Expressive privacy control with pseudonyms

HanSeungyeop,; LiuVincent,; PuQifan,; PeterSimon,; AndersonThomas,; KrishnamurthyArvind,; WetherallDavid,

doi:10.1145/2534169.2486032

Cited by 12 publications

(18 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, the number of IPv6 addresses generated by the lower eight bytes of the IPv6 address is limited, which is not considered in this paper. Therefore, Han et al [17] propose a pseudonym-based IPv6 addressing architecture in which Each pseudonym is an IPv6 address. However, the mapping between the pseudonym and the IPv6 address is obtained by the attacker, the privacy of the user will be revealed.…”

Section: A Various Identity Anonymity Of Usersmentioning

confidence: 99%

A Survey of Privacy Protection and Network Security in User On-Demand Anonymous Communication

et al. 2020

View full text Add to dashboard Cite

In an untrusted Internet environment, there is a large amount of user privacy information being vulnerable to various attacks, and it is an important security concern for users on how to protect their privacy, and to further provide the anonymity guarantee. Recently, most privacy-sensitive users prefer anonymous communication to protect their private information from eavesdropping by attackers. Each user has different privacy protection demands for anonymous communication. However, anonymous communication methods cannot meet the various anonymity needs of users. Hence, the user on-demand anonymous communication is proposed, which can dynamically adjust the anonymity level according to a user's anonymity needs. However, the defense capabilities against attacks are insufficient in the existing user on-demand anonymous communication. Some malicious users in the network employ anonymous communication to hide their identities and attack the Internet. Moreover, the existing user on-demand anonymous communication is weak against traffic classification attacks based on machine learning. Therefore, this paper investigates its progresses and defects in privacy protection and network security. User on-demand anonymous communication is mainly composed of the user side and the transmission side. We separately investigate privacy protection and network security of user on-demand anonymous communication from the user side and the transmission side. By surveying various identity anonymity of users on the user side and the hierarchical anonymous transmission on the transmission side, we find two kinds of serious attacks in user on-demand anonymous communication, i.e., abuse of anonymous communication and traffic classification attacks based on machine learning. To solve the above security issues, we suggest the balancing mechanism of anonymous communication and behavior tracking which is used to prevent anonymous abuse, and the secure defense mechanism which is used to resist traffic classification attacks. To inspire follow-up research, we identify some open problems and emphasize future trends concerning user on-demand anonymous communication. INDEX TERMS Privacy protection, network security, machine learning, traffic classification attacks, user on-demand anonymous communication.

show abstract

Section: A Various Identity Anonymity Of Usersmentioning

confidence: 99%

A Survey of Privacy Protection and Network Security in User On-Demand Anonymous Communication

et al. 2020

View full text Add to dashboard Cite

show abstract

“…That is, the user does not want other nodes know his IP address when the data is being forwarded by them. Because the IP address can expose the user's location, attributes, and other information [7]. At the same time, if the user is a malicious user, and use anonymous tools such as Tor network to attack servers in the website, the service provider (the website company) and network administrator (e.g., Internet service provider or government) will not be able to find the attacker.…”

Section: B Scenariomentioning

confidence: 99%

“…The IP address as an identity identifier, may expose their names, attributes, locations and other information [7]. Therefore, how to protect the user's privacy in this process is a challenging issue.…”

Section: Introductionmentioning

confidence: 99%

An Architecture for Accountable Anonymous Access in the Internet-of-Things Network

et al. 2018

IEEE Access

View full text Add to dashboard Cite

With the rapid development of the Internet, more and more devices are being connected to the Internet, making up the Internet-of-Things (IoT). The accountability and privacy are two important but contradictory factors to ensure the security of IoT networks. How to provide an accountable anonymous access to IoT networks is a challenging task. Since the IoT network is largely driven by services, in this paper we propose a new and efficient architecture to achieve accountable anonymous access to IoT networks based on services. In this architecture, a self-certifying identifier is proposed to efficiently identify a service. The efficiency and overhead of the proposed architecture are evaluated by virtue of the real trace collected from an Internet service provider. The experimental results show that the proposed architecture could efficiently balance accountability and privacy with acceptable overheads.

show abstract

“…However, an attacker can easily obtain the identity of a certain user through long-term observation. Many previous schemes have mentioned the traceability of a single pseudonym [ 28 , 29 , 30 , 31 ]. In our system model, the attacker can obtain contact information for the pseudonym in an emergency.…”

Section: System Models Threat Models and Security Objectivesmentioning

confidence: 99%

“…To generate an AID, the user encrypts their

using a public key of the RA and sends this to the RA. At this point, we employ a set of session pseudonyms such that each user uses one pseudonym for only one session, to deal with forward and backward privacy in the single pseudonym approach [ 31 ].…”

Section: System Architecture For Privacy-preserving Intelligent Ecmentioning

confidence: 99%

Privacy-Preserving Electrocardiogram Monitoring for Intelligent Arrhythmia Detection

Son

Park²,

et al. 2017

Sensors

View full text Add to dashboard Cite

Long-term electrocardiogram (ECG) monitoring, as a representative application of cyber-physical systems, facilitates the early detection of arrhythmia. A considerable number of previous studies has explored monitoring techniques and the automated analysis of sensing data. However, ensuring patient privacy or confidentiality has not been a primary concern in ECG monitoring. First, we propose an intelligent heart monitoring system, which involves a patient-worn ECG sensor (e.g., a smartphone) and a remote monitoring station, as well as a decision support server that interconnects these components. The decision support server analyzes the heart activity, using the Pan–Tompkins algorithm to detect heartbeats and a decision tree to classify them. Our system protects sensing data and user privacy, which is an essential attribute of dependability, by adopting signal scrambling and anonymous identity schemes. We also employ a public key cryptosystem to enable secure communication between the entities. Simulations using data from the MIT-BIH arrhythmia database demonstrate that our system achieves a 95.74% success rate in heartbeat detection and almost a 96.63% accuracy in heartbeat classification, while successfully preserving privacy and securing communications among the involved entities.

show abstract

Expressive privacy control with pseudonyms

Cited by 12 publications

References 16 publications

A Survey of Privacy Protection and Network Security in User On-Demand Anonymous Communication

A Survey of Privacy Protection and Network Security in User On-Demand Anonymous Communication

An Architecture for Accountable Anonymous Access in the Internet-of-Things Network

Privacy-Preserving Electrocardiogram Monitoring for Intelligent Arrhythmia Detection

Contact Info

Product

Resources

About