . t-closeness: privacy beyond k-anonymity and l-diversity[C]// IEEE 23rd International Con-ference on Data Engineering. Istanbul, c2007: 106-115.
[16]	ZHANG Q , KOUDAS N , SRIVASTAVA D , et al. Aggregate query answering on anonymized tables[C]// IEEE 23rd International Confe-rence on Data Engineering. Istanbul, c2007: 116-125.
[17]	FANG Y , ASHRAFI M , NG S . Privacy beyond single sensitive attribute[C]// 22nd International Conference.DEXA, c2002: 187-201.
[18]	WANG K , FUNG B C M . Anonymizing sequential releases[C]//KDD 22nd International Conference.DEXA, c2006: 414-423.
[19]	WONG R C , LI J Y , FU A W , et al. (a, k)-anonymity: an enhanced k-anonymity model for privacy preserving data publishing[C]// The 12th ACM SIGKDD International Conference on Knowledge Discov-ery and Data Mining. New York,ACM, c2006: 754-759.
[20]	TRUTA T M , BINDU V . Privacy protection: p-sensitive k-anonymity property[C]// The Workshop on Privacy Data Management(PDM). New York,ACM, c2006: 94.
[21]	LI J X , TAO Y F , XIAO X K . Preservation of proximity privacy in publishing numerical sensitive data[C]// The 2008 ACM SIGMOD In-ternational Conference on Management of Data. New York,ACM, c2008:473-486.
[22]	LI N H , LI T C , VENKATASUBRAMANIAN S . Closeness: a new privacy measure for data publishing[J]. IEEE Trans Knowl Data Eng, 2010,22:953-956.
[23]	CASAS-ROMA J , HERRERA-JOANCOMARTI J , TORRA V . A summary of k-degree anonymous methods for privacy-preserving on networks[J]. Advanced Research in Data Privacy, 2015,567:231-250.
[24]	YAO C , WANG X S , JAJODIA S . Checking for k-anonymity violation by views[C]// The 31st Conference on Very Large Data Bases(VLDB). c2005:910-921.
[25]	WANG K , FUNG B C M . Anonymizing sequential releases[C]// The 12th ACM SIGKDD Conference. ACM,New York. c2006.
[26]	BYUN J W , SOHN Y , BERTINO E , et al. Secure anonymization for incremental datasets[C]// The VLDB Workshop on Secure Data Man-agement(SDM). c2006.
[27]	FUNG B C M , WANG K , FU A W C , et al. Anonymity for continuous data publishing[C]// The 11th International Conference on Extending Database Technology(EDBT). ACM, New York, c2008:264-275.
[28]	JIANG W , CLIFTON C . A secure distributed framework for achieving k-anonymity[C]// Very Large Data Bases. c2006:316-333.
[29]	GOIYCZKA S , XIONG L , FUNG B C M . m-privacy for collaborative data publishing[C]// International Conference on Collaborative Com-puting: Networking, Applications and Worksharing. IEEE, c2011:1-10.
[30]	GAL T S , CHEN Z Y , GANGOPADHYAY A . A privacy protection model for patient data with multiple sensitive attributes[J]. Int J Inf Secur Priv, 2008,2:28-44.
[31]	DAS D , BHATTACHARYYA D K . Decomposition+: improving l-diversity for multiple sensitive attributes[C]// Advances in Computer Science and Information Technology, Computer Science and Engineering. c2012:403-412.
[32]	AGRAWAL R , SRIKANT R . Privaey-preserving data mining[C]// ACM SIGMOD Reeord. c2000:439-450.
[33]	AGGARWAL C C , YU P S . A general survey of privacy-preserving data mining models and algorithms[M]. Privacy-Preserving Data Mining. Springer US, 2008:11-52.
[34]	LI L , KANTARCIOGLU M , THURAISINGHAM B . The applicability of the perturbation based privacy preserving data mini g for real-world data[J]. Data ＆ Knowledge Engineering, 2008,65(1):5-21.
[35]	WITTEN I H , FRANK E . Data mining: practical machine learning tools and techniques[M]. Morgan Kaufmann, 2005.
[36]	CLIFTON C , KANTARCIOGLU M , VAIDYA J , et al. Tools for pri-vacy preserving distributed data mining[J]. ACM Sigkdd Explorations Newsletter, 2002,4(2):28-34.
[37]	JAGANNATHAN G , PILLAIPAKKAMNATT K , WRIGHT R N . A new privacy-preserving distributed k-clustering algorithm[C]// SDM. c2006:494-498.
[38]	RIVEST R L , ADLEMAN L , DERTOUZOS M L . On data banks and privacy homomorphisms[J]. Foundations of Secure Computation, 1978:169-179.
[39]	GENTRY C . Fully homomorphic encryption using ideal lattices[J]. The Annual Acm Symposium on Theory of Computing, 2009:169-178.
[40]	ATALLAH M J , PANTAZOPOULOS K N , RICE J R , et al. Secure outsourcing of scientific computations[J]. Advances in Computers, 2002,54(01):215-272.
[41]	ATALLAH M J , LI J . Secure outsourcing of sequence comparisons[J]. International Journal of Information Security, 2005,4(4):277-287.
[42]	GENNARO R , GENTRY C , PARNO B . Non-interactive verifiable computing: outsourcing computation to untrusted workers[J]. Lecture Notes in Computer Science, 2010,6223:465-482.
[43]	CHAUM D , PEDERSEN T P . Wallet databases with observers[J]. Lecture Notes in Computer Science, 1994,740:89-105.
[44]	CURTMOLA R , GARAY J , KAMARA S , et al. Searchable symmetric encryption: improved definitions and efficient constructions[C]// The 13th ACM Conference on Computer and Communications Security, ACM, c2006:79-88.
[45]	BONEH D , DI CRESCENZO G , OSTROVSKY R , et al. Public key encryption with keyword search[C]// Advances in Cryptology- Euro-crypt 2004, Springer Berlin Heidelberg, c2004:506-522.
[46]	DAN B , WATERS B . Conjunctive, subset, and range queries on en-crypted data[C]// The Theory of Cryptography Conference. c2006:535-554.
[47]	YAU W C , PHAN R C W , HENG S H , et al. Proxy re-encryption with keyword search: new definitions and algorithms[M]// Security Tech-nology, Disaster Recovery and Business Continuity. Spr ger Berlin Heidelberg, 2010:149-160.
[48]	SHAO J , CAO Z , LIANG X , et al. Proxy re-encryption with keyword search[J]. Information Sciences, 2010,180(13):2576-2587.
[49]	FANG L , SUSILO W , GE C , et al. A secure channel free public key en-cryption with keyword search scheme without random oracle[M]. Cryptol-ogy and Network Security. Springer Berlin Heidelberg, 2009:248-258.
[50]	CAO N , WANG C , LI M , et al. Privacy-preserving multi-keyword ranked search over encrypted cloud data[J]. IEEE Transactions on Pa-rallel and Distributed Systems, 2014,25(1):222-233.
[51]	POPA R A , REDFIELD C , ZELDOVICH N , et al. CryptDB: protect-ing confidentiality with encrypted query processing[C]// The Twenty-Third ACM Symposium on Operating Systems Principles, ACM, c2011:85-100.
[52]	SACHNEV V , KIM H J , NAM J , et al. Reversible watermarking algo-rithm using sorting and prediction[J]. Circuits and Systems for Video Technology, IEEE Transactions on, 2009,19(7):989-999.
[53]	LUO L , CHEN Z , CHEN M , et al. Reversible image watermarking using interpolation technique[J]. Information Forensics and Security, IEEE Transactions on, 2010,5(1):187-193.
[54]	TIAN J . Reversible data embedding using a difference expansion[J]. IEEE Trans Circuits Syst Video Techn, 2003,13(8):890-896.
[55]	MA K L , ZHANG W , ZHAO X , et al. Reversible data hiding in en-crypted images by reserving room before encryption[J]. IEEE Trans-actions on Information Forensics and Security, 2013,8(3):553-562.
[56]	PARUCHURI J K , CHEUNG S C S , HAIL M W . Video data hiding for managing privacy information in surveillance syste[J]. EURA-SIP Journal on Information Security, 2009,7.
[57]	HARTUNG F , GIROD B . Digital watermarking of MPEG-2 coded video in the bitstream domain[C]// The 1997 IEEE International Conference on Acoustics, Speech, and Signal Processing(ICASSP '97). c1997:2621.
[58]	PARVIAINEN R , PARNES P . Large scale distributed watermarking of multicast media through encryption[M]. Communications and Multime-dia Security Issues of the New Century. Springer US, 29-158.
[59]	ZHAO H V , LIU K J . Fingerprint multicast in secure video streaming[J]. IEEE Transactions on Image Processing, 2006,15(1):12-29.
[60]	KUNDUR D , KARTHIK K . Video fingerprinting and encryption principles for digital rights management[J]. Proceedings of the IEEE, 2004,92(6):919-932.
[61]	ADELSBACH A , HUBER U , SADEGHI A R . Finger casting-joint fingerprinting and decryption of broadcast messages[M]. Transactions on Data Hiding and Multimedia Security Ⅱ. Springer Berlin Heidel-berg, 2007:1-34.
[62]	CELIK M U , LEMMA A N , KATZENBEISSER , et al. Secure embed-ding of spread spectrum watermarks using look-up-tables[C]// Acoustics, Speech and Signal Processing (ICASSP), IEEE International Conference. IEEE, c2007:153-156.
[63]	LEMMA A , KATZENBEISSER S , CELIK M , et al. Secure watermark embedding through partial encryption[M]. Digital Watermarking. Springer Berlin Heidelberg, 2006:433-445.
[64]	CELIK M U , LEMMA A N , KATZENBEISSER S , et al. Lookup-table-based secure client-side embedding for spread-spectrum water-marks[J]. IEEE Transactions on Information Forensics ＆ Security, 2008,3(3):475-487.
[65]	ADELSBACH A , HUBER U , SADEGHI A R , et al. Fingercasting–joint fingerprinting and decryption of broadcast messages[M]. Transactions on Data Hiding and Multimedia Security II. Springer Be lin Heidelberg, 2007:1-34.
[66]	[EB/OL].
[67]	KER A D , BAS P , B?HME R , et al. Moving steganography and ste-ganalysis from the laboratory into the real world[C]// ACM Workshop on Information Hiding ＆ Multimedia Security, c2013:45-58.
[68]	FILLER T , JUDAS J , FRIDRICH J . Minimizing additive distortion in steganography using syndrome-trellis codes[J]. IEEE Transactions on Information Forensics ＆ Security, 2011,6(3):920-935.
[69]	HOLUB V , FRIDRICH J . Digital image steganography using universal distortion[C]// The first ACM Workshop on Information Hiding and Multimedia Security. ACM, c2003:59-68.
[70]	FRIDRICH J J , KODOVSKY J . Multivariate Gaussian model for designing additive distortion for steganography[C]// ICASSP, c2013:2949-2953.
[71]	LI B , WANG M , LI X , et al. A strategy of clustering modification directions in spatial image steganography[J]. IEEE Transactions on Information Forensics and Security, 2015,10(9):1905-1917.
[72]	DENEMARK T , FRIDRICH J . Improving steganographic security by synchronizing the selection channel[C]// ACM Workshop on Informa-tion Hiding and Multimedia Security. ACM, c2015:5-14.
[73]	XIONG G , PING X , ZHANG T, , et al. Image textural features for steganalysis of spatial domain steganography[J]. Journal of Electronic Imaging, 2012,21(3):033015-1-033015-15.
[74]	KODOVSKY J , FRIDRICH J , HOLUB V . Ensemble classi?ers for steganalysis of digital media[J]. IEEE Trans On Information Forensics and Security, 2012,7(2):432-444.
[75]	TANG W , LI H , LUO W , et al. Adaptive steganalysis against WOW embedding algorithm[C]// The 2nd ACM Workshop on Information Hiding and Multimedia Security. ACM, c2014:91-96.
[76]	DENEMARK T , SEDIGHI V , HOLUB V , et al. Selection- chan-nel-aware rich model for steganalysis of digital images[C]// Informa-tion Forensics and Security (WIFS), 2014 IEEE Internat nal Work-shop. IEEE, c2014:48-53.
[77]	CHAUM D . Untraceable electronic mail, return addresses and digital pseudonyms[J]. Communications of the ACM, 1981,24(2):84-90.
[78]	DINGLEDINE R , MATHEWSON N , SYVERSON P . Tor: the second-generation onion router[J]. Journal of the Franklin Institute, 2004,239(2):135-139.
[79]	The Tor project[EB/OL]. , 2003.
[80]	ZHOU Y , YANG Q , YANG B , et al. A tor anonymous communication system with security enhancements[J]. Journal of Computer Research and Development, 2014,51(7):1538-1546.
[81]	MURDOCH S J , DANEZIS G . Low-cost traffic analysis of Tor[J]. IEEE Symposium on Security and Privacy, 2005,47(3):183-195.
[82]	BRIAN N L , MICHEAL K R , WANG C . Timing attacks in low-latency mix systems: extended, abstract[C]// Financial Cryptogra-phy. Berlin: Springer, c2004:251-265.
[83]	FEAMSTER N , DINGLEDINE R . Location diversity in anonymity networks[C]// The Workshop on Privacy in the Electronic Society. ACM, c2004:66-76.
[84]	JANSEN R , TSCHORSCH F , JOHNSON A , et al. The sniper attack:anonymously deanonymizing and disabling the tor network[C]// Network and Distributed System Security Symposium, c2014.
[85]	CHAUM D , JAVANI F , KATE A , et al. cMix: anonymization by high-performance scalable mixing[C]// 25th USENIX Security Sym-posium, c2016.
[86]	[EB/OL].
[87]	[EB/OL].
[88]	[EB/OL].