On Anti-Corruption Privacy Preserving Publication

Zhang

International Journal of Distributed Sensor Networks

et al. 2016

Establishing trust and reputation for evaluation of message reliability is key to the vehicular ad hoc networks (VANETs). Most of the previous reputation management systems focus on the effectiveness of the reputation management system in handling the liars who send false service messages. However, these reputation management systems have two drawbacks. One is that they are vulnerable to tactical attacks such as self-promoting attacks and bad-mouthing attacks. The other is that they may violate location privacy because they assume every vehicle communicates with a unique ID. Our research particularly investigates the robustness against these tactical attacks, as well as the preservation of privacy by integrating trust management with the pseudonym technique. To resist the tactical attacks in VANETs, we present a reputation model which builds both service reputation and feedback reputation. Moreover, we apply the information entropy and the majority rule to the reputation accumulation algorithms to counter false feedback. To defend the reputation link attack during pseudonym changes, we propose hidden-zone strategy and -anonymity strategy. The simulation results show that our scheme is robust to these tactical attacks and preserves privacy against the reputation link attack during the pseudonym changes.

“…For future work, we also plan to consider the threat of corruption [49] in the -anonymity strategy. For example (Figure 7), Alex, Brent, and Carl are 3-anonymity.…”

Section: Resultsmentioning

confidence: 99%

RPRep: A Robust and Privacy-Preserving Reputation Management Scheme for Pseudonym-Enabled VANETs

Zhang

International Journal of Distributed Sensor Networks

et al. 2016

Proceedings of the 2010 ACM SIGMOD International Conference on Management of Data

“…Generalization replaces the exact QID value by a less concrete form. For example, value 15 is generalized to range [15][16][17][18][19][20][21][22][23][24][25][26][27][28][29][30]. Suppression removes some values or the entire tuple from T .…”

Section: Related Workmentioning

confidence: 99%

Non-homogeneous generalization in privacy preserving data publishing

Wong

Mamoulis

Cheung

2010

Most previous research on privacy-preserving data publishing, based on the k-anonymity model, has followed the simplistic approach of homogeneously giving the same generalized value in all quasi-identifiers within a partition. We observe that the anonymization error can be reduced if we follow a non-homogeneous generalization approach for groups of size larger than k. Such an approach would allow tuples within a partition to take different generalized quasi-identifier values. Anonymization following this model is not trivial, as its direct application can easily violate kanonymity. In addition, non-homogeneous generalization allows for additional types of attack, which should be considered in the process. We provide a methodology for verifying whether a nonhomogeneous generalization violates k-anonymity. Then, we propose a technique that generates a non-homogeneous generalization for a partition and show that its result satisfies k-anonymity, however by straightforwardly applying it, privacy can be compromised if the attacker knows the anonymization algorithm. Based on this, we propose a randomization method that prevents this type of attack and show that k-anonymity is not compromised by it. Nonhomogeneous generalization can be used on top of any existing partitioning approach to improve its utility. In addition, we show that a new partitioning technique tailored for non-homogeneous generalization can further improve quality. A thorough experimental evaluation demonstrates that our methodology greatly improves the utility of anonymized data in practice.

“…Privacy guarantees. Uniform perturbation can ensure several different types of privacy guarantees, such as ρ1-ρ2 privacy [11] and δ-growth [29]. Specifically, both ρ1-ρ2 privacy and δ-growth impose constraints on adversaries' prior and posterior beliefs about any sensitive value X in the input data.…”

Section: Preliminariesmentioning

confidence: 99%

“…Each recipient's data can be used in the same way as if it was computed via ordinary uniform perturbation. This is important because effective algorithms have been developed to use the output of uniform perturbation to perform analytical tasks such as frequent itemset mining [4,11,12], classification by decision trees [8,29], counting [3], etc. Every recipient, therefore, is able to apply those algorithms directly.…”

Section: Contributionsmentioning

confidence: 99%

Optimal random perturbation at multiple privacy levels

2009

Self Cite

Random perturbation is a popular method of computing anonymized data for privacy preserving data mining. It is simple to apply, ensures strong privacy protection, and permits effective mining of a large variety of data patterns. However, all the existing studies with good privacy guarantees focus on perturbation at a single privacy level. Namely, a fixed degree of privacy protection is imposed on all anonymized data released by the data holder. This drawback seriously limits the applicability of random perturbation in scenarios where the holder has numerous recipients to which different privacy levels apply.Motivated by this, we study the problem of multi-level perturbation, whose objective is to release multiple versions of a dataset anonymized at different privacy levels. The challenge is that various recipients may collude by sharing their data to infer privacy beyond their permitted levels. Our solution overcomes this obstacle, and achieves two crucial properties. First, collusion is useless, meaning that the colluding recipients cannot learn anything more than what the most trustable recipient (among the colluding recipients) already knows alone. Second, the data each recipient receives can be regarded (and hence, analyzed in the same way) as the output of conventional uniform perturbation. Besides its solid theoretical foundation, the proposed technique is both space economical and computationally efficient. It requires O(n+m) expected space, and produces a new anonymized version in O(n +log m) expected time, where n is the cardinality of the original dataset, and m the number of versions released previously. Both bounds are optimal under the realistic assumption that n m.