Linke Guo

DataClouds: Enabling Community-Based Data-Centric Services Over the Internet of Things

The Internet of Things (IoT) is emerging as one of the major trends for the next evolution of the Internet, where billions of physical objects or things (including but not limited to humans) will be connected over the Internet, and a vast amount of information data will be shared among them. However, the current Internet was built on a host-centric communication model, which was primarily designed for meeting the demand of pair-wise peer-to-peer communications and cannot well accommodate various advanced data-centric services boosted by the IoT in which users care about content and are oblivious to locations where the content is stored. In this paper, we propose a novel architecture for the future Internet based on information-centric networking (ICN), which is called DataClouds, to better accommodate data-centric services. Different from existing ICN-based architectures, we take the sharing nature of data-centric services under the IoT into consideration and introduce logically and physically formed communities as the basic building blocks to construct the network so that data could be more efficiently shared and disseminated among interested users. We also elaborate on several fundamental design challenges for the Internet under this new architecture and show that DataClouds could offer more efficient and flexible solutions than traditional ICN-based architectures.

Privacy-Preserving Machine Learning Algorithms for Big Data Systems

Machine learning has played an increasing important role in big data systems due to its capability of efficiently discovering valuable knowledge and hidden information. Often times big data such as healthcare systems or financial systems may involve with multiple organizations who may have different privacy policy, and may not explicitly share their data publicly while joint data processing may be a must. Thus, how to share big data among distributed data processing entities while mitigating privacy concerns becomes a challenging problem. Traditional methods rely on cryptographic tools and/or randomization to preserve privacy. Unfortunately, this alone may be inadequate for the emerging big data systems because they are mainly designed for traditional small-scale data sets. In this paper, we propose a novel framework to achieve privacy-preserving machine learning where the training data are distributed and each shared data portion is of large volume. Specifically, we utilize the data locality property of Apache Hadoop architecture and only a limited number of cryptographic operations at the Reduce() procedures to achieve privacy-preservation. We show that the proposed scheme is secure in the semi-honest model and use extensive simulations to demonstrate its scalability and correctness.

My Privacy My Decision: Control of Photo Sharing on Online Social Networks

Photo sharing is an attractive feature which popularizes online social networks (OSNs). Unfortunately, it may leak users’ privacy if they are allowed to post, comment, and tag a photo freely. In this paper, we attempt to address this issue and study the scenario when a user shares a photo containing individuals other than himself/herself (termed co-photo for short). To prevent possible privacy leakage of a photo, we design a mechanism to enable each individual in a photo be aware of the posting activity and participate in the decision making on the photo posting. For this purpose, we need an efficient facial recognition (FR) system that can recognize everyone in the photo. However, more demanding privacy setting may limit the number of the photos publicly available to train the FR system. To deal with this dilemma, our mechanism attempts to utilize users’ private photos to design a personalized FR system specifically trained to differentiate possible photo co-owners without leaking their privacy. We also develop a distributed consensus-based method to reduce the computational complexity and protect the private training set. We show that our system is superior to other possible approaches in terms of recognition ratio and efficiency. Our mechanism is implemented as a proof of concept Android application on Facebook’s platform.

SEISA: Secure and efficient encrypted image search with access control

Image search has been widely deployed in many applications for the rich content that images contain. In the era of big data, image search engines have to be hosted in data centers. As a viable solution, outsourcing the image search to public clouds is an economic choice for many small organizations. However, as many images contain sensitive information, e.g., healthcare information and personal faces/locations, directly outsourcing image search services to public clouds obviously raises privacy concerns. With this observation, several attempts are made towards secure image search over encrypted dataset, but they are limited by either search accuracy or search efficiency. In this paper, we propose a lightweight secure image search scheme over encrypted data, namely SEISA. Compared with image search techniques over plaintexts, SEISA only increases about 9% search cost and sacrifices about 3% on search accuracy. SEISA also efficiently supports search access control by employing a novel polynomial based design, which enables data owners to define who can search a specific image. Furthermore, we design a secure k-means outsourcing algorithm that significantly saves the data owners cost. To demonstrate SEISAs performance, we implement a prototype of SEISA on Amazon EC2 cloud over a dataset with 10 million images.

Privacy-Preserving Data Classification and Similarity Evaluation for Distributed Systems

Data classification is a widely used data mining technique for big data analysis. By training massive data collected from the real world, data classification helps learners discover hidden data patterns. In addition to data training, given a trained model from collected data, a user can classify whether a new incoming data belongs to an existing class, or, multiple distributed entities may collaborate to test the similarity of their trained results. However, due to data locality and privacy concerns, it is infeasible for large-scale distributed systems to share each individuals datasets with each other for data similarity check. On the one hand, the trained model is an entitys private asset and may leak private information, which should be well protected from all other non-collaborative entities. On the other hand, the new incoming data may contain sensitive information which cannot be disclosed directly for classification. To address the above privacy issues, we propose a privacy-preserving data classification and similarity evaluation scheme for distributed systems. With our scheme, neither new arriving data nor trained models are directly revealed during the classification and similarity evaluation procedures. The proposed scheme can be applied to many fields using data classification and evaluation. Based on extensive real-world experiments, we have also evaluated the privacy preservation, feasibility, and efficiency of the proposed scheme.

A Privacy-Preserving Attribute-Based Reputation System in Online Social Networks

Online social networks (OSNs) have revolutionarily changed the way people connect with each other. One of the main factors that help achieve this success is reputation systems that enable OSN users to mutually establish trust relationships based on their past experience. Current approaches for the reputation management cannot achieve the fine granularity and verifiability for each individual user, in the sense that the reputation values on such OSNs are coarse and lack of credibility. In this paper, we propose a fine granularity attribute-based reputation system which enables users to rate each other’s attributes instead of identities. Our scheme first verifies each OSN user’s attributes, and further allows OSN users to vote on the posted attribute-associated messages to derive the reputation value. The attribute verification process provides the authenticity of the reputation value without revealing the actual value to entities who do not have the vote privilege. To predict a stranger’s behavior, we propose a reputation retrieval protocol for querying the reputation value on a specific attribute. To the best of our knowledge, we are the first to define a fine-grained reputation value based on users’ verified attributes in OSNs with privacy preservation. We provide the security analysis along with the simulation results to verify the privacy preservation and feasibility. The implementation of the proposed scheme on current OSNs is also discussed.

A Secure Collaborative Machine Learning Framework Based on Data Locality

Advancements in big data analysis offer cost-effective opportunities to improve decision-making in numerous areas such as health care, economic productivity, crime, and resource management. Nowadays, data holders are tending to sharing their data for better outcomes from their aggregated data. However, the current tools and technologies developed to manage big data are often not designed to incorporate adequate security or privacy measures during data sharing. In this paper, we consider a scenario where multiple data holders intend to find predictive models from their joint data without revealing their own data to each other. Data locality property is used as an alternative to multi-party computation (SMC) techniques. Specifically, we distribute the centralized learning task to each data holder as local learning tasks in a way that local learning is only related to local data. Along with that, we propose an efficient and secure protocol to reassemble local results to get the final result. Correctness of our scheme is proved theoretically and numerically. Security analysis is conducted from the aspect of information theory.

A Multi-Hop Privacy-Preserving Reputation Scheme in Online Social Networks

Online Social Networks (OSNs) are becoming immensely popular nowadays, and they change the ways people think and live. In this paper, we propose a novel reputation system which allows users to find potential connections between unfamiliar people based on the most updated friend list of each user in OSNs. To some extent, our scheme provides a way to judge people in OSNs without real interactions, but based on the existing overall attitudes on particular people. Moreover, our scheme can protect the confidentially of the potential relationships in which no one is able to acquire the detailed connections between two end nodes. Contrary to those which publish each individuals reputation online, we treat the reputation value in our system as a private issue that has been carefully guaranteed.

Privacy-Preserving Verifiable Set Operation in Big Data for Cloud-Assisted Mobile Crowdsourcing

The ubiquity of smartphones makes the mobile crowdsourcing possible, where the requester (task owner) can crowdsource data from the workers (smartphone users) by using their sensor-rich mobile devices. However, data collection, data aggregation, and data analysis have become challenging problems for a resource constrained requester when data volume is extremely large, i.e., big data. In particular to data analysis, set operations, including intersection, union, and complementation, exist in most big data analysis for filtering redundant data and preprocessing raw data. Facing challenges in terms of limited computation and storage resources, cloud-assisted approaches may serve as a promising way to tackle the big data analysis issue. However, workers may not be willing to participate if the privacy of their sensing data and identity are not well preserved in the untrusted cloud. In this paper, we propose to the use cloud to compute a set operation for the requester, at the same time workers’ data privacy and identities privacy are well preserved. Besides, the requester can verify the correctness of set operation results. We also extend our scheme to support data preprocessing, with which invalid data can be excluded before data analysis. By using batch verification and data update methods, the proposed scheme greatly reduces the computational cost. Extensive performance analysis and experiment based on real cloud system have shown both the feasibility and efficiency of our proposed scheme.

Publicly Verifiable Boolean Query Over Outsourced Encrypted Data

Outsourcing storage and computation to the cloud has become a common practice for businesses and individuals. As the cloud is semi-trusted or susceptible to attacks, many researches suggest that the outsourced data should be encrypted and then retrieved by using searchable symmetric encryption (SSE) schemes. Since the cloud is not fully trusted, we doubt whether it would always process queries correctly or not. Therefore, there is a need for users to verify their query results. Motivated by this, in this paper, we propose a publicly verifiable dynamic searchable symmetric encryption scheme based on the accumulation tree. We first construct an accumulation tree based on encrypted data and then outsource both of them to the cloud. Next, during the search operation, the cloud generates the corresponding proof according to the query result by mapping Boolean query operations to set operations, while keeping privacy preservation and achieving the verification requirements: freshness, authenticity, and completeness. Finally, we extend our scheme by dividing the accumulation tree into different small accumulation trees to make our scheme scalable. The security analysis and performance evaluation show that the proposed scheme is secure and practical.