RiPPAS: A Ring-Based Privacy-Preserving Aggregation Scheme in Wireless Sensor Networks

PubMed Central

Zhang, Kejia; Han, Qilong; Cai, Zhipeng; Yin, Guisheng

2017-01-01

Recently, data privacy in wireless sensor networks (WSNs) has been paid increased attention. The characteristics of WSNs determine that users’ queries are mainly aggregation queries. In this paper, the problem of processing aggregation queries in WSNs with data privacy preservation is investigated. A Ring-based Privacy-Preserving Aggregation Scheme (RiPPAS) is proposed. RiPPAS adopts ring structure to perform aggregation. It uses pseudonym mechanism for anonymous communication and uses homomorphic encryption technique to add noise to the data easily to be disclosed. RiPPAS can handle both sum() queries and min()/max() queries, while the existing privacy-preserving aggregation methods can only deal with sum() queries. For processing sum() queries, compared with the existing methods, RiPPAS has advantages in the aspects of privacy preservation and communication efficiency, which can be proved by theoretical analysis and simulation results. For processing min()/max() queries, RiPPAS provides effective privacy preservation and has low communication overhead. PMID:28178197

Toward protocols for quantum-ensured privacy and secure voting

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bonanome, Marianna; Buzek, Vladimir; Ziman, Mario

2011-08-15

We present a number of schemes that use quantum mechanics to preserve privacy, in particular, we show that entangled quantum states can be useful in maintaining privacy. We further develop our original proposal [see M. Hillery, M. Ziman, V. Buzek, and M. Bielikova, Phys. Lett. A 349, 75 (2006)] for protecting privacy in voting, and examine its security under certain types of attacks, in particular dishonest voters and external eavesdroppers. A variation of these quantum-based schemes can be used for multiparty function evaluation. We consider functions corresponding to group multiplication of N group elements, with each element chosen by amore » different party. We show how quantum mechanics can be useful in maintaining the privacy of the choices group elements.« less

Fully Decentralized Semi-supervised Learning via Privacy-preserving Matrix Completion.

PubMed

Fierimonte, Roberto; Scardapane, Simone; Uncini, Aurelio; Panella, Massimo

2016-08-26

Distributed learning refers to the problem of inferring a function when the training data are distributed among different nodes. While significant work has been done in the contexts of supervised and unsupervised learning, the intermediate case of Semi-supervised learning in the distributed setting has received less attention. In this paper, we propose an algorithm for this class of problems, by extending the framework of manifold regularization. The main component of the proposed algorithm consists of a fully distributed computation of the adjacency matrix of the training patterns. To this end, we propose a novel algorithm for low-rank distributed matrix completion, based on the framework of diffusion adaptation. Overall, the distributed Semi-supervised algorithm is efficient and scalable, and it can preserve privacy by the inclusion of flexible privacy-preserving mechanisms for similarity computation. The experimental results and comparison on a wide range of standard Semi-supervised benchmarks validate our proposal.

Privacy-Enhanced and Multifunctional Health Data Aggregation under Differential Privacy Guarantees

PubMed Central

Ren, Hao; Li, Hongwei; Liang, Xiaohui; He, Shibo; Dai, Yuanshun; Zhao, Lian

2016-01-01

With the rapid growth of the health data scale, the limited storage and computation resources of wireless body area sensor networks (WBANs) is becoming a barrier to their development. Therefore, outsourcing the encrypted health data to the cloud has been an appealing strategy. However, date aggregation will become difficult. Some recently-proposed schemes try to address this problem. However, there are still some functions and privacy issues that are not discussed. In this paper, we propose a privacy-enhanced and multifunctional health data aggregation scheme (PMHA-DP) under differential privacy. Specifically, we achieve a new aggregation function, weighted average (WAAS), and design a privacy-enhanced aggregation scheme (PAAS) to protect the aggregated data from cloud servers. Besides, a histogram aggregation scheme with high accuracy is proposed. PMHA-DP supports fault tolerance while preserving data privacy. The performance evaluation shows that the proposal leads to less communication overhead than the existing one. PMID:27626417

Privacy-Enhanced and Multifunctional Health Data Aggregation under Differential Privacy Guarantees.

PubMed

Ren, Hao; Li, Hongwei; Liang, Xiaohui; He, Shibo; Dai, Yuanshun; Zhao, Lian

2016-09-10

With the rapid growth of the health data scale, the limited storage and computation resources of wireless body area sensor networks (WBANs) is becoming a barrier to their development. Therefore, outsourcing the encrypted health data to the cloud has been an appealing strategy. However, date aggregation will become difficult. Some recently-proposed schemes try to address this problem. However, there are still some functions and privacy issues that are not discussed. In this paper, we propose a privacy-enhanced and multifunctional health data aggregation scheme (PMHA-DP) under differential privacy. Specifically, we achieve a new aggregation function, weighted average (WAAS), and design a privacy-enhanced aggregation scheme (PAAS) to protect the aggregated data from cloud servers. Besides, a histogram aggregation scheme with high accuracy is proposed. PMHA-DP supports fault tolerance while preserving data privacy. The performance evaluation shows that the proposal leads to less communication overhead than the existing one.

Image feature extraction in encrypted domain with privacy-preserving SIFT.

PubMed

Hsu, Chao-Yung; Lu, Chun-Shien; Pei, Soo-Chang

2012-11-01

Privacy has received considerable attention but is still largely ignored in the multimedia community. Consider a cloud computing scenario where the server is resource-abundant, and is capable of finishing the designated tasks. It is envisioned that secure media applications with privacy preservation will be treated seriously. In view of the fact that scale-invariant feature transform (SIFT) has been widely adopted in various fields, this paper is the first to target the importance of privacy-preserving SIFT (PPSIFT) and to address the problem of secure SIFT feature extraction and representation in the encrypted domain. As all of the operations in SIFT must be moved to the encrypted domain, we propose a privacy-preserving realization of the SIFT method based on homomorphic encryption. We show through the security analysis based on the discrete logarithm problem and RSA that PPSIFT is secure against ciphertext only attack and known plaintext attack. Experimental results obtained from different case studies demonstrate that the proposed homomorphic encryption-based privacy-preserving SIFT performs comparably to the original SIFT and that our method is useful in SIFT-based privacy-preserving applications.

Pre-Capture Privacy for Small Vision Sensors.

PubMed

Pittaluga, Francesco; Koppal, Sanjeev Jagannatha

2017-11-01

The next wave of micro and nano devices will create a world with trillions of small networked cameras. This will lead to increased concerns about privacy and security. Most privacy preserving algorithms for computer vision are applied after image/video data has been captured. We propose to use privacy preserving optics that filter or block sensitive information directly from the incident light-field before sensor measurements are made, adding a new layer of privacy. In addition to balancing the privacy and utility of the captured data, we address trade-offs unique to miniature vision sensors, such as achieving high-quality field-of-view and resolution within the constraints of mass and volume. Our privacy preserving optics enable applications such as depth sensing, full-body motion tracking, people counting, blob detection and privacy preserving face recognition. While we demonstrate applications on macro-scale devices (smartphones, webcams, etc.) our theory has impact for smaller devices.

Data privacy preservation in telemedicine: the PAIRSE project.

PubMed

Nageba, Ebrahim; Defude, Bruno; Morvan, Franck; Ghedira, Chirine; Fayn, Jocelyne

2011-01-01

The preservation of medical data privacy and confidentiality is a major challenge in eHealth systems and applications. A technological solution based on advanced information and communication systems architectures is needed in order to retrieve and exchange the patient's data in a secure and reliable manner. In this paper, we introduce the project PAIRSE, Preserving Privacy in Peer to Peer (P2P) environments, which proposes an original web service oriented framework preserving the privacy and confidentiality of shared or exchanged medical data.

Privacy Preserving Technique for Euclidean Distance Based Mining Algorithms Using a Wavelet Related Transform

NASA Astrophysics Data System (ADS)

Kadampur, Mohammad Ali; D. v. L. N., Somayajulu

Privacy preserving data mining is an art of knowledge discovery without revealing the sensitive data of the data set. In this paper a data transformation technique using wavelets is presented for privacy preserving data mining. Wavelets use well known energy compaction approach during data transformation and only the high energy coefficients are published to the public domain instead of the actual data proper. It is found that the transformed data preserves the Eucleadian distances and the method can be used in privacy preserving clustering. Wavelets offer the inherent improved time complexity.

PAVS: A New Privacy-Preserving Data Aggregation Scheme for Vehicle Sensing Systems.

PubMed

Xu, Chang; Lu, Rongxing; Wang, Huaxiong; Zhu, Liehuang; Huang, Cheng

2017-03-03

Air pollution has become one of the most pressing environmental issues in recent years. According to a World Health Organization (WHO) report, air pollution has led to the deaths of millions of people worldwide. Accordingly, expensive and complex air-monitoring instruments have been exploited to measure air pollution. Comparatively, a vehicle sensing system (VSS), as it can be effectively used for many purposes and can bring huge financial benefits in reducing high maintenance and repair costs, has received considerable attention. However, the privacy issues of VSS including vehicles' location privacy have not been well addressed. Therefore, in this paper, we propose a new privacy-preserving data aggregation scheme, called PAVS, for VSS. Specifically, PAVS combines privacy-preserving classification and privacy-preserving statistics on both the mean E(·) and variance Var(·), which makes VSS more promising, as, with minimal privacy leakage, more vehicles are willing to participate in sensing. Detailed analysis shows that the proposed PAVS can achieve the properties of privacy preservation, data accuracy and scalability. In addition, the performance evaluations via extensive simulations also demonstrate its efficiency.

Security and privacy preserving approaches in the eHealth clouds with disaster recovery plan.

PubMed

Sahi, Aqeel; Lai, David; Li, Yan

2016-11-01

Cloud computing was introduced as an alternative storage and computing model in the health sector as well as other sectors to handle large amounts of data. Many healthcare companies have moved their electronic data to the cloud in order to reduce in-house storage, IT development and maintenance costs. However, storing the healthcare records in a third-party server may cause serious storage, security and privacy issues. Therefore, many approaches have been proposed to preserve security as well as privacy in cloud computing projects. Cryptographic-based approaches were presented as one of the best ways to ensure the security and privacy of healthcare data in the cloud. Nevertheless, the cryptographic-based approaches which are used to transfer health records safely remain vulnerable regarding security, privacy, or the lack of any disaster recovery strategy. In this paper, we review the related work on security and privacy preserving as well as disaster recovery in the eHealth cloud domain. Then we propose two approaches, the Security-Preserving approach and the Privacy-Preserving approach, and a disaster recovery plan. The Security-Preserving approach is a robust means of ensuring the security and integrity of Electronic Health Records, and the Privacy-Preserving approach is an efficient authentication approach which protects the privacy of Personal Health Records. Finally, we discuss how the integrated approaches and the disaster recovery plan can ensure the reliability and security of cloud projects. Copyright © 2016 Elsevier Ltd. All rights reserved.

Limited privacy protection and poor sensitivity: Is it time to move on from the statistical linkage key-581?

PubMed

Randall, Sean M; Ferrante, Anna M; Boyd, James H; Brown, Adrian P; Semmens, James B

2016-08-01

The statistical linkage key (SLK-581) is a common tool for record linkage in Australia, due to its ability to provide some privacy protection. However, newer privacy-preserving approaches may provide greater privacy protection, while allowing high-quality linkage. To evaluate the standard SLK-581, encrypted SLK-581 and a newer privacy-preserving approach using Bloom filters, in terms of both privacy and linkage quality. Linkage quality was compared by conducting linkages on Australian health datasets using these three techniques and examining results. Privacy was compared qualitatively in relation to a series of scenarios where privacy breaches may occur. The Bloom filter technique offered greater privacy protection and linkage quality compared to the SLK-based method commonly used in Australia. The adoption of new privacy-preserving methods would allow both greater confidence in research results, while significantly improving privacy protection. © The Author(s) 2016.

13 CFR 102.30 - Preservation of records.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 13 Business Credit and Assistance 1 2010-01-01 2010-01-01 false Preservation of records. 102.30 Section 102.30 Business Credit and Assistance SMALL BUSINESS ADMINISTRATION RECORD DISCLOSURE AND PRIVACY Protection of Privacy and Access to Individual Records Under the Privacy Act of 1974 § 102.30 Preservation of...

Using false colors to protect visual privacy of sensitive content

NASA Astrophysics Data System (ADS)

Ćiftçi, Serdar; Korshunov, Pavel; Akyüz, Ahmet O.; Ebrahimi, Touradj

2015-03-01

Many privacy protection tools have been proposed for preserving privacy. Tools for protection of visual privacy available today lack either all or some of the important properties that are expected from such tools. Therefore, in this paper, we propose a simple yet effective method for privacy protection based on false color visualization, which maps color palette of an image into a different color palette, possibly after a compressive point transformation of the original pixel data, distorting the details of the original image. This method does not require any prior face detection or other sensitive regions detection and, hence, unlike typical privacy protection methods, it is less sensitive to inaccurate computer vision algorithms. It is also secure as the look-up tables can be encrypted, reversible as table look-ups can be inverted, flexible as it is independent of format or encoding, adjustable as the final result can be computed by interpolating the false color image with the original using different degrees of interpolation, less distracting as it does not create visually unpleasant artifacts, and selective as it preserves better semantic structure of the input. Four different color scales and four different compression functions, one which the proposed method relies, are evaluated via objective (three face recognition algorithms) and subjective (50 human subjects in an online-based study) assessments using faces from FERET public dataset. The evaluations demonstrate that DEF and RBS color scales lead to the strongest privacy protection, while compression functions add little to the strength of privacy protection. Statistical analysis also shows that recognition algorithms and human subjects perceive the proposed protection similarly

Privacy-preserving backpropagation neural network learning.

PubMed

Chen, Tingting; Zhong, Sheng

2009-10-01

With the development of distributed computing environment , many learning problems now have to deal with distributed input data. To enhance cooperations in learning, it is important to address the privacy concern of each data holder by extending the privacy preservation notion to original learning algorithms. In this paper, we focus on preserving the privacy in an important learning model, multilayer neural networks. We present a privacy-preserving two-party distributed algorithm of backpropagation which allows a neural network to be trained without requiring either party to reveal her data to the other. We provide complete correctness and security analysis of our algorithms. The effectiveness of our algorithms is verified by experiments on various real world data sets.

Privacy Preserving Sequential Pattern Mining in Data Stream

NASA Astrophysics Data System (ADS)

Huang, Qin-Hua

The privacy preserving data mining technique researches have gained much attention in recent years. For data stream systems, wireless networks and mobile devices, the related stream data mining techniques research is still in its' early stage. In this paper, an data mining algorithm dealing with privacy preserving problem in data stream is presented.

Personalized Privacy-Preserving Frequent Itemset Mining Using Randomized Response

PubMed Central

Sun, Chongjing; Fu, Yan; Zhou, Junlin; Gao, Hui

2014-01-01

Frequent itemset mining is the important first step of association rule mining, which discovers interesting patterns from the massive data. There are increasing concerns about the privacy problem in the frequent itemset mining. Some works have been proposed to handle this kind of problem. In this paper, we introduce a personalized privacy problem, in which different attributes may need different privacy levels protection. To solve this problem, we give a personalized privacy-preserving method by using the randomized response technique. By providing different privacy levels for different attributes, this method can get a higher accuracy on frequent itemset mining than the traditional method providing the same privacy level. Finally, our experimental results show that our method can have better results on the frequent itemset mining while preserving personalized privacy. PMID:25143989

Personalized privacy-preserving frequent itemset mining using randomized response.

PubMed

Sun, Chongjing; Fu, Yan; Zhou, Junlin; Gao, Hui

2014-01-01

Frequent itemset mining is the important first step of association rule mining, which discovers interesting patterns from the massive data. There are increasing concerns about the privacy problem in the frequent itemset mining. Some works have been proposed to handle this kind of problem. In this paper, we introduce a personalized privacy problem, in which different attributes may need different privacy levels protection. To solve this problem, we give a personalized privacy-preserving method by using the randomized response technique. By providing different privacy levels for different attributes, this method can get a higher accuracy on frequent itemset mining than the traditional method providing the same privacy level. Finally, our experimental results show that our method can have better results on the frequent itemset mining while preserving personalized privacy.

A collaborative framework for Distributed Privacy-Preserving Support Vector Machine learning.

PubMed

Que, Jialan; Jiang, Xiaoqian; Ohno-Machado, Lucila

2012-01-01

A Support Vector Machine (SVM) is a popular tool for decision support. The traditional way to build an SVM model is to estimate parameters based on a centralized repository of data. However, in the field of biomedicine, patient data are sometimes stored in local repositories or institutions where they were collected, and may not be easily shared due to privacy concerns. This creates a substantial barrier for researchers to effectively learn from the distributed data using machine learning tools like SVMs. To overcome this difficulty and promote efficient information exchange without sharing sensitive raw data, we developed a Distributed Privacy Preserving Support Vector Machine (DPP-SVM). The DPP-SVM enables privacy-preserving collaborative learning, in which a trusted server integrates "privacy-insensitive" intermediary results. The globally learned model is guaranteed to be exactly the same as learned from combined data. We also provide a free web-service (http://privacy.ucsd.edu:8080/ppsvm/) for multiple participants to collaborate and complete the SVM-learning task in an efficient and privacy-preserving manner.

Privacy Preserving Nearest Neighbor Search

NASA Astrophysics Data System (ADS)

Shaneck, Mark; Kim, Yongdae; Kumar, Vipin

Data mining is frequently obstructed by privacy concerns. In many cases data is distributed, and bringing the data together in one place for analysis is not possible due to privacy laws (e.g. HIPAA) or policies. Privacy preserving data mining techniques have been developed to address this issue by providing mechanisms to mine the data while giving certain privacy guarantees. In this chapter we address the issue of privacy preserving nearest neighbor search, which forms the kernel of many data mining applications. To this end, we present a novel algorithm based on secure multiparty computation primitives to compute the nearest neighbors of records in horizontally distributed data. We show how this algorithm can be used in three important data mining algorithms, namely LOF outlier detection, SNN clustering, and kNN classification. We prove the security of these algorithms under the semi-honest adversarial model, and describe methods that can be used to optimize their performance. Keywords: Privacy Preserving Data Mining, Nearest Neighbor Search, Outlier Detection, Clustering, Classification, Secure Multiparty Computation

Foveation: an alternative method to simultaneously preserve privacy and information in face images

NASA Astrophysics Data System (ADS)

Alonso, Víctor E.; Enríquez-Caldera, Rogerio; Sucar, Luis Enrique

2017-03-01

This paper presents a real-time foveation technique proposed as an alternative method for image obfuscation while simultaneously preserving privacy in face deidentification. Relevance of the proposed technique is discussed through a comparative study of the most common distortions methods in face images and an assessment on performance and effectiveness of privacy protection. All the different techniques presented here are evaluated when they go through a face recognition software. Evaluating the data utility preservation was carried out under gender and facial expression classification. Results on quantifying the tradeoff between privacy protection and image information preservation at different obfuscation levels are presented. Comparative results using the facial expression subset of the FERET database show that the technique achieves a good tradeoff between privacy and awareness with 30% of recognition rate and a classification accuracy as high as 88% obtained from the common figures of merit using the privacy-awareness map.

Fully Integrated Passive UHF RFID Tag for Hash-Based Mutual Authentication Protocol.

PubMed

Mikami, Shugo; Watanabe, Dai; Li, Yang; Sakiyama, Kazuo

2015-01-01

Passive radio-frequency identification (RFID) tag has been used in many applications. While the RFID market is expected to grow, concerns about security and privacy of the RFID tag should be overcome for the future use. To overcome these issues, privacy-preserving authentication protocols based on cryptographic algorithms have been designed. However, to the best of our knowledge, evaluation of the whole tag, which includes an antenna, an analog front end, and a digital processing block, that runs authentication protocols has not been studied. In this paper, we present an implementation and evaluation of a fully integrated passive UHF RFID tag that runs a privacy-preserving mutual authentication protocol based on a hash function. We design a single chip including the analog front end and the digital processing block. We select a lightweight hash function supporting 80-bit security strength and a standard hash function supporting 128-bit security strength. We show that when the lightweight hash function is used, the tag completes the protocol with a reader-tag distance of 10 cm. Similarly, when the standard hash function is used, the tag completes the protocol with the distance of 8.5 cm. We discuss the impact of the peak power consumption of the tag on the distance of the tag due to the hash function.

Privacy-preserving data cube for electronic medical records: An experimental evaluation.

PubMed

Kim, Soohyung; Lee, Hyukki; Chung, Yon Dohn

2017-01-01

The aim of this study is to evaluate the effectiveness and efficiency of privacy-preserving data cubes of electronic medical records (EMRs). An EMR data cube is a complex of EMR statistics that are summarized or aggregated by all possible combinations of attributes. Data cubes are widely utilized for efficient big data analysis and also have great potential for EMR analysis. For safe data analysis without privacy breaches, we must consider the privacy preservation characteristics of the EMR data cube. In this paper, we introduce a design for a privacy-preserving EMR data cube and the anonymization methods needed to achieve data privacy. We further focus on changes in efficiency and effectiveness that are caused by the anonymization process for privacy preservation. Thus, we experimentally evaluate various types of privacy-preserving EMR data cubes using several practical metrics and discuss the applicability of each anonymization method with consideration for the EMR analysis environment. We construct privacy-preserving EMR data cubes from anonymized EMR datasets. A real EMR dataset and demographic dataset are used for the evaluation. There are a large number of anonymization methods to preserve EMR privacy, and the methods are classified into three categories (i.e., global generalization, local generalization, and bucketization) by anonymization rules. According to this classification, three types of privacy-preserving EMR data cubes were constructed for the evaluation. We perform a comparative analysis by measuring the data size, cell overlap, and information loss of the EMR data cubes. Global generalization considerably reduced the size of the EMR data cube and did not cause the data cube cells to overlap, but incurred a large amount of information loss. Local generalization maintained the data size and generated only moderate information loss, but there were cell overlaps that could decrease the search performance. Bucketization did not cause cells to overlap and generated little information loss; however, the method considerably inflated the size of the EMR data cubes. The utility of anonymized EMR data cubes varies widely according to the anonymization method, and the applicability of the anonymization method depends on the features of the EMR analysis environment. The findings help to adopt the optimal anonymization method considering the EMR analysis environment and goal of the EMR analysis. Copyright © 2016 Elsevier Ireland Ltd. All rights reserved.

Fourier Magnitude-Based Privacy-Preserving Clustering on Time-Series Data

NASA Astrophysics Data System (ADS)

Kim, Hea-Suk; Moon, Yang-Sae

Privacy-preserving clustering (PPC in short) is important in publishing sensitive time-series data. Previous PPC solutions, however, have a problem of not preserving distance orders or incurring privacy breach. To solve this problem, we propose a new PPC approach that exploits Fourier magnitudes of time-series. Our magnitude-based method does not cause privacy breach even though its techniques or related parameters are publicly revealed. Using magnitudes only, however, incurs the distance order problem, and we thus present magnitude selection strategies to preserve as many Euclidean distance orders as possible. Through extensive experiments, we showcase the superiority of our magnitude-based approach.

Homomorphic encryption-based secure SIFT for privacy-preserving feature extraction

NASA Astrophysics Data System (ADS)

Hsu, Chao-Yung; Lu, Chun-Shien; Pei, Soo-Chang

2011-02-01

Privacy has received much attention but is still largely ignored in the multimedia community. Consider a cloud computing scenario, where the server is resource-abundant and is capable of finishing the designated tasks, it is envisioned that secure media retrieval and search with privacy-preserving will be seriously treated. In view of the fact that scale-invariant feature transform (SIFT) has been widely adopted in various fields, this paper is the first to address the problem of secure SIFT feature extraction and representation in the encrypted domain. Since all the operations in SIFT must be moved to the encrypted domain, we propose a homomorphic encryption-based secure SIFT method for privacy-preserving feature extraction and representation based on Paillier cryptosystem. In particular, homomorphic comparison is a must for SIFT feature detection but is still a challenging issue for homomorphic encryption methods. To conquer this problem, we investigate a quantization-like secure comparison strategy in this paper. Experimental results demonstrate that the proposed homomorphic encryption-based SIFT performs comparably to original SIFT on image benchmarks, while preserving privacy additionally. We believe that this work is an important step toward privacy-preserving multimedia retrieval in an environment, where privacy is a major concern.

Centralized Duplicate Removal Video Storage System with Privacy Preservation in IoT.

PubMed

Yan, Hongyang; Li, Xuan; Wang, Yu; Jia, Chunfu

2018-06-04

In recent years, the Internet of Things (IoT) has found wide application and attracted much attention. Since most of the end-terminals in IoT have limited capabilities for storage and computing, it has become a trend to outsource the data from local to cloud computing. To further reduce the communication bandwidth and storage space, data deduplication has been widely adopted to eliminate the redundant data. However, since data collected in IoT are sensitive and closely related to users' personal information, the privacy protection of users' information becomes a challenge. As the channels, like the wireless channels between the terminals and the cloud servers in IoT, are public and the cloud servers are not fully trusted, data have to be encrypted before being uploaded to the cloud. However, encryption makes the performance of deduplication by the cloud server difficult because the ciphertext will be different even if the underlying plaintext is identical. In this paper, we build a centralized privacy-preserving duplicate removal storage system, which supports both file-level and block-level deduplication. In order to avoid the leakage of statistical information of data, Intel Software Guard Extensions (SGX) technology is utilized to protect the deduplication process on the cloud server. The results of the experimental analysis demonstrate that the new scheme can significantly improve the deduplication efficiency and enhance the security. It is envisioned that the duplicated removal system with privacy preservation will be of great use in the centralized storage environment of IoT.

A Collaborative Framework for Distributed Privacy-Preserving Support Vector Machine Learning

PubMed Central

Que, Jialan; Jiang, Xiaoqian; Ohno-Machado, Lucila

2012-01-01

A Support Vector Machine (SVM) is a popular tool for decision support. The traditional way to build an SVM model is to estimate parameters based on a centralized repository of data. However, in the field of biomedicine, patient data are sometimes stored in local repositories or institutions where they were collected, and may not be easily shared due to privacy concerns. This creates a substantial barrier for researchers to effectively learn from the distributed data using machine learning tools like SVMs. To overcome this difficulty and promote efficient information exchange without sharing sensitive raw data, we developed a Distributed Privacy Preserving Support Vector Machine (DPP-SVM). The DPP-SVM enables privacy-preserving collaborative learning, in which a trusted server integrates “privacy-insensitive” intermediary results. The globally learned model is guaranteed to be exactly the same as learned from combined data. We also provide a free web-service (http://privacy.ucsd.edu:8080/ppsvm/) for multiple participants to collaborate and complete the SVM-learning task in an efficient and privacy-preserving manner. PMID:23304414

A Secure and Privacy-Preserving Targeted Ad-System

NASA Astrophysics Data System (ADS)

Androulaki, Elli; Bellovin, Steven M.

Thanks to its low product-promotion cost and its efficiency, targeted online advertising has become very popular. Unfortunately, being profile-based, online advertising methods violate consumers' privacy, which has engendered resistance to the ads. However, protecting privacy through anonymity seems to encourage click-fraud. In this paper, we define consumer's privacy and present a privacy-preserving, targeted ad system (PPOAd) which is resistant towards click fraud. Our scheme is structured to provide financial incentives to all entities involved.

29 CFR 71.8 - Preservation of records.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 29 Labor 1 2010-07-01 2010-07-01 true Preservation of records. 71.8 Section 71.8 Labor Office of the Secretary of Labor PROTECTION OF INDIVIDUAL PRIVACY AND ACCESS TO RECORDS UNDER THE PRIVACY ACT OF 1974 General § 71.8 Preservation of records. Each component shall preserve all correspondence relating...

Privacy-preserving record linkage using Bloom filters

PubMed Central

2009-01-01

Background Combining multiple databases with disjunctive or additional information on the same person is occurring increasingly throughout research. If unique identification numbers for these individuals are not available, probabilistic record linkage is used for the identification of matching record pairs. In many applications, identifiers have to be encrypted due to privacy concerns. Methods A new protocol for privacy-preserving record linkage with encrypted identifiers allowing for errors in identifiers has been developed. The protocol is based on Bloom filters on q-grams of identifiers. Results Tests on simulated and actual databases yield linkage results comparable to non-encrypted identifiers and superior to results from phonetic encodings. Conclusion We proposed a protocol for privacy-preserving record linkage with encrypted identifiers allowing for errors in identifiers. Since the protocol can be easily enhanced and has a low computational burden, the protocol might be useful for many applications requiring privacy-preserving record linkage. PMID:19706187

Privacy-preserving record linkage using Bloom filters.

PubMed

Schnell, Rainer; Bachteler, Tobias; Reiher, Jörg

2009-08-25

Combining multiple databases with disjunctive or additional information on the same person is occurring increasingly throughout research. If unique identification numbers for these individuals are not available, probabilistic record linkage is used for the identification of matching record pairs. In many applications, identifiers have to be encrypted due to privacy concerns. A new protocol for privacy-preserving record linkage with encrypted identifiers allowing for errors in identifiers has been developed. The protocol is based on Bloom filters on q-grams of identifiers. Tests on simulated and actual databases yield linkage results comparable to non-encrypted identifiers and superior to results from phonetic encodings. We proposed a protocol for privacy-preserving record linkage with encrypted identifiers allowing for errors in identifiers. Since the protocol can be easily enhanced and has a low computational burden, the protocol might be useful for many applications requiring privacy-preserving record linkage.

Privacy-preserving restricted boltzmann machine.

PubMed

Li, Yu; Zhang, Yuan; Ji, Yue

2014-01-01

With the arrival of the big data era, it is predicted that distributed data mining will lead to an information technology revolution. To motivate different institutes to collaborate with each other, the crucial issue is to eliminate their concerns regarding data privacy. In this paper, we propose a privacy-preserving method for training a restricted boltzmann machine (RBM). The RBM can be got without revealing their private data to each other when using our privacy-preserving method. We provide a correctness and efficiency analysis of our algorithms. The comparative experiment shows that the accuracy is very close to the original RBM model.

Privacy-Preserving Restricted Boltzmann Machine

PubMed Central

Li, Yu

2014-01-01

With the arrival of the big data era, it is predicted that distributed data mining will lead to an information technology revolution. To motivate different institutes to collaborate with each other, the crucial issue is to eliminate their concerns regarding data privacy. In this paper, we propose a privacy-preserving method for training a restricted boltzmann machine (RBM). The RBM can be got without revealing their private data to each other when using our privacy-preserving method. We provide a correctness and efficiency analysis of our algorithms. The comparative experiment shows that the accuracy is very close to the original RBM model. PMID:25101139

Preserving Employee Privacy in Wellness.

PubMed

Terry, Paul E

2017-07-01

The proposed "Preserving Employee Wellness Programs Act" states that the collection of information about the manifested disease or disorder of a family member shall not be considered an unlawful acquisition of genetic information. The bill recognizes employee privacy protections that are already in place and includes specific language relating to nondiscrimination based on illness. Why did legislation expressly intending to "preserve wellness programs" generate such antipathy about wellness among journalists? This article argues that those who are committed to preserving employee wellness must be equally committed to preserving employee privacy. Related to this, we should better parse between discussions and rules about commonplace health screenings versus much less common genetic testing.

Fully Integrated Passive UHF RFID Tag for Hash-Based Mutual Authentication Protocol

PubMed Central

Mikami, Shugo; Watanabe, Dai; Li, Yang; Sakiyama, Kazuo

2015-01-01

Passive radio-frequency identification (RFID) tag has been used in many applications. While the RFID market is expected to grow, concerns about security and privacy of the RFID tag should be overcome for the future use. To overcome these issues, privacy-preserving authentication protocols based on cryptographic algorithms have been designed. However, to the best of our knowledge, evaluation of the whole tag, which includes an antenna, an analog front end, and a digital processing block, that runs authentication protocols has not been studied. In this paper, we present an implementation and evaluation of a fully integrated passive UHF RFID tag that runs a privacy-preserving mutual authentication protocol based on a hash function. We design a single chip including the analog front end and the digital processing block. We select a lightweight hash function supporting 80-bit security strength and a standard hash function supporting 128-bit security strength. We show that when the lightweight hash function is used, the tag completes the protocol with a reader-tag distance of 10 cm. Similarly, when the standard hash function is used, the tag completes the protocol with the distance of 8.5 cm. We discuss the impact of the peak power consumption of the tag on the distance of the tag due to the hash function. PMID:26491714

Preserving Institutional Privacy in Distributed binary Logistic Regression.

PubMed

Wu, Yuan; Jiang, Xiaoqian; Ohno-Machado, Lucila

2012-01-01

Privacy is becoming a major concern when sharing biomedical data across institutions. Although methods for protecting privacy of individual patients have been proposed, it is not clear how to protect the institutional privacy, which is many times a critical concern of data custodians. Built upon our previous work, Grid Binary LOgistic REgression (GLORE)1, we developed an Institutional Privacy-preserving Distributed binary Logistic Regression model (IPDLR) that considers both individual and institutional privacy for building a logistic regression model in a distributed manner. We tested our method using both simulated and clinical data, showing how it is possible to protect the privacy of individuals and of institutions using a distributed strategy.

Designing an algorithm to preserve privacy for medical record linkage with error-prone data.

PubMed

Pal, Doyel; Chen, Tingting; Zhong, Sheng; Khethavath, Praveen

2014-01-20

Linking medical records across different medical service providers is important to the enhancement of health care quality and public health surveillance. In records linkage, protecting the patients' privacy is a primary requirement. In real-world health care databases, records may well contain errors due to various reasons such as typos. Linking the error-prone data and preserving data privacy at the same time are very difficult. Existing privacy preserving solutions for this problem are only restricted to textual data. To enable different medical service providers to link their error-prone data in a private way, our aim was to provide a holistic solution by designing and developing a medical record linkage system for medical service providers. To initiate a record linkage, one provider selects one of its collaborators in the Connection Management Module, chooses some attributes of the database to be matched, and establishes the connection with the collaborator after the negotiation. In the Data Matching Module, for error-free data, our solution offered two different choices for cryptographic schemes. For error-prone numerical data, we proposed a newly designed privacy preserving linking algorithm named the Error-Tolerant Linking Algorithm, that allows the error-prone data to be correctly matched if the distance between the two records is below a threshold. We designed and developed a comprehensive and user-friendly software system that provides privacy preserving record linkage functions for medical service providers, which meets the regulation of Health Insurance Portability and Accountability Act. It does not require a third party and it is secure in that neither entity can learn the records in the other's database. Moreover, our novel Error-Tolerant Linking Algorithm implemented in this software can work well with error-prone numerical data. We theoretically proved the correctness and security of our Error-Tolerant Linking Algorithm. We have also fully implemented the software. The experimental results showed that it is reliable and efficient. The design of our software is open so that the existing textual matching methods can be easily integrated into the system. Designing algorithms to enable medical records linkage for error-prone numerical data and protect data privacy at the same time is difficult. Our proposed solution does not need a trusted third party and is secure in that in the linking process, neither entity can learn the records in the other's database.

A New Heuristic Anonymization Technique for Privacy Preserved Datasets Publication on Cloud Computing

NASA Astrophysics Data System (ADS)

Aldeen Yousra, S.; Mazleena, Salleh

2018-05-01

Recent advancement in Information and Communication Technologies (ICT) demanded much of cloud services to sharing users’ private data. Data from various organizations are the vital information source for analysis and research. Generally, this sensitive or private data information involves medical, census, voter registration, social network, and customer services. Primary concern of cloud service providers in data publishing is to hide the sensitive information of individuals. One of the cloud services that fulfill the confidentiality concerns is Privacy Preserving Data Mining (PPDM). The PPDM service in Cloud Computing (CC) enables data publishing with minimized distortion and absolute privacy. In this method, datasets are anonymized via generalization to accomplish the privacy requirements. However, the well-known privacy preserving data mining technique called K-anonymity suffers from several limitations. To surmount those shortcomings, I propose a new heuristic anonymization framework for preserving the privacy of sensitive datasets when publishing on cloud. The advantages of K-anonymity, L-diversity and (α, k)-anonymity methods for efficient information utilization and privacy protection are emphasized. Experimental results revealed the superiority and outperformance of the developed technique than K-anonymity, L-diversity, and (α, k)-anonymity measure.

A comprehensive review on privacy preserving data mining.

PubMed

Aldeen, Yousra Abdul Alsahib S; Salleh, Mazleena; Razzaque, Mohammad Abdur

2015-01-01

Preservation of privacy in data mining has emerged as an absolute prerequisite for exchanging confidential information in terms of data analysis, validation, and publishing. Ever-escalating internet phishing posed severe threat on widespread propagation of sensitive information over the web. Conversely, the dubious feelings and contentions mediated unwillingness of various information providers towards the reliability protection of data from disclosure often results utter rejection in data sharing or incorrect information sharing. This article provides a panoramic overview on new perspective and systematic interpretation of a list published literatures via their meticulous organization in subcategories. The fundamental notions of the existing privacy preserving data mining methods, their merits, and shortcomings are presented. The current privacy preserving data mining techniques are classified based on distortion, association rule, hide association rule, taxonomy, clustering, associative classification, outsourced data mining, distributed, and k-anonymity, where their notable advantages and disadvantages are emphasized. This careful scrutiny reveals the past development, present research challenges, future trends, the gaps and weaknesses. Further significant enhancements for more robust privacy protection and preservation are affirmed to be mandatory.

A privacy-preserving solution for compressed storage and selective retrieval of genomic data.

PubMed

Huang, Zhicong; Ayday, Erman; Lin, Huang; Aiyar, Raeka S; Molyneaux, Adam; Xu, Zhenyu; Fellay, Jacques; Steinmetz, Lars M; Hubaux, Jean-Pierre

2016-12-01

In clinical genomics, the continuous evolution of bioinformatic algorithms and sequencing platforms makes it beneficial to store patients' complete aligned genomic data in addition to variant calls relative to a reference sequence. Due to the large size of human genome sequence data files (varying from 30 GB to 200 GB depending on coverage), two major challenges facing genomics laboratories are the costs of storage and the efficiency of the initial data processing. In addition, privacy of genomic data is becoming an increasingly serious concern, yet no standard data storage solutions exist that enable compression, encryption, and selective retrieval. Here we present a privacy-preserving solution named SECRAM (Selective retrieval on Encrypted and Compressed Reference-oriented Alignment Map) for the secure storage of compressed aligned genomic data. Our solution enables selective retrieval of encrypted data and improves the efficiency of downstream analysis (e.g., variant calling). Compared with BAM, the de facto standard for storing aligned genomic data, SECRAM uses 18% less storage. Compared with CRAM, one of the most compressed nonencrypted formats (using 34% less storage than BAM), SECRAM maintains efficient compression and downstream data processing, while allowing for unprecedented levels of security in genomic data storage. Compared with previous work, the distinguishing features of SECRAM are that (1) it is position-based instead of read-based, and (2) it allows random querying of a subregion from a BAM-like file in an encrypted form. Our method thus offers a space-saving, privacy-preserving, and effective solution for the storage of clinical genomic data. © 2016 Huang et al.; Published by Cold Spring Harbor Laboratory Press.

A privacy-preserving solution for compressed storage and selective retrieval of genomic data

PubMed Central

Huang, Zhicong; Ayday, Erman; Lin, Huang; Aiyar, Raeka S.; Molyneaux, Adam; Xu, Zhenyu; Hubaux, Jean-Pierre

2016-01-01

In clinical genomics, the continuous evolution of bioinformatic algorithms and sequencing platforms makes it beneficial to store patients’ complete aligned genomic data in addition to variant calls relative to a reference sequence. Due to the large size of human genome sequence data files (varying from 30 GB to 200 GB depending on coverage), two major challenges facing genomics laboratories are the costs of storage and the efficiency of the initial data processing. In addition, privacy of genomic data is becoming an increasingly serious concern, yet no standard data storage solutions exist that enable compression, encryption, and selective retrieval. Here we present a privacy-preserving solution named SECRAM (Selective retrieval on Encrypted and Compressed Reference-oriented Alignment Map) for the secure storage of compressed aligned genomic data. Our solution enables selective retrieval of encrypted data and improves the efficiency of downstream analysis (e.g., variant calling). Compared with BAM, the de facto standard for storing aligned genomic data, SECRAM uses 18% less storage. Compared with CRAM, one of the most compressed nonencrypted formats (using 34% less storage than BAM), SECRAM maintains efficient compression and downstream data processing, while allowing for unprecedented levels of security in genomic data storage. Compared with previous work, the distinguishing features of SECRAM are that (1) it is position-based instead of read-based, and (2) it allows random querying of a subregion from a BAM-like file in an encrypted form. Our method thus offers a space-saving, privacy-preserving, and effective solution for the storage of clinical genomic data. PMID:27789525

Target-Based Maintenance of Privacy Preserving Association Rules

ERIC Educational Resources Information Center

Ahluwalia, Madhu V.

2011-01-01

In the context of association rule mining, the state-of-the-art in privacy preserving data mining provides solutions for categorical and Boolean association rules but not for quantitative association rules. This research fills this gap by describing a method based on discrete wavelet transform (DWT) to protect input data privacy while preserving…

Privacy-Preserving Health Data Collection for Preschool Children

PubMed Central

Zhang, Yuan; Ji, Yue

2013-01-01

With the development of network technology, more and more data are transmitted over the network and privacy issues have become a research focus. In this paper, we study the privacy in health data collection of preschool children and present a new identity-based encryption protocol for privacy protection. The background of the protocol is as follows. A physical examination for preschool children is needed every year out of consideration for the children's health. After the examination, data are transmitted through the Internet to the education authorities for analysis. In the process of data collection, it is unnecessary for the education authorities to know the identities of the children. Based on this, we designed a privacy-preserving protocol, which delinks the children's identities from the examination data. Thus, the privacy of the children is preserved during data collection. We present the protocol in detail and prove the correctness of the protocol. PMID:24285984

Privacy Preservation in Distributed Subgradient Optimization Algorithms.

PubMed

Lou, Youcheng; Yu, Lean; Wang, Shouyang; Yi, Peng

2017-07-31

In this paper, some privacy-preserving features for distributed subgradient optimization algorithms are considered. Most of the existing distributed algorithms focus mainly on the algorithm design and convergence analysis, but not the protection of agents' privacy. Privacy is becoming an increasingly important issue in applications involving sensitive information. In this paper, we first show that the distributed subgradient synchronous homogeneous-stepsize algorithm is not privacy preserving in the sense that the malicious agent can asymptotically discover other agents' subgradients by transmitting untrue estimates to its neighbors. Then a distributed subgradient asynchronous heterogeneous-stepsize projection algorithm is proposed and accordingly its convergence and optimality is established. In contrast to the synchronous homogeneous-stepsize algorithm, in the new algorithm agents make their optimization updates asynchronously with heterogeneous stepsizes. The introduced two mechanisms of projection operation and asynchronous heterogeneous-stepsize optimization can guarantee that agents' privacy can be effectively protected.

Privacy-preserving health data collection for preschool children.

PubMed

Guan, Shaopeng; Zhang, Yuan; Ji, Yue

2013-01-01

With the development of network technology, more and more data are transmitted over the network and privacy issues have become a research focus. In this paper, we study the privacy in health data collection of preschool children and present a new identity-based encryption protocol for privacy protection. The background of the protocol is as follows. A physical examination for preschool children is needed every year out of consideration for the children's health. After the examination, data are transmitted through the Internet to the education authorities for analysis. In the process of data collection, it is unnecessary for the education authorities to know the identities of the children. Based on this, we designed a privacy-preserving protocol, which delinks the children's identities from the examination data. Thus, the privacy of the children is preserved during data collection. We present the protocol in detail and prove the correctness of the protocol.

Privacy-preserving periodical publishing for medical information

NASA Astrophysics Data System (ADS)

Jin, Hua; Ju, Shi-guang; Liu, Shan-cheng

2013-07-01

Existing privacy-preserving publishing models can not meet the requirement of periodical publishing for medical information whether these models are static or dynamic. This paper presents a (k,l)-anonymity model with keeping individual association and a principle based on (Epsilon)-invariance group for subsequent periodical publishing, and then, the PKIA and PSIGI algorithms are designed for them. The proposed methods can reserve more individual association with privacy-preserving and have better publishing quality. Experiments confirm our theoretical results and its practicability.

40 CFR 1602.8 - Preservation of records.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 40 Protection of Environment 32 2010-07-01 2010-07-01 false Preservation of records. 1602.8 Section 1602.8 Protection of Environment CHEMICAL SAFETY AND HAZARD INVESTIGATION BOARD PROTECTION OF PRIVACY AND ACCESS TO INDIVIDUAL RECORDS UNDER THE PRIVACY ACT OF 1974 § 1602.8 Preservation of records...

Effectiveness of Anonymization Methods in Preserving Patients' Privacy: A Systematic Literature Review.

PubMed

Langarizadeh, Mostafa; Orooji, Azam; Sheikhtaheri, Abbas

2018-01-01

An ever growing for application of electronic health records (EHRs) has improved healthcare providers' communications, access to data for secondary use and promoted the quality of services. Patient's privacy has been changed to a great issue today since there are large loads of critical information in EHRs. Therefore, many privacy preservation techniques have been proposed and anonymization is a common one. This study aimed to investigate the effectiveness of anonymization in preserving patients' privacy. The articles published in the 2005-2016 were included. Pubmed, Cochrane, IEEE and ScienceDirect were searched with a variety of related keywords. Finally, 18 articles were included. In the present study, the relevant anonymization issues were investigated in four categories: secondary use of anonymized data, re-identification risk, anonymization effect on information extraction and inadequacy of current methods for different document types. The results revealed that though anonymization cannot reduce the risk of re-identification to zero, if implemented correctly, can manage to help preserve patient's privacy.

Analysis of Existing Privacy-Preserving Protocols in Domain Name System

NASA Astrophysics Data System (ADS)

Zhao, Fangming; Hori, Yoshiaki; Sakurai, Kouichi

In a society preoccupied with gradual erosion of electronic privacy, loss of privacy in the current Domain Name System is an important issue worth considering. In this paper, we first review the DNS and some security & privacy threats to make average users begin to concern about the significance of privacy preservation in DNS protocols. Then, by an careful survey of four noise query generation based existing privacy protection approaches, we analyze some benefits and limitations of these proposals in terms of both related performance evaluation results and theoretic proofs. Finally, we point out some problems that still exist for research community's continuing efforts in the future.

A review on the state-of-the-art privacy-preserving approaches in the e-health clouds.

PubMed

Abbas, Assad; Khan, Samee U

2014-07-01

Cloud computing is emerging as a new computing paradigm in the healthcare sector besides other business domains. Large numbers of health organizations have started shifting the electronic health information to the cloud environment. Introducing the cloud services in the health sector not only facilitates the exchange of electronic medical records among the hospitals and clinics, but also enables the cloud to act as a medical record storage center. Moreover, shifting to the cloud environment relieves the healthcare organizations of the tedious tasks of infrastructure management and also minimizes development and maintenance costs. Nonetheless, storing the patient health data in the third-party servers also entails serious threats to data privacy. Because of probable disclosure of medical records stored and exchanged in the cloud, the patients' privacy concerns should essentially be considered when designing the security and privacy mechanisms. Various approaches have been used to preserve the privacy of the health information in the cloud environment. This survey aims to encompass the state-of-the-art privacy-preserving approaches employed in the e-Health clouds. Moreover, the privacy-preserving approaches are classified into cryptographic and noncryptographic approaches and taxonomy of the approaches is also presented. Furthermore, the strengths and weaknesses of the presented approaches are reported and some open issues are highlighted.

Security and Correctness Analysis on Privacy-Preserving k-Means Clustering Schemes

NASA Astrophysics Data System (ADS)

Su, Chunhua; Bao, Feng; Zhou, Jianying; Takagi, Tsuyoshi; Sakurai, Kouichi

Due to the fast development of Internet and the related IT technologies, it becomes more and more easier to access a large amount of data. k-means clustering is a powerful and frequently used technique in data mining. Many research papers about privacy-preserving k-means clustering were published. In this paper, we analyze the existing privacy-preserving k-means clustering schemes based on the cryptographic techniques. We show those schemes will cause the privacy breach and cannot output the correct results due to the faults in the protocol construction. Furthermore, we analyze our proposal as an option to improve such problems but with intermediate information breach during the computation.

Analysis of Vehicle-Based Security Operations

DOE Office of Scientific and Technical Information (OSTI.GOV)

Carter, Jason M; Paul, Nate R

Vehicle-to-vehicle (V2V) communications promises to increase roadway safety by providing each vehicle with 360 degree situational awareness of other vehicles in proximity, and by complementing onboard sensors such as radar or camera in detecting imminent crash scenarios. In the United States, approximately three hundred million automobiles could participate in a fully deployed V2V system if Dedicated Short-Range Communication (DSRC) device use becomes mandatory. The system s reliance on continuous communication, however, provides a potential means for unscrupulous persons to transmit false data in an attempt to cause crashes, create traffic congestion, or simply render the system useless. V2V communications mustmore » be highly scalable while retaining robust security and privacy preserving features to meet the intra-vehicle and vehicle-to-infrastructure communication requirements for a growing vehicle population. Oakridge National Research Laboratory is investigating a Vehicle-Based Security System (VBSS) to provide security and privacy for a fully deployed V2V and V2I system. In the VBSS an On-board Unit (OBU) generates short-term certificates and signs Basic Safety Messages (BSM) to preserve privacy and enhance security. This work outlines a potential VBSS structure and its operational concepts; it examines how a vehicle-based system might feasibly provide security and privacy, highlights remaining challenges, and explores potential mitigations to address those challenges. Certificate management alternatives that attempt to meet V2V security and privacy requirements have been examined previously by the research community including privacy-preserving group certificates, shared certificates, and functional encryption. Due to real-world operational constraints, adopting one of these approaches for VBSS V2V communication is difficult. Timely misbehavior detection and revocation are still open problems for any V2V system. We explore the alternative approaches that may be applicable to a VBSS, and suggest some additional research directions in order to find a practical solution that appropriately addresses security and privacy.« less

Lightweight Privacy-Preserving Authentication Protocols Secure against Active Attack in an Asymmetric Way

NASA Astrophysics Data System (ADS)

Cui, Yank; Kobara, Kazukuni; Matsuura, Kanta; Imai, Hideki

As pervasive computing technologies develop fast, the privacy protection becomes a crucial issue and needs to be coped with very carefully. Typically, it is difficult to efficiently identify and manage plenty of the low-cost pervasive devices like Radio Frequency Identification Devices (RFID), without leaking any privacy information. In particular, the attacker may not only eavesdrop the communication in a passive way, but also mount an active attack to ask queries adaptively, which is obviously more dangerous. Towards settling this problem, in this paper, we propose two lightweight authentication protocols which are privacy-preserving against active attack, in an asymmetric way. That asymmetric style with privacy-oriented simplification succeeds to reduce the load of low-cost devices and drastically decrease the computation cost for the management of server. This is because that, unlike the usual management of the identities, our approach does not require any synchronization nor exhaustive search in the database, which enjoys great convenience in case of a large-scale system. The protocols are based on a fast asymmetric encryption with specialized simplification and only one cryptographic hash function, which consequently assigns an easy work to pervasive devices. Besides, our results do not require the strong assumption of the random oracle.

Differential privacy-based evaporative cooling feature selection and classification with relief-F and random forests.

PubMed

Le, Trang T; Simmons, W Kyle; Misaki, Masaya; Bodurka, Jerzy; White, Bill C; Savitz, Jonathan; McKinney, Brett A

2017-09-15

Classification of individuals into disease or clinical categories from high-dimensional biological data with low prediction error is an important challenge of statistical learning in bioinformatics. Feature selection can improve classification accuracy but must be incorporated carefully into cross-validation to avoid overfitting. Recently, feature selection methods based on differential privacy, such as differentially private random forests and reusable holdout sets, have been proposed. However, for domains such as bioinformatics, where the number of features is much larger than the number of observations p≫n , these differential privacy methods are susceptible to overfitting. We introduce private Evaporative Cooling, a stochastic privacy-preserving machine learning algorithm that uses Relief-F for feature selection and random forest for privacy preserving classification that also prevents overfitting. We relate the privacy-preserving threshold mechanism to a thermodynamic Maxwell-Boltzmann distribution, where the temperature represents the privacy threshold. We use the thermal statistical physics concept of Evaporative Cooling of atomic gases to perform backward stepwise privacy-preserving feature selection. On simulated data with main effects and statistical interactions, we compare accuracies on holdout and validation sets for three privacy-preserving methods: the reusable holdout, reusable holdout with random forest, and private Evaporative Cooling, which uses Relief-F feature selection and random forest classification. In simulations where interactions exist between attributes, private Evaporative Cooling provides higher classification accuracy without overfitting based on an independent validation set. In simulations without interactions, thresholdout with random forest and private Evaporative Cooling give comparable accuracies. We also apply these privacy methods to human brain resting-state fMRI data from a study of major depressive disorder. Code available at http://insilico.utulsa.edu/software/privateEC . brett-mckinney@utulsa.edu. Supplementary data are available at Bioinformatics online. © The Author (2017). Published by Oxford University Press. All rights reserved. For Permissions, please email: journals.permissions@oup.com

Achieve Location Privacy-Preserving Range Query in Vehicular Sensing

PubMed Central

Lu, Rongxing; Ma, Maode; Bao, Haiyong

2017-01-01

Modern vehicles are equipped with a plethora of on-board sensors and large on-board storage, which enables them to gather and store various local-relevant data. However, the wide application of vehicular sensing has its own challenges, among which location-privacy preservation and data query accuracy are two critical problems. In this paper, we propose a novel range query scheme, which helps the data requester to accurately retrieve the sensed data from the distributive on-board storage in vehicular ad hoc networks (VANETs) with location privacy preservation. The proposed scheme exploits structured scalars to denote the locations of data requesters and vehicles, and achieves the privacy-preserving location matching with the homomorphic Paillier cryptosystem technique. Detailed security analysis shows that the proposed range query scheme can successfully preserve the location privacy of the involved data requesters and vehicles, and protect the confidentiality of the sensed data. In addition, performance evaluations are conducted to show the efficiency of the proposed scheme, in terms of computation delay and communication overhead. Specifically, the computation delay and communication overhead are not dependent on the length of the scalar, and they are only proportional to the number of vehicles. PMID:28786943

Achieve Location Privacy-Preserving Range Query in Vehicular Sensing.

PubMed

Kong, Qinglei; Lu, Rongxing; Ma, Maode; Bao, Haiyong

2017-08-08

Modern vehicles are equipped with a plethora of on-board sensors and large on-board storage, which enables them to gather and store various local-relevant data. However, the wide application of vehicular sensing has its own challenges, among which location-privacy preservation and data query accuracy are two critical problems. In this paper, we propose a novel range query scheme, which helps the data requester to accurately retrieve the sensed data from the distributive on-board storage in vehicular ad hoc networks (VANETs) with location privacy preservation. The proposed scheme exploits structured scalars to denote the locations of data requesters and vehicles, and achieves the privacy-preserving location matching with the homomorphic Paillier cryptosystem technique. Detailed security analysis shows that the proposed range query scheme can successfully preserve the location privacy of the involved data requesters and vehicles, and protect the confidentiality of the sensed data. In addition, performance evaluations are conducted to show the efficiency of the proposed scheme, in terms of computation delay and communication overhead. Specifically, the computation delay and communication overhead are not dependent on the length of the scalar, and they are only proportional to the number of vehicles.

Privacy Preserved and Secured Reliable Routing Protocol for Wireless Mesh Networks.

PubMed

Meganathan, Navamani Thandava; Palanichamy, Yogesh

2015-01-01

Privacy preservation and security provision against internal attacks in wireless mesh networks (WMNs) are more demanding than in wired networks due to the open nature and mobility of certain nodes in the network. Several schemes have been proposed to preserve privacy and provide security in WMNs. To provide complete privacy protection in WMNs, the properties of unobservability, unlinkability, and anonymity are to be ensured during route discovery. These properties can be achieved by implementing group signature and ID-based encryption schemes during route discovery. Due to the characteristics of WMNs, it is more vulnerable to many network layer attacks. Hence, a strong protection is needed to avoid these attacks and this can be achieved by introducing a new Cross-Layer and Subject Logic based Dynamic Reputation (CLSL-DR) mechanism during route discovery. In this paper, we propose a new Privacy preserved and Secured Reliable Routing (PSRR) protocol for WMNs. This protocol incorporates group signature, ID-based encryption schemes, and CLSL-DR mechanism to ensure strong privacy, security, and reliability in WMNs. Simulation results prove this by showing better performance in terms of most of the chosen parameters than the existing protocols.

Using the Personal Health Train for Automated and Privacy-Preserving Analytics on Vertically Partitioned Data.

PubMed

van Soest, Johan; Sun, Chang; Mussmann, Ole; Puts, Marco; van den Berg, Bob; Malic, Alexander; van Oppen, Claudia; Towend, David; Dekker, Andre; Dumontier, Michel

2018-01-01

Conventional data mining algorithms are unable to satisfy the current requirements on analyzing big data in some fields such as medicine, policy making, judicial, and tax records. However, applying diverse datasets from different institutes (both healthcare and non-healthcare related) can enrich information and insights. So far, analyzing this data in an automated, privacy-preserving manner does not exist to our knowledge. In this work, we propose an infrastructure, and proof-of-concept for privacy-preserving analytics on vertically partitioned data.

Privacy-Preserving Patient-Centric Clinical Decision Support System on Naïve Bayesian Classification.

PubMed

Liu, Ximeng; Lu, Rongxing; Ma, Jianfeng; Chen, Le; Qin, Baodong

2016-03-01

Clinical decision support system, which uses advanced data mining techniques to help clinician make proper decisions, has received considerable attention recently. The advantages of clinical decision support system include not only improving diagnosis accuracy but also reducing diagnosis time. Specifically, with large amounts of clinical data generated everyday, naïve Bayesian classification can be utilized to excavate valuable information to improve a clinical decision support system. Although the clinical decision support system is quite promising, the flourish of the system still faces many challenges including information security and privacy concerns. In this paper, we propose a new privacy-preserving patient-centric clinical decision support system, which helps clinician complementary to diagnose the risk of patients' disease in a privacy-preserving way. In the proposed system, the past patients' historical data are stored in cloud and can be used to train the naïve Bayesian classifier without leaking any individual patient medical data, and then the trained classifier can be applied to compute the disease risk for new coming patients and also allow these patients to retrieve the top- k disease names according to their own preferences. Specifically, to protect the privacy of past patients' historical data, a new cryptographic tool called additive homomorphic proxy aggregation scheme is designed. Moreover, to leverage the leakage of naïve Bayesian classifier, we introduce a privacy-preserving top- k disease names retrieval protocol in our system. Detailed privacy analysis ensures that patient's information is private and will not be leaked out during the disease diagnosis phase. In addition, performance evaluation via extensive simulations also demonstrates that our system can efficiently calculate patient's disease risk with high accuracy in a privacy-preserving way.

Inference-Based Similarity Search in Randomized Montgomery Domains for Privacy-Preserving Biometric Identification.

PubMed

Wang, Yi; Wan, Jianwu; Guo, Jun; Cheung, Yiu-Ming; Yuen, Pong C; Yi Wang; Jianwu Wan; Jun Guo; Yiu-Ming Cheung; Yuen, Pong C; Cheung, Yiu-Ming; Guo, Jun; Yuen, Pong C; Wan, Jianwu; Wang, Yi

2018-07-01

Similarity search is essential to many important applications and often involves searching at scale on high-dimensional data based on their similarity to a query. In biometric applications, recent vulnerability studies have shown that adversarial machine learning can compromise biometric recognition systems by exploiting the biometric similarity information. Existing methods for biometric privacy protection are in general based on pairwise matching of secured biometric templates and have inherent limitations in search efficiency and scalability. In this paper, we propose an inference-based framework for privacy-preserving similarity search in Hamming space. Our approach builds on an obfuscated distance measure that can conceal Hamming distance in a dynamic interval. Such a mechanism enables us to systematically design statistically reliable methods for retrieving most likely candidates without knowing the exact distance values. We further propose to apply Montgomery multiplication for generating search indexes that can withstand adversarial similarity analysis, and show that information leakage in randomized Montgomery domains can be made negligibly small. Our experiments on public biometric datasets demonstrate that the inference-based approach can achieve a search accuracy close to the best performance possible with secure computation methods, but the associated cost is reduced by orders of magnitude compared to cryptographic primitives.

Differential Privacy Preserving in Big Data Analytics for Connected Health.

PubMed

Lin, Chi; Song, Zihao; Song, Houbing; Zhou, Yanhong; Wang, Yi; Wu, Guowei

2016-04-01

In Body Area Networks (BANs), big data collected by wearable sensors usually contain sensitive information, which is compulsory to be appropriately protected. Previous methods neglected privacy protection issue, leading to privacy exposure. In this paper, a differential privacy protection scheme for big data in body sensor network is developed. Compared with previous methods, this scheme will provide privacy protection with higher availability and reliability. We introduce the concept of dynamic noise thresholds, which makes our scheme more suitable to process big data. Experimental results demonstrate that, even when the attacker has full background knowledge, the proposed scheme can still provide enough interference to big sensitive data so as to preserve the privacy.

Toward privacy-preserving JPEG image retrieval

NASA Astrophysics Data System (ADS)

Cheng, Hang; Wang, Jingyue; Wang, Meiqing; Zhong, Shangping

2017-07-01

This paper proposes a privacy-preserving retrieval scheme for JPEG images based on local variance. Three parties are involved in the scheme: the content owner, the server, and the authorized user. The content owner encrypts JPEG images for privacy protection by jointly using permutation cipher and stream cipher, and then, the encrypted versions are uploaded to the server. With an encrypted query image provided by an authorized user, the server may extract blockwise local variances in different directions without knowing the plaintext content. After that, it can calculate the similarity between the encrypted query image and each encrypted database image by a local variance-based feature comparison mechanism. The authorized user with the encryption key can decrypt the returned encrypted images with plaintext content similar to the query image. The experimental results show that the proposed scheme not only provides effective privacy-preserving retrieval service but also ensures both format compliance and file size preservation for encrypted JPEG images.

EPPRD: An Efficient Privacy-Preserving Power Requirement and Distribution Aggregation Scheme for a Smart Grid.

PubMed

Zhang, Lei; Zhang, Jing

2017-08-07

A Smart Grid (SG) facilitates bidirectional demand-response communication between individual users and power providers with high computation and communication performance but also brings about the risk of leaking users' private information. Therefore, improving the individual power requirement and distribution efficiency to ensure communication reliability while preserving user privacy is a new challenge for SG. Based on this issue, we propose an efficient and privacy-preserving power requirement and distribution aggregation scheme (EPPRD) based on a hierarchical communication architecture. In the proposed scheme, an efficient encryption and authentication mechanism is proposed for better fit to each individual demand-response situation. Through extensive analysis and experiment, we demonstrate how the EPPRD resists various security threats and preserves user privacy while satisfying the individual requirement in a semi-honest model; it involves less communication overhead and computation time than the existing competing schemes.

EPPRD: An Efficient Privacy-Preserving Power Requirement and Distribution Aggregation Scheme for a Smart Grid

PubMed Central

Zhang, Lei; Zhang, Jing

2017-01-01

A Smart Grid (SG) facilitates bidirectional demand-response communication between individual users and power providers with high computation and communication performance but also brings about the risk of leaking users’ private information. Therefore, improving the individual power requirement and distribution efficiency to ensure communication reliability while preserving user privacy is a new challenge for SG. Based on this issue, we propose an efficient and privacy-preserving power requirement and distribution aggregation scheme (EPPRD) based on a hierarchical communication architecture. In the proposed scheme, an efficient encryption and authentication mechanism is proposed for better fit to each individual demand-response situation. Through extensive analysis and experiment, we demonstrate how the EPPRD resists various security threats and preserves user privacy while satisfying the individual requirement in a semi-honest model; it involves less communication overhead and computation time than the existing competing schemes. PMID:28783122

Reward-based spatial crowdsourcing with differential privacy preservation

NASA Astrophysics Data System (ADS)

Xiong, Ping; Zhang, Lefeng; Zhu, Tianqing

2017-11-01

In recent years, the popularity of mobile devices has transformed spatial crowdsourcing (SC) into a novel mode for performing complicated projects. Workers can perform tasks at specified locations in return for rewards offered by employers. Existing methods ensure the efficiency of their systems by submitting the workers' exact locations to a centralised server for task assignment, which can lead to privacy violations. Thus, implementing crowsourcing applications while preserving the privacy of workers' location is a key issue that needs to be tackled. We propose a reward-based SC method that achieves acceptable utility as measured by task assignment success rates, while efficiently preserving privacy. A differential privacy model ensures rigorous privacy guarantee, and Laplace noise is introduced to protect workers' exact locations. We then present a reward allocation mechanism that adjusts each piece of the reward for a task using the distribution of the workers' locations. Through experimental results, we demonstrate that this optimised-reward method is efficient for SC applications.

Incorporation of privacy elements in space station design

NASA Technical Reports Server (NTRS)

Harrison, Albert A.; Caldwell, Barrett; Struthers, Nancy J.

1988-01-01

Privacy exists to the extent that individuals can control the degree of social contact that they have with one another. The opportunity to withdraw from other people serves a number of important psychological and social functions, and is in the interests of safety, high performance, and high quality of human life. Privacy requirements for Space Station crew members are reviewed, and architectual and other guidelines for helping astronauts achieve desired levels of privacy are suggested. In turn, four dimensions of privacy are discussed: the separation of activities by areas within the Space Station, controlling the extent to which astronauts have visual contact with one another, controlling the extent to which astronauts have auditory contact with one another, and odor control. Each section presents a statement of the problem, a review of general solutions, and specific recommendations. The report is concluded with a brief consideration of how selection, training, and other procedures can also help Space Station occupants achieve satisfactory levels of seclusion.

Designing an Algorithm to Preserve Privacy for Medical Record Linkage With Error-Prone Data

PubMed Central

Pal, Doyel; Chen, Tingting; Khethavath, Praveen

2014-01-01

Background Linking medical records across different medical service providers is important to the enhancement of health care quality and public health surveillance. In records linkage, protecting the patients’ privacy is a primary requirement. In real-world health care databases, records may well contain errors due to various reasons such as typos. Linking the error-prone data and preserving data privacy at the same time are very difficult. Existing privacy preserving solutions for this problem are only restricted to textual data. Objective To enable different medical service providers to link their error-prone data in a private way, our aim was to provide a holistic solution by designing and developing a medical record linkage system for medical service providers. Methods To initiate a record linkage, one provider selects one of its collaborators in the Connection Management Module, chooses some attributes of the database to be matched, and establishes the connection with the collaborator after the negotiation. In the Data Matching Module, for error-free data, our solution offered two different choices for cryptographic schemes. For error-prone numerical data, we proposed a newly designed privacy preserving linking algorithm named the Error-Tolerant Linking Algorithm, that allows the error-prone data to be correctly matched if the distance between the two records is below a threshold. Results We designed and developed a comprehensive and user-friendly software system that provides privacy preserving record linkage functions for medical service providers, which meets the regulation of Health Insurance Portability and Accountability Act. It does not require a third party and it is secure in that neither entity can learn the records in the other’s database. Moreover, our novel Error-Tolerant Linking Algorithm implemented in this software can work well with error-prone numerical data. We theoretically proved the correctness and security of our Error-Tolerant Linking Algorithm. We have also fully implemented the software. The experimental results showed that it is reliable and efficient. The design of our software is open so that the existing textual matching methods can be easily integrated into the system. Conclusions Designing algorithms to enable medical records linkage for error-prone numerical data and protect data privacy at the same time is difficult. Our proposed solution does not need a trusted third party and is secure in that in the linking process, neither entity can learn the records in the other’s database. PMID:25600786

Privacy Preserving Association Rule Mining Revisited: Privacy Enhancement and Resources Efficiency

NASA Astrophysics Data System (ADS)

Mohaisen, Abedelaziz; Jho, Nam-Su; Hong, Dowon; Nyang, Daehun

Privacy preserving association rule mining algorithms have been designed for discovering the relations between variables in data while maintaining the data privacy. In this article we revise one of the recently introduced schemes for association rule mining using fake transactions (FS). In particular, our analysis shows that the FS scheme has exhaustive storage and high computation requirements for guaranteeing a reasonable level of privacy. We introduce a realistic definition of privacy that benefits from the average case privacy and motivates the study of a weakness in the structure of FS by fake transactions filtering. In order to overcome this problem, we improve the FS scheme by presenting a hybrid scheme that considers both privacy and resources as two concurrent guidelines. Analytical and empirical results show the efficiency and applicability of our proposed scheme.

Sorted Index Numbers for Privacy Preserving Face Recognition

NASA Astrophysics Data System (ADS)

Wang, Yongjin; Hatzinakos, Dimitrios

2009-12-01

This paper presents a novel approach for changeable and privacy preserving face recognition. We first introduce a new method of biometric matching using the sorted index numbers (SINs) of feature vectors. Since it is impossible to recover any of the exact values of the original features, the transformation from original features to the SIN vectors is noninvertible. To address the irrevocable nature of biometric signals whilst obtaining stronger privacy protection, a random projection-based method is employed in conjunction with the SIN approach to generate changeable and privacy preserving biometric templates. The effectiveness of the proposed method is demonstrated on a large generic data set, which contains images from several well-known face databases. Extensive experimentation shows that the proposed solution may improve the recognition accuracy.

Preserving Source Location Privacy for Energy Harvesting WSNs.

PubMed

Huang, Changqin; Ma, Ming; Liu, Yuxin; Liu, Anfeng

2017-03-30

Fog (From cOre to edGe) computing employs a huge number of wireless embedded devices to enable end users with anywhere-anytime-to-anything connectivity. Due to their operating nature, wireless sensor nodes often work unattended, and hence are exposed to a variety of attacks. Preserving source-location privacy plays a key role in some wireless sensor network (WSN) applications. In this paper, a redundancy branch convergence-based preserved source location privacy scheme (RBCPSLP) is proposed for energy harvesting sensor networks, with the following advantages: numerous routing branches are created in non-hotspot areas with abundant energy, and those routing branches can merge into a few routing paths before they reach the hotspot areas. The generation time, the duration of routing, and the number of routing branches are then decided independently based on the amount of energy obtained, so as to maximize network energy utilization, greatly enhance privacy protection, and provide long network lifetimes. Theoretical analysis and experimental results show that the RBCPSLP scheme allows a several-fold improvement of the network energy utilization as well as the source location privacy preservation, while maximizing network lifetimes.

Preserving Source Location Privacy for Energy Harvesting WSNs

PubMed Central

Huang, Changqin; Ma, Ming; Liu, Yuxin; Liu, Anfeng

2017-01-01

Fog (From cOre to edGe) computing employs a huge number of wireless embedded devices to enable end users with anywhere-anytime-to-anything connectivity. Due to their operating nature, wireless sensor nodes often work unattended, and hence are exposed to a variety of attacks. Preserving source-location privacy plays a key role in some wireless sensor network (WSN) applications. In this paper, a redundancy branch convergence-based preserved source location privacy scheme (RBCPSLP) is proposed for energy harvesting sensor networks, with the following advantages: numerous routing branches are created in non-hotspot areas with abundant energy, and those routing branches can merge into a few routing paths before they reach the hotspot areas. The generation time, the duration of routing, and the number of routing branches are then decided independently based on the amount of energy obtained, so as to maximize network energy utilization, greatly enhance privacy protection, and provide long network lifetimes. Theoretical analysis and experimental results show that the RBCPSLP scheme allows a several-fold improvement of the network energy utilization as well as the source location privacy preservation, while maximizing network lifetimes. PMID:28358341

Privacy preserving RBF kernel support vector machine.

PubMed

Li, Haoran; Xiong, Li; Ohno-Machado, Lucila; Jiang, Xiaoqian

2014-01-01

Data sharing is challenging but important for healthcare research. Methods for privacy-preserving data dissemination based on the rigorous differential privacy standard have been developed but they did not consider the characteristics of biomedical data and make full use of the available information. This often results in too much noise in the final outputs. We hypothesized that this situation can be alleviated by leveraging a small portion of open-consented data to improve utility without sacrificing privacy. We developed a hybrid privacy-preserving differentially private support vector machine (SVM) model that uses public data and private data together. Our model leverages the RBF kernel and can handle nonlinearly separable cases. Experiments showed that this approach outperforms two baselines: (1) SVMs that only use public data, and (2) differentially private SVMs that are built from private data. Our method demonstrated very close performance metrics compared to nonprivate SVMs trained on the private data.

A community assessment of privacy preserving techniques for human genomes

PubMed Central

2014-01-01

To answer the need for the rigorous protection of biomedical data, we organized the Critical Assessment of Data Privacy and Protection initiative as a community effort to evaluate privacy-preserving dissemination techniques for biomedical data. We focused on the challenge of sharing aggregate human genomic data (e.g., allele frequencies) in a way that preserves the privacy of the data donors, without undermining the utility of genome-wide association studies (GWAS) or impeding their dissemination. Specifically, we designed two problems for disseminating the raw data and the analysis outcome, respectively, based on publicly available data from HapMap and from the Personal Genome Project. A total of six teams participated in the challenges. The final results were presented at a workshop of the iDASH (integrating Data for Analysis, 'anonymization,' and SHaring) National Center for Biomedical Computing. We report the results of the challenge and our findings about the current genome privacy protection techniques. PMID:25521230

Preserving Smart Objects Privacy through Anonymous and Accountable Access Control for a M2M-Enabled Internet of Things

PubMed Central

Hernández-Ramos, José L.; Bernabe, Jorge Bernal; Moreno, M. Victoria; Skarmeta, Antonio F.

2015-01-01

As we get into the Internet of Things era, security and privacy concerns remain as the main obstacles in the development of innovative and valuable services to be exploited by society. Given the Machine-to-Machine (M2M) nature of these emerging scenarios, the application of current privacy-friendly technologies needs to be reconsidered and adapted to be deployed in such global ecosystem. This work proposes different privacy-preserving mechanisms through the application of anonymous credential systems and certificateless public key cryptography. The resulting alternatives are intended to enable an anonymous and accountable access control approach to be deployed on large-scale scenarios, such as Smart Cities. Furthermore, the proposed mechanisms have been deployed on constrained devices, in order to assess their suitability for a secure and privacy-preserving M2M-enabled Internet of Things. PMID:26140349

A community assessment of privacy preserving techniques for human genomes.

PubMed

Jiang, Xiaoqian; Zhao, Yongan; Wang, Xiaofeng; Malin, Bradley; Wang, Shuang; Ohno-Machado, Lucila; Tang, Haixu

2014-01-01

To answer the need for the rigorous protection of biomedical data, we organized the Critical Assessment of Data Privacy and Protection initiative as a community effort to evaluate privacy-preserving dissemination techniques for biomedical data. We focused on the challenge of sharing aggregate human genomic data (e.g., allele frequencies) in a way that preserves the privacy of the data donors, without undermining the utility of genome-wide association studies (GWAS) or impeding their dissemination. Specifically, we designed two problems for disseminating the raw data and the analysis outcome, respectively, based on publicly available data from HapMap and from the Personal Genome Project. A total of six teams participated in the challenges. The final results were presented at a workshop of the iDASH (integrating Data for Analysis, 'anonymization,' and SHaring) National Center for Biomedical Computing. We report the results of the challenge and our findings about the current genome privacy protection techniques.

Privacy Preserving RBF Kernel Support Vector Machine

PubMed Central

Xiong, Li; Ohno-Machado, Lucila

2014-01-01

Data sharing is challenging but important for healthcare research. Methods for privacy-preserving data dissemination based on the rigorous differential privacy standard have been developed but they did not consider the characteristics of biomedical data and make full use of the available information. This often results in too much noise in the final outputs. We hypothesized that this situation can be alleviated by leveraging a small portion of open-consented data to improve utility without sacrificing privacy. We developed a hybrid privacy-preserving differentially private support vector machine (SVM) model that uses public data and private data together. Our model leverages the RBF kernel and can handle nonlinearly separable cases. Experiments showed that this approach outperforms two baselines: (1) SVMs that only use public data, and (2) differentially private SVMs that are built from private data. Our method demonstrated very close performance metrics compared to nonprivate SVMs trained on the private data. PMID:25013805

Preserving Smart Objects Privacy through Anonymous and Accountable Access Control for a M2M-Enabled Internet of Things.

PubMed

Hernández-Ramos, José L; Bernabe, Jorge Bernal; Moreno, M Victoria; Skarmeta, Antonio F

2015-07-01

As we get into the Internet of Things era, security and privacy concerns remain as the main obstacles in the development of innovative and valuable services to be exploited by society. Given the Machine-to-Machine (M2M) nature of these emerging scenarios, the application of current privacy-friendly technologies needs to be reconsidered and adapted to be deployed in such global ecosystem. This work proposes different privacy-preserving mechanisms through the application of anonymous credential systems and certificateless public key cryptography. The resulting alternatives are intended to enable an anonymous and accountable access control approach to be deployed on large-scale scenarios, such as Smart Cities. Furthermore, the proposed mechanisms have been deployed on constrained devices, in order to assess their suitability for a secure and privacy-preserving M2M-enabled Internet of Things.

Achieving Optimal Privacy in Trust-Aware Social Recommender Systems

NASA Astrophysics Data System (ADS)

Dokoohaki, Nima; Kaleli, Cihan; Polat, Huseyin; Matskin, Mihhail

Collaborative filtering (CF) recommenders are subject to numerous shortcomings such as centralized processing, vulnerability to shilling attacks, and most important of all privacy. To overcome these obstacles, researchers proposed for utilization of interpersonal trust between users, to alleviate many of these crucial shortcomings. Till now, attention has been mainly paid to strong points about trust-aware recommenders such as alleviating profile sparsity or calculation cost efficiency, while least attention has been paid on investigating the notion of privacy surrounding the disclosure of individual ratings and most importantly protection of trust computation across social networks forming the backbone of these systems. To contribute to addressing problem of privacy in trust-aware recommenders, within this paper, first we introduce a framework for enabling privacy-preserving trust-aware recommendation generation. While trust mechanism aims at elevating recommender's accuracy, to preserve privacy, accuracy of the system needs to be decreased. Since within this context, privacy and accuracy are conflicting goals we show that a Pareto set can be found as an optimal setting for both privacy-preserving and trust-enabling mechanisms. We show that this Pareto set, when used as the configuration for measuring the accuracy of base collaborative filtering engine, yields an optimized tradeoff between conflicting goals of privacy and accuracy. We prove this concept along with applicability of our framework by experimenting with accuracy and privacy factors, and we show through experiment how such optimal set can be inferred.

Protecting Location Privacy for Outsourced Spatial Data in Cloud Storage

PubMed Central

Gui, Xiaolin; An, Jian; Zhao, Jianqiang; Zhang, Xuejun

2014-01-01

As cloud computing services and location-aware devices are fully developed, a large amount of spatial data needs to be outsourced to the cloud storage provider, so the research on privacy protection for outsourced spatial data gets increasing attention from academia and industry. As a kind of spatial transformation method, Hilbert curve is widely used to protect the location privacy for spatial data. But sufficient security analysis for standard Hilbert curve (SHC) is seldom proceeded. In this paper, we propose an index modification method for SHC (SHC∗) and a density-based space filling curve (DSC) to improve the security of SHC; they can partially violate the distance-preserving property of SHC, so as to achieve better security. We formally define the indistinguishability and attack model for measuring the privacy disclosure risk of spatial transformation methods. The evaluation results indicate that SHC∗ and DSC are more secure than SHC, and DSC achieves the best index generation performance. PMID:25097865

Protecting location privacy for outsourced spatial data in cloud storage.

PubMed

Tian, Feng; Gui, Xiaolin; An, Jian; Yang, Pan; Zhao, Jianqiang; Zhang, Xuejun

2014-01-01

As cloud computing services and location-aware devices are fully developed, a large amount of spatial data needs to be outsourced to the cloud storage provider, so the research on privacy protection for outsourced spatial data gets increasing attention from academia and industry. As a kind of spatial transformation method, Hilbert curve is widely used to protect the location privacy for spatial data. But sufficient security analysis for standard Hilbert curve (SHC) is seldom proceeded. In this paper, we propose an index modification method for SHC (SHC(∗)) and a density-based space filling curve (DSC) to improve the security of SHC; they can partially violate the distance-preserving property of SHC, so as to achieve better security. We formally define the indistinguishability and attack model for measuring the privacy disclosure risk of spatial transformation methods. The evaluation results indicate that SHC(∗) and DSC are more secure than SHC, and DSC achieves the best index generation performance.

Preserving differential privacy for similarity measurement in smart environments.

PubMed

Wong, Kok-Seng; Kim, Myung Ho

2014-01-01

Advances in both sensor technologies and network infrastructures have encouraged the development of smart environments to enhance people's life and living styles. However, collecting and storing user's data in the smart environments pose severe privacy concerns because these data may contain sensitive information about the subject. Hence, privacy protection is now an emerging issue that we need to consider especially when data sharing is essential for analysis purpose. In this paper, we consider the case where two agents in the smart environment want to measure the similarity of their collected or stored data. We use similarity coefficient function (F SC) as the measurement metric for the comparison with differential privacy model. Unlike the existing solutions, our protocol can facilitate more than one request to compute F SC without modifying the protocol. Our solution ensures privacy protection for both the inputs and the computed F SC results.

Publishing data from electronic health records while preserving privacy: a survey of algorithms.

PubMed

Gkoulalas-Divanis, Aris; Loukides, Grigorios; Sun, Jimeng

2014-08-01

The dissemination of Electronic Health Records (EHRs) can be highly beneficial for a range of medical studies, spanning from clinical trials to epidemic control studies, but it must be performed in a way that preserves patients' privacy. This is not straightforward, because the disseminated data need to be protected against several privacy threats, while remaining useful for subsequent analysis tasks. In this work, we present a survey of algorithms that have been proposed for publishing structured patient data, in a privacy-preserving way. We review more than 45 algorithms, derive insights on their operation, and highlight their advantages and disadvantages. We also provide a discussion of some promising directions for future research in this area. Copyright © 2014 Elsevier Inc. All rights reserved.

A Privacy Preservation Model for Health-Related Social Networking Sites.

PubMed

Li, Jingquan

2015-07-08

The increasing use of social networking sites (SNS) in health care has resulted in a growing number of individuals posting personal health information online. These sites may disclose users' health information to many different individuals and organizations and mine it for a variety of commercial and research purposes, yet the revelation of personal health information to unauthorized individuals or entities brings a concomitant concern of greater risk for loss of privacy among users. Many users join multiple social networks for different purposes and enter personal and other specific information covering social, professional, and health domains into other websites. Integration of multiple online and real social networks makes the users vulnerable to unintentional and intentional security threats and misuse. This paper analyzes the privacy and security characteristics of leading health-related SNS. It presents a threat model and identifies the most important threats to users and SNS providers. Building on threat analysis and modeling, this paper presents a privacy preservation model that incorporates individual self-protection and privacy-by-design approaches and uses the model to develop principles and countermeasures to protect user privacy. This study paves the way for analysis and design of privacy-preserving mechanisms on health-related SNS.

A Privacy Preservation Model for Health-Related Social Networking Sites

PubMed Central

2015-01-01

The increasing use of social networking sites (SNS) in health care has resulted in a growing number of individuals posting personal health information online. These sites may disclose users' health information to many different individuals and organizations and mine it for a variety of commercial and research purposes, yet the revelation of personal health information to unauthorized individuals or entities brings a concomitant concern of greater risk for loss of privacy among users. Many users join multiple social networks for different purposes and enter personal and other specific information covering social, professional, and health domains into other websites. Integration of multiple online and real social networks makes the users vulnerable to unintentional and intentional security threats and misuse. This paper analyzes the privacy and security characteristics of leading health-related SNS. It presents a threat model and identifies the most important threats to users and SNS providers. Building on threat analysis and modeling, this paper presents a privacy preservation model that incorporates individual self-protection and privacy-by-design approaches and uses the model to develop principles and countermeasures to protect user privacy. This study paves the way for analysis and design of privacy-preserving mechanisms on health-related SNS. PMID:26155953

An innovative privacy preserving technique for incremental datasets on cloud computing.

PubMed

Aldeen, Yousra Abdul Alsahib S; Salleh, Mazleena; Aljeroudi, Yazan

2016-08-01

Cloud computing (CC) is a magnificent service-based delivery with gigantic computer processing power and data storage across connected communications channels. It imparted overwhelming technological impetus in the internet (web) mediated IT industry, where users can easily share private data for further analysis and mining. Furthermore, user affable CC services enable to deploy sundry applications economically. Meanwhile, simple data sharing impelled various phishing attacks and malware assisted security threats. Some privacy sensitive applications like health services on cloud that are built with several economic and operational benefits necessitate enhanced security. Thus, absolute cyberspace security and mitigation against phishing blitz became mandatory to protect overall data privacy. Typically, diverse applications datasets are anonymized with better privacy to owners without providing all secrecy requirements to the newly added records. Some proposed techniques emphasized this issue by re-anonymizing the datasets from the scratch. The utmost privacy protection over incremental datasets on CC is far from being achieved. Certainly, the distribution of huge datasets volume across multiple storage nodes limits the privacy preservation. In this view, we propose a new anonymization technique to attain better privacy protection with high data utility over distributed and incremental datasets on CC. The proficiency of data privacy preservation and improved confidentiality requirements is demonstrated through performance evaluation. Copyright © 2016 Elsevier Inc. All rights reserved.

(a,k)-Anonymous Scheme for Privacy-Preserving Data Collection in IoT-based Healthcare Services Systems.

PubMed

Li, Hongtao; Guo, Feng; Zhang, Wenyin; Wang, Jie; Xing, Jinsheng

2018-02-14

The widely use of IoT technologies in healthcare services has pushed forward medical intelligence level of services. However, it also brings potential privacy threat to the data collection. In healthcare services system, health and medical data that contains privacy information are often transmitted among networks, and such privacy information should be protected. Therefore, there is a need for privacy-preserving data collection (PPDC) scheme to protect clients (patients) data. We adopt (a,k)-anonymity model as privacy pretection scheme for data collection, and propose a novel anonymity-based PPDC method for healthcare services in this paper. The threat model is analyzed in the client-server-to-user (CS2U) model. On client-side, we utilize (a,k)-anonymity notion to generate anonymous tuples which can resist possible attack, and adopt a bottom-up clustering method to create clusters that satisfy a base privacy level of (a 1 ,k 1 )-anonymity. On server-side, we reduce the communication cost through generalization technology, and compress (a 1 ,k 1 )-anonymous data through an UPGMA-based cluster combination method to make the data meet the deeper level of privacy (a 2 ,k 2 )-anonymity (a 1  ≥ a 2 , k 2  ≥ k 1 ). Theoretical analysis and experimental results prove that our scheme is effective in privacy-preserving and data quality.

Privacy preserving integration of health care data.

PubMed

Adam, Nabil; White, Tom; Shafiq, Basit; Vaidya, Jaideep; He, Xiaoyun

2007-10-11

For health care related research studies the medical records of patients may need to be retrieved from multiple sites with different regulations on the disclosure of health information. Given the sensitive nature of health care information, privacy is a major concern when patients' health care data is used for research purposes. In this paper, we propose an approach for integration and querying of health care data from multiple sources in a secure and privacy preserving manner.

Privacy and policy for genetic research.

PubMed

DeCew, Judith Wagner

2004-01-01

I begin with a discussion of the value of privacy and what we lose without it. I then turn to the difficulties of preserving privacy for genetic information and other medical records in the face of advanced information technology. I suggest three alternative public policy approaches to the problem of protecting individual privacy and also preserving databases for genetic research: (1) governmental guidelines and centralized databases, (2) corporate self-regulation, and (3) my hybrid approach. None of these are unproblematic; I discuss strengths and drawbacks of each, emphasizing the importance of protecting the privacy of sensitive medical and genetic information as well as letting information technology flourish to aid patient care, public health and scientific research.

Estimating parameters for probabilistic linkage of privacy-preserved datasets.

PubMed

Brown, Adrian P; Randall, Sean M; Ferrante, Anna M; Semmens, James B; Boyd, James H

2017-07-10

Probabilistic record linkage is a process used to bring together person-based records from within the same dataset (de-duplication) or from disparate datasets using pairwise comparisons and matching probabilities. The linkage strategy and associated match probabilities are often estimated through investigations into data quality and manual inspection. However, as privacy-preserved datasets comprise encrypted data, such methods are not possible. In this paper, we present a method for estimating the probabilities and threshold values for probabilistic privacy-preserved record linkage using Bloom filters. Our method was tested through a simulation study using synthetic data, followed by an application using real-world administrative data. Synthetic datasets were generated with error rates from zero to 20% error. Our method was used to estimate parameters (probabilities and thresholds) for de-duplication linkages. Linkage quality was determined by F-measure. Each dataset was privacy-preserved using separate Bloom filters for each field. Match probabilities were estimated using the expectation-maximisation (EM) algorithm on the privacy-preserved data. Threshold cut-off values were determined by an extension to the EM algorithm allowing linkage quality to be estimated for each possible threshold. De-duplication linkages of each privacy-preserved dataset were performed using both estimated and calculated probabilities. Linkage quality using the F-measure at the estimated threshold values was also compared to the highest F-measure. Three large administrative datasets were used to demonstrate the applicability of the probability and threshold estimation technique on real-world data. Linkage of the synthetic datasets using the estimated probabilities produced an F-measure that was comparable to the F-measure using calculated probabilities, even with up to 20% error. Linkage of the administrative datasets using estimated probabilities produced an F-measure that was higher than the F-measure using calculated probabilities. Further, the threshold estimation yielded results for F-measure that were only slightly below the highest possible for those probabilities. The method appears highly accurate across a spectrum of datasets with varying degrees of error. As there are few alternatives for parameter estimation, the approach is a major step towards providing a complete operational approach for probabilistic linkage of privacy-preserved datasets.

Efficient and Privacy-Preserving Online Medical Prediagnosis Framework Using Nonlinear SVM.

PubMed

Zhu, Hui; Liu, Xiaoxia; Lu, Rongxing; Li, Hui

2017-05-01

With the advances of machine learning algorithms and the pervasiveness of network terminals, the online medical prediagnosis system, which can provide the diagnosis of healthcare provider anywhere anytime, has attracted considerable interest recently. However, the flourish of online medical prediagnosis system still faces many challenges including information security and privacy preservation. In this paper, we propose an e fficient and privacy-preserving online medical prediagnosis framework, called eDiag, by using nonlinear kernel support vector machine (SVM). With eDiag, the sensitive personal health information can be processed without privacy disclosure during online prediagnosis service. Specifically, based on an improved expression for the nonlinear SVM, an efficient and privacy-preserving classification scheme is introduced with lightweight multiparty random masking and polynomial aggregation techniques. The encrypted user query is directly operated at the service provider without decryption, and the diagnosis result can only be decrypted by user. Through extensive analysis, we show that eDiag can ensure that users' health information and healthcare provider's prediction model are kept confidential, and has significantly less computation and communication overhead than existing schemes. In addition, performance evaluations via implementing eDiag on smartphone and computer demonstrate eDiag's effectiveness in term of real online environment.

Privacy preservation and information security protection for patients' portable electronic health records.

PubMed

Huang, Lu-Chou; Chu, Huei-Chung; Lien, Chung-Yueh; Hsiao, Chia-Hung; Kao, Tsair

2009-09-01

As patients face the possibility of copying and keeping their electronic health records (EHRs) through portable storage media, they will encounter new risks to the protection of their private information. In this study, we propose a method to preserve the privacy and security of patients' portable medical records in portable storage media to avoid any inappropriate or unintentional disclosure. Following HIPAA guidelines, the method is designed to protect, recover and verify patient's identifiers in portable EHRs. The results of this study show that our methods are effective in ensuring both information security and privacy preservation for patients through portable storage medium.

A Fine-Grained and Privacy-Preserving Query Scheme for Fog Computing-Enhanced Location-Based Service

PubMed Central

Yin, Fan; Tang, Xiaohu

2017-01-01

Location-based services (LBS), as one of the most popular location-awareness applications, has been further developed to achieve low-latency with the assistance of fog computing. However, privacy issues remain a research challenge in the context of fog computing. Therefore, in this paper, we present a fine-grained and privacy-preserving query scheme for fog computing-enhanced location-based services, hereafter referred to as FGPQ. In particular, mobile users can obtain the fine-grained searching result satisfying not only the given spatial range but also the searching content. Detailed privacy analysis shows that our proposed scheme indeed achieves the privacy preservation for the LBS provider and mobile users. In addition, extensive performance analyses and experiments demonstrate that the FGPQ scheme can significantly reduce computational and communication overheads and ensure the low-latency, which outperforms existing state-of-the art schemes. Hence, our proposed scheme is more suitable for real-time LBS searching. PMID:28696395

A Fine-Grained and Privacy-Preserving Query Scheme for Fog Computing-Enhanced Location-Based Service.

PubMed

Yang, Xue; Yin, Fan; Tang, Xiaohu

2017-07-11

Location-based services (LBS), as one of the most popular location-awareness applications, has been further developed to achieve low-latency with the assistance of fog computing. However, privacy issues remain a research challenge in the context of fog computing. Therefore, in this paper, we present a fine-grained and privacy-preserving query scheme for fog computing-enhanced location-based services, hereafter referred to as FGPQ. In particular, mobile users can obtain the fine-grained searching result satisfying not only the given spatial range but also the searching content. Detailed privacy analysis shows that our proposed scheme indeed achieves the privacy preservation for the LBS provider and mobile users. In addition, extensive performance analyses and experiments demonstrate that the FGPQ scheme can significantly reduce computational and communication overheads and ensure the low-latency, which outperforms existing state-of-the art schemes. Hence, our proposed scheme is more suitable for real-time LBS searching.

Privacy-Preserving Data Exploration in Genome-Wide Association Studies.

PubMed

Johnson, Aaron; Shmatikov, Vitaly

2013-08-01

Genome-wide association studies (GWAS) have become a popular method for analyzing sets of DNA sequences in order to discover the genetic basis of disease. Unfortunately, statistics published as the result of GWAS can be used to identify individuals participating in the study. To prevent privacy breaches, even previously published results have been removed from public databases, impeding researchers' access to the data and hindering collaborative research. Existing techniques for privacy-preserving GWAS focus on answering specific questions, such as correlations between a given pair of SNPs (DNA sequence variations). This does not fit the typical GWAS process, where the analyst may not know in advance which SNPs to consider and which statistical tests to use, how many SNPs are significant for a given dataset, etc. We present a set of practical, privacy-preserving data mining algorithms for GWAS datasets. Our framework supports exploratory data analysis, where the analyst does not know a priori how many and which SNPs to consider. We develop privacy-preserving algorithms for computing the number and location of SNPs that are significantly associated with the disease, the significance of any statistical test between a given SNP and the disease, any measure of correlation between SNPs, and the block structure of correlations. We evaluate our algorithms on real-world datasets and demonstrate that they produce significantly more accurate results than prior techniques while guaranteeing differential privacy.

Archiving Data from New Survey Technologies: Lessons Learned on Enabling Research with High-Precision Data While Preserving Participant Privacy: Preprint

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gonder, J.; Burton, E.; Murakami, E.

2014-11-01

During the past 15 years, increasing numbers of organizations and planning agencies have begun collecting high-resolution Global Positioning System (GPS) travel data. Despite the significant effort and expense to collect it, privacy concerns often lead to underutilization of the data. To address this dilemma of providing data access while preserving privacy, the National Renewable Energy Laboratory, with support from the U.S. Department of Transportation and U.S. Department of Energy, established the Transportation Secure Data Center (TSDC). Lessons drawn from best-practice examples from other data centers have helped shape the structure and operating procedures for the TSDC, which functions under themore » philosophy of first and foremost preserving privacy, but doing so in a way that balances security with accessibility and usability of the data for legitimate research. This paper provides details about the TSDC approach toward achieving these goals, which has included creating a secure enclave with no external access for backing up and processing raw data, a publicly accessible website for downloading cleansed data, and a secure portal environment through which approved users can work with detailed spatial data using a variety of tools and reference information. This paper also describes lessons learned from operating the TSDC with respect to improvements in GPS data handling, processing, and user support, along with plans for continual enhancements to better support the needs of both data providers and users and to thus advance the research value derived from such valuable data.« less

Privacy-preserving heterogeneous health data sharing.

PubMed

Mohammed, Noman; Jiang, Xiaoqian; Chen, Rui; Fung, Benjamin C M; Ohno-Machado, Lucila

2013-05-01

Privacy-preserving data publishing addresses the problem of disclosing sensitive data when mining for useful information. Among existing privacy models, ε-differential privacy provides one of the strongest privacy guarantees and makes no assumptions about an adversary's background knowledge. All existing solutions that ensure ε-differential privacy handle the problem of disclosing relational and set-valued data in a privacy-preserving manner separately. In this paper, we propose an algorithm that considers both relational and set-valued data in differentially private disclosure of healthcare data. The proposed approach makes a simple yet fundamental switch in differentially private algorithm design: instead of listing all possible records (ie, a contingency table) for noise addition, records are generalized before noise addition. The algorithm first generalizes the raw data in a probabilistic way, and then adds noise to guarantee ε-differential privacy. We showed that the disclosed data could be used effectively to build a decision tree induction classifier. Experimental results demonstrated that the proposed algorithm is scalable and performs better than existing solutions for classification analysis. The resulting utility may degrade when the output domain size is very large, making it potentially inappropriate to generate synthetic data for large health databases. Unlike existing techniques, the proposed algorithm allows the disclosure of health data containing both relational and set-valued data in a differentially private manner, and can retain essential information for discriminative analysis.

Privacy-preserving heterogeneous health data sharing

PubMed Central

Mohammed, Noman; Jiang, Xiaoqian; Chen, Rui; Fung, Benjamin C M; Ohno-Machado, Lucila

2013-01-01

Objective Privacy-preserving data publishing addresses the problem of disclosing sensitive data when mining for useful information. Among existing privacy models, ε-differential privacy provides one of the strongest privacy guarantees and makes no assumptions about an adversary's background knowledge. All existing solutions that ensure ε-differential privacy handle the problem of disclosing relational and set-valued data in a privacy-preserving manner separately. In this paper, we propose an algorithm that considers both relational and set-valued data in differentially private disclosure of healthcare data. Methods The proposed approach makes a simple yet fundamental switch in differentially private algorithm design: instead of listing all possible records (ie, a contingency table) for noise addition, records are generalized before noise addition. The algorithm first generalizes the raw data in a probabilistic way, and then adds noise to guarantee ε-differential privacy. Results We showed that the disclosed data could be used effectively to build a decision tree induction classifier. Experimental results demonstrated that the proposed algorithm is scalable and performs better than existing solutions for classification analysis. Limitation The resulting utility may degrade when the output domain size is very large, making it potentially inappropriate to generate synthetic data for large health databases. Conclusions Unlike existing techniques, the proposed algorithm allows the disclosure of health data containing both relational and set-valued data in a differentially private manner, and can retain essential information for discriminative analysis. PMID:23242630

Cloud-assisted mobile-access of health data with privacy and auditability.

PubMed

Tong, Yue; Sun, Jinyuan; Chow, Sherman S M; Li, Pan

2014-03-01

Motivated by the privacy issues, curbing the adoption of electronic healthcare systems and the wild success of cloud service models, we propose to build privacy into mobile healthcare systems with the help of the private cloud. Our system offers salient features including efficient key management, privacy-preserving data storage, and retrieval, especially for retrieval at emergencies, and auditability for misusing health data. Specifically, we propose to integrate key management from pseudorandom number generator for unlinkability, a secure indexing method for privacy-preserving keyword search which hides both search and access patterns based on redundancy, and integrate the concept of attribute-based encryption with threshold signing for providing role-based access control with auditability to prevent potential misbehavior, in both normal and emergency cases.

A Lightweight Encryption Scheme Combined with Trust Management for Privacy-Preserving in Body Sensor Networks.

PubMed

Guo, Ping; Wang, Jin; Ji, Sai; Geng, Xue Hua; Xiong, Neal N

2015-12-01

With the pervasiveness of smart phones and the advance of wireless body sensor network (BSN), mobile Healthcare (m-Healthcare), which extends the operation of Healthcare provider into a pervasive environment for better health monitoring, has attracted considerable interest recently. However, the flourish of m-Healthcare still faces many challenges including information security and privacy preservation. In this paper, we propose a secure and privacy-preserving framework combining with multilevel trust management. In our scheme, smart phone resources including computing power and energy can be opportunistically gathered to process the computing-intensive PHI (personal health information) during m-Healthcare emergency with minimal privacy disclosure. In specific, to leverage the PHI privacy disclosure and the high reliability of PHI process and transmission in m-Healthcare emergency, we introduce an efficient lightweight encryption for those users whose trust level is low, which is based on mix cipher algorithms and pair of plain text and cipher texts, and allow a medical user to decide who can participate in the opportunistic computing to assist in processing his overwhelming PHI data. Detailed security analysis and simulations show that the proposed framework can efficiently achieve user-centric privacy protection in m-Healthcare system.

Efficient Secure and Privacy-Preserving Route Reporting Scheme for VANETs

NASA Astrophysics Data System (ADS)

Zhang, Yuanfei; Pei, Qianwen; Dai, Feifei; Zhang, Lei

2017-10-01

Vehicular ad-hoc network (VANET) is a core component of intelligent traffic management system which could provide various of applications such as accident prediction, route reporting, etc. Due to the problems caused by traffic congestion, route reporting becomes a prospective application which can help a driver to get optimal route to save her travel time. Before enjoying the convenience of route reporting, security and privacy-preserving issues need to be concerned. In this paper, we propose a new secure and privacy-preserving route reporting scheme for VANETs. In our scheme, only an authenticated vehicle can use the route reporting service provided by the traffic management center. Further, a vehicle may receive the response from the traffic management center with low latency and without violating the privacy of the vehicle. Experiment results show that our scheme is much more efficiency than the existing one.

Digression and Value Concatenation to Enable Privacy-Preserving Regression.

PubMed

Li, Xiao-Bai; Sarkar, Sumit

2014-09-01

Regression techniques can be used not only for legitimate data analysis, but also to infer private information about individuals. In this paper, we demonstrate that regression trees, a popular data-analysis and data-mining technique, can be used to effectively reveal individuals' sensitive data. This problem, which we call a "regression attack," has not been addressed in the data privacy literature, and existing privacy-preserving techniques are not appropriate in coping with this problem. We propose a new approach to counter regression attacks. To protect against privacy disclosure, our approach introduces a novel measure, called digression , which assesses the sensitive value disclosure risk in the process of building a regression tree model. Specifically, we develop an algorithm that uses the measure for pruning the tree to limit disclosure of sensitive data. We also propose a dynamic value-concatenation method for anonymizing data, which better preserves data utility than a user-defined generalization scheme commonly used in existing approaches. Our approach can be used for anonymizing both numeric and categorical data. An experimental study is conducted using real-world financial, economic and healthcare data. The results of the experiments demonstrate that the proposed approach is very effective in protecting data privacy while preserving data quality for research and analysis.

An efficient reversible privacy-preserving data mining technology over data streams.

PubMed

Lin, Chen-Yi; Kao, Yuan-Hung; Lee, Wei-Bin; Chen, Rong-Chang

2016-01-01

With the popularity of smart handheld devices and the emergence of cloud computing, users and companies can save various data, which may contain private data, to the cloud. Topics relating to data security have therefore received much attention. This study focuses on data stream environments and uses the concept of a sliding window to design a reversible privacy-preserving technology to process continuous data in real time, known as a continuous reversible privacy-preserving (CRP) algorithm. Data with CRP algorithm protection can be accurately recovered through a data recovery process. In addition, by using an embedded watermark, the integrity of the data can be verified. The results from the experiments show that, compared to existing algorithms, CRP is better at preserving knowledge and is more effective in terms of reducing information loss and privacy disclosure risk. In addition, it takes far less time for CRP to process continuous data than existing algorithms. As a result, CRP is confirmed as suitable for data stream environments and fulfills the requirements of being lightweight and energy-efficient for smart handheld devices.

Spectral Anonymization of Data

PubMed Central

Lasko, Thomas A.; Vinterbo, Staal A.

2011-01-01

The goal of data anonymization is to allow the release of scientifically useful data in a form that protects the privacy of its subjects. This requires more than simply removing personal identifiers from the data, because an attacker can still use auxiliary information to infer sensitive individual information. Additional perturbation is necessary to prevent these inferences, and the challenge is to perturb the data in a way that preserves its analytic utility. No existing anonymization algorithm provides both perfect privacy protection and perfect analytic utility. We make the new observation that anonymization algorithms are not required to operate in the original vector-space basis of the data, and many algorithms can be improved by operating in a judiciously chosen alternate basis. A spectral basis derived from the data’s eigenvectors is one that can provide substantial improvement. We introduce the term spectral anonymization to refer to an algorithm that uses a spectral basis for anonymization, and we give two illustrative examples. We also propose new measures of privacy protection that are more general and more informative than existing measures, and a principled reference standard with which to define adequate privacy protection. PMID:21373375

Privacy-Preserving Patient Similarity Learning in a Federated Environment: Development and Analysis.

PubMed

Lee, Junghye; Sun, Jimeng; Wang, Fei; Wang, Shuang; Jun, Chi-Hyuck; Jiang, Xiaoqian

2018-04-13

There is an urgent need for the development of global analytic frameworks that can perform analyses in a privacy-preserving federated environment across multiple institutions without privacy leakage. A few studies on the topic of federated medical analysis have been conducted recently with the focus on several algorithms. However, none of them have solved similar patient matching, which is useful for applications such as cohort construction for cross-institution observational studies, disease surveillance, and clinical trials recruitment. The aim of this study was to present a privacy-preserving platform in a federated setting for patient similarity learning across institutions. Without sharing patient-level information, our model can find similar patients from one hospital to another. We proposed a federated patient hashing framework and developed a novel algorithm to learn context-specific hash codes to represent patients across institutions. The similarities between patients can be efficiently computed using the resulting hash codes of corresponding patients. To avoid security attack from reverse engineering on the model, we applied homomorphic encryption to patient similarity search in a federated setting. We used sequential medical events extracted from the Multiparameter Intelligent Monitoring in Intensive Care-III database to evaluate the proposed algorithm in predicting the incidence of five diseases independently. Our algorithm achieved averaged area under the curves of 0.9154 and 0.8012 with balanced and imbalanced data, respectively, in κ-nearest neighbor with κ=3. We also confirmed privacy preservation in similarity search by using homomorphic encryption. The proposed algorithm can help search similar patients across institutions effectively to support federated data analysis in a privacy-preserving manner. ©Junghye Lee, Jimeng Sun, Fei Wang, Shuang Wang, Chi-Hyuck Jun, Xiaoqian Jiang. Originally published in JMIR Medical Informatics (http://medinform.jmir.org), 13.04.2018.

Privacy-Preserving Patient Similarity Learning in a Federated Environment: Development and Analysis

PubMed Central

Sun, Jimeng; Wang, Fei; Wang, Shuang; Jun, Chi-Hyuck; Jiang, Xiaoqian

2018-01-01

Background There is an urgent need for the development of global analytic frameworks that can perform analyses in a privacy-preserving federated environment across multiple institutions without privacy leakage. A few studies on the topic of federated medical analysis have been conducted recently with the focus on several algorithms. However, none of them have solved similar patient matching, which is useful for applications such as cohort construction for cross-institution observational studies, disease surveillance, and clinical trials recruitment. Objective The aim of this study was to present a privacy-preserving platform in a federated setting for patient similarity learning across institutions. Without sharing patient-level information, our model can find similar patients from one hospital to another. Methods We proposed a federated patient hashing framework and developed a novel algorithm to learn context-specific hash codes to represent patients across institutions. The similarities between patients can be efficiently computed using the resulting hash codes of corresponding patients. To avoid security attack from reverse engineering on the model, we applied homomorphic encryption to patient similarity search in a federated setting. Results We used sequential medical events extracted from the Multiparameter Intelligent Monitoring in Intensive Care-III database to evaluate the proposed algorithm in predicting the incidence of five diseases independently. Our algorithm achieved averaged area under the curves of 0.9154 and 0.8012 with balanced and imbalanced data, respectively, in κ-nearest neighbor with κ=3. We also confirmed privacy preservation in similarity search by using homomorphic encryption. Conclusions The proposed algorithm can help search similar patients across institutions effectively to support federated data analysis in a privacy-preserving manner. PMID:29653917

Utility-preserving anonymization for health data publishing.

PubMed

Lee, Hyukki; Kim, Soohyung; Kim, Jong Wook; Chung, Yon Dohn

2017-07-11

Publishing raw electronic health records (EHRs) may be considered as a breach of the privacy of individuals because they usually contain sensitive information. A common practice for the privacy-preserving data publishing is to anonymize the data before publishing, and thus satisfy privacy models such as k-anonymity. Among various anonymization techniques, generalization is the most commonly used in medical/health data processing. Generalization inevitably causes information loss, and thus, various methods have been proposed to reduce information loss. However, existing generalization-based data anonymization methods cannot avoid excessive information loss and preserve data utility. We propose a utility-preserving anonymization for privacy preserving data publishing (PPDP). To preserve data utility, the proposed method comprises three parts: (1) utility-preserving model, (2) counterfeit record insertion, (3) catalog of the counterfeit records. We also propose an anonymization algorithm using the proposed method. Our anonymization algorithm applies full-domain generalization algorithm. We evaluate our method in comparison with existence method on two aspects, information loss measured through various quality metrics and error rate of analysis result. With all different types of quality metrics, our proposed method show the lower information loss than the existing method. In the real-world EHRs analysis, analysis results show small portion of error between the anonymized data through the proposed method and original data. We propose a new utility-preserving anonymization method and an anonymization algorithm using the proposed method. Through experiments on various datasets, we show that the utility of EHRs anonymized by the proposed method is significantly better than those anonymized by previous approaches.

Constructing distributed Hippocratic video databases for privacy-preserving online patient training and counseling.

PubMed

Peng, Jinye; Babaguchi, Noboru; Luo, Hangzai; Gao, Yuli; Fan, Jianping

2010-07-01

Digital video now plays an important role in supporting more profitable online patient training and counseling, and integration of patient training videos from multiple competitive organizations in the health care network will result in better offerings for patients. However, privacy concerns often prevent multiple competitive organizations from sharing and integrating their patient training videos. In addition, patients with infectious or chronic diseases may not want the online patient training organizations to identify who they are or even which video clips they are interested in. Thus, there is an urgent need to develop more effective techniques to protect both video content privacy and access privacy . In this paper, we have developed a new approach to construct a distributed Hippocratic video database system for supporting more profitable online patient training and counseling. First, a new database modeling approach is developed to support concept-oriented video database organization and assign a degree of privacy of the video content for each database level automatically. Second, a new algorithm is developed to protect the video content privacy at the level of individual video clip by filtering out the privacy-sensitive human objects automatically. In order to integrate the patient training videos from multiple competitive organizations for constructing a centralized video database indexing structure, a privacy-preserving video sharing scheme is developed to support privacy-preserving distributed classifier training and prevent the statistical inferences from the videos that are shared for cross-validation of video classifiers. Our experiments on large-scale video databases have also provided very convincing results.

Privacy-Preserving RFID Authentication Using Public Exponent Three RSA Algorithm

NASA Astrophysics Data System (ADS)

Kim, Yoonjeong; Ohm, Seongyong; Yi, Kang

In this letter, we propose a privacy-preserving authentication protocol with RSA cryptosystem in an RFID environment. For both overcoming the resource restriction and strengthening security, our protocol uses only modular exponentiation with exponent three at RFID tag side, with the padded random message whose length is greater than one-sixth of the whole message length.

Privacy in Georeferenced Context-Aware Services: A Survey

NASA Astrophysics Data System (ADS)

Riboni, Daniele; Pareschi, Linda; Bettini, Claudio

Location based services (LBS) are a specific instance of a broader class of Internet services that are predicted to become popular in a near future: context-aware services. The privacy concerns that LBS have raised are likely to become even more serious when several context data, other than location and time, are sent to service providers as part of an Internet request. This paper provides a classification and a brief survey of the privacy preservation techniques that have been proposed for this type of services. After identifying the benefits and shortcomings of each class of techniques, the paper proposes a combined approach to achieve a more comprehensive solution for privacy preservation in georeferenced context-aware services.

Privacy Preserving Quantum Anonymous Transmission via Entanglement Relay

NASA Astrophysics Data System (ADS)

Yang, Wei; Huang, Liusheng; Song, Fang

2016-06-01

Anonymous transmission is an interesting and crucial issue in computer communication area, which plays a supplementary role to data privacy. In this paper, we put forward a privacy preserving quantum anonymous transmission protocol based on entanglement relay, which constructs anonymous entanglement from EPR pairs instead of multi-particle entangled state, e.g. GHZ state. Our protocol achieves both sender anonymity and receiver anonymity against an active adversary and tolerates any number of corrupt participants. Meanwhile, our protocol obtains an improvement in efficiency compared to quantum schemes in previous literature.

Privacy Preserving Quantum Anonymous Transmission via Entanglement Relay.

PubMed

Yang, Wei; Huang, Liusheng; Song, Fang

2016-06-01

Anonymous transmission is an interesting and crucial issue in computer communication area, which plays a supplementary role to data privacy. In this paper, we put forward a privacy preserving quantum anonymous transmission protocol based on entanglement relay, which constructs anonymous entanglement from EPR pairs instead of multi-particle entangled state, e.g. GHZ state. Our protocol achieves both sender anonymity and receiver anonymity against an active adversary and tolerates any number of corrupt participants. Meanwhile, our protocol obtains an improvement in efficiency compared to quantum schemes in previous literature.

Privacy Preserving Quantum Anonymous Transmission via Entanglement Relay

PubMed Central

Yang, Wei; Huang, Liusheng; Song, Fang

2016-01-01

Anonymous transmission is an interesting and crucial issue in computer communication area, which plays a supplementary role to data privacy. In this paper, we put forward a privacy preserving quantum anonymous transmission protocol based on entanglement relay, which constructs anonymous entanglement from EPR pairs instead of multi-particle entangled state, e.g. GHZ state. Our protocol achieves both sender anonymity and receiver anonymity against an active adversary and tolerates any number of corrupt participants. Meanwhile, our protocol obtains an improvement in efficiency compared to quantum schemes in previous literature. PMID:27247078

Privacy-preserving Kruskal-Wallis test.

PubMed

Guo, Suxin; Zhong, Sheng; Zhang, Aidong

2013-10-01

Statistical tests are powerful tools for data analysis. Kruskal-Wallis test is a non-parametric statistical test that evaluates whether two or more samples are drawn from the same distribution. It is commonly used in various areas. But sometimes, the use of the method is impeded by privacy issues raised in fields such as biomedical research and clinical data analysis because of the confidential information contained in the data. In this work, we give a privacy-preserving solution for the Kruskal-Wallis test which enables two or more parties to coordinately perform the test on the union of their data without compromising their data privacy. To the best of our knowledge, this is the first work that solves the privacy issues in the use of the Kruskal-Wallis test on distributed data. Copyright © 2013 Elsevier Ireland Ltd. All rights reserved.

Privacy-Preserving Classifier Learning

NASA Astrophysics Data System (ADS)

Brickell, Justin; Shmatikov, Vitaly

We present an efficient protocol for the privacy-preserving, distributed learning of decision-tree classifiers. Our protocol allows a user to construct a classifier on a database held by a remote server without learning any additional information about the records held in the database. The server does not learn anything about the constructed classifier, not even the user’s choice of feature and class attributes.

Toward Privacy-preserving Content Access Control for Information Centric Networking

DTIC Science & Technology

2014-03-01

REPORT Toward Privacy-preserving Content Access Control for Information Centric Networking 14. ABSTRACT 16. SECURITY CLASSIFICATION OF: Information...regardless the security mechanisms provided by different content hosting servers. However, using ABE has a drawback that the enforced content access...Encryption (ABE) is a flexible approach to enforce the content access policies regardless the security mechanisms provided by different content hosting

Obfuscatable multi-recipient re-encryption for secure privacy-preserving personal health record services.

PubMed

Shi, Yang; Fan, Hongfei; Xiong, Guoyue

2015-01-01

With the rapid development of cloud computing techniques, it is attractive for personal health record (PHR) service providers to deploy their PHR applications and store the personal health data in the cloud. However, there could be a serious privacy leakage if the cloud-based system is intruded by attackers, which makes it necessary for the PHR service provider to encrypt all patients' health data on cloud servers. Existing techniques are insufficiently secure under circumstances where advanced threats are considered, or being inefficient when many recipients are involved. Therefore, the objectives of our solution are (1) providing a secure implementation of re-encryption in white-box attack contexts and (2) assuring the efficiency of the implementation even in multi-recipient cases. We designed the multi-recipient re-encryption functionality by randomness-reusing and protecting the implementation by obfuscation. The proposed solution is secure even in white-box attack contexts. Furthermore, a comparison with other related work shows that the computational cost of the proposed solution is lower. The proposed technique can serve as a building block for supporting secure, efficient and privacy-preserving personal health record service systems.

32 CFR 310.6 - Responsibilities.

Code of Federal Regulations, 2014 CFR

2014-07-01

...) Assess the impact of technology on the privacy of personal information and, when feasible, adopt privacy-enhancing technology both to preserve and protect personal information contained in Component systems of... Privacy Program support for DoD Field Activities. (c) The General Counsel of the Department of Defense...

32 CFR 310.6 - Responsibilities.

Code of Federal Regulations, 2012 CFR

2012-07-01

...) Assess the impact of technology on the privacy of personal information and, when feasible, adopt privacy-enhancing technology both to preserve and protect personal information contained in Component systems of... Privacy Program support for DoD Field Activities. (c) The General Counsel of the Department of Defense...

32 CFR 310.6 - Responsibilities.

Code of Federal Regulations, 2013 CFR

2013-07-01

...) Assess the impact of technology on the privacy of personal information and, when feasible, adopt privacy-enhancing technology both to preserve and protect personal information contained in Component systems of... Privacy Program support for DoD Field Activities. (c) The General Counsel of the Department of Defense...

32 CFR 310.6 - Responsibilities.

Code of Federal Regulations, 2010 CFR

2010-07-01

...) Assess the impact of technology on the privacy of personal information and, when feasible, adopt privacy-enhancing technology both to preserve and protect personal information contained in Component systems of... Privacy Program support for DoD Field Activities. (c) The General Counsel of the Department of Defense...

32 CFR 310.6 - Responsibilities.

Code of Federal Regulations, 2011 CFR

2011-07-01

...) Assess the impact of technology on the privacy of personal information and, when feasible, adopt privacy-enhancing technology both to preserve and protect personal information contained in Component systems of... Privacy Program support for DoD Field Activities. (c) The General Counsel of the Department of Defense...

Comment on id-based remote data integrity checking with data privacy preserving

NASA Astrophysics Data System (ADS)

Zhang, Jianhong; Meng, Hongxin

2017-09-01

Recently, an ID-based remote data integrity checking protocol with perfect data privacy preserving (IEEE Transactions on Information Forensics and Security, doi: 10.1109/TIFS.2016.2615853) was proposed to achieve data privacy protection and integrity checking. Unfortunately, in this letter, we demonstrate that their protocol is insecure. An active hacker can modify the stored data without being detected by the verifier in the auditing. And we also show malicious cloud server can convince the verifier that the stored data are kept intact after the outsourced data blocks are deleted. Finally, the reasons to produce such attacks are given.

Secure Data Aggregation Protocol for M2M Communications

DTIC Science & Technology

2015-03-24

networking and collaboration among various devices has experienced tremendous growth. To adapt to the trend, the concept of Internet of Things ( IoT ... IoTs ): Models, Algorithms, and Implementations, accepted Title: “Privacy-Preserving Time-Series Data Aggregation for Internet of Things ” Date...public release; distribution is unlimited. (5) Privacy-Preserving Time-Series Data Aggregation for Internet of Things Abstract In recent years, the

Privacy-Preserving Location-Based Services

ERIC Educational Resources Information Center

Chow, Chi Yin

2010-01-01

Location-based services (LBS for short) providers require users' current locations to answer their location-based queries, e.g., range and nearest-neighbor queries. Revealing personal location information to potentially untrusted service providers could create privacy risks for users. To this end, our objective is to design a privacy-preserving…

Privacy Protection by Matrix Transformation

NASA Astrophysics Data System (ADS)

Yang, Weijia

Privacy preserving is indispensable in data mining. In this paper, we present a novel clustering method for distributed multi-party data sets using orthogonal transformation and data randomization techniques. Our method can not only protect privacy in face of collusion, but also achieve a higher level of accuracy compared to the existing methods.

Striking the balance: Privacy and spatial pattern preservation in masked GPS data

NASA Astrophysics Data System (ADS)

Seidl, Dara E.

Volunteered location and trajectory data are increasingly collected and applied in analysis for a variety of academic fields and recreational pursuits. As access to personal location data increases, issues of privacy arise as individuals become identifiable and linked to other repositories of information. While the quality and precision of data are essential to accurate analysis, there is a tradeoff between privacy and access to data. Obfuscation of point data is a solution that aims to protect privacy and maximize preservation of spatial pattern. This study explores two methods of location obfuscation for volunteered GPS data: grid masking and random perturbation. These methods are applied to travel survey GPS data in the greater metropolitan regions of Chicago and Atlanta in the first large-scale GPS masking study of its kind.

Anonymizing 1:M microdata with high utility

PubMed Central

Gong, Qiyuan; Luo, Junzhou; Yang, Ming; Ni, Weiwei; Li, Xiao-Bai

2016-01-01

Preserving privacy and utility during data publishing and data mining is essential for individuals, data providers and researchers. However, studies in this area typically assume that one individual has only one record in a dataset, which is unrealistic in many applications. Having multiple records for an individual leads to new privacy leakages. We call such a dataset a 1:M dataset. In this paper, we propose a novel privacy model called (k, l)-diversity that addresses disclosure risks in 1:M data publishing. Based on this model, we develop an efficient algorithm named 1:M-Generalization to preserve privacy and data utility, and compare it with alternative approaches. Extensive experiments on real-world data show that our approach outperforms the state-of-the-art technique, in terms of data utility and computational cost. PMID:28603388

On Learning Cluster Coefficient of Private Networks

PubMed Central

Wang, Yue; Wu, Xintao; Zhu, Jun; Xiang, Yang

2013-01-01

Enabling accurate analysis of social network data while preserving differential privacy has been challenging since graph features such as clustering coefficient or modularity often have high sensitivity, which is different from traditional aggregate functions (e.g., count and sum) on tabular data. In this paper, we treat a graph statistics as a function f and develop a divide and conquer approach to enforce differential privacy. The basic procedure of this approach is to first decompose the target computation f into several less complex unit computations f1, …, fm connected by basic mathematical operations (e.g., addition, subtraction, multiplication, division), then perturb the output of each fi with Laplace noise derived from its own sensitivity value and the distributed privacy threshold εi, and finally combine those perturbed fi as the perturbed output of computation f. We examine how various operations affect the accuracy of complex computations. When unit computations have large global sensitivity values, we enforce the differential privacy by calibrating noise based on the smooth sensitivity, rather than the global sensitivity. By doing this, we achieve the strict differential privacy guarantee with smaller magnitude noise. We illustrate our approach by using clustering coefficient, which is a popular statistics used in social network analysis. Empirical evaluations on five real social networks and various synthetic graphs generated from three random graph models show the developed divide and conquer approach outperforms the direct approach. PMID:24429843

Privacy-preserving record linkage on large real world datasets.

PubMed

Randall, Sean M; Ferrante, Anna M; Boyd, James H; Bauer, Jacqueline K; Semmens, James B

2014-08-01

Record linkage typically involves the use of dedicated linkage units who are supplied with personally identifying information to determine individuals from within and across datasets. The personally identifying information supplied to linkage units is separated from clinical information prior to release by data custodians. While this substantially reduces the risk of disclosure of sensitive information, some residual risks still exist and remain a concern for some custodians. In this paper we trial a method of record linkage which reduces privacy risk still further on large real world administrative data. The method uses encrypted personal identifying information (bloom filters) in a probability-based linkage framework. The privacy preserving linkage method was tested on ten years of New South Wales (NSW) and Western Australian (WA) hospital admissions data, comprising in total over 26 million records. No difference in linkage quality was found when the results were compared to traditional probabilistic methods using full unencrypted personal identifiers. This presents as a possible means of reducing privacy risks related to record linkage in population level research studies. It is hoped that through adaptations of this method or similar privacy preserving methods, risks related to information disclosure can be reduced so that the benefits of linked research taking place can be fully realised. Copyright © 2013 Elsevier Inc. All rights reserved.

Privacy-preserving genomic testing in the clinic: a model using HIV treatment.

PubMed

McLaren, Paul J; Raisaro, Jean Louis; Aouri, Manel; Rotger, Margalida; Ayday, Erman; Bartha, István; Delgado, Maria B; Vallet, Yannick; Günthard, Huldrych F; Cavassini, Matthias; Furrer, Hansjakob; Doco-Lecompte, Thanh; Marzolini, Catia; Schmid, Patrick; Di Benedetto, Caroline; Decosterd, Laurent A; Fellay, Jacques; Hubaux, Jean-Pierre; Telenti, Amalio

2016-08-01

The implementation of genomic-based medicine is hindered by unresolved questions regarding data privacy and delivery of interpreted results to health-care practitioners. We used DNA-based prediction of HIV-related outcomes as a model to explore critical issues in clinical genomics. We genotyped 4,149 markers in HIV-positive individuals. Variants allowed for prediction of 17 traits relevant to HIV medical care, inference of patient ancestry, and imputation of human leukocyte antigen (HLA) types. Genetic data were processed under a privacy-preserving framework using homomorphic encryption, and clinical reports describing potentially actionable results were delivered to health-care providers. A total of 230 patients were included in the study. We demonstrated the feasibility of encrypting a large number of genetic markers, inferring patient ancestry, computing monogenic and polygenic trait risks, and reporting results under privacy-preserving conditions. The average execution time of a multimarker test on encrypted data was 865 ms on a standard computer. The proportion of tests returning potentially actionable genetic results ranged from 0 to 54%. The model of implementation presented herein informs on strategies to deliver genomic test results for clinical care. Data encryption to ensure privacy helps to build patient trust, a key requirement on the road to genomic-based medicine.Genet Med 18 8, 814-822.

Genome privacy: challenges, technical approaches to mitigate risk, and ethical considerations in the United States

PubMed Central

Wang, Shuang; Jiang, Xiaoqian; Singh, Siddharth; Marmor, Rebecca; Bonomi, Luca; Fox, Dov; Dow, Michelle; Ohno-Machado, Lucila

2016-01-01

Accessing and integrating human genomic data with phenotypes is important for biomedical research. Making genomic data accessible for research purposes, however, must be handled carefully to avoid leakage of sensitive individual information to unauthorized parties and improper use of data. In this article, we focus on data sharing within the scope of data accessibility for research. Current common practices to gain biomedical data access are strictly rule based, without a clear and quantitative measurement of the risk of privacy breaches. In addition, several types of studies require privacy-preserving linkage of genotype and phenotype information across different locations (e.g., genotypes stored in a sequencing facility and phenotypes stored in an electronic health record) to accelerate discoveries. The computer science community has developed a spectrum of techniques for data privacy and confidentiality protection, many of which have yet to be tested on real-world problems. In this article, we discuss clinical, technical, and ethical aspects of genome data privacy and confidentiality in the United States, as well as potential solutions for privacy-preserving genotype–phenotype linkage in biomedical research. PMID:27681358

78 FR 40515 - Privacy Act of 1974; Privacy Act System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2013-07-05

... NATIONAL AERONAUTICS AND SPACE ADMINISTRATION [Notice 13-071] Privacy Act of 1974; Privacy Act System of Records AGENCY: National Aeronautics and Space Administration (NASA). ACTION: Notice of Privacy... training associated with [[Page 40516

Informational privacy and the public's health: the Model State Public Health Privacy Act.

PubMed

Gostin, L O; Hodge, J G; Valdiserri, R O

2001-09-01

Protecting public health requires the acquisition, use, and storage of extensive health-related information about individuals. The electronic accumulation and exchange of personal data promises significant public health benefits but also threatens individual privacy; breaches of privacy can lead to individual discrimination in employment, insurance, and government programs. Individuals concerned about privacy invasions may avoid clinical or public health tests, treatments, or research. Although individual privacy protections are critical, comprehensive federal privacy protections do not adequately protect public health data, and existing state privacy laws are inconsistent and fragmented. The Model State Public Health Privacy Act provides strong privacy safeguards for public health data while preserving the ability of state and local public health departments to act for the common good.

Exploiting geo-distributed clouds for a e-health monitoring system with minimum service delay and privacy preservation.

PubMed

Shen, Qinghua; Liang, Xiaohui; Shen, Xuemin; Lin, Xiaodong; Luo, Henry Y

2014-03-01

In this paper, we propose an e-health monitoring system with minimum service delay and privacy preservation by exploiting geo-distributed clouds. In the system, the resource allocation scheme enables the distributed cloud servers to cooperatively assign the servers to the requested users under the load balance condition. Thus, the service delay for users is minimized. In addition, a traffic-shaping algorithm is proposed. The traffic-shaping algorithm converts the user health data traffic to the nonhealth data traffic such that the capability of traffic analysis attacks is largely reduced. Through the numerical analysis, we show the efficiency of the proposed traffic-shaping algorithm in terms of service delay and privacy preservation. Furthermore, through the simulations, we demonstrate that the proposed resource allocation scheme significantly reduces the service delay compared to two other alternatives using jointly the short queue and distributed control law.

Modifying the ECC-based grouping-proof RFID system to increase inpatient medication safety.

PubMed

Ko, Wen-Tsai; Chiou, Shin-Yan; Lu, Erl-Huei; Chang, Henry Ker-Chang

2014-09-01

RFID technology is increasingly used in applications that require tracking, identification, and authentication. It attaches RFID-readable tags to objects for identification and execution of specific RFID-enabled applications. Recently, research has focused on the use of grouping-proofs for preserving privacy in RFID applications, wherein a proof of two or more tags must be simultaneously scanned. In 2010, a privacy-preserving grouping proof protocol for RFID based on ECC in public-key cryptosystem was proposed but was shown to be vulnerable to tracking attacks. A proposed enhancement protocol was also shown to have defects which prevented proper execution. In 2012, Lin et al. proposed a more efficient RFID ECC-based grouping proof protocol to promote inpatient medication safety. However, we found this protocol is also vulnerable to tracking and impersonation attacks. We then propose a secure privacy-preserving RFID grouping proof protocol for inpatient medication safety and demonstrate its resistance to such attacks.

Dynamic access control model for privacy preserving personalized healthcare in cloud environment.

PubMed

Son, Jiseong; Kim, Jeong-Dong; Na, Hong-Seok; Baik, Doo-Kwon

2015-01-01

When sharing and storing healthcare data in a cloud environment, access control is a central issue for preserving data privacy as a patient's personal health data may be accessed without permission from many stakeholders. Specifically, dynamic authorization for the access of data is required because personal health data is stored in cloud storage via wearable devices. Therefore, we propose a dynamic access control model for preserving the privacy of personal healthcare data in a cloud environment. The proposed model considers context information for dynamic access. According to the proposed model, access control can be dynamically determined by changing the context information; this means that even for a subject with the same role in the cloud, access permission is defined differently depending on the context information and access condition. Furthermore, we experiment the ability of the proposed model to provide correct responses by representing a dynamic access decision with real-life personalized healthcare system scenarios.

An enhanced mobile-healthcare emergency system based on extended chaotic maps.

PubMed

Lee, Cheng-Chi; Hsu, Che-Wei; Lai, Yan-Ming; Vasilakos, Athanasios

2013-10-01

Mobile Healthcare (m-Healthcare) systems, namely smartphone applications of pervasive computing that utilize wireless body sensor networks (BSNs), have recently been proposed to provide smartphone users with health monitoring services and received great attentions. An m-Healthcare system with flaws, however, may leak out the smartphone user's personal information and cause security, privacy preservation, or user anonymity problems. In 2012, Lu et al. proposed a secure and privacy-preserving opportunistic computing (SPOC) framework for mobile-Healthcare emergency. The brilliant SPOC framework can opportunistically gather resources on the smartphone such as computing power and energy to process the computing-intensive personal health information (PHI) in case of an m-Healthcare emergency with minimal privacy disclosure. To balance between the hazard of PHI privacy disclosure and the necessity of PHI processing and transmission in m-Healthcare emergency, in their SPOC framework, Lu et al. introduced an efficient user-centric privacy access control system which they built on the basis of an attribute-based access control mechanism and a new privacy-preserving scalar product computation (PPSPC) technique. However, we found out that Lu et al.'s protocol still has some secure flaws such as user anonymity and mutual authentication. To fix those problems and further enhance the computation efficiency of Lu et al.'s protocol, in this article, the authors will present an improved mobile-Healthcare emergency system based on extended chaotic maps. The new system is capable of not only providing flawless user anonymity and mutual authentication but also reducing the computation cost.

A framework to preserve the privacy of electronic health data streams.

PubMed

Kim, Soohyung; Sung, Min Kyoung; Chung, Yon Dohn

2014-08-01

The anonymization of health data streams is important to protect these data against potential privacy breaches. A large number of research studies aiming at offering privacy in the context of data streams has been recently conducted. However, the techniques that have been proposed in these studies generate a significant delay during the anonymization process, since they concentrate on applying existing privacy models (e.g., k-anonymity and l-diversity) to batches of data extracted from data streams in a period of time. In this paper, we present delay-free anonymization, a framework for preserving the privacy of electronic health data streams. Unlike existing works, our method does not generate an accumulation delay, since input streams are anonymized immediately with counterfeit values. We further devise late validation for increasing the data utility of the anonymization results and managing the counterfeit values. Through experiments, we show the efficiency and effectiveness of the proposed method for the real-time release of data streams. Copyright © 2014 Elsevier Inc. All rights reserved.

Anonymizing and Sharing Medical Text Records

PubMed Central

Li, Xiao-Bai; Qin, Jialun

2017-01-01

Health information technology has increased accessibility of health and medical data and benefited medical research and healthcare management. However, there are rising concerns about patient privacy in sharing medical and healthcare data. A large amount of these data are in free text form. Existing techniques for privacy-preserving data sharing deal largely with structured data. Current privacy approaches for medical text data focus on detection and removal of patient identifiers from the data, which may be inadequate for protecting privacy or preserving data quality. We propose a new systematic approach to extract, cluster, and anonymize medical text records. Our approach integrates methods developed in both data privacy and health informatics fields. The key novel elements of our approach include a recursive partitioning method to cluster medical text records based on the similarity of the health and medical information and a value-enumeration method to anonymize potentially identifying information in the text data. An experimental study is conducted using real-world medical documents. The results of the experiments demonstrate the effectiveness of the proposed approach. PMID:29569650

28 CFR 700.19 - Preservation of records.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 28 Judicial Administration 2 2010-07-01 2010-07-01 false Preservation of records. 700.19 Section 700.19 Judicial Administration OFFICE OF INDEPENDENT COUNSEL PRODUCTION OR DISCLOSURE OF MATERIAL OR... the Privacy Act of 1974 § 700.19 Preservation of records. The Office shall preserve all correspondence...

6 CFR 5.28 - Preservation of records.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 6 Domestic Security 1 2010-01-01 2010-01-01 false Preservation of records. 5.28 Section 5.28 Domestic Security DEPARTMENT OF HOMELAND SECURITY, OFFICE OF THE SECRETARY DISCLOSURE OF RECORDS AND INFORMATION Privacy Act § 5.28 Preservation of records. Each component will preserve all correspondence...

Space in Space: Designing for Privacy in the Workplace

NASA Technical Reports Server (NTRS)

Akin, Jonie

2015-01-01

Privacy is cultural, socially embedded in the spatial, temporal, and material aspects of the lived experience. Definitions of privacy are as varied among scholars as they are among those who fight for their personal rights in the home and the workplace. Privacy in the workplace has become a topic of interest in recent years, as evident in discussions on Big Data as well as the shrinking office spaces in which people work. An article in The New York Times published in February of this year noted that "many companies are looking to cut costs, and one way to do that is by trimming personal space". Increasingly, organizations ranging from tech start-ups to large corporations are downsizing square footage and opting for open-office floorplans hoping to trim the budget and spark creative, productive communication among their employees. The question of how much is too much to trim when it comes to privacy, is one that is being actively addressed by the National Aeronautics and Space Administration (NASA) as they explore habitat designs for future space missions. NASA recognizes privacy as a design-related stressor impacting human health and performance. Given the challenges of sustaining life in an isolated, confined, and extreme environment such as Mars, NASA deems it necessary to determine the acceptable minimal amount for habitable volume for activities requiring at least some level of privacy in order to support optimal crew performance. Ethnographic research was conducted in 2013 to explore perceptions of privacy and privacy needs among astronauts living and working in space as part of a long-distance, long-duration mission. The allocation of space, or habitable volume, becomes an increasingly complex issue in outer space due to the costs associated with maintaining an artificial, confined environment bounded by limitations of mass while located in an extreme environment. Privacy in space, or space in space, provides a unique case study of the complex notions of privacy, the impact of design and others on achieving it, and the sensemaking that occurs when privacy is less than expected. The findings show that privacy is not just a personal, individual need but is also a need that is shared among teams and groups. Moreover, the case of space in space reveals the influence the design of the built and social environments have on privacy needs and on achieving privacy. When the level of privacy is less than expected, sensemaking occurs and the lack of privacy is dealt with by means of absencing the present. creating new social norms, and "making space" by manipulating the spatial, temporal, material aspects of the lived experience. Although the Mars habitat study represents an extreme case of privacy in the workplace, lessons learned from outer space are applicable to life in the Earth-bound workplace. A mini-case study was conducted to evaluate office space at the headquarters of a major American airline that illustrates the usefulness of building unexpected bridges between the unknown, unfamiliar Mars habitat and the everyday workplace. The comparative studies reveal insight into the interconnected, social nature of the spatial, temporal, and material aspects of the lived experience and how users of the habitat and office workspace view privacy, self, and others through an embodied, design interaction.

76 FR 67763 - Privacy Act of 1974; Privacy Act System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-02

... NATIONAL AERONAUTICS AND SPACE ADMINISTRATION [Notice (11-109)] Privacy Act of 1974; Privacy Act... proposed revisions to an existing Privacy Act system of records. SUMMARY: Pursuant to the provisions of the Privacy Act of 1974 (5 U.S.C. 552a), the National Aeronautics and Space Administration is issuing public...

Privacy-preserving methods to retrieve origin-destination information from connect vehicles.

DOT National Transportation Integrated Search

2013-01-01

This report investigates technical approaches to address privacy concerns associated with two innovative : applications enabled by connected vehicle systems, i.e., origin-destination (OD) flow measurement and differentiated : congestion pricing. The ...

Privacy-preserving methods to retrieve origin-destination information from connected vehicles.

DOT National Transportation Integrated Search

2013-01-01

This report investigates technical approaches to address privacy concerns associated with two innovative : applications enabled by connected vehicle systems, i.e., origin-destination (OD) flow measurement and differentiated : congestion pricing. The ...

Enhancing Privacy in Participatory Sensing Applications with Multidimensional Data

DOE Office of Scientific and Technical Information (OSTI.GOV)

Groat, Michael; Forrest, Stephanie; Horey, James L

2012-01-01

Participatory sensing applications rely on individuals to share local and personal data with others to produce aggregated models and knowledge. In this setting, privacy is an important consideration, and lack of privacy could discourage widespread adoption of many exciting applications. We present a privacy-preserving participatory sensing scheme for multidimensional data which uses negative surveys. Multidimensional data, such as vectors of attributes that include location and environment fields, pose a particular challenge for privacy protection and are common in participatory sensing applications. When reporting data in a negative survey, an individual participant randomly selects a value from the set complement ofmore » the sensed data value, once for each dimension, and returns the negative values to a central collection server. Using algorithms described in this paper, the server can reconstruct the probability density functions of the original distributions of sensed values, without knowing the participants actual data. As a consequence, complicated encryption and key management schemes are avoided, conserving energy. We study trade-offs between accuracy and privacy, and their relationships to the number of dimensions, categories, and participants. We introduce dimensional adjustment, a method that reduces the magnification of error associated with earlier work. Two simulation scenarios illustrate how the approach can protect the privacy of a participant's multidimensional data while allowing useful population information to be aggregated.« less

An Investigation of Data Privacy and Utility Using Machine Learning as a Gauge

ERIC Educational Resources Information Center

Mivule, Kato

2014-01-01

The purpose of this investigation is to study and pursue a user-defined approach in preserving data privacy while maintaining an acceptable level of data utility using machine learning classification techniques as a gauge in the generation of synthetic data sets. This dissertation will deal with data privacy, data utility, machine learning…

Cloud-assisted mutual authentication and privacy preservation protocol for telecare medical information systems.

PubMed

Li, Chun-Ta; Shih, Dong-Her; Wang, Chun-Cheng

2018-04-01

 With the rapid development of wireless communication technologies and the growing prevalence of smart devices, telecare medical information system (TMIS) allows patients to receive medical treatments from the doctors via Internet technology without visiting hospitals in person. By adopting mobile device, cloud-assisted platform and wireless body area network, the patients can collect their physiological conditions and upload them to medical cloud via their mobile devices, enabling caregivers or doctors to provide patients with appropriate treatments at anytime and anywhere. In order to protect the medical privacy of the patient and guarantee reliability of the system, before accessing the TMIS, all system participants must be authenticated.  Mohit et al. recently suggested a lightweight authentication protocol for cloud-based health care system. They claimed their protocol ensures resilience of all well-known security attacks and has several important features such as mutual authentication and patient anonymity. In this paper, we demonstrate that Mohit et al.'s authentication protocol has various security flaws and we further introduce an enhanced version of their protocol for cloud-assisted TMIS, which can ensure patient anonymity and patient unlinkability and prevent the security threats of report revelation and report forgery attacks.  The security analysis proves that our enhanced protocol is secure against various known attacks as well as found in Mohit et al.'s protocol. Compared with existing related protocols, our enhanced protocol keeps the merits of all desirable security requirements and also maintains the efficiency in terms of computation costs for cloud-assisted TMIS.  We propose a more secure mutual authentication and privacy preservation protocol for cloud-assisted TMIS, which fixes the mentioned security weaknesses found in Mohit et al.'s protocol. According to our analysis, our authentication protocol satisfies most functionality features for privacy preservation and effectively cope with cloud-assisted TMIS with better efficiency. Copyright © 2018 Elsevier B.V. All rights reserved.

Enhancing Privacy in Participatory Sensing Applications with Multidimensional Data

DOE Office of Scientific and Technical Information (OSTI.GOV)

Forrest, Stephanie; He, Wenbo; Groat, Michael

2013-01-01

Participatory sensing applications rely on individuals to share personal data to produce aggregated models and knowledge. In this setting, privacy concerns can discourage widespread adoption of new applications. We present a privacy-preserving participatory sensing scheme based on negative surveys for both continuous and multivariate categorical data. Without relying on encryption, our algorithms enhance the privacy of sensed data in an energy and computation efficient manner. Simulations and implementation on Android smart phones illustrate how multidimensional data can be aggregated in a useful and privacy-enhancing manner.

Privacy-Preserving Accountable Accuracy Management Systems (PAAMS)

NASA Astrophysics Data System (ADS)

Thomas, Roshan K.; Sandhu, Ravi; Bertino, Elisa; Arpinar, Budak; Xu, Shouhuai

We argue for the design of “Privacy-preserving Accountable Accuracy Management Systems (PAAMS)”. The designs of such systems recognize from the onset that accuracy, accountability, and privacy management are intertwined. As such, these systems have to dynamically manage the tradeoffs between these (often conflicting) objectives. For example, accuracy in such systems can be improved by providing better accountability links between structured and unstructured information. Further, accuracy may be enhanced if access to private information is allowed in controllable and accountable ways. Our proposed approach involves three key elements. First, a model to link unstructured information such as that found in email, image and document repositories with structured information such as that in traditional databases. Second, a model for accuracy management and entity disambiguation by proactively preventing, detecting and tracing errors in information bases. Third, a model to provide privacy-governed operation as accountability and accuracy are managed.

A Secure and Privacy-Preserving Navigation Scheme Using Spatial Crowdsourcing in Fog-Based VANETs

PubMed Central

Wang, Lingling; Liu, Guozhu; Sun, Lijun

2017-01-01

Fog-based VANETs (Vehicular ad hoc networks) is a new paradigm of vehicular ad hoc networks with the advantages of both vehicular cloud and fog computing. Real-time navigation schemes based on fog-based VANETs can promote the scheme performance efficiently. In this paper, we propose a secure and privacy-preserving navigation scheme by using vehicular spatial crowdsourcing based on fog-based VANETs. Fog nodes are used to generate and release the crowdsourcing tasks, and cooperatively find the optimal route according to the real-time traffic information collected by vehicles in their coverage areas. Meanwhile, the vehicle performing the crowdsourcing task can get a reasonable reward. The querying vehicle can retrieve the navigation results from each fog node successively when entering its coverage area, and follow the optimal route to the next fog node until it reaches the desired destination. Our scheme fulfills the security and privacy requirements of authentication, confidentiality and conditional privacy preservation. Some cryptographic primitives, including the Elgamal encryption algorithm, AES, randomized anonymous credentials and group signatures, are adopted to achieve this goal. Finally, we analyze the security and the efficiency of the proposed scheme. PMID:28338620

A Secure and Privacy-Preserving Navigation Scheme Using Spatial Crowdsourcing in Fog-Based VANETs.

PubMed

Wang, Lingling; Liu, Guozhu; Sun, Lijun

2017-03-24

Fog-based VANETs (Vehicular ad hoc networks) is a new paradigm of vehicular ad hoc networks with the advantages of both vehicular cloud and fog computing. Real-time navigation schemes based on fog-based VANETs can promote the scheme performance efficiently. In this paper, we propose a secure and privacy-preserving navigation scheme by using vehicular spatial crowdsourcing based on fog-based VANETs. Fog nodes are used to generate and release the crowdsourcing tasks, and cooperatively find the optimal route according to the real-time traffic information collected by vehicles in their coverage areas. Meanwhile, the vehicle performing the crowdsourcing task can get a reasonable reward. The querying vehicle can retrieve the navigation results from each fog node successively when entering its coverage area, and follow the optimal route to the next fog node until it reaches the desired destination. Our scheme fulfills the security and privacy requirements of authentication, confidentiality and conditional privacy preservation. Some cryptographic primitives, including the Elgamal encryption algorithm, AES, randomized anonymous credentials and group signatures, are adopted to achieve this goal. Finally, we analyze the security and the efficiency of the proposed scheme.

Genome privacy: challenges, technical approaches to mitigate risk, and ethical considerations in the United States.

PubMed

Wang, Shuang; Jiang, Xiaoqian; Singh, Siddharth; Marmor, Rebecca; Bonomi, Luca; Fox, Dov; Dow, Michelle; Ohno-Machado, Lucila

2017-01-01

Accessing and integrating human genomic data with phenotypes are important for biomedical research. Making genomic data accessible for research purposes, however, must be handled carefully to avoid leakage of sensitive individual information to unauthorized parties and improper use of data. In this article, we focus on data sharing within the scope of data accessibility for research. Current common practices to gain biomedical data access are strictly rule based, without a clear and quantitative measurement of the risk of privacy breaches. In addition, several types of studies require privacy-preserving linkage of genotype and phenotype information across different locations (e.g., genotypes stored in a sequencing facility and phenotypes stored in an electronic health record) to accelerate discoveries. The computer science community has developed a spectrum of techniques for data privacy and confidentiality protection, many of which have yet to be tested on real-world problems. In this article, we discuss clinical, technical, and ethical aspects of genome data privacy and confidentiality in the United States, as well as potential solutions for privacy-preserving genotype-phenotype linkage in biomedical research. © 2016 New York Academy of Sciences.

A Framework for Managing the Assured Information Sharing Lifecycle

DTIC Science & Technology

2013-11-06

Mohamed Nabeel , Elisa Bertino: Privacy preserving delegated access control in the storage as a service model. IRI 2012: 645-652 • Mohamed Nabeel , Ning...2012: 67-68 • M. Nabeel , J. Zage, S. Kerr, E. Bertino, N. Athula Kulatunga, U. Sudheera Navaratne, M. Duren: Crypto- graphic Key Management for Smart...Military Communications Conf., Nov.2011. • Pramod Jagtap, Anupam Joshi, Tim Finin and Laura Zavala, Preserving Privacy in Context-Aware Sys - tems, Proc. 5th IEEE Int. Conf. on Semantic Computing, Oct. 2011.

De-identification of unstructured paper-based health records for privacy-preserving secondary use.

PubMed

Fenz, Stefan; Heurix, Johannes; Neubauer, Thomas; Rella, Antonio

2014-07-01

Abstract Whenever personal data is processed, privacy is a serious issue. Especially in the document-centric e-health area, the patients' privacy must be preserved in order to prevent any negative repercussions for the patient. Clinical research, for example, demands structured health records to carry out efficient clinical trials, whereas legislation (e.g. HIPAA) regulates that only de-identified health records may be used for research. However, unstructured and often paper-based data dominates information technology, especially in the healthcare sector. Existing approaches are geared towards data in English-language documents only and have not been designed to handle the recognition of erroneous personal data which is the result of the OCR-based digitization of paper-based health records.

Privacy-Preserving Location-Based Query Using Location Indexes and Parallel Searching in Distributed Networks

PubMed Central

Liu, Lei; Zhao, Jing

2014-01-01

An efficient location-based query algorithm of protecting the privacy of the user in the distributed networks is given. This algorithm utilizes the location indexes of the users and multiple parallel threads to search and select quickly all the candidate anonymous sets with more users and their location information with more uniform distribution to accelerate the execution of the temporal-spatial anonymous operations, and it allows the users to configure their custom-made privacy-preserving location query requests. The simulated experiment results show that the proposed algorithm can offer simultaneously the location query services for more users and improve the performance of the anonymous server and satisfy the anonymous location requests of the users. PMID:24790579

Privacy-Preserving Authentication of Users with Smart Cards Using One-Time Credentials

NASA Astrophysics Data System (ADS)

Park, Jun-Cheol

User privacy preservation is critical to prevent many sophisticated attacks that are based on the user's server access patterns and ID-related information. We propose a password-based user authentication scheme that provides strong privacy protection using one-time credentials. It eliminates the possibility of tracing a user's authentication history and hides the user's ID and password even from servers. In addition, it is resistant against user impersonation even if both a server's verification database and a user's smart card storage are disclosed. We also provide a revocation scheme for a user to promptly invalidate the user's credentials on a server when the user's smart card is compromised. The schemes use lightweight operations only such as computing hashes and bitwise XORs.

Archiving data from new survey technologies: Enabling research with high-precision data while preserving participant privacy

DOE PAGES

Gonder, Jeffrey; Burton, Evan; Murakami, Elaine

2015-12-29

Despite the significant effort and expense to collect high-resolution Global Positioning System (GPS) data in travel surveys, privacy concerns often lead to its underutilization. This paper describes development of the Transportation Secure Data Center (TSDC) to address this dilemma of providing data access while preserving privacy. Furthermore, the TSDC operating structure was developed in consultation with an advisory committee and includes: a secure enclave with no external access for backing up and processing raw data, a publicly accessible website for downloading cleansed data, and a secure portal environment through which approved users can work with detailed spatial data using amore » variety of tools and reference information.« less

Privacy-preserving location-based query using location indexes and parallel searching in distributed networks.

PubMed

Zhong, Cheng; Liu, Lei; Zhao, Jing

2014-01-01

An efficient location-based query algorithm of protecting the privacy of the user in the distributed networks is given. This algorithm utilizes the location indexes of the users and multiple parallel threads to search and select quickly all the candidate anonymous sets with more users and their location information with more uniform distribution to accelerate the execution of the temporal-spatial anonymous operations, and it allows the users to configure their custom-made privacy-preserving location query requests. The simulated experiment results show that the proposed algorithm can offer simultaneously the location query services for more users and improve the performance of the anonymous server and satisfy the anonymous location requests of the users.

TripSense: A Trust-Based Vehicular Platoon Crowdsensing Scheme with Privacy Preservation in VANETs

PubMed Central

Hu, Hao; Lu, Rongxing; Huang, Cheng; Zhang, Zonghua

2016-01-01

In this paper, we propose a trust-based vehicular platoon crowdsensing scheme, named TripSense, in VANET. The proposed TripSense scheme introduces a trust-based system to evaluate vehicles’ sensing abilities and then selects the more capable vehicles in order to improve sensing results accuracy. In addition, the sensing tasks are accomplished by platoon member vehicles and preprocessed by platoon head vehicles before the data are uploaded to server. Hence, it is less time-consuming and more efficient compared with the way where the data are submitted by individual platoon member vehicles. Hence it is more suitable in ephemeral networks like VANET. Moreover, our proposed TripSense scheme integrates unlinkable pseudo-ID techniques to achieve PM vehicle identity privacy, and employs a privacy-preserving sensing vehicle selection scheme without involving the PM vehicle’s trust score to keep its location privacy. Detailed security analysis shows that our proposed TripSense scheme not only achieves desirable privacy requirements but also resists against attacks launched by adversaries. In addition, extensive simulations are conducted to show the correctness and effectiveness of our proposed scheme. PMID:27258287

Secure Obfuscation for Encrypted Group Signatures

PubMed Central

Fan, Hongfei; Liu, Qin

2015-01-01

In recent years, group signature techniques are widely used in constructing privacy-preserving security schemes for various information systems. However, conventional techniques keep the schemes secure only in normal black-box attack contexts. In other words, these schemes suppose that (the implementation of) the group signature generation algorithm is running in a platform that is perfectly protected from various intrusions and attacks. As a complementary to existing studies, how to generate group signatures securely in a more austere security context, such as a white-box attack context, is studied in this paper. We use obfuscation as an approach to acquire a higher level of security. Concretely, we introduce a special group signature functionality-an encrypted group signature, and then provide an obfuscator for the proposed functionality. A series of new security notions for both the functionality and its obfuscator has been introduced. The most important one is the average-case secure virtual black-box property w.r.t. dependent oracles and restricted dependent oracles which captures the requirement of protecting the output of the proposed obfuscator against collision attacks from group members. The security notions fit for many other specialized obfuscators, such as obfuscators for identity-based signatures, threshold signatures and key-insulated signatures. Finally, the correctness and security of the proposed obfuscator have been proven. Thereby, the obfuscated encrypted group signature functionality can be applied to variants of privacy-preserving security schemes and enhance the security level of these schemes. PMID:26167686

Electronic consent channels: preserving patient privacy without handcuffing researchers.

PubMed

Shelton, Robert H

2011-02-09

Advances in health information technology and electronic medical records have the tremendous potential to accelerate translational and clinical research. However, privacy concerns threaten to be a rate-limiting factor. By recognizing and responding to patient privacy concerns, policy-makers, researchers, and information technology leaders have the opportunity to transform trial recruitment and make it safer to electronically locate and convey sensitive health information.

Modelling information dissemination under privacy concerns in social media

NASA Astrophysics Data System (ADS)

Zhu, Hui; Huang, Cheng; Lu, Rongxing; Li, Hui

2016-05-01

Social media has recently become an important platform for users to share news, express views, and post messages. However, due to user privacy preservation in social media, many privacy setting tools are employed, which inevitably change the patterns and dynamics of information dissemination. In this study, a general stochastic model using dynamic evolution equations was introduced to illustrate how privacy concerns impact the process of information dissemination. Extensive simulations and analyzes involving the privacy settings of general users, privileged users, and pure observers were conducted on real-world networks, and the results demonstrated that user privacy settings affect information differently. Finally, we also studied the process of information diffusion analytically and numerically with different privacy settings using two classic networks.

Locus Guard Pilot

NASA Astrophysics Data System (ADS)

Chandrashekar, Varsha; B, Prabadevi

2017-11-01

Providing services to user is the main functionality of every search engine. Recently services based on users’ current location has also been enabled with the help of GPS in every smartphone. But how safe are their searches and how trustworthy is the search engine. Why are users tracked even when they turn off the tracking. Where lies the solution. Unless there is a security system to prevent ad trackers from misusing user’ s location, any application which relies on user’ s location will be of no use. We know that location information is highly sensitive personal data. Knowing where a person was at a particular time, one can infer his/her personal activities, political views, health status, and launch unsolicited advertising, physical attacks or harassment. Therefore, mechanisms to preserve users' privacy and anonymity are mandatory in any application that involves users’ location. So there comes the need to hide the location of the users. This proposed application aims to implement some of the features required for preserving users’ privacy and also a secure user login so that services provided to users can be used by them without danger of their searches being misused.

Privacy-preserving genomic testing in the clinic: a model using HIV treatment

PubMed Central

McLaren, Paul J.; Raisaro, Jean Louis; Aouri, Manel; Rotger, Margalida; Ayday, Erman; Bartha, István; Delgado, Maria B.; Vallet, Yannick; Günthard, Huldrych F.; Cavassini, Matthias; Furrer, Hansjakob; Doco-Lecompte, Thanh; Marzolini, Catia; Schmid, Patrick; Di Benedetto, Caroline; Decosterd, Laurent A.; Fellay, Jacques; Hubaux, Jean-Pierre; Telenti, Amalio

2016-01-01

Purpose: The implementation of genomic-based medicine is hindered by unresolved questions regarding data privacy and delivery of interpreted results to health-care practitioners. We used DNA-based prediction of HIV-related outcomes as a model to explore critical issues in clinical genomics. Genet Med 18 8, 814–822. Methods: We genotyped 4,149 markers in HIV-positive individuals. Variants allowed for prediction of 17 traits relevant to HIV medical care, inference of patient ancestry, and imputation of human leukocyte antigen (HLA) types. Genetic data were processed under a privacy-preserving framework using homomorphic encryption, and clinical reports describing potentially actionable results were delivered to health-care providers. Genet Med 18 8, 814–822. Results: A total of 230 patients were included in the study. We demonstrated the feasibility of encrypting a large number of genetic markers, inferring patient ancestry, computing monogenic and polygenic trait risks, and reporting results under privacy-preserving conditions. The average execution time of a multimarker test on encrypted data was 865 ms on a standard computer. The proportion of tests returning potentially actionable genetic results ranged from 0 to 54%. Genet Med 18 8, 814–822. Conclusions: The model of implementation presented herein informs on strategies to deliver genomic test results for clinical care. Data encryption to ensure privacy helps to build patient trust, a key requirement on the road to genomic-based medicine. Genet Med 18 8, 814–822. PMID:26765343

Musings on privacy issues in health research involving disaggregate geographic data about individuals.

PubMed

Boulos, Maged N Kamel; Curtis, Andrew J; Abdelmalik, Philip

2009-07-20

This paper offers a state-of-the-art overview of the intertwined privacy, confidentiality, and security issues that are commonly encountered in health research involving disaggregate geographic data about individuals. Key definitions are provided, along with some examples of actual and potential security and confidentiality breaches and related incidents that captured mainstream media and public interest in recent months and years. The paper then goes on to present a brief survey of the research literature on location privacy/confidentiality concerns and on privacy-preserving solutions in conventional health research and beyond, touching on the emerging privacy issues associated with online consumer geoinformatics and location-based services. The 'missing ring' (in many treatments of the topic) of data security is also discussed. Personal information and privacy legislations in two countries, Canada and the UK, are covered, as well as some examples of recent research projects and events about the subject. Select highlights from a June 2009 URISA (Urban and Regional Information Systems Association) workshop entitled 'Protecting Privacy and Confidentiality of Geographic Data in Health Research' are then presented. The paper concludes by briefly charting the complexity of the domain and the many challenges associated with it, and proposing a novel, 'one stop shop' case-based reasoning framework to streamline the provision of clear and individualised guidance for the design and approval of new research projects (involving geographical identifiers about individuals), including crisp recommendations on which specific privacy-preserving solutions and approaches would be suitable in each case.

Musings on privacy issues in health research involving disaggregate geographic data about individuals

PubMed Central

Boulos, Maged N Kamel; Curtis, Andrew J; AbdelMalik, Philip

2009-01-01

This paper offers a state-of-the-art overview of the intertwined privacy, confidentiality, and security issues that are commonly encountered in health research involving disaggregate geographic data about individuals. Key definitions are provided, along with some examples of actual and potential security and confidentiality breaches and related incidents that captured mainstream media and public interest in recent months and years. The paper then goes on to present a brief survey of the research literature on location privacy/confidentiality concerns and on privacy-preserving solutions in conventional health research and beyond, touching on the emerging privacy issues associated with online consumer geoinformatics and location-based services. The 'missing ring' (in many treatments of the topic) of data security is also discussed. Personal information and privacy legislations in two countries, Canada and the UK, are covered, as well as some examples of recent research projects and events about the subject. Select highlights from a June 2009 URISA (Urban and Regional Information Systems Association) workshop entitled 'Protecting Privacy and Confidentiality of Geographic Data in Health Research' are then presented. The paper concludes by briefly charting the complexity of the domain and the many challenges associated with it, and proposing a novel, 'one stop shop' case-based reasoning framework to streamline the provision of clear and individualised guidance for the design and approval of new research projects (involving geographical identifiers about individuals), including crisp recommendations on which specific privacy-preserving solutions and approaches would be suitable in each case. PMID:19619311

Privacy Factors in Video-Based Media Spaces

NASA Astrophysics Data System (ADS)

Boyle, Michael; Neustaedter, Carman; Greenberg, Saul

Media space research is accompanied by a long-standing debate on the value of awareness leading to casual interaction versus its potential for intended or unintended privacy invasion. This is not just a matter of technology: the trade-off between the two depends very much on the social makeup of the people using the space, how cameras are actually situated, the kinds of activities that typically happen in the space, and so on. This chapter offers a framework — a descriptive theory — that defines how one can think of privacy while analyzing media spaces and their expected or actual use. The framework outlines existing perspectives on privacy and then decomposes privacy into three normative controls for regula ting interpersonal boundaries in an embodied dialectic: solitude, confidentiality, and autonomy. By considering the nuances of these controls, this theory yields a powerful vocabulary of terms that disambiguate the many interrelated and subtle meanings of “privacy.”

36 CFR 1600.28 - Preservation of records.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 36 Parks, Forests, and Public Property 3 2010-07-01 2010-07-01 false Preservation of records. 1600.28 Section 1600.28 Parks, Forests, and Public Property MORRIS K. UDALL SCHOLARSHIP AND EXCELLENCE IN... and Access to Individual Records Under the Privacy Act of 1974 § 1600.28 Preservation of records. The...

A Novel Quantum Solution to Privacy-Preserving Nearest Neighbor Query in Location-Based Services

NASA Astrophysics Data System (ADS)

Luo, Zhen-yu; Shi, Run-hua; Xu, Min; Zhang, Shun

2018-04-01

We present a cheating-sensitive quantum protocol for Privacy-Preserving Nearest Neighbor Query based on Oblivious Quantum Key Distribution and Quantum Encryption. Compared with the classical related protocols, our proposed protocol has higher security, because the security of our protocol is based on basic physical principles of quantum mechanics, instead of difficulty assumptions. Especially, our protocol takes single photons as quantum resources and only needs to perform single-photon projective measurement. Therefore, it is feasible to implement this protocol with the present technologies.

Privacy-Preserving Location-Based Service Scheme for Mobile Sensing Data.

PubMed

Xie, Qingqing; Wang, Liangmin

2016-11-25

With the wide use of mobile sensing application, more and more location-embedded data are collected and stored in mobile clouds, such as iCloud, Samsung cloud, etc. Using these data, the cloud service provider (CSP) can provide location-based service (LBS) for users. However, the mobile cloud is untrustworthy. The privacy concerns force the sensitive locations to be stored on the mobile cloud in an encrypted form. However, this brings a great challenge to utilize these data to provide efficient LBS. To solve this problem, we propose a privacy-preserving LBS scheme for mobile sensing data, based on the RSA (for Rivest, Shamir and Adleman) algorithm and ciphertext policy attribute-based encryption (CP-ABE) scheme. The mobile cloud can perform location distance computing and comparison efficiently for authorized users, without location privacy leakage. In the end, theoretical security analysis and experimental evaluation demonstrate that our scheme is secure against the chosen plaintext attack (CPA) and efficient enough for practical applications in terms of user side computation overhead.

A Framework for Privacy-preserving Classification of Next-generation PHR data.

PubMed

Koufi, Vassiliki; Malamateniou, Flora; Prentza, Andriana; Vassilacopoulos, George

2014-01-01

Personal Health Records (PHRs), integrated with data from various sources, such as social care data, Electronic Health Record data and genetic information, are envisaged as having a pivotal role in transforming healthcare. These data, lumped under the term 'big data', are usually complex, noisy, heterogeneous, longitudinal and voluminous thus prohibiting their meaningful use by clinicians. Deriving value from these data requires the utilization of innovative data analysis techniques, which, however, may be hindered due to potential security and privacy breaches that may arise from improper release of personal health information. This paper presents a HIPAA-compliant machine learning framework that enables privacy-preserving classification of next-generation PHR data. The predictive models acquired can act as supporting tools to clinical practice by enabling more effective prevention, diagnosis and treatment of new incidents. The proposed framework has a huge potential for complementing medical staff expertise as it outperforms the manual inspection of PHR data while protecting patient privacy.

Privacy-preserving clinical decision support system using Gaussian kernel-based classification.

PubMed

Rahulamathavan, Yogachandran; Veluru, Suresh; Phan, Raphael C-W; Chambers, Jonathon A; Rajarajan, Muttukrishnan

2014-01-01

A clinical decision support system forms a critical capability to link health observations with health knowledge to influence choices by clinicians for improved healthcare. Recent trends toward remote outsourcing can be exploited to provide efficient and accurate clinical decision support in healthcare. In this scenario, clinicians can use the health knowledge located in remote servers via the Internet to diagnose their patients. However, the fact that these servers are third party and therefore potentially not fully trusted raises possible privacy concerns. In this paper, we propose a novel privacy-preserving protocol for a clinical decision support system where the patients' data always remain in an encrypted form during the diagnosis process. Hence, the server involved in the diagnosis process is not able to learn any extra knowledge about the patient's data and results. Our experimental results on popular medical datasets from UCI-database demonstrate that the accuracy of the proposed protocol is up to 97.21% and the privacy of patient data is not compromised.

Privacy-Preserving Location-Based Service Scheme for Mobile Sensing Data †

PubMed Central

Xie, Qingqing; Wang, Liangmin

2016-01-01

With the wide use of mobile sensing application, more and more location-embedded data are collected and stored in mobile clouds, such as iCloud, Samsung cloud, etc. Using these data, the cloud service provider (CSP) can provide location-based service (LBS) for users. However, the mobile cloud is untrustworthy. The privacy concerns force the sensitive locations to be stored on the mobile cloud in an encrypted form. However, this brings a great challenge to utilize these data to provide efficient LBS. To solve this problem, we propose a privacy-preserving LBS scheme for mobile sensing data, based on the RSA (for Rivest, Shamir and Adleman) algorithm and ciphertext policy attribute-based encryption (CP-ABE) scheme. The mobile cloud can perform location distance computing and comparison efficiently for authorized users, without location privacy leakage. In the end, theoretical security analysis and experimental evaluation demonstrate that our scheme is secure against the chosen plaintext attack (CPA) and efficient enough for practical applications in terms of user side computation overhead. PMID:27897984

Implications of Privacy Needs and Interpersonal Distancing Mechanisms for Space Station Design

NASA Technical Reports Server (NTRS)

Harrison, A. A.; Sommer, R.; Struthers, N.; Hoyt, K.

1986-01-01

The literature on privacy needs, personal space, interpersonal distancing, and crowding is reveiwed with special reference to spaceflight and spaceflight analogous conditions. A quantitative model is proposed for understanding privacy, interpersonal distancing, and performance. The implications for space station design is described.

A new approach to preserve privacy data mining based on fuzzy theory in numerical database

NASA Astrophysics Data System (ADS)

Cui, Run; Kim, Hyoung Joong

2014-01-01

With the rapid development of information techniques, data mining approaches have become one of the most important tools to discover the in-deep associations of tuples in large-scale database. Hence how to protect the private information is quite a huge challenge, especially during the data mining procedure. In this paper, a new method is proposed for privacy protection which is based on fuzzy theory. The traditional fuzzy approach in this area will apply fuzzification to the data without considering its readability. A new style of obscured data expression is introduced to provide more details of the subsets without reducing the readability. Also we adopt a balance approach between the privacy level and utility when to achieve the suitable subgroups. An experiment is provided to show that this approach is suitable for the classification without a lower accuracy. In the future, this approach can be adapted to the data stream as the low computation complexity of the fuzzy function with a suitable modification.

Routes for breaching and protecting genetic privacy

PubMed Central

Erlich, Yaniv; Narayanan, Arvind

2014-01-01

We are entering an era of ubiquitous genetic information for research, clinical care and personal curiosity. Sharing these datasets is vital for progress in biomedical research. However, one growing concern is the ability to protect the genetic privacy of the data originators. Here, we present an overview of genetic privacy breaching strategies. We outline the principles of each technique, point to the underlying assumptions, and assess its technological complexity and maturation. We then review potential mitigation methods for privacy-preserving dissemination of sensitive data and highlight different cases that are relevant to genetic applications. PMID:24805122

Nation-wide primary healthcare research network: a privacy protection assessment.

PubMed

De Clercq, Etienne; Van Casteren, Viviane; Bossuyt, Nathalie; Moreels, Sarah; Goderis, Geert; Bartholomeeusen, Stefaan; Bonte, Pierre; Bangels, Marc

2012-01-01

Efficiency and privacy protection are essential when setting up nationwide research networks. This paper investigates the extent to which basic services developed to support the provision of care can be re-used, whilst preserving an acceptable privacy protection level, within a large Belgian primary care research network. The generic sustainable confidentiality management model used to assess the privacy protection level of the selected network architecture is described. A short analysis of the current architecture is provided. Our generic model could also be used in other countries.

Routes for breaching and protecting genetic privacy.

PubMed

Erlich, Yaniv; Narayanan, Arvind

2014-06-01

We are entering an era of ubiquitous genetic information for research, clinical care and personal curiosity. Sharing these data sets is vital for progress in biomedical research. However, a growing concern is the ability to protect the genetic privacy of the data originators. Here, we present an overview of genetic privacy breaching strategies. We outline the principles of each technique, indicate the underlying assumptions, and assess their technological complexity and maturation. We then review potential mitigation methods for privacy-preserving dissemination of sensitive data and highlight different cases that are relevant to genetic applications.

mSieve: Differential Behavioral Privacy in Time Series of Mobile Sensor Data.

PubMed

Saleheen, Nazir; Chakraborty, Supriyo; Ali, Nasir; Mahbubur Rahman, Md; Hossain, Syed Monowar; Bari, Rummana; Buder, Eugene; Srivastava, Mani; Kumar, Santosh

2016-09-01

Differential privacy concepts have been successfully used to protect anonymity of individuals in population-scale analysis. Sharing of mobile sensor data, especially physiological data, raise different privacy challenges, that of protecting private behaviors that can be revealed from time series of sensor data. Existing privacy mechanisms rely on noise addition and data perturbation. But the accuracy requirement on inferences drawn from physiological data, together with well-established limits within which these data values occur, render traditional privacy mechanisms inapplicable. In this work, we define a new behavioral privacy metric based on differential privacy and propose a novel data substitution mechanism to protect behavioral privacy. We evaluate the efficacy of our scheme using 660 hours of ECG, respiration, and activity data collected from 43 participants and demonstrate that it is possible to retain meaningful utility, in terms of inference accuracy (90%), while simultaneously preserving the privacy of sensitive behaviors.

mSieve: Differential Behavioral Privacy in Time Series of Mobile Sensor Data

PubMed Central

Saleheen, Nazir; Chakraborty, Supriyo; Ali, Nasir; Mahbubur Rahman, Md; Hossain, Syed Monowar; Bari, Rummana; Buder, Eugene; Srivastava, Mani; Kumar, Santosh

2016-01-01

Differential privacy concepts have been successfully used to protect anonymity of individuals in population-scale analysis. Sharing of mobile sensor data, especially physiological data, raise different privacy challenges, that of protecting private behaviors that can be revealed from time series of sensor data. Existing privacy mechanisms rely on noise addition and data perturbation. But the accuracy requirement on inferences drawn from physiological data, together with well-established limits within which these data values occur, render traditional privacy mechanisms inapplicable. In this work, we define a new behavioral privacy metric based on differential privacy and propose a novel data substitution mechanism to protect behavioral privacy. We evaluate the efficacy of our scheme using 660 hours of ECG, respiration, and activity data collected from 43 participants and demonstrate that it is possible to retain meaningful utility, in terms of inference accuracy (90%), while simultaneously preserving the privacy of sensitive behaviors. PMID:28058408

77 FR 16019 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2012-03-19

...: Administrative functions, such as control of office space, visits, attendance at meetings and conferences, gifts..., opinions, and policies applicable to civil law and military affairs, international, foreign, procurement...

Location Privacy in RFID Applications

NASA Astrophysics Data System (ADS)

Sadeghi, Ahmad-Reza; Visconti, Ivan; Wachsmann, Christian

RFID-enabled systems allow fully automatic wireless identification of objects and are rapidly becoming a pervasive technology with various applications. However, despite their benefits, RFID-based systems also pose challenging risks, in particular concerning user privacy. Indeed, improvident use of RFID can disclose sensitive information about users and their locations allowing detailed user profiles. Hence, it is crucial to identify and to enforce appropriate security and privacy requirements of RFID applications (that are also compliant to legislation). This chapter first discusses security and privacy requirements for RFID-enabled systems, focusing in particular on location privacy issues. Then it explores the advances in RFID applications, stressing the security and privacy shortcomings of existing proposals. Finally, it presents new promising directions for privacy-preserving RFID systems, where as a case study we focus electronic tickets (e-tickets) for public transportation.

A compressive sensing based secure watermark detection and privacy preserving storage framework.

PubMed

Qia Wang; Wenjun Zeng; Jun Tian

2014-03-01

Privacy is a critical issue when the data owners outsource data storage or processing to a third party computing service, such as the cloud. In this paper, we identify a cloud computing application scenario that requires simultaneously performing secure watermark detection and privacy preserving multimedia data storage. We then propose a compressive sensing (CS)-based framework using secure multiparty computation (MPC) protocols to address such a requirement. In our framework, the multimedia data and secret watermark pattern are presented to the cloud for secure watermark detection in a CS domain to protect the privacy. During CS transformation, the privacy of the CS matrix and the watermark pattern is protected by the MPC protocols under the semi-honest security model. We derive the expected watermark detection performance in the CS domain, given the target image, watermark pattern, and the size of the CS matrix (but without the CS matrix itself). The correctness of the derived performance has been validated by our experiments. Our theoretical analysis and experimental results show that secure watermark detection in the CS domain is feasible. Our framework can also be extended to other collaborative secure signal processing and data-mining applications in the cloud.

14 CFR 1212.200 - Determining existence of records subject to the Privacy Act.

Code of Federal Regulations, 2010 CFR

2010-01-01

... requests under the Privacy Act made by individuals concerning records about themselves: (a) To determine if... the Privacy Act. 1212.200 Section 1212.200 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Access to Records § 1212.200 Determining existence of records subject...

Human factor design of habitable space facilities

NASA Technical Reports Server (NTRS)

Clearwater, Yvonne A.

1987-01-01

Current fundamental and applied habitability research conducted as part of the U.S. space program is reviewed with emphasis on methods, findings, and applications of the results to the planning and design of the International Space Station. The discussion covers the following six concurrent directions of habitability research: operational simulation, functional interior decor research, space crew privacy requirements, interior layout and configuration analysis, human spatial habitability model, and analogous environments research.

Enabling search over encrypted multimedia databases

NASA Astrophysics Data System (ADS)

Lu, Wenjun; Swaminathan, Ashwin; Varna, Avinash L.; Wu, Min

2009-02-01

Performing information retrieval tasks while preserving data confidentiality is a desirable capability when a database is stored on a server maintained by a third-party service provider. This paper addresses the problem of enabling content-based retrieval over encrypted multimedia databases. Search indexes, along with multimedia documents, are first encrypted by the content owner and then stored onto the server. Through jointly applying cryptographic techniques, such as order preserving encryption and randomized hash functions, with image processing and information retrieval techniques, secure indexing schemes are designed to provide both privacy protection and rank-ordered search capability. Retrieval results on an encrypted color image database and security analysis of the secure indexing schemes under different attack models show that data confidentiality can be preserved while retaining very good retrieval performance. This work has promising applications in secure multimedia management.

Privacy preserving data publishing of categorical data through k-anonymity and feature selection.

PubMed

Aristodimou, Aristos; Antoniades, Athos; Pattichis, Constantinos S

2016-03-01

In healthcare, there is a vast amount of patients' data, which can lead to important discoveries if combined. Due to legal and ethical issues, such data cannot be shared and hence such information is underused. A new area of research has emerged, called privacy preserving data publishing (PPDP), which aims in sharing data in a way that privacy is preserved while the information lost is kept at a minimum. In this Letter, a new anonymisation algorithm for PPDP is proposed, which is based on k-anonymity through pattern-based multidimensional suppression (kPB-MS). The algorithm uses feature selection for reducing the data dimensionality and then combines attribute and record suppression for obtaining k-anonymity. Five datasets from different areas of life sciences [RETINOPATHY, Single Proton Emission Computed Tomography imaging, gene sequencing and drug discovery (two datasets)], were anonymised with kPB-MS. The produced anonymised datasets were evaluated using four different classifiers and in 74% of the test cases, they produced similar or better accuracies than using the full datasets.

14 CFR 1212.200 - Determining existence of records subject to the Privacy Act.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Determining existence of records subject to the Privacy Act. 1212.200 Section 1212.200 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Access to Records § 1212.200 Determining existence of records subject...

Facilitating Trust in Privacy-Preserving E-Learning Environments

ERIC Educational Resources Information Center

Anwar, M.; Greer, J.

2012-01-01

This research explores a new model for facilitating trust in online e-learning activities. We begin by protecting the privacy of learners through identity management (IM), where personal information can be protected through some degree of participant anonymity or pseudonymity. In order to expect learners to trust other pseudonymous participants,…

32 CFR 316.5 - Policy.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 2 2010-07-01 2010-07-01 false Policy. 316.5 Section 316.5 National Defense Department of Defense (Continued) OFFICE OF THE SECRETARY OF DEFENSE (CONTINUED) PRIVACY PROGRAM DEFENSE INFORMATION SYSTEMS AGENCY PRIVACY PROGRAM § 316.5 Policy. It is the policy of DISA: (a) To preserve the...

Randomization Based Privacy Preserving Categorical Data Analysis

ERIC Educational Resources Information Center

Guo, Ling

2010-01-01

The success of data mining relies on the availability of high quality data. To ensure quality data mining, effective information sharing between organizations becomes a vital requirement in today's society. Since data mining often involves sensitive information of individuals, the public has expressed a deep concern about their privacy.…

An analysis of random projection for changeable and privacy-preserving biometric verification.

PubMed

Wang, Yongjin; Plataniotis, Konstantinos N

2010-10-01

Changeability and privacy protection are important factors for widespread deployment of biometrics-based verification systems. This paper presents a systematic analysis of a random-projection (RP)-based method for addressing these problems. The employed method transforms biometric data using a random matrix with each entry an independent and identically distributed Gaussian random variable. The similarity- and privacy-preserving properties, as well as the changeability of the biometric information in the transformed domain, are analyzed in detail. Specifically, RP on both high-dimensional image vectors and dimensionality-reduced feature vectors is discussed and compared. A vector translation method is proposed to improve the changeability of the generated templates. The feasibility of the introduced solution is well supported by detailed theoretical analyses. Extensive experimentation on a face-based biometric verification problem shows the effectiveness of the proposed method.

Who, When, Where: Obfuscation Preferences in Location-Sharing Applications

DTIC Science & Technology

2011-06-01

location sharing preferences. There has been prior work on using obfuscation as a privacy preserving technique in the context of location based services [1,6,7,4...2004). Privacy in location - based services , concern vs. coolness. MobileHCI 2004 workshop: Location System Privacy and Control. 3. Benisch, M... based services , and the value of location. In Proc. of Ubicomp 2010. 5. Consolvo, S., Smith, I. E., Matthews, T., LaMarca, A., Tabert, J., Powledge, P

Space Partitioning for Privacy Enabled 3D City Models

NASA Astrophysics Data System (ADS)

Filippovska, Y.; Wichmann, A.; Kada, M.

2016-10-01

Due to recent technological progress, data capturing and processing of highly detailed (3D) data has become extensive. And despite all prospects of potential uses, data that includes personal living spaces and public buildings can also be considered as a serious intrusion into people's privacy and a threat to security. It becomes especially critical if data is visible by the general public. Thus, a compromise is needed between open access to data and privacy requirements which can be very different for each application. As privacy is a complex and versatile topic, the focus of this work particularly lies on the visualization of 3D urban data sets. For the purpose of privacy enabled visualizations of 3D city models, we propose to partition the (living) spaces into privacy regions, each featuring its own level of anonymity. Within each region, the depicted 2D and 3D geometry and imagery is anonymized with cartographic generalization techniques. The underlying spatial partitioning is realized as a 2D map generated as a straight skeleton of the open space between buildings. The resulting privacy cells are then merged according to the privacy requirements associated with each building to form larger regions, their borderlines smoothed, and transition zones established between privacy regions to have a harmonious visual appearance. It is exemplarily demonstrated how the proposed method generates privacy enabled 3D city models.

22 CFR 308.2 - Policy.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 22 Foreign Relations 2 2011-04-01 2009-04-01 true Policy. 308.2 Section 308.2 Foreign Relations PEACE CORPS IMPLEMENTATION OF THE PRIVACY ACT OF 1974 § 308.2 Policy. It is the policy of the Peace Corps to protect, preserve and defend the right of privacy of any individual as to whom the agency...

An Optimal Algorithm towards Successive Location Privacy in Sensor Networks with Dynamic Programming

NASA Astrophysics Data System (ADS)

Zhao, Baokang; Wang, Dan; Shao, Zili; Cao, Jiannong; Chan, Keith C. C.; Su, Jinshu

In wireless sensor networks, preserving location privacy under successive inference attacks is extremely critical. Although this problem is NP-complete in general cases, we propose a dynamic programming based algorithm and prove it is optimal in special cases where the correlation only exists between p immediate adjacent observations.

Towards Practical Privacy-Preserving Internet Services

ERIC Educational Resources Information Center

Wang, Shiyuan

2012-01-01

Today's Internet offers people a vast selection of data centric services, such as online query services, the cloud, and location-based services, etc. These internet services bring people a lot of convenience, but at the same time raise privacy concerns, e.g., sensitive information revealed by the queries, sensitive data being stored and…

Privacy-Preserving Electrocardiogram Monitoring for Intelligent Arrhythmia Detection.

PubMed

Son, Junggab; Park, Juyoung; Oh, Heekuck; Bhuiyan, Md Zakirul Alam; Hur, Junbeom; Kang, Kyungtae

2017-06-12

Long-term electrocardiogram (ECG) monitoring, as a representative application of cyber-physical systems, facilitates the early detection of arrhythmia. A considerable number of previous studies has explored monitoring techniques and the automated analysis of sensing data. However, ensuring patient privacy or confidentiality has not been a primary concern in ECG monitoring. First, we propose an intelligent heart monitoring system, which involves a patient-worn ECG sensor (e.g., a smartphone) and a remote monitoring station, as well as a decision support server that interconnects these components. The decision support server analyzes the heart activity, using the Pan-Tompkins algorithm to detect heartbeats and a decision tree to classify them. Our system protects sensing data and user privacy, which is an essential attribute of dependability, by adopting signal scrambling and anonymous identity schemes. We also employ a public key cryptosystem to enable secure communication between the entities. Simulations using data from the MIT-BIH arrhythmia database demonstrate that our system achieves a 95.74% success rate in heartbeat detection and almost a 96.63% accuracy in heartbeat classification, while successfully preserving privacy and securing communications among the involved entities.

Privacy-Preserving Electrocardiogram Monitoring for Intelligent Arrhythmia Detection †

PubMed Central

Son, Junggab; Park, Juyoung; Oh, Heekuck; Bhuiyan, Md Zakirul Alam; Hur, Junbeom; Kang, Kyungtae

2017-01-01

Long-term electrocardiogram (ECG) monitoring, as a representative application of cyber-physical systems, facilitates the early detection of arrhythmia. A considerable number of previous studies has explored monitoring techniques and the automated analysis of sensing data. However, ensuring patient privacy or confidentiality has not been a primary concern in ECG monitoring. First, we propose an intelligent heart monitoring system, which involves a patient-worn ECG sensor (e.g., a smartphone) and a remote monitoring station, as well as a decision support server that interconnects these components. The decision support server analyzes the heart activity, using the Pan–Tompkins algorithm to detect heartbeats and a decision tree to classify them. Our system protects sensing data and user privacy, which is an essential attribute of dependability, by adopting signal scrambling and anonymous identity schemes. We also employ a public key cryptosystem to enable secure communication between the entities. Simulations using data from the MIT-BIH arrhythmia database demonstrate that our system achieves a 95.74% success rate in heartbeat detection and almost a 96.63% accuracy in heartbeat classification, while successfully preserving privacy and securing communications among the involved entities. PMID:28604628

PCPA: A Practical Certificateless Conditional Privacy Preserving Authentication Scheme for Vehicular Ad Hoc Networks

PubMed Central

2018-01-01

Vehicle ad hoc networks (VANETs) is a promising network scenario for greatly improving traffic efficiency and safety, in which smart vehicles can communicate with other vehicles or roadside units. For the availability of VANETs, it is very important to deal with the security and privacy problems for VANETs. In this paper, based on certificateless cryptography and elliptic curve cryptography, we present a certificateless signature with message recovery (CLS-MR), which we believe are of independent interest. Then, a practical certificateless conditional privacy preserving authentication (PCPA) scheme is proposed by incorporating the proposed CLS-MR scheme. Furthermore, the security analysis shows that PCPA satisfies all security and privacy requirements. The evaluation results indicate that PCPA achieves low computation and communication costs because there is no need to use the bilinear pairing and map-to-point hash operations. Moreover, extensive simulations show that PCPA is feasible and achieves prominent performances in terms of message delay and message loss ratio, and thus is more suitable for the deployment and adoption of VANETs. PMID:29762511

A hybrid cloud read aligner based on MinHash and kmer voting that preserves privacy

NASA Astrophysics Data System (ADS)

Popic, Victoria; Batzoglou, Serafim

2017-05-01

Low-cost clouds can alleviate the compute and storage burden of the genome sequencing data explosion. However, moving personal genome data analysis to the cloud can raise serious privacy concerns. Here, we devise a method named Balaur, a privacy preserving read mapper for hybrid clouds based on locality sensitive hashing and kmer voting. Balaur can securely outsource a substantial fraction of the computation to the public cloud, while being highly competitive in accuracy and speed with non-private state-of-the-art read aligners on short read data. We also show that the method is significantly faster than the state of the art in long read mapping. Therefore, Balaur can enable institutions handling massive genomic data sets to shift part of their analysis to the cloud without sacrificing accuracy or exposing sensitive information to an untrusted third party.

A hybrid cloud read aligner based on MinHash and kmer voting that preserves privacy

PubMed Central

Popic, Victoria; Batzoglou, Serafim

2017-01-01

Low-cost clouds can alleviate the compute and storage burden of the genome sequencing data explosion. However, moving personal genome data analysis to the cloud can raise serious privacy concerns. Here, we devise a method named Balaur, a privacy preserving read mapper for hybrid clouds based on locality sensitive hashing and kmer voting. Balaur can securely outsource a substantial fraction of the computation to the public cloud, while being highly competitive in accuracy and speed with non-private state-of-the-art read aligners on short read data. We also show that the method is significantly faster than the state of the art in long read mapping. Therefore, Balaur can enable institutions handling massive genomic data sets to shift part of their analysis to the cloud without sacrificing accuracy or exposing sensitive information to an untrusted third party. PMID:28508884

A community effort to protect genomic data sharing, collaboration and outsourcing.

PubMed

Wang, Shuang; Jiang, Xiaoqian; Tang, Haixu; Wang, Xiaofeng; Bu, Diyue; Carey, Knox; Dyke, Stephanie Om; Fox, Dov; Jiang, Chao; Lauter, Kristin; Malin, Bradley; Sofia, Heidi; Telenti, Amalio; Wang, Lei; Wang, Wenhao; Ohno-Machado, Lucila

2017-01-01

The human genome can reveal sensitive information and is potentially re-identifiable, which raises privacy and security concerns about sharing such data on wide scales. In 2016, we organized the third Critical Assessment of Data Privacy and Protection competition as a community effort to bring together biomedical informaticists, computer privacy and security researchers, and scholars in ethical, legal, and social implications (ELSI) to assess the latest advances on privacy-preserving techniques for protecting human genomic data. Teams were asked to develop novel protection methods for emerging genome privacy challenges in three scenarios: Track (1) data sharing through the Beacon service of the Global Alliance for Genomics and Health. Track (2) collaborative discovery of similar genomes between two institutions; and Track (3) data outsourcing to public cloud services. The latter two tracks represent continuing themes from our 2015 competition, while the former was new and a response to a recently established vulnerability. The winning strategy for Track 1 mitigated the privacy risk by hiding approximately 11% of the variation in the database while permitting around 160,000 queries, a significant improvement over the baseline. The winning strategies in Tracks 2 and 3 showed significant progress over the previous competition by achieving multiple orders of magnitude performance improvement in terms of computational runtime and memory requirements. The outcomes suggest that applying highly optimized privacy-preserving and secure computation techniques to safeguard genomic data sharing and analysis is useful. However, the results also indicate that further efforts are needed to refine these techniques into practical solutions.

76 FR 64115 - Privacy Act of 1974; Privacy Act System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2011-10-17

... NATIONAL AERONAUTICS AND SPACE ADMINISTRATION [Notice (11-092)] Privacy Act of 1974; Privacy Act... retirement of one Privacy Act system of records notice. SUMMARY: In accordance with the Privacy Act of 1974, NASA is giving notice that it proposes to cancel the following Privacy Act system of records notice...

Recognition and privacy preservation of paper-based health records.

PubMed

Fenz, Stefan; Heurix, Johannes; Neubauer, Thomas

2012-01-01

While the digitization of medical data within electronic health records has been introduced in some areas, massive amounts of paper-based health records are still produced on a daily basis. This data has to be stored for decades due to legal reasons but is of no benefit for research organizations, as the unstructured medical data in paper-based health records cannot be efficiently used for clinical studies. This paper presents a system for the recognition and privacy preservation of personal data in paper-based health records with the aim to provide clinical studies with medical data gained from existing paper-based health records.

Assessing subject privacy and data confidentiality in an emerging region for clinical trials: United Arab Emirates.

PubMed

Nair, Satish Chandrasekhar; Ibrahim, Halah

2015-01-01

Pharmaceutical sponsored clinical trials, formerly conducted predominantly in the United States and Europe, have expanded to emerging regions, including the Middle East. Our study explores factors influencing clinical trial privacy and confidentiality in the United Arab Emirates. Factors including concept familiarity, informed consent compliance, data access, and preservation, were analyzed to assess current practices in the Arab world. As the UAE is an emerging region for clinical trials, there is a growing need for regulations related to data confidentiality and subject privacy. Informational and decisional privacy should be viewed within the realms of Arab culture and religious background.

Bound-Preserving Discontinuous Galerkin Methods for Conservative Phase Space Advection in Curvilinear Coordinates

DOE Office of Scientific and Technical Information (OSTI.GOV)

Mezzacappa, Anthony; Endeve, Eirik; Hauck, Cory D.

We extend the positivity-preserving method of Zhang & Shu [49] to simulate the advection of neutral particles in phase space using curvilinear coordinates. The ability to utilize these coordinates is important for non-equilibrium transport problems in general relativity and also in science and engineering applications with specific geometries. The method achieves high-order accuracy using Discontinuous Galerkin (DG) discretization of phase space and strong stabilitypreserving, Runge-Kutta (SSP-RK) time integration. Special care in taken to ensure that the method preserves strict bounds for the phase space distribution function f; i.e., f ϵ [0, 1]. The combination of suitable CFL conditions and themore » use of the high-order limiter proposed in [49] is su cient to ensure positivity of the distribution function. However, to ensure that the distribution function satisfies the upper bound, the discretization must, in addition, preserve the divergencefree property of the phase space ow. Proofs that highlight the necessary conditions are presented for general curvilinear coordinates, and the details of these conditions are worked out for some commonly used coordinate systems (i.e., spherical polar spatial coordinates in spherical symmetry and cylindrical spatial coordinates in axial symmetry, both with spherical momentum coordinates). Results from numerical experiments - including one example in spherical symmetry adopting the Schwarzschild metric - demonstrate that the method achieves high-order accuracy and that the distribution function satisfies the maximum principle.« less

The Theory and Application of Privacy-preserving Computation

DTIC Science & Technology

2015-03-26

which rejected the deployment of smart meters due to privacy concerns of the fine-grained information reporting necessary for the smart grid . Yet...there are clear benefits of the smart grid that are lost when smart metering is not available. This is true of many applications which require sensitive...31 4.1 Smart Grid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 4.1.1 Motivation

Anatomisation with slicing: a new privacy preservation approach for multiple sensitive attributes.

PubMed

Susan, V Shyamala; Christopher, T

2016-01-01

An enormous quantity of personal health information is available in recent decades and tampering of any part of this information imposes a great risk to the health care field. Existing anonymization methods are only apt for single sensitive and low dimensional data to keep up with privacy specifically like generalization and bucketization. In this paper, an anonymization technique is proposed that is a combination of the benefits of anatomization, and enhanced slicing approach adhering to the principle of k-anonymity and l-diversity for the purpose of dealing with high dimensional data along with multiple sensitive data. The anatomization approach dissociates the correlation observed between the quasi identifier attributes and sensitive attributes (SA) and yields two separate tables with non-overlapping attributes. In the enhanced slicing algorithm, vertical partitioning does the grouping of the correlated SA in ST together and thereby minimizes the dimensionality by employing the advanced clustering algorithm. In order to get the optimal size of buckets, tuple partitioning is conducted by MFA. The experimental outcomes indicate that the proposed method can preserve privacy of data with numerous SA. The anatomization approach minimizes the loss of information and slicing algorithm helps in the preservation of correlation and utility which in turn results in reducing the data dimensionality and information loss. The advanced clustering algorithms prove its efficiency by minimizing the time and complexity. Furthermore, this work sticks to the principle of k-anonymity, l-diversity and thus avoids privacy threats like membership, identity and attributes disclosure.

Privacy-Preserving and Secure Sharing of PHR in the Cloud.

PubMed

Zhang, Leyou; Wu, Qing; Mu, Yi; Zhang, Jingxia

2016-12-01

As a new summarized record of an individual's medical data and information, Personal Health Record (PHR) can be accessible online. The owner can control fully his/her PHR files to be shared with different users such as doctors, clinic agents, and friends. However, in an open network environment like in the Cloud, these sensitive privacy information may be gotten by those unauthorized parties and users. In this paper, we consider how to achieve PHR data confidentiality and provide fine-grained access control of PHR files in the public Cloud based on Attribute Based Encryption(ABE). Differing from previous works, we also consider the privacy preserving of the receivers since the attributes of the receivers relate to their identity or medical information, which would make some sensitive data exposed to third services. Anonymous ABE(AABE) not only enforces the security of PHR of the owners but also preserves the privacy of the receivers. But a normal AABE with a single private key generation(PKG) center may not match a PHR system in the hierarchical architecture. Therefore, we discuss not only the construction of the PHR sharing system base on AABE but also how to construct the PHR sharing system based on the hierarchical AABE. The proposed schemes(especially based on hierarchical AABE) have many advantages over the available such as short public keys, constant-size private keys, which overcome the weaknesses in the existing works. In the standard model, the introduced schemes achieve compact security in the prime order groups.

Securing SIFT: Privacy-preserving Outsourcing Computation of Feature Extractions Over Encrypted Image Data.

PubMed

Hu, Shengshan; Wang, Qian; Wang, Jingjun; Qin, Zhan; Ren, Kui

2016-05-13

Advances in cloud computing have greatly motivated data owners to outsource their huge amount of personal multimedia data and/or computationally expensive tasks onto the cloud by leveraging its abundant resources for cost saving and flexibility. Despite the tremendous benefits, the outsourced multimedia data and its originated applications may reveal the data owner's private information, such as the personal identity, locations or even financial profiles. This observation has recently aroused new research interest on privacy-preserving computations over outsourced multimedia data. In this paper, we propose an effective and practical privacy-preserving computation outsourcing protocol for the prevailing scale-invariant feature transform (SIFT) over massive encrypted image data. We first show that previous solutions to this problem have either efficiency/security or practicality issues, and none can well preserve the important characteristics of the original SIFT in terms of distinctiveness and robustness. We then present a new scheme design that achieves efficiency and security requirements simultaneously with the preservation of its key characteristics, by randomly splitting the original image data, designing two novel efficient protocols for secure multiplication and comparison, and carefully distributing the feature extraction computations onto two independent cloud servers. We both carefully analyze and extensively evaluate the security and effectiveness of our design. The results show that our solution is practically secure, outperforms the state-of-theart, and performs comparably to the original SIFT in terms of various characteristics, including rotation invariance, image scale invariance, robust matching across affine distortion, addition of noise and change in 3D viewpoint and illumination.

SecSIFT: Privacy-preserving Outsourcing Computation of Feature Extractions Over Encrypted Image Data.

PubMed

Hu, Shengshan; Wang, Qian; Wang, Jingjun; Qin, Zhan; Ren, Kui

2016-05-13

Advances in cloud computing have greatly motivated data owners to outsource their huge amount of personal multimedia data and/or computationally expensive tasks onto the cloud by leveraging its abundant resources for cost saving and flexibility. Despite the tremendous benefits, the outsourced multimedia data and its originated applications may reveal the data owner's private information, such as the personal identity, locations or even financial profiles. This observation has recently aroused new research interest on privacy-preserving computations over outsourced multimedia data. In this paper, we propose an effective and practical privacy-preserving computation outsourcing protocol for the prevailing scale-invariant feature transform (SIFT) over massive encrypted image data. We first show that previous solutions to this problem have either efficiency/security or practicality issues, and none can well preserve the important characteristics of the original SIFT in terms of distinctiveness and robustness. We then present a new scheme design that achieves efficiency and security requirements simultaneously with the preservation of its key characteristics, by randomly splitting the original image data, designing two novel efficient protocols for secure multiplication and comparison, and carefully distributing the feature extraction computations onto two independent cloud servers. We both carefully analyze and extensively evaluate the security and effectiveness of our design. The results show that our solution is practically secure, outperforms the state-of-theart, and performs comparably to the original SIFT in terms of various characteristics, including rotation invariance, image scale invariance, robust matching across affine distortion, addition of noise and change in 3D viewpoint and illumination.

14 CFR 1212.100 - Scope and purpose.

Code of Federal Regulations, 2010 CFR

2010-01-01

....100 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Basic Policy § 1212.100 Scope and purpose. This part 1212 implements the Privacy Act of 1974, as amended (5 U.S.C. 552a). It establishes procedures for individuals to access their Privacy Act records and to...

A smart-card-enabled privacy preserving E-prescription system.

PubMed

Yang, Yanjiang; Han, Xiaoxi; Bao, Feng; Deng, Robert H

2004-03-01

Within the overall context of protection of health care information, privacy of prescription data needs special treatment. First, the involvement of diverse parties, especially nonmedical parties in the process of drug prescription complicates the protection of prescription data. Second, both patients and doctors have privacy stakes in prescription, and their privacy should be equally protected. Third, the following facts determine that prescription should not be processed in a truly anonymous manner: certain involved parties conduct useful research on the basis of aggregation of prescription data that are linkable with respect to either the patients or the doctors; prescription data has to be identifiable in some extreme circumstances, e.g., under the court order for inspection and assign liability. In this paper, we propose an e-prescription system to address issues pertaining to the privacy protection in the process of drug prescription. In our system, patients' smart cards play an important role. For one thing, the smart cards are implemented to be portable repositories carrying up-to-date personal medical records and insurance information, providing doctors instant data access crucial to the process of diagnosis and prescription. For the other, with the secret signing key being stored inside, the smart card enables the patient to sign electronically the prescription pad, declaring his acceptance of the prescription. To make the system more realistic, we identify the needs for a patient to delegate his signing capability to other people so as to protect the privacy of information housed on his card. A strong proxy signature scheme achieving technologically mutual agreements on the delegation is proposed to implement the delegation functionality.

Sample Complexity Bounds for Differentially Private Learning

PubMed Central

Chaudhuri, Kamalika; Hsu, Daniel

2013-01-01

This work studies the problem of privacy-preserving classification – namely, learning a classifier from sensitive data while preserving the privacy of individuals in the training set. In particular, the learning algorithm is required in this problem to guarantee differential privacy, a very strong notion of privacy that has gained significant attention in recent years. A natural question to ask is: what is the sample requirement of a learning algorithm that guarantees a certain level of privacy and accuracy? We address this question in the context of learning with infinite hypothesis classes when the data is drawn from a continuous distribution. We first show that even for very simple hypothesis classes, any algorithm that uses a finite number of examples and guarantees differential privacy must fail to return an accurate classifier for at least some unlabeled data distributions. This result is unlike the case with either finite hypothesis classes or discrete data domains, in which distribution-free private learning is possible, as previously shown by Kasiviswanathan et al. (2008). We then consider two approaches to differentially private learning that get around this lower bound. The first approach is to use prior knowledge about the unlabeled data distribution in the form of a reference distribution chosen independently of the sensitive data. Given such a reference , we provide an upper bound on the sample requirement that depends (among other things) on a measure of closeness between and the unlabeled data distribution. Our upper bound applies to the non-realizable as well as the realizable case. The second approach is to relax the privacy requirement, by requiring only label-privacy – namely, that the only labels (and not the unlabeled parts of the examples) be considered sensitive information. An upper bound on the sample requirement of learning with label privacy was shown by Chaudhuri et al. (2006); in this work, we show a lower bound. PMID:25285183

Hiding in Plain Sight: Anonymity and Privacy Preserving Mechanisms for Data Collection and Collaboration

ERIC Educational Resources Information Center

Kumar, Rajeev

2009-01-01

This dissertation contributes to the society by providing mechanisms that can potentially increase the availability of valuable personal level information without sacrificing the privacy of citizens. We consider two settings by which personal level data can be made available to its users such as researchers, who then may use it for the benefit of…

EPPS: Efficient and Privacy-Preserving Personal Health Information Sharing in Mobile Healthcare Social Networks

PubMed Central

Jiang, Shunrong; Zhu, Xiaoyan; Wang, Liangmin

2015-01-01

Mobile healthcare social networks (MHSNs) have emerged as a promising next-generation healthcare system, which will significantly improve the quality of life. However, there are many security and privacy concerns before personal health information (PHI) is shared with other parities. To ensure patients’ full control over their PHI, we propose a fine-grained and scalable data access control scheme based on attribute-based encryption (ABE). Besides, policies themselves for PHI sharing may be sensitive and may reveal information about underlying PHI or about data owners or recipients. In our scheme, we let each attribute contain an attribute name and its value and adopt the Bloom filter to efficiently check attributes before decryption. Thus, the data privacy and policy privacy can be preserved in our proposed scheme. Moreover, considering the fact that the computational cost grows with the complexity of the access policy and the limitation of the resource and energy in a smart phone, we outsource ABE decryption to the cloud while preventing the cloud from learning anything about the content and access policy. The security and performance analysis is carried out to demonstrate that our proposed scheme can achieve fine-grained access policies for PHI sharing in MHSNs. PMID:26404300

EPPS: Efficient and Privacy-Preserving Personal Health Information Sharing in Mobile Healthcare Social Networks.

PubMed

Jiang, Shunrong; Zhu, Xiaoyan; Wang, Liangmin

2015-09-03

Mobile healthcare social networks (MHSNs) have emerged as a promising next-generation healthcare system, which will significantly improve the quality of life. However, there are many security and privacy concerns before personal health information (PHI) is shared with other parities. To ensure patients' full control over their PHI, we propose a fine-grained and scalable data access control scheme based on attribute-based encryption (ABE). Besides, policies themselves for PHI sharing may be sensitive and may reveal information about underlying PHI or about data owners or recipients. In our scheme, we let each attribute contain an attribute name and its value and adopt the Bloom filter to efficiently check attributes before decryption. Thus, the data privacy and policy privacy can be preserved in our proposed scheme. Moreover, considering the fact that the computational cost grows with the complexity of the access policy and the limitation of the resource and energy in a smart phone, we outsource ABE decryption to the cloud while preventing the cloud from learning anything about the content and access policy. The security and performance analysis is carried out to demonstrate that our proposed scheme can achieve fine-grained access policies for PHI sharing in MHSNs.

Electronic Health Records: An Enhanced Security Paradigm to Preserve Patient's Privacy

NASA Astrophysics Data System (ADS)

Slamanig, Daniel; Stingl, Christian

In recent years, demographic change and increasing treatment costs demand the adoption of more cost efficient, highly qualitative and integrated health care processes. The rapid growth and availability of the Internet facilitate the development of eHealth services and especially of electronic health records (EHRs) which are promising solutions to meet the aforementioned requirements. Considering actual web-based EHR systems, patient-centric and patient moderated approaches are widely deployed. Besides, there is an emerging market of so called personal health record platforms, e.g. Google Health. Both concepts provide a central and web-based access to highly sensitive medical data. Additionally, the fact that these systems may be hosted by not fully trustworthy providers necessitates to thoroughly consider privacy issues. In this paper we define security and privacy objectives that play an important role in context of web-based EHRs. Furthermore, we discuss deployed solutions as well as concepts proposed in the literature with respect to this objectives and point out several weaknesses. Finally, we introduce a system which overcomes the drawbacks of existing solutions by considering an holistic approach to preserve patient's privacy and discuss the applied methods.

Attribute Utility Motivated k-anonymization of Datasets to Support the Heterogeneous Needs of Biomedical Researchers

PubMed Central

Ye, Huimin; Chen, Elizabeth S.

2011-01-01

In order to support the increasing need to share electronic health data for research purposes, various methods have been proposed for privacy preservation including k-anonymity. Many k-anonymity models provide the same level of anoymization regardless of practical need, which may decrease the utility of the dataset for a particular research study. In this study, we explore extensions to the k-anonymity algorithm that aim to satisfy the heterogeneous needs of different researchers while preserving privacy as well as utility of the dataset. The proposed algorithm, Attribute Utility Motivated k-anonymization (AUM), involves analyzing the characteristics of attributes and utilizing them to minimize information loss during the anonymization process. Through comparison with two existing algorithms, Mondrian and Incognito, preliminary results indicate that AUM may preserve more information from original datasets thus providing higher quality results with lower distortion. PMID:22195223

Applying Triple-Matrix Masking for Privacy Preserving Data Collection and Sharing in HIV Studies.

PubMed

Pei, Qinglin; Chen, Shigang; Xiao, Yao; Wu, Samuel S

2016-01-01

Many HIV research projects are plagued by the high missing rate of selfreported information during data collection. Also, due to the sensitive nature of the HIV research data, privacy protection is always a concern for data sharing in HIV studies. This paper applies a data masking approach, called triple-matrix masking [1], to the context of HIV research for ensuring privacy protection during the process of data collection and data sharing. Using a set of generated HIV patient data, we show step by step how the data are randomly transformed (masked) before leaving the patients' individual data collection device (which ensures that nobody sees the actual data) and how the masked data are further transformed by a masking service provider and a data collector. We demonstrate that the masked data retain statistical utility of the original data, yielding the exactly same inference results in the planned logistic regression on the effect of age on the adherence to antiretroviral therapy and in the Cox proportional hazard model for the age effect on time to viral load suppression. Privacy-preserving data collection method may help resolve the privacy protection issue in HIV research. The individual sensitive data can be completely hidden while the same inference results can still be obtained from the masked data, with the use of common statistical analysis methods.

Exercising privacy rights in medical science.

PubMed

Hillmer, Michael; Redelmeier, Donald A

2007-12-04

Privacy laws are intended to preserve human well-being and improve medical outcomes. We used the Sportstats website, a repository of competitive athletic data, to test how easily these laws can be circumvented. We designed a haphazard, unrepresentative case-series analysis and applied unscientific methods based on an Internet connection and idle time. We found it both feasible and titillating to breach anonymity, stockpile personal information and generate misquotations. We extended our methods to snoop on celebrities, link to outside databases and uncover refusal to participate. Throughout our study, we evaded capture and public humiliation despite violating these 6 privacy fundamentals. We suggest that the legitimate principle of safeguarding personal privacy is undermined by the natural human tendency toward showing off.

Stepsiblings

MedlinePlus

... rivalries that may already exist. Privacy and Personal Space Sometimes a child is asked to share a ... sometimes creating anger and jealousy. Privacy and personal space become important issues in blended families. Whenever possible, ...

Are privacy-enhancing technologies for genomic data ready for the clinic? A survey of medical experts of the Swiss HIV Cohort Study.

PubMed

Raisaro, Jean-Louis; McLaren, Paul J; Fellay, Jacques; Cavassini, Matthias; Klersy, Catherine; Hubaux, Jean-Pierre

2018-03-01

Protecting patient privacy is a major obstacle for the implementation of genomic-based medicine. Emerging privacy-enhancing technologies can become key enablers for managing sensitive genetic data. We studied physicians' attitude toward this kind of technology in order to derive insights that might foster their future adoption for clinical care. We conducted a questionnaire-based survey among 55 physicians of the Swiss HIV Cohort Study who tested the first implementation of a privacy-preserving model for delivering genomic test results. We evaluated their feedback on three different aspects of our model: clinical utility, ability to address privacy concerns and system usability. 38/55 (69%) physicians participated in the study. Two thirds of them acknowledged genetic privacy as a key aspect that needs to be protected to help building patient trust and deploy new-generation medical information systems. All of them successfully used the tool for evaluating their patients' pharmacogenomics risk and 90% were happy with the user experience and the efficiency of the tool. Only 8% of physicians were unsatisfied with the level of information and wanted to have access to the patient's actual DNA sequence. This survey, although limited in size, represents the first evaluation of privacy-preserving models for genomic-based medicine. It has allowed us to derive unique insights that will improve the design of these new systems in the future. In particular, we have observed that a clinical information system that uses homomorphic encryption to provide clinicians with risk information based on sensitive genetic test results can offer information that clinicians feel sufficient for their needs and appropriately respectful of patients' privacy. The ability of this kind of systems to ensure strong security and privacy guarantees and to provide some analytics on encrypted data has been assessed as a key enabler for the management of sensitive medical information in the near future. Providing clinically relevant information to physicians while protecting patients' privacy in order to comply with regulations is crucial for the widespread use of these new technologies. Copyright © 2017. Published by Elsevier Inc.

Privacy-preserving self-helped medical diagnosis scheme based on secure two-party computation in wireless sensor networks.

PubMed

Sun, Yi; Wen, Qiaoyan; Zhang, Yudong; Li, Wenmin

2014-01-01

With the continuing growth of wireless sensor networks in pervasive medical care, people pay more and more attention to privacy in medical monitoring, diagnosis, treatment, and patient care. On one hand, we expect the public health institutions to provide us with better service. On the other hand, we would not like to leak our personal health information to them. In order to balance this contradiction, in this paper we design a privacy-preserving self-helped medical diagnosis scheme based on secure two-party computation in wireless sensor networks so that patients can privately diagnose themselves by inputting a health card into a self-helped medical diagnosis ATM to obtain a diagnostic report just like drawing money from a bank ATM without revealing patients' health information and doctors' diagnostic skill. It makes secure self-helped disease diagnosis feasible and greatly benefits patients as well as relieving the heavy pressure of public health institutions.

Privacy-Preserving Integration of Medical Data : A Practical Multiparty Private Set Intersection.

PubMed

Miyaji, Atsuko; Nakasho, Kazuhisa; Nishida, Shohei

2017-03-01

Medical data are often maintained by different organizations. However, detailed analyses sometimes require these datasets to be integrated without violating patient or commercial privacy. Multiparty Private Set Intersection (MPSI), which is an important privacy-preserving protocol, computes an intersection of multiple private datasets. This approach ensures that only designated parties can identify the intersection. In this paper, we propose a practical MPSI that satisfies the following requirements: The size of the datasets maintained by the different parties is independent of the others, and the computational complexity of the dataset held by each party is independent of the number of parties. Our MPSI is based on the use of an outsourcing provider, who has no knowledge of the data inputs or outputs. This reduces the computational complexity. The performance of the proposed MPSI is evaluated by implementing a prototype on a virtual private network to enable parallel computation in multiple threads. Our protocol is confirmed to be more efficient than comparable existing approaches.

Privacy-Preserving Self-Helped Medical Diagnosis Scheme Based on Secure Two-Party Computation in Wireless Sensor Networks

PubMed Central

Wen, Qiaoyan; Zhang, Yudong; Li, Wenmin

2014-01-01

With the continuing growth of wireless sensor networks in pervasive medical care, people pay more and more attention to privacy in medical monitoring, diagnosis, treatment, and patient care. On one hand, we expect the public health institutions to provide us with better service. On the other hand, we would not like to leak our personal health information to them. In order to balance this contradiction, in this paper we design a privacy-preserving self-helped medical diagnosis scheme based on secure two-party computation in wireless sensor networks so that patients can privately diagnose themselves by inputting a health card into a self-helped medical diagnosis ATM to obtain a diagnostic report just like drawing money from a bank ATM without revealing patients' health information and doctors' diagnostic skill. It makes secure self-helped disease diagnosis feasible and greatly benefits patients as well as relieving the heavy pressure of public health institutions. PMID:25126107

Implications of privacy needs and interpersonal distancing mechanisms for space station design

NASA Technical Reports Server (NTRS)

Harrison, A. A.; Sommer, R.; Struthers, N.; Hoyt, K.

1985-01-01

Privacy needs, or the need of people to regulate their degree of contact with one another, and interpersonal distancing mechanisms, which serve to satisfy these needs, are common in all cultures. Isolation, confinement, and other conditions accociated with space flight may at once accentuate privacy needs and limit the availability of certain common interpersonal contact. Loneliness occurs when people have less contact with one another than they desire. Crowding occurs when people have more contact with one another than they desire. Crowding, which is considered the greater threat to members of isolated and confined groups, can contribute to stress, a low quality of life, and poor performance. Drawing on the general literature on privacy, personal space, and interpersonal distancing, and on specialized literature on life aboard spacecraft and in spacecraft-analogous environments, a quantitative model for understanding privacy, interpersonal distancing, loneliness, and crowding was developed and the practical implications of this model for space station design were traced.

Using medical history embedded in biometrics medical card for user identity authentication: privacy preserving authentication model by features matching.

PubMed

Fong, Simon; Zhuang, Yan

2012-01-01

Many forms of biometrics have been proposed and studied for biometrics authentication. Recently researchers are looking into longitudinal pattern matching that based on more than just a singular biometrics; data from user's activities are used to characterise the identity of a user. In this paper we advocate a novel type of authentication by using a user's medical history which can be electronically stored in a biometric security card. This is a sequel paper from our previous work about defining abstract format of medical data to be queried and tested upon authentication. The challenge to overcome is preserving the user's privacy by choosing only the useful features from the medical data for use in authentication. The features should contain less sensitive elements and they are implicitly related to the target illness. Therefore exchanging questions and answers about a few carefully chosen features in an open channel would not easily or directly expose the illness, but yet it can verify by inference whether the user has a record of it stored in his smart card. The design of a privacy preserving model by backward inference is introduced in this paper. Some live medical data are used in experiments for validation and demonstration.

Quantifying the costs and benefits of privacy-preserving health data publishing.

PubMed

Khokhar, Rashid Hussain; Chen, Rui; Fung, Benjamin C M; Lui, Siu Man

2014-08-01

Cost-benefit analysis is a prerequisite for making good business decisions. In the business environment, companies intend to make profit from maximizing information utility of published data while having an obligation to protect individual privacy. In this paper, we quantify the trade-off between privacy and data utility in health data publishing in terms of monetary value. We propose an analytical cost model that can help health information custodians (HICs) make better decisions about sharing person-specific health data with other parties. We examine relevant cost factors associated with the value of anonymized data and the possible damage cost due to potential privacy breaches. Our model guides an HIC to find the optimal value of publishing health data and could be utilized for both perturbative and non-perturbative anonymization techniques. We show that our approach can identify the optimal value for different privacy models, including K-anonymity, LKC-privacy, and ∊-differential privacy, under various anonymization algorithms and privacy parameters through extensive experiments on real-life data. Copyright © 2014 Elsevier Inc. All rights reserved.

A Note on Parameters of Random Substitutions by γ-Diagonal Matrices

NASA Astrophysics Data System (ADS)

Kang, Ju-Sung

Random substitutions are very useful and practical method for privacy-preserving schemes. In this paper we obtain the exact relationship between the estimation errors and three parameters used in the random substitutions, namely the privacy assurance metric γ, the total number n of data records, and the size N of transition matrix. We also demonstrate some simulations concerning the theoretical result.

Context-Aware Generative Adversarial Privacy

NASA Astrophysics Data System (ADS)

Huang, Chong; Kairouz, Peter; Chen, Xiao; Sankar, Lalitha; Rajagopal, Ram

2017-12-01

Preserving the utility of published datasets while simultaneously providing provable privacy guarantees is a well-known challenge. On the one hand, context-free privacy solutions, such as differential privacy, provide strong privacy guarantees, but often lead to a significant reduction in utility. On the other hand, context-aware privacy solutions, such as information theoretic privacy, achieve an improved privacy-utility tradeoff, but assume that the data holder has access to dataset statistics. We circumvent these limitations by introducing a novel context-aware privacy framework called generative adversarial privacy (GAP). GAP leverages recent advancements in generative adversarial networks (GANs) to allow the data holder to learn privatization schemes from the dataset itself. Under GAP, learning the privacy mechanism is formulated as a constrained minimax game between two players: a privatizer that sanitizes the dataset in a way that limits the risk of inference attacks on the individuals' private variables, and an adversary that tries to infer the private variables from the sanitized dataset. To evaluate GAP's performance, we investigate two simple (yet canonical) statistical dataset models: (a) the binary data model, and (b) the binary Gaussian mixture model. For both models, we derive game-theoretically optimal minimax privacy mechanisms, and show that the privacy mechanisms learned from data (in a generative adversarial fashion) match the theoretically optimal ones. This demonstrates that our framework can be easily applied in practice, even in the absence of dataset statistics.

Privacy preserving processing of genomic data: A survey.

PubMed

Akgün, Mete; Bayrak, A Osman; Ozer, Bugra; Sağıroğlu, M Şamil

2015-08-01

Recently, the rapid advance in genome sequencing technology has led to production of huge amount of sensitive genomic data. However, a serious privacy challenge is confronted with increasing number of genetic tests as genomic data is the ultimate source of identity for humans. Lately, privacy threats and possible solutions regarding the undesired access to genomic data are discussed, however it is challenging to apply proposed solutions to real life problems due to the complex nature of security definitions. In this review, we have categorized pre-existing problems and corresponding solutions in more understandable and convenient way. Additionally, we have also included open privacy problems coming with each genomic data processing procedure. We believe our classification of genome associated privacy problems will pave the way for linking of real-life problems with previously proposed methods. Copyright © 2015 Elsevier Inc. All rights reserved.

14 CFR 1212.300 - Requesting amendment.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 14 Aeronautics and Space 5 2012-01-01 2012-01-01 false Requesting amendment. 1212.300 Section 1212.300 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Amendments to Privacy Act Records § 1212.300 Requesting amendment. Individuals may request that NASA amend...

14 CFR 1212.300 - Requesting amendment.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Requesting amendment. 1212.300 Section 1212.300 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Amendments to Privacy Act Records § 1212.300 Requesting amendment. Individuals may request that NASA amend...

14 CFR 1212.300 - Requesting amendment.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Requesting amendment. 1212.300 Section 1212.300 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Amendments to Privacy Act Records § 1212.300 Requesting amendment. Individuals may request that NASA amend...

14 CFR 1212.600 - General policy.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true General policy. 1212.600 Section 1212.600 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Instructions for NASA Employees § 1212.600 General policy. In compliance with the Privacy Act and in accordance...

14 CFR 1212.600 - General policy.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false General policy. 1212.600 Section 1212.600 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Instructions for NASA Employees § 1212.600 General policy. In compliance with the Privacy Act and in accordance...

Exercising privacy rights in medical science

PubMed Central

Hillmer, Michael; Redelmeier, Donald A.

2007-01-01

Privacy laws are intended to preserve human well-being and improve medical outcomes. We used the Sportstats website, a repository of competitive athletic data, to test how easily these laws can be circumvented. We designed a haphazard, unrepresentative case-series analysis and applied unscientific methods based on an Internet connection and idle time. We found it both feasible and titillating to breach anonymity, stockpile personal information and generate misquotations. We extended our methods to snoop on celebrities, link to outside databases and uncover refusal to participate. Throughout our study, we evaded capture and public humiliation despite violating these 6 privacy fundamentals. We suggest that the legitimate principle of safeguarding personal privacy is undermined by the natural human tendency toward showing off. PMID:18056619

Using mobile location data in biomedical research while preserving privacy.

PubMed

Goldenholz, Daniel M; Goldenholz, Shira R; Krishnamurthy, Kaarkuzhali B; Halamka, John; Karp, Barbara; Tyburski, Matthew; Wendler, David; Moss, Robert; Preston, Kenzie L; Theodore, William

2018-06-07

Location data are becoming easier to obtain and are now bundled with other metadata in a variety of biomedical research applications. At the same time, the level of sophistication required to protect patient privacy is also increasing. In this article, we provide guidance for institutional review boards (IRBs) to make informed decisions about privacy protections in protocols involving location data. We provide an overview of some of the major categories of technical algorithms and medical-legal tools at the disposal of investigators, as well as the shortcomings of each. Although there is no "one size fits all" approach to privacy protection, this article attempts to describe a set of practical considerations that can be used by investigators, journal editors, and IRBs.

More Than Defense in Daily Experience of Privacy: The Functions of Privacy in Digital and Physical Environments

PubMed Central

Lombardi, Debora Benedetta; Ciceri, Maria Rita

2016-01-01

The purpose of the current study was to investigate the experience of privacy, focusing on its functional role in personal well-being. A sample (N = 180) comprised subjects between 18 and 50 years of age were asked to spontaneously provide accounts of their experiences with privacy and answer close-ended questions to acquire a description of a daily experience of privacy. The results showed the importance attributed to the function of privacy related to the “defense from social threats”, and the twofold function of privacy related to an “achieved state of privacy”, in the terms of both “system maintenance” and “system development”. The results also shed light on the role of the environment in shaping one’s experience of privacy. Specifically, the participants recognized more easily the function of defense from threats related to seeking privacy while interacting in digital environments, whereas they seemed to benefit from positive functions related to an achieved state of privacy in physical environments. The findings sustain the notion of privacy as a supportive condition for some psychological processes involved in the positive human functioning and confirm previous studies conducted on the role of privacy in human well-being. PMID:27247696

Extending SQL to Support Privacy Policies

NASA Astrophysics Data System (ADS)

Ghazinour, Kambiz; Pun, Sampson; Majedi, Maryam; Chinaci, Amir H.; Barker, Ken

Increasing concerns over Internet applications that violate user privacy by exploiting (back-end) database vulnerabilities must be addressed to protect both customer privacy and to ensure corporate strategic assets remain trustworthy. This chapter describes an extension onto database catalogues and Structured Query Language (SQL) for supporting privacy in Internet applications, such as in social networks, e-health, e-governmcnt, etc. The idea is to introduce new predicates to SQL commands to capture common privacy requirements, such as purpose, visibility, generalization, and retention for both mandatory and discretionary access control policies. The contribution is that corporations, when creating the underlying databases, will be able to define what their mandatory privacy policies arc with which all application users have to comply. Furthermore, each application user, when providing their own data, will be able to define their own privacy policies with which other users have to comply. The extension is supported with underlying catalogues and algorithms. The experiments demonstrate a very reasonable overhead for the extension. The result is a low-cost mechanism to create new systems that arc privacy aware and also to transform legacy databases to their privacy-preserving equivalents. Although the examples arc from social networks, one can apply the results to data security and user privacy of other enterprises as well.

Rights of Privacy and Research Needs: A Problem Whose Time Has Arrived.

ERIC Educational Resources Information Center

Hayman, John L. Jr.

There is no more fundamental right in our system than the right of privacy--the right to be let alone. Current trends lead to a major assault on this right, and one of the great tests of the viability of our system is its ability to preserve this right in the face of increasing complexity and increasing needs for control. As part of the scientific…

Defending against Attribute-Correlation Attacks in Privacy-Aware Information Brokering

NASA Astrophysics Data System (ADS)

Li, Fengjun; Luo, Bo; Liu, Peng; Squicciarini, Anna C.; Lee, Dongwon; Chu, Chao-Hsien

Nowadays, increasing needs for information sharing arise due to extensive collaborations among organizations. Organizations desire to provide data access to their collaborators while preserving full control over the data and comprehensive privacy of their users. A number of information systems have been developed to provide efficient and secure information sharing. However, most of the solutions proposed so far are built atop of conventional data warehousing or distributed database technologies.

Data collection framework for energy efficient privacy preservation in wireless sensor networks having many-to-many structures.

PubMed

Bahşi, Hayretdin; Levi, Albert

2010-01-01

Wireless sensor networks (WSNs) generally have a many-to-one structure so that event information flows from sensors to a unique sink. In recent WSN applications, many-to-many structures evolved due to the need for conveying collected event information to multiple sinks. Privacy preserved data collection models in the literature do not solve the problems of WSN applications in which network has multiple un-trusted sinks with different level of privacy requirements. This study proposes a data collection framework bases on k-anonymity for preventing record disclosure of collected event information in WSNs. Proposed method takes the anonymity requirements of multiple sinks into consideration by providing different levels of privacy for each destination sink. Attributes, which may identify an event owner, are generalized or encrypted in order to meet the different anonymity requirements of sinks at the same anonymized output. If the same output is formed, it can be multicasted to all sinks. The other trivial solution is to produce different anonymized outputs for each sink and send them to related sinks. Multicasting is an energy efficient data sending alternative for some sensor nodes. Since minimization of energy consumption is an important design criteria for WSNs, multicasting the same event information to multiple sinks reduces the energy consumption of overall network.

A Neural-Network Clustering-Based Algorithm for Privacy Preserving Data Mining

NASA Astrophysics Data System (ADS)

Tsiafoulis, S.; Zorkadis, V. C.; Karras, D. A.

The increasing use of fast and efficient data mining algorithms in huge collections of personal data, facilitated through the exponential growth of technology, in particular in the field of electronic data storage media and processing power, has raised serious ethical, philosophical and legal issues related to privacy protection. To cope with these concerns, several privacy preserving methodologies have been proposed, classified in two categories, methodologies that aim at protecting the sensitive data and those that aim at protecting the mining results. In our work, we focus on sensitive data protection and compare existing techniques according to their anonymity degree achieved, the information loss suffered and their performance characteristics. The ℓ-diversity principle is combined with k-anonymity concepts, so that background information can not be exploited to successfully attack the privacy of data subjects data refer to. Based on Kohonen Self Organizing Feature Maps (SOMs), we firstly organize data sets in subspaces according to their information theoretical distance to each other, then create the most relevant classes paying special attention to rare sensitive attribute values, and finally generalize attribute values to the minimum extend required so that both the data disclosure probability and the information loss are possibly kept negligible. Furthermore, we propose information theoretical measures for assessing the anonymity degree achieved and empirical tests to demonstrate it.

Space station functional relationships analysis

NASA Technical Reports Server (NTRS)

Tullis, Thomas S.; Bied, Barbra R.

1988-01-01

A systems engineering process is developed to assist Space Station designers to understand the underlying operational system of the facility so that it can be physically arranged and configured to support crew productivity. The study analyzes the operational system proposed for the Space Station in terms of mission functions, crew activities, and functional relationships in order to develop a quantitative model for evaluation of interior layouts, configuration, and traffic analysis for any Station configuration. Development of the model involved identification of crew functions, required support equipment, criteria of assessing functional relationships, and tools for analyzing functional relationship matrices, as well as analyses of crew transition frequency, sequential dependencies, support equipment requirements, potential for noise interference, need for privacy, and overall compatability of functions. The model can be used for analyzing crew functions for the Initial Operating Capability of the Station and for detecting relationships among these functions. Note: This process (FRA) was used during Phase B design studies to test optional layouts of the Space Station habitat module. The process is now being automated as a computer model for use in layout testing of the Space Station laboratory modules during Phase C.

76 FR 64112 - Privacy Act of 1974; Privacy Act System of Records Appendices

Federal Register 2010, 2011, 2012, 2013, 2014

2011-10-17

..., Greenbelt, MD 20771-0001. Location 5 Lyndon B. Johnson Space Center, National Aeronautics and Space... Center, MS 39529-6000. Location 19 NASA Wallops Flight Facility, Wallops Island, VA 23337. Appendix B...

The Need for Privacy and the Application of Privacy to the Day Care Setting.

ERIC Educational Resources Information Center

Jacobs, Ellen

This paper, focusing on young children's need for privacy, describes a study conducted to determine the manner in which children in day care centers resolve the problem of reduced space and time for privacy. A pilot study revealed that children displayed three privacy seeking behaviors: (1) verbal and nonverbal territorial behavior (use or defense…

Implications of privacy needs and interpersonal distancing mechanisms for space station design

NASA Technical Reports Server (NTRS)

Harrison, Albert A.; Sommer, Robert; Struthers, Nancy; Hoyt, Kathleen

1988-01-01

Isolation, confinement, and the characteristics of microgravity will accentuate the need for privacy in the proposed NASA space station, yet limit the mechanism available for achieving it. This study proposes a quantitative model for understanding privacy, interpersonal distancing, and performance, and discusses the practical implications for Space Station design. A review of the relevant literature provided the basis for a database, definitions of physical and psychological distancing, loneliness, and crowding, and a quantitative model of situational privacy. The model defines situational privacy (the match between environment and task), and focuses on interpersonal contact along visual, auditory, olfactory, and tactile dimensions. It involves summing across pairs of crew members, contact dimensions, and time, yet also permits separate analyses of subsets of crew members and contact dimensions. The study concludes that performance will benefit when the type and level of contact afforded by the environment align with that required by the task. The key to achieving this is to design a flexible, definable, and redefinable interior environment that provides occupants with a wide array of options to meet their needs for solitude, limited social interaction, and open group activity. The report presents 49 recommendations in five categories to promote a wide range of privacy options despite the space station's volumetric limitations.

14 CFR 1212.302 - Granting the request to amend.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Granting the request to amend. 1212.302 Section 1212.302 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Amendments to Privacy Act Records § 1212.302 Granting the request to amend. NASA shall make the...

14 CFR 1212.302 - Granting the request to amend.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Granting the request to amend. 1212.302 Section 1212.302 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Amendments to Privacy Act Records § 1212.302 Granting the request to amend. NASA shall make the...

Built spaces and features associated with user satisfaction in maternity waiting homes in Malawi.

PubMed

McIntosh, Nathalie; Gruits, Patricia; Oppel, Eva; Shao, Amie

2018-07-01

To assess satisfaction with maternity waiting home built spaces and features in women who are at risk for underutilizing maternity waiting homes (i.e. residential facilities that temporarily house near-term pregnant mothers close to healthcare facilities that provide obstetrical care). Specifically we wanted to answer the questions: (1) Are built spaces and features associated with maternity waiting home user satisfaction? (2) Can built spaces and features designed to improve hygiene, comfort, privacy and function improve maternity waiting home user satisfaction? And (3) Which built spaces and features are most important for maternity waiting home user satisfaction? A cross-sectional study comparing satisfaction with standard and non-standard maternity waiting home designs. Between December 2016 and February 2017 we surveyed expectant mothers at two maternity waiting homes that differed in their design of built spaces and features. We used bivariate analyses to assess if built spaces and features were associated with satisfaction. We compared ratings of built spaces and features between the two maternity waiting homes using chi-squares and t-tests to assess if design features to improve hygiene, comfort, privacy and function were associated with higher satisfaction. We used exploratory robust regression analysis to examine the relationship between built spaces and features and maternity waiting home satisfaction. Two maternity waiting homes in Malawi, one that incorporated non-standardized design features to improve hygiene, comfort, privacy, and function (Kasungu maternity waiting home) and the other that had a standard maternity waiting home design (Dowa maternity waiting home). 322 expectant mothers at risk for underutilizing maternity waiting homes (i.e. first-time mothers and those with no pregnancy risk factors) who had stayed at the Kasungu or Dowa maternity waiting homes. There were significant differences in ratings of built spaces and features between the two differently designed maternity waiting homes, with the non-standard design having higher ratings for: adequacy of toilets, and ratings of heating/cooling, air and water quality, sanitation, toilets/showers and kitchen facilities, building maintenance, sleep area, private storage space, comfort level, outdoor spaces and overall satisfaction (p = <.0001 for all). The final regression model showed that built spaces and features that are most important for maternity waiting home user satisfaction are toilets/showers, guardian spaces, safety, building maintenance, sleep area and private storage space (R 2  = 0.28). The design of maternity waiting home built spaces and features is associated with user satisfaction in women at risk for underutilizing maternity waiting homes, especially related to toilets/showers, guardian spaces, safety, building maintenance, sleep area and private storage space. Improving maternity waiting home built spaces and features may offer a promising area for improving maternity waiting home satisfaction and reducing barriers to maternity waiting home use. Copyright © 2018 Elsevier Ltd. All rights reserved.

PREMIX: PRivacy-preserving EstiMation of Individual admiXture.

PubMed

Chen, Feng; Dow, Michelle; Ding, Sijie; Lu, Yao; Jiang, Xiaoqian; Tang, Hua; Wang, Shuang

2016-01-01

In this paper we proposed a framework: PRivacy-preserving EstiMation of Individual admiXture (PREMIX) using Intel software guard extensions (SGX). SGX is a suite of software and hardware architectures to enable efficient and secure computation over confidential data. PREMIX enables multiple sites to securely collaborate on estimating individual admixture within a secure enclave inside Intel SGX. We implemented a feature selection module to identify most discriminative Single Nucleotide Polymorphism (SNP) based on informativeness and an Expectation Maximization (EM)-based Maximum Likelihood estimator to identify the individual admixture. Experimental results based on both simulation and 1000 genome data demonstrated the efficiency and accuracy of the proposed framework. PREMIX ensures a high level of security as all operations on sensitive genomic data are conducted within a secure enclave using SGX.

EXpectation Propagation LOgistic REgRession (EXPLORER): Distributed Privacy-Preserving Online Model Learning

PubMed Central

Wang, Shuang; Jiang, Xiaoqian; Wu, Yuan; Cui, Lijuan; Cheng, Samuel; Ohno-Machado, Lucila

2013-01-01

We developed an EXpectation Propagation LOgistic REgRession (EXPLORER) model for distributed privacy-preserving online learning. The proposed framework provides a high level guarantee for protecting sensitive information, since the information exchanged between the server and the client is the encrypted posterior distribution of coefficients. Through experimental results, EXPLORER shows the same performance (e.g., discrimination, calibration, feature selection etc.) as the traditional frequentist Logistic Regression model, but provides more flexibility in model updating. That is, EXPLORER can be updated one point at a time rather than having to retrain the entire data set when new observations are recorded. The proposed EXPLORER supports asynchronized communication, which relieves the participants from coordinating with one another, and prevents service breakdown from the absence of participants or interrupted communications. PMID:23562651

Privacy-preserving discovery of topic-based events from social sensor signals: an experimental study on Twitter.

PubMed

Nguyen, Duc T; Jung, Jai E

2014-01-01

Social network services (e.g., Twitter and Facebook) can be regarded as social sensors which can capture a number of events in the society. Particularly, in terms of time and space, various smart devices have improved the accessibility to the social network services. In this paper, we present a social software platform to detect a number of meaningful events from information diffusion patterns on such social network services. The most important feature is to process the social sensor signal for understanding social events and to support users to share relevant information along the social links. The platform has been applied to fetch and cluster tweets from Twitter into relevant categories to reveal hot topics.

Secure and Privacy-Preserving Body Sensor Data Collection and Query Scheme.

PubMed

Zhu, Hui; Gao, Lijuan; Li, Hui

2016-02-01

With the development of body sensor networks and the pervasiveness of smart phones, different types of personal data can be collected in real time by body sensors, and the potential value of massive personal data has attracted considerable interest recently. However, the privacy issues of sensitive personal data are still challenging today. Aiming at these challenges, in this paper, we focus on the threats from telemetry interface and present a secure and privacy-preserving body sensor data collection and query scheme, named SPCQ, for outsourced computing. In the proposed SPCQ scheme, users' personal information is collected by body sensors in different types and converted into multi-dimension data, and each dimension is converted into the form of a number and uploaded to the cloud server, which provides a secure, efficient and accurate data query service, while the privacy of sensitive personal information and users' query data is guaranteed. Specifically, based on an improved homomorphic encryption technology over composite order group, we propose a special weighted Euclidean distance contrast algorithm (WEDC) for multi-dimension vectors over encrypted data. With the SPCQ scheme, the confidentiality of sensitive personal data, the privacy of data users' queries and accurate query service can be achieved in the cloud server. Detailed analysis shows that SPCQ can resist various security threats from telemetry interface. In addition, we also implement SPCQ on an embedded device, smart phone and laptop with a real medical database, and extensive simulation results demonstrate that our proposed SPCQ scheme is highly efficient in terms of computation and communication costs.

Evaluating privacy-preserving record linkage using cryptographic long-term keys and multibit trees on large medical datasets.

PubMed

Brown, Adrian P; Borgs, Christian; Randall, Sean M; Schnell, Rainer

2017-06-08

Integrating medical data using databases from different sources by record linkage is a powerful technique increasingly used in medical research. Under many jurisdictions, unique personal identifiers needed for linking the records are unavailable. Since sensitive attributes, such as names, have to be used instead, privacy regulations usually demand encrypting these identifiers. The corresponding set of techniques for privacy-preserving record linkage (PPRL) has received widespread attention. One recent method is based on Bloom filters. Due to superior resilience against cryptographic attacks, composite Bloom filters (cryptographic long-term keys, CLKs) are considered best practice for privacy in PPRL. Real-world performance of these techniques using large-scale data is unknown up to now. Using a large subset of Australian hospital admission data, we tested the performance of an innovative PPRL technique (CLKs using multibit trees) against a gold-standard derived from clear-text probabilistic record linkage. Linkage time and linkage quality (recall, precision and F-measure) were evaluated. Clear text probabilistic linkage resulted in marginally higher precision and recall than CLKs. PPRL required more computing time but 5 million records could still be de-duplicated within one day. However, the PPRL approach required fine tuning of parameters. We argue that increased privacy of PPRL comes with the price of small losses in precision and recall and a large increase in computational burden and setup time. These costs seem to be acceptable in most applied settings, but they have to be considered in the decision to apply PPRL. Further research on the optimal automatic choice of parameters is needed.

Secure and Privacy-Preserving Body Sensor Data Collection and Query Scheme

PubMed Central

Zhu, Hui; Gao, Lijuan; Li, Hui

2016-01-01

With the development of body sensor networks and the pervasiveness of smart phones, different types of personal data can be collected in real time by body sensors, and the potential value of massive personal data has attracted considerable interest recently. However, the privacy issues of sensitive personal data are still challenging today. Aiming at these challenges, in this paper, we focus on the threats from telemetry interface and present a secure and privacy-preserving body sensor data collection and query scheme, named SPCQ, for outsourced computing. In the proposed SPCQ scheme, users’ personal information is collected by body sensors in different types and converted into multi-dimension data, and each dimension is converted into the form of a number and uploaded to the cloud server, which provides a secure, efficient and accurate data query service, while the privacy of sensitive personal information and users’ query data is guaranteed. Specifically, based on an improved homomorphic encryption technology over composite order group, we propose a special weighted Euclidean distance contrast algorithm (WEDC) for multi-dimension vectors over encrypted data. With the SPCQ scheme, the confidentiality of sensitive personal data, the privacy of data users’ queries and accurate query service can be achieved in the cloud server. Detailed analysis shows that SPCQ can resist various security threats from telemetry interface. In addition, we also implement SPCQ on an embedded device, smart phone and laptop with a real medical database, and extensive simulation results demonstrate that our proposed SPCQ scheme is highly efficient in terms of computation and communication costs. PMID:26840319

Securing electronic health records with novel mobile encryption schemes.

PubMed

Weerasinghe, Dasun; Elmufti, Kalid; Rajarajan, Muttukrishnan; Rakocevic, Veselin

2007-01-01

Mobile devices have penetrated the healthcare sector due to their increased functionality, low cost, high reliability and easy-to-use nature. However, in healthcare applications the privacy and security of the transmitted information must be preserved. Therefore applications require a concrete security framework based on long-term security keys, such as the security key that can be found in a mobile Subscriber Identity Module (SIM). The wireless nature of communication links in mobile networks presents a major challenge in this respect. This paper presents a novel protocol that will send the information securely while including the access privileges to the authorized recipient.

Patient Perceptions of the Environment of Care in Which Their Healthcare is Delivered.

PubMed

LaVela, Sherri L; Etingen, Bella; Hill, Jennifer N; Miskevics, Scott

2016-04-01

To measure patients' perceptions of the environment of care (EOC), with a focus on the physical environment, in which healthcare is delivered. The EOC may impact patient experiences, care perceptions, and health outcomes. EOC may be improved through redesign of existing physical structures or spaces or by adding nurturing amenities. Demographics, health status, hospital use, and data on the environment (physical, comfort, orientation, and privacy) were collected via a mailed cross-sectional survey sent to patients seen at four hospital Centers of Innovation (COIs; that implemented many modifications to the healthcare environment to address physical, comfort, orientation, and privacy factors) and four matched controls, supplemented with checklist and VA administrative data. A modified Perceived Hospital Environment Quality Indicators instrument was used to measure patients' EOC perceptions. Respondents (3,321/5,117; 65% response) rated, [mean (SD)], exterior space highest, 3.09 (0.73), followed by interior space, 2.96 (0.74), and privacy, 2.44 (1.01). COIs had significantly higher ratings than controls on interior space (2.99 vs. 2.96, p = .02) and privacy (2.48 vs. 2.38, p = .005) but no differences for exterior space. Subscales with significantly higher ratings in COIs (vs. controls) in interior space were "spatial-physical comfort" and "orientation," for example, clean, good signage, spacious rooms, and for privacy included "not too crowded" and "able to talk without being overheard." Checklist findings confirmed the presence of EOC innovations rated highly by patients. Patients identified cleanliness, good signs/information points, adequate seating, nonovercrowding, and privacy for conversations as important. Hospital design modifications, with particular attention to the physical environment, can improve patient EOC perceptions. © The Author(s) 2015.

Preserving American Privacy Act of 2013

THOMAS, 113th Congress

Rep. Poe, Ted [R-TX-2

2013-02-13

House - 04/08/2013 Referred to the Subcommittee on Crime, Terrorism, Homeland Security, And Investigations. (All Actions) Tracker: This bill has the status IntroducedHere are the steps for Status of Legislation:

Matching study to registry data: maintaining data privacy in a study on family based colorectal cancer.

PubMed

Nasseh, Daniel; Engel, Jutta; Mansmann, Ulrich; Tretter, Werner; Stausberg, Jürgen

2014-01-01

Confidentiality of patient data in the field of medical informatics is an important task. Leaked sensitive information within this data can be adverse to and being abused against a patient. Therefore, when working with medical data, appropriate and secure models which serve as guidelines for different applications are needed. Consequently, this work presents a model for performing a privacy preserving record linkage between study and registry data. The model takes into account seven requirements related to data privacy. Furthermore, this model is exemplified with a study on family based colorectal cancer in Germany. The model is very strict and excludes possible violations towards data privacy protection to a reasonable degree. It should be applicable to similar use cases which are in need of a mapping between medical data of a study and a registry database.

Private algorithms for the protected in social network search

PubMed Central

Kearns, Michael; Roth, Aaron; Wu, Zhiwei Steven; Yaroslavtsev, Grigory

2016-01-01

Motivated by tensions between data privacy for individual citizens and societal priorities such as counterterrorism and the containment of infectious disease, we introduce a computational model that distinguishes between parties for whom privacy is explicitly protected, and those for whom it is not (the targeted subpopulation). The goal is the development of algorithms that can effectively identify and take action upon members of the targeted subpopulation in a way that minimally compromises the privacy of the protected, while simultaneously limiting the expense of distinguishing members of the two groups via costly mechanisms such as surveillance, background checks, or medical testing. Within this framework, we provide provably privacy-preserving algorithms for targeted search in social networks. These algorithms are natural variants of common graph search methods, and ensure privacy for the protected by the careful injection of noise in the prioritization of potential targets. We validate the utility of our algorithms with extensive computational experiments on two large-scale social network datasets. PMID:26755606

Private algorithms for the protected in social network search.

PubMed

Kearns, Michael; Roth, Aaron; Wu, Zhiwei Steven; Yaroslavtsev, Grigory

2016-01-26

Motivated by tensions between data privacy for individual citizens and societal priorities such as counterterrorism and the containment of infectious disease, we introduce a computational model that distinguishes between parties for whom privacy is explicitly protected, and those for whom it is not (the targeted subpopulation). The goal is the development of algorithms that can effectively identify and take action upon members of the targeted subpopulation in a way that minimally compromises the privacy of the protected, while simultaneously limiting the expense of distinguishing members of the two groups via costly mechanisms such as surveillance, background checks, or medical testing. Within this framework, we provide provably privacy-preserving algorithms for targeted search in social networks. These algorithms are natural variants of common graph search methods, and ensure privacy for the protected by the careful injection of noise in the prioritization of potential targets. We validate the utility of our algorithms with extensive computational experiments on two large-scale social network datasets.

How Well Are We Respecting Patient Privacy in Medical Imaging? Lessons Learnt From a Departmental Audit.

PubMed

Dilauro, Marc; Thornhill, Rebecca; Fasih, Najla

2016-11-01

Preservation of patient privacy and dignity are basic requirements for all patients visiting a hospital. The purpose of this study was to perform an audit of patients' satisfaction with privacy whilst in the Department of Medical Imaging (MI) at the Civic Campus of the Ottawa Hospital. Outpatients who underwent magnetic resonance imaging (MRI), computed tomography (CT), ultrasonography (US), and plain film (XR) examinations were provided with a survey on patient privacy. The survey asked participants to rank (on a 6-point scale ranging from 6 = excellent to 1 = no privacy) whether their privacy was respected in 5 key locations within the Department of MI. The survey was conducted over a consecutive 5-day period. A total of 502 surveys were completed. The survey response rate for each imaging modality was: 55% MRI, 42% CT, 45% US, and 47% XR. For each imaging modality, the total percentage of privacy scores greater than or equal to 5 were: 98% MRI, 96% CT, 94% US, and 92% XR. Privacy ratings for the MRI reception and waiting room areas were significantly higher in comparison to the other imaging modalities (P = .0025 and P = .0227, respectively). Overall, patient privacy was well respected within the Department of MI. Copyright © 2016 Canadian Association of Radiologists. Published by Elsevier Inc. All rights reserved.

Preserve America Web Site Privacy Policy

Science.gov Websites

; the U.S. Departments of Defense, Interior, Agriculture, Commerce, Housing and Urban Development . Department of Commerce seal U.S. Department of Agriculture logo U.S. Department of Housing and Urban

Privacy Preserving Facial and Fingerprint Multi-biometric Authentication

NASA Astrophysics Data System (ADS)

Anzaku, Esla Timothy; Sohn, Hosik; Ro, Yong Man

The cases of identity theft can be mitigated by the adoption of secure authentication methods. Biohashing and its variants, which utilizes secret keys and biometrics, are promising methods for secure authentication; however, their shortcoming is the degraded performance under the assumption that secret keys are compromised. In this paper, we extend the concept of Biohashing to multi-biometrics - facial and fingerprint traits. We chose these traits because they are widely used, howbeit, little research attention has been given to designing privacy preserving multi-biometric systems using them. Instead of just using a single modality (facial or fingerprint), we presented a framework for using both modalities. The improved performance of the proposed method, using face and fingerprint, as against either facial or fingerprint trait used in isolation is evaluated using two chimerical bimodal databases formed from publicly available facial and fingerprint databases.

EXpectation Propagation LOgistic REgRession (EXPLORER): distributed privacy-preserving online model learning.

PubMed

Wang, Shuang; Jiang, Xiaoqian; Wu, Yuan; Cui, Lijuan; Cheng, Samuel; Ohno-Machado, Lucila

2013-06-01

We developed an EXpectation Propagation LOgistic REgRession (EXPLORER) model for distributed privacy-preserving online learning. The proposed framework provides a high level guarantee for protecting sensitive information, since the information exchanged between the server and the client is the encrypted posterior distribution of coefficients. Through experimental results, EXPLORER shows the same performance (e.g., discrimination, calibration, feature selection, etc.) as the traditional frequentist logistic regression model, but provides more flexibility in model updating. That is, EXPLORER can be updated one point at a time rather than having to retrain the entire data set when new observations are recorded. The proposed EXPLORER supports asynchronized communication, which relieves the participants from coordinating with one another, and prevents service breakdown from the absence of participants or interrupted communications. Copyright © 2013 Elsevier Inc. All rights reserved.

Conducting Privacy-Preserving Multivariable Propensity Score Analysis When Patient Covariate Information Is Stored in Separate Locations.

PubMed

Bohn, Justin; Eddings, Wesley; Schneeweiss, Sebastian

2017-03-15

Distributed networks of health-care data sources are increasingly being utilized to conduct pharmacoepidemiologic database studies. Such networks may contain data that are not physically pooled but instead are distributed horizontally (separate patients within each data source) or vertically (separate measures within each data source) in order to preserve patient privacy. While multivariable methods for the analysis of horizontally distributed data are frequently employed, few practical approaches have been put forth to deal with vertically distributed health-care databases. In this paper, we propose 2 propensity score-based approaches to vertically distributed data analysis and test their performance using 5 example studies. We found that these approaches produced point estimates close to what could be achieved without partitioning. We further found a performance benefit (i.e., lower mean squared error) for sequentially passing a propensity score through each data domain (called the "sequential approach") as compared with fitting separate domain-specific propensity scores (called the "parallel approach"). These results were validated in a small simulation study. This proof-of-concept study suggests a new multivariable analysis approach to vertically distributed health-care databases that is practical, preserves patient privacy, and warrants further investigation for use in clinical research applications that rely on health-care databases. © The Author 2017. Published by Oxford University Press on behalf of the Johns Hopkins Bloomberg School of Public Health. All rights reserved. For permissions, please e-mail: journals.permissions@oup.com.

A privacy-preserving parallel and homomorphic encryption scheme

NASA Astrophysics Data System (ADS)

Min, Zhaoe; Yang, Geng; Shi, Jingqi

2017-04-01

In order to protect data privacy whilst allowing efficient access to data in multi-nodes cloud environments, a parallel homomorphic encryption (PHE) scheme is proposed based on the additive homomorphism of the Paillier encryption algorithm. In this paper we propose a PHE algorithm, in which plaintext is divided into several blocks and blocks are encrypted with a parallel mode. Experiment results demonstrate that the encryption algorithm can reach a speed-up ratio at about 7.1 in the MapReduce environment with 16 cores and 4 nodes.

Medical records. Enhancing privacy, preserving the common good.

PubMed

Etzioni, A

1999-01-01

Personal medical information is now bought and sold on the open market. Companies use it to make hiring and firing decisions and to identify customers for new products. The justification for providing such access to medical information is that doing so benefits the public by securing public safety, controlling costs, and supporting medical research. And individuals have supposedly consented to it. But we can achieve the common goods while better protecting privacy by making institutional changes in the way information is maintained and protected.

78 FR 8963 - Update of Existing Privacy Act-NASA Regulations

Federal Register 2010, 2011, 2012, 2013, 2014

2013-02-07

... NATIONAL AERONAUTICS AND SPACE ADMINISTRATION 14 CFR Part 1212 [Document Number NASA-2012-0005] RIN 2700-AD86 Update of Existing Privacy Act--NASA Regulations AGENCY: National Aeronautics and Space... regulations (NASA-2012-0005), which were published in the Federal Register of Thursday, October 4, 2012 (77 FR...

77 FR 60620 - Update of Existing Privacy Act-NASA Regulations

Federal Register 2010, 2011, 2012, 2013, 2014

2012-10-04

... be accessed on the Agency's open Government Web site at http://www.nasa.gov/open/ . DATES: This rule... NATIONAL AERONAUTICS AND SPACE ADMINISTRATION 14 CFR Part 1212 [Document No. NASA--NASA-2012-0005] RIN 2700-AD86 Update of Existing Privacy Act--NASA Regulations AGENCY: National Aeronautics and Space...

Biological consequences of environmental control through housing.

PubMed Central

Lee, D H

1975-01-01

Housing was originally devised as a control of the thermal environment, but numerous other functions have been added with resulting competition and confusion. Current design gives insufficient attention to thermal factors and relies upon supplementary heating and cooling to compensate for faults. These are wasteful of energy, and the exhaust from air conditioners adds to the heat island conditions in city cores. The impact of consumerism on domestic space and the importance of personal space and privacy are reviewed. PMID:1157791

Direct discriminant locality preserving projection with Hammerstein polynomial expansion.

PubMed

Chen, Xi; Zhang, Jiashu; Li, Defang

2012-12-01

Discriminant locality preserving projection (DLPP) is a linear approach that encodes discriminant information into the objective of locality preserving projection and improves its classification ability. To enhance the nonlinear description ability of DLPP, we can optimize the objective function of DLPP in reproducing kernel Hilbert space to form a kernel-based discriminant locality preserving projection (KDLPP). However, KDLPP suffers the following problems: 1) larger computational burden; 2) no explicit mapping functions in KDLPP, which results in more computational burden when projecting a new sample into the low-dimensional subspace; and 3) KDLPP cannot obtain optimal discriminant vectors, which exceedingly optimize the objective of DLPP. To overcome the weaknesses of KDLPP, in this paper, a direct discriminant locality preserving projection with Hammerstein polynomial expansion (HPDDLPP) is proposed. The proposed HPDDLPP directly implements the objective of DLPP in high-dimensional second-order Hammerstein polynomial space without matrix inverse, which extracts the optimal discriminant vectors for DLPP without larger computational burden. Compared with some other related classical methods, experimental results for face and palmprint recognition problems indicate the effectiveness of the proposed HPDDLPP.

Privacy-Preserving Predictive Modeling: Harmonization of Contextual Embeddings From Different Sources.

PubMed

Huang, Yingxiang; Lee, Junghye; Wang, Shuang; Sun, Jimeng; Liu, Hongfang; Jiang, Xiaoqian

2018-05-16

Data sharing has been a big challenge in biomedical informatics because of privacy concerns. Contextual embedding models have demonstrated a very strong representative capability to describe medical concepts (and their context), and they have shown promise as an alternative way to support deep-learning applications without the need to disclose original data. However, contextual embedding models acquired from individual hospitals cannot be directly combined because their embedding spaces are different, and naive pooling renders combined embeddings useless. The aim of this study was to present a novel approach to address these issues and to promote sharing representation without sharing data. Without sacrificing privacy, we also aimed to build a global model from representations learned from local private data and synchronize information from multiple sources. We propose a methodology that harmonizes different local contextual embeddings into a global model. We used Word2Vec to generate contextual embeddings from each source and Procrustes to fuse different vector models into one common space by using a list of corresponding pairs as anchor points. We performed prediction analysis with harmonized embeddings. We used sequential medical events extracted from the Medical Information Mart for Intensive Care III database to evaluate the proposed methodology in predicting the next likely diagnosis of a new patient using either structured data or unstructured data. Under different experimental scenarios, we confirmed that the global model built from harmonized local models achieves a more accurate prediction than local models and global models built from naive pooling. Such aggregation of local models using our unique harmonization can serve as the proxy for a global model, combining information from a wide range of institutions and information sources. It allows information unique to a certain hospital to become available to other sites, increasing the fluidity of information flow in health care. ©Yingxiang Huang, Junghye Lee, Shuang Wang, Jimeng Sun, Hongfang Liu, Xiaoqian Jiang. Originally published in JMIR Medical Informatics (http://medinform.jmir.org), 16.05.2018.

Privacy-preserving GWAS analysis on federated genomic datasets.

PubMed

Constable, Scott D; Tang, Yuzhe; Wang, Shuang; Jiang, Xiaoqian; Chapin, Steve

2015-01-01

The biomedical community benefits from the increasing availability of genomic data to support meaningful scientific research, e.g., Genome-Wide Association Studies (GWAS). However, high quality GWAS usually requires a large amount of samples, which can grow beyond the capability of a single institution. Federated genomic data analysis holds the promise of enabling cross-institution collaboration for effective GWAS, but it raises concerns about patient privacy and medical information confidentiality (as data are being exchanged across institutional boundaries), which becomes an inhibiting factor for the practical use. We present a privacy-preserving GWAS framework on federated genomic datasets. Our method is to layer the GWAS computations on top of secure multi-party computation (MPC) systems. This approach allows two parties in a distributed system to mutually perform secure GWAS computations, but without exposing their private data outside. We demonstrate our technique by implementing a framework for minor allele frequency counting and χ2 statistics calculation, one of typical computations used in GWAS. For efficient prototyping, we use a state-of-the-art MPC framework, i.e., Portable Circuit Format (PCF) 1. Our experimental results show promise in realizing both efficient and secure cross-institution GWAS computations.

Privacy-preserving photo sharing based on a public key infrastructure

NASA Astrophysics Data System (ADS)

Yuan, Lin; McNally, David; Küpçü, Alptekin; Ebrahimi, Touradj

2015-09-01

A significant number of pictures are posted to social media sites or exchanged through instant messaging and cloud-based sharing services. Most social media services offer a range of access control mechanisms to protect users privacy. As it is not in the best interest of many such services if their users restrict access to their shared pictures, most services keep users' photos unprotected which makes them available to all insiders. This paper presents an architecture for a privacy-preserving photo sharing based on an image scrambling scheme and a public key infrastructure. A secure JPEG scrambling is applied to protect regional visual information in photos. Protected images are still compatible with JPEG coding and therefore can be viewed by any one on any device. However, only those who are granted secret keys will be able to descramble the photos and view their original versions. The proposed architecture applies an attribute-based encryption along with conventional public key cryptography, to achieve secure transmission of secret keys and a fine-grained control over who may view shared photos. In addition, we demonstrate the practical feasibility of the proposed photo sharing architecture with a prototype mobile application, ProShare, which is built based on iOS platform.

Privacy-preserving microbiome analysis using secure computation.

PubMed

Wagner, Justin; Paulson, Joseph N; Wang, Xiao; Bhattacharjee, Bobby; Corrada Bravo, Héctor

2016-06-15

Developing targeted therapeutics and identifying biomarkers relies on large amounts of research participant data. Beyond human DNA, scientists now investigate the DNA of micro-organisms inhabiting the human body. Recent work shows that an individual's collection of microbial DNA consistently identifies that person and could be used to link a real-world identity to a sensitive attribute in a research dataset. Unfortunately, the current suite of DNA-specific privacy-preserving analysis tools does not meet the requirements for microbiome sequencing studies. To address privacy concerns around microbiome sequencing, we implement metagenomic analyses using secure computation. Our implementation allows comparative analysis over combined data without revealing the feature counts for any individual sample. We focus on three analyses and perform an evaluation on datasets currently used by the microbiome research community. We use our implementation to simulate sharing data between four policy-domains. Additionally, we describe an application of our implementation for patients to combine data that allows drug developers to query against and compensate patients for the analysis. The software is freely available for download at: http://cbcb.umd.edu/∼hcorrada/projects/secureseq.html Supplementary data are available at Bioinformatics online. hcorrada@umiacs.umd.edu. © The Author 2016. Published by Oxford University Press.

Common Laundry Detergent Ingredient May Help Preserve Muscle Tissue After Severe Injury

MedlinePlus

... this research; and the dissemination of information on research progress in these diseases. Contact Us NIAMS Archive Viewers and Players Social Media Moderation Policy FOIA Privacy Statement Accessibility Disclaimer Digital Strategy ...

A Place-Oriented, Mixed-Level Regionalization Method for Constructing Geographic Areas in Health Data Dissemination and Analysis

PubMed Central

Mu, Lan; Wang, Fahui; Chen, Vivien W.; Wu, Xiao-Cheng

2015-01-01

Similar geographic areas often have great variations in population size. In health data management and analysis, it is desirable to obtain regions of comparable population by decomposing areas of large population (to gain more spatial variability) and merging areas of small population (to mask privacy of data). Based on the Peano curve algorithm and modified scale-space clustering, this research proposes a mixed-level regionalization (MLR) method to construct geographic areas with comparable population. The method accounts for spatial connectivity and compactness, attributive homogeneity, and exogenous criteria such as minimum (and approximately equal) population or disease counts. A case study using Louisiana cancer data illustrates the MLR method and its strengths and limitations. A major benefit of the method is that most upper level geographic boundaries can be preserved to increase familiarity of constructed areas. Therefore, the MLR method is more human-oriented and place-based than computer-oriented and space-based. PMID:26251551

Collaborative eHealth Meets Security: Privacy-Enhancing Patient Profile Management.

PubMed

Sanchez-Guerrero, Rosa; Mendoza, Florina Almenarez; Diaz-Sanchez, Daniel; Cabarcos, Patricia Arias; Lopez, Andres Marin

2017-11-01

Collaborative healthcare environments offer potential benefits, including enhancing the healthcare quality delivered to patients and reducing costs. As a direct consequence, sharing of electronic health records (EHRs) among healthcare providers has experienced a noteworthy growth in the last years, since it enables physicians to remotely monitor patients' health and enables individuals to manage their own health data more easily. However, these scenarios face significant challenges regarding security and privacy of the extremely sensitive information contained in EHRs. Thus, a flexible, efficient, and standards-based solution is indispensable to guarantee selective identity information disclosure and preserve patient's privacy. We propose a privacy-aware profile management approach that empowers the patient role, enabling him to bring together various healthcare providers as well as user-generated claims into an unique credential. User profiles are represented through an adaptive Merkle Tree, for which we formalize the underlying mathematical model. Furthermore, performance of the proposed solution is empirically validated through simulation experiments.

Systematic Redaction for Neuroimage Data

PubMed Central

Matlock, Matt; Schimke, Nakeisha; Kong, Liang; Macke, Stephen; Hale, John

2013-01-01

In neuroscience, collaboration and data sharing are undermined by concerns over the management of protected health information (PHI) and personal identifying information (PII) in neuroimage datasets. The HIPAA Privacy Rule mandates measures for the preservation of subject privacy in neuroimaging studies. Unfortunately for the researcher, the management of information privacy is a burdensome task. Wide scale data sharing of neuroimages is challenging for three primary reasons: (i) A dearth of tools to systematically expunge PHI/PII from neuroimage data sets, (ii) a facility for tracking patient identities in redacted datasets has not been produced, and (iii) a sanitization workflow remains conspicuously absent. This article describes the XNAT Redaction Toolkit—an integrated redaction workflow which extends a popular neuroimage data management toolkit to remove PHI/PII from neuroimages. Quickshear defacing is also presented as a complementary technique for deidentifying the image data itself. Together, these tools improve subject privacy through systematic removal of PII/PHI. PMID:24179597

Privacy and Technology: Folk Definitions and Perspectives

PubMed Central

Kwasny, Michelle N.; Caine, Kelly E.; Rogers, Wendy A.; Fisk, Arthur D.

2017-01-01

In this paper we present preliminary results from a study of individual differences in privacy beliefs, as well as relate folk definitions of privacy to extant privacy theory. Focus groups were conducted with young adults aged 18–28 and older adults aged 65–75. Participants first shared their individual definitions of privacy, followed by a discussion of privacy in six scenarios chosen to represent a range of potentially invasive situations. Taken together, Westin’s and Altman’s theories of privacy accounted for both younger and older adults’ ideas about privacy, however, neither theory successfully accounted for findings across all age and gender groups. Whereas males tended to think of privacy in terms of personal needs and convenience, females focused more on privacy in terms of others, respecting privacy rights, and safety. Older adults tended to be more concerned about privacy of space rather than information privacy. Initial results reinforce the notion that targeting HCI design to the user population, even with respect to privacy, is critically important. PMID:29057397

Framework for objective evaluation of privacy filters

NASA Astrophysics Data System (ADS)

Korshunov, Pavel; Melle, Andrea; Dugelay, Jean-Luc; Ebrahimi, Touradj

2013-09-01

Extensive adoption of video surveillance, affecting many aspects of our daily lives, alarms the public about the increasing invasion into personal privacy. To address these concerns, many tools have been proposed for protection of personal privacy in image and video. However, little is understood regarding the effectiveness of such tools and especially their impact on the underlying surveillance tasks, leading to a tradeoff between the preservation of privacy offered by these tools and the intelligibility of activities under video surveillance. In this paper, we investigate this privacy-intelligibility tradeoff objectively by proposing an objective framework for evaluation of privacy filters. We apply the proposed framework on a use case where privacy of people is protected by obscuring faces, assuming an automated video surveillance system. We used several popular privacy protection filters, such as blurring, pixelization, and masking and applied them with varying strengths to people's faces from different public datasets of video surveillance footage. Accuracy of face detection algorithm was used as a measure of intelligibility (a face should be detected to perform a surveillance task), and accuracy of face recognition algorithm as a measure of privacy (a specific person should not be identified). Under these conditions, after application of an ideal privacy protection tool, an obfuscated face would be visible as a face but would not be correctly identified by the recognition algorithm. The experiments demonstrate that, in general, an increase in strength of privacy filters under consideration leads to an increase in privacy (i.e., reduction in recognition accuracy) and to a decrease in intelligibility (i.e., reduction in detection accuracy). Masking also shows to be the most favorable filter across all tested datasets.

The Trade-Off Between Privacy and Geographic Data Resolution. a Case of GPS Trajectories Combined with the Social Survey Results

NASA Astrophysics Data System (ADS)

Sila-Nowicka, K.; Thakuriah, P.

2016-06-01

Trajectory datasets are being generated in great volumes due to high levels of Global Positioning System (GPS) and Location-Based Services (LBS) use. Such data are increasingly being collected for a variety of academic, industrial and recreational reasons, sometimes together with other strands of personal data such as socio-demographic, social survey and other sensor data carried/worn by the person. In such cases, not only are movement data of a person available but also data on potentially a wide variety of other personal and household attributes. Making such person-level data available for analytics opens up the possibility of new directions in analysing, studying and understanding human behaviour, which is typically not possible with GPS trajectory datasets alone. At the same time, the GPS data should be released in a privacy-preserving way that takes into account the possibility of re-identification of individuals from quasi-identifiers available from other data strands. De-identification in these strands may be risked due to uniquely identifiable information on significant locations and other spatial behaviours and choices detected from GPS trajectories. Using a multimodal dataset that includes a GPS archive from 358 individuals, and by considering a number of alternative privacy-enhancing approaches, we look at the potential for privacy preservation when personally-identifiable data are available from multiple data strands, for the specific purpose of data to be released for transport research.

Privacy Technology to Support Data Sharing for Comparative Effectiveness Research: A SYSTEMATIC REVIEW

PubMed Central

Jiang, Xiaoqian; Sarwate, Anand D.; Ohno-Machado, Lucila

2013-01-01

Objective Effective data sharing is critical for comparative effectiveness research (CER), but there are significant concerns about inappropriate disclosure of patient data. These concerns have spurred the development of new technologies for privacy preserving data sharing and data mining. Our goal is to review existing and emerging techniques that may be appropriate for data sharing related to CER. Material and methods We adapted a systematic review methodology to comprehensively search the research literature. We searched 7 databases and applied three stages of filtering based on titles, abstracts, and full text to identify those works most relevant to CER. Results Based on agreement and using the arbitrage of a third party expert, we selected 97 articles for meta-analysis. Our findings are organized along major types of data sharing in CER applications (i.e., institution-to-institution, institution-hosted, and public release). We made recommendations based on specific scenarios. Limitation We limited the scope of our study to methods that demonstrated practical impact, eliminating many theoretical studies of privacy that have been surveyed elsewhere. We further limited our study to data sharing for data tables, rather than complex genomic, set-valued, time series, text, image, or network data. Conclusion State-of-the-art privacy preserving technologies can guide the development of practical tools that will scale up the CER studies of the future. However, many challenges remain in this fast moving field in terms of practical evaluations as well as applications to a wider range of data types. PMID:23774511

A security and privacy preserving e-prescription system based on smart cards.

PubMed

Hsu, Chien-Lung; Lu, Chung-Fu

2012-12-01

In 2002, Ateniese and Medeiros proposed an e-prescription system, in which the patient can store e-prescription and related information using smart card. Latter, Yang et al. proposed a novel smart-card based e-prescription system based on Ateniese and Medeiros's system in 2004. Yang et al. considered the privacy issues of prescription data and adopted the concept of a group signature to provide patient's privacy protection. To make the e-prescription system more realistic, they further applied a proxy signature to allow a patient to delegate his signing capability to other people. This paper proposed a novel security and privacy preserving e-prescription system model based on smart cards. A new role, chemist, is included in the system model for settling the medicine dispute. We further presented a concrete identity-based (ID-based) group signature scheme and an ID-based proxy signature scheme to realize the proposed model. Main property of an ID-based system is that public key is simple user's identity and can be verified without extra public key certificates. Our ID-based group signature scheme can allow doctors to sign e-prescription anonymously. In a case of a medical dispute, identities of the doctors can be identified. The proposed ID-based proxy signature scheme can improve signing delegation and allows a delegation chain. The proposed e-prescription system based on our proposed two cryptographic schemes is more practical and efficient than Yang et al.'s system in terms of security, communication overheads, computational costs, practical considerations.

Patients want granular privacy control over health information in electronic medical records.

PubMed

Caine, Kelly; Hanania, Rima

2013-01-01

To assess patients' desire for granular level privacy control over which personal health information should be shared, with whom, and for what purpose; and whether these preferences vary based on sensitivity of health information. A card task for matching health information with providers, questionnaire, and interview with 30 patients whose health information is stored in an electronic medical record system. Most patients' records contained sensitive health information. No patients reported that they would prefer to share all information stored in an electronic medical record (EMR) with all potential recipients. Sharing preferences varied by type of information (EMR data element) and recipient (eg, primary care provider), and overall sharing preferences varied by participant. Patients with and without sensitive records preferred less sharing of sensitive versus less-sensitive information. Patients expressed sharing preferences consistent with a desire for granular privacy control over which health information should be shared with whom and expressed differences in sharing preferences for sensitive versus less-sensitive EMR data. The pattern of results may be used by designers to generate privacy-preserving EMR systems including interfaces for patients to express privacy and sharing preferences. To maintain the level of privacy afforded by medical records and to achieve alignment with patients' preferences, patients should have granular privacy control over information contained in their EMR.

77 FR 69898 - Privacy Act of 1974; Privacy Act System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2012-11-21

... System of Records AGENCY: National Aeronautics and Space Administration (NASA). ACTION: Notice of proposed revisions to an existing Privacy Act system of records. SUMMARY: Pursuant to the provisions of the... notice of its intention to revise a previously noticed system of records Earth Observing System Data and...

Privacy and Generation Y: Applying Library Values to Social Networking Sites

ERIC Educational Resources Information Center

Fernandez, Peter

2010-01-01

Librarians face many challenges when dealing with issues of privacy within the mediated space of social networking sites. Conceptually, social networking sites differ from libraries on privacy as a value. Research about Generation Y students, the primary clientele of undergraduate libraries, can inform librarians' relationship to this important…

Privacy, Liveliness and Fairness for Reputation

NASA Astrophysics Data System (ADS)

Schiffner, Stefan; Clauß, Sebastian; Steinbrecher, Sandra

In various Internet applications, reputation systems are typical means to collect experiences users make with each other. We present a reputation system that balances the security and privacy requirements of all users involed. Our system provides privacy in the form of information theoretic relationship anonymity w.r.t. users and the reputation provider. Furthermore, it preserves liveliness, i.e., all past ratings can influence the current reputation profile of a user. In addition, mutual ratings are forced to be simultaneous and self rating is prevented, which enforces fairness. What is more, without performing mock interactions - even if all users are colluding - users cannot forge ratings. As far as we know, this is the first protocol proposed that fulfills all these properties simultaneously.

Invariance of Topological Indices Under Hilbert Space Truncation

DOE PAGES

Huang, Zhoushen; Zhu, Wei; Arovas, Daniel P.; ...

2018-01-05

Here, we show that the topological index of a wave function, computed in the space of twisted boundary phases, is preserved under Hilbert space truncation, provided the truncated state remains normalizable. If truncation affects the boundary condition of the resulting state, the invariant index may acquire a different physical interpretation. If the index is symmetry protected, the truncation should preserve the protecting symmetry. We discuss implications of this invariance using paradigmatic integer and fractional Chern insulators, Z 2 topological insulators, and spin-1 Affleck-Kennedy-Lieb-Tasaki and Heisenberg chains, as well as its relation with the notion of bulk entanglement. As a possiblemore » application, we propose a partial quantum tomography scheme from which the topological index of a generic multicomponent wave function can be extracted by measuring only a small subset of wave function components, equivalent to the measurement of a bulk entanglement topological index.« less

Invariance of Topological Indices Under Hilbert Space Truncation

DOE Office of Scientific and Technical Information (OSTI.GOV)

Huang, Zhoushen; Zhu, Wei; Arovas, Daniel P.

Here, we show that the topological index of a wave function, computed in the space of twisted boundary phases, is preserved under Hilbert space truncation, provided the truncated state remains normalizable. If truncation affects the boundary condition of the resulting state, the invariant index may acquire a different physical interpretation. If the index is symmetry protected, the truncation should preserve the protecting symmetry. We discuss implications of this invariance using paradigmatic integer and fractional Chern insulators, Z 2 topological insulators, and spin-1 Affleck-Kennedy-Lieb-Tasaki and Heisenberg chains, as well as its relation with the notion of bulk entanglement. As a possiblemore » application, we propose a partial quantum tomography scheme from which the topological index of a generic multicomponent wave function can be extracted by measuring only a small subset of wave function components, equivalent to the measurement of a bulk entanglement topological index.« less

An Enhanced Privacy-Preserving Authentication Scheme for Vehicle Sensor Networks.

PubMed

Zhou, Yousheng; Zhao, Xiaofeng; Jiang, Yi; Shang, Fengjun; Deng, Shaojiang; Wang, Xiaojun

2017-12-08

Vehicle sensor networks (VSNs) are ushering in a promising future by enabling more intelligent transportation systems and providing a more efficient driving experience. However, because of their inherent openness, VSNs are subject to a large number of potential security threats. Although various authentication schemes have been proposed for addressing security problems, they are not suitable for VSN applications because of their high computation and communication costs. Chuang and Lee have developed a trust-extended authentication mechanism (TEAM) for vehicle-to-vehicle communication using a transitive trust relationship, which they claim can resist various attacks. However, it fails to counter internal attacks because of the utilization of a shared secret key. In this paper, to eliminate the vulnerability of TEAM, an enhanced privacy-preserving authentication scheme for VSNs is constructed. The security of our proposed scheme is proven under the random oracle model based on the assumption of the computational Diffie-Hellman problem.

Freshness-Preserving Non-Interactive Hierarchical Key Agreement Protocol over WHMS

PubMed Central

Kim, Hyunsung

2014-01-01

The digitization of patient health information (PHI) for wireless health monitoring systems (WHMSs) has brought many benefits and challenges for both patients and physicians. However, security, privacy and robustness have remained important challenges for WHMSs. Since the patient's PHI is sensitive and the communication channel, i.e., the Internet, is insecure, it is important to protect them against unauthorized entities, i.e., attackers. Otherwise, failure to do so will not only lead to the compromise of a patient's privacy, but will also put his/her life at risk. This paper proposes a freshness-preserving non-interactive hierarchical key agreement protocol (FNKAP) for WHMSs. The FNKAP is based on the concept of the non-interactive identity-based key agreement for communication efficiency. It achieves patient anonymity between a patient and physician, session key secrecy and resistance against various security attacks, especially including replay attacks. PMID:25513824

Freshness-preserving non-interactive hierarchical key agreement protocol over WHMS.

PubMed

Kim, Hyunsung

2014-12-10

The digitization of patient health information (PHI) for wireless health monitoring systems (WHMSs) has brought many benefits and challenges for both patients and physicians. However, security, privacy and robustness have remained important challenges for WHMSs. Since the patient's PHI is sensitive and the communication channel, i.e., the Internet, is insecure, it is important to protect them against unauthorized entities, i.e., attackers. Otherwise, failure to do so will not only lead to the compromise of a patient's privacy, but will also put his/her life at risk. This paper proposes a freshness-preserving non-interactive hierarchical key agreement protocol (FNKAP) for WHMSs. The FNKAP is based on the concept of the non-interactive identity-based key agreement for communication efficiency. It achieves patient anonymity between a patient and physician, session key secrecy and resistance against various security attacks, especially including replay attacks.

An Enhanced Privacy-Preserving Authentication Scheme for Vehicle Sensor Networks

PubMed Central

Zhou, Yousheng; Zhao, Xiaofeng; Jiang, Yi; Shang, Fengjun; Deng, Shaojiang; Wang, Xiaojun

2017-01-01

Vehicle sensor networks (VSNs) are ushering in a promising future by enabling more intelligent transportation systems and providing a more efficient driving experience. However, because of their inherent openness, VSNs are subject to a large number of potential security threats. Although various authentication schemes have been proposed for addressing security problems, they are not suitable for VSN applications because of their high computation and communication costs. Chuang and Lee have developed a trust-extended authentication mechanism (TEAM) for vehicle-to-vehicle communication using a transitive trust relationship, which they claim can resist various attacks. However, it fails to counter internal attacks because of the utilization of a shared secret key. In this paper, to eliminate the vulnerability of TEAM, an enhanced privacy-preserving authentication scheme for VSNs is constructed. The security of our proposed scheme is proven under the random oracle model based on the assumption of the computational Diffie–Hellman problem. PMID:29292792

CSRQ: Communication-Efficient Secure Range Queries in Two-Tiered Sensor Networks

PubMed Central

Dai, Hua; Ye, Qingqun; Yang, Geng; Xu, Jia; He, Ruiliang

2016-01-01

In recent years, we have seen many applications of secure query in two-tiered wireless sensor networks. Storage nodes are responsible for storing data from nearby sensor nodes and answering queries from Sink. It is critical to protect data security from a compromised storage node. In this paper, the Communication-efficient Secure Range Query (CSRQ)—a privacy and integrity preserving range query protocol—is proposed to prevent attackers from gaining information of both data collected by sensor nodes and queries issued by Sink. To preserve privacy and integrity, in addition to employing the encoding mechanisms, a novel data structure called encrypted constraint chain is proposed, which embeds the information of integrity verification. Sink can use this encrypted constraint chain to verify the query result. The performance evaluation shows that CSRQ has lower communication cost than the current range query protocols. PMID:26907293

Ethical Issues of Social Media Usage in Healthcare.

PubMed

Denecke, K; Bamidis, P; Bond, C; Gabarron, E; Househ, M; Lau, A Y S; Mayer, M A; Merolli, M; Hansen, M

2015-08-13

Social media, web and mobile technologies are increasingly used in healthcare and directly support patientcentered care. Patients benefit from disease self-management tools, contact to others, and closer monitoring. Researchers study drug efficiency, or recruit patients for clinical studies via these technologies. However, low communication barriers in socialmedia, limited privacy and security issues lead to problems from an ethical perspective. This paper summarizes the ethical issues to be considered when social media is exploited in healthcare contexts. Starting from our experiences in social-media research, we collected ethical issues for selected social-media use cases in the context of patient-centered care. Results were enriched by collecting and analyzing relevant literature and were discussed and interpreted by members of the IMIA Social Media Working Group. Most relevant issues in social-media applications are confidence and privacy that need to be carefully preserved. The patient-physician relationship can suffer from the new information gain on both sides since private information of both healthcare provider and consumer may be accessible through the Internet. Physicians need to ensure they keep the borders between private and professional intact. Beyond, preserving patient anonymity when citing Internet content is crucial for research studies. Exploiting medical social-media in healthcare applications requires a careful reflection of roles and responsibilities. Availability of data and information can be useful in many settings, but the abuse of data needs to be prevented. Preserving privacy and confidentiality of online users is a main issue, as well as providing means for patients or Internet users to express concerns on data usage.

Ethical Issues of Social Media Usage in Healthcare

PubMed Central

Bamidis, P.; Bond, C.; Gabarron, E.; Househ, M.; Lau, A. Y. S.; Mayer, M. A.; Merolli, M.; Hansen, M.

2015-01-01

Summary Objective Social media, web and mobile technologies are increasingly used in healthcare and directly support patient-centered care. Patients benefit from disease self-management tools, contact to others, and closer monitoring. Researchers study drug efficiency, or recruit patients for clinical studies via these technologies. However, low communication barriers in social-media, limited privacy and security issues lead to problems from an ethical perspective. This paper summarizes the ethical issues to be considered when social media is exploited in healthcare contexts. Methods Starting from our experiences in social-media research, we collected ethical issues for selected social-media use cases in the context of patient-centered care. Results were enriched by collecting and analyzing relevant literature and were discussed and interpreted by members of the IMIA Social Media Working Group. Results Most relevant issues in social-media applications are confidence and privacy that need to be carefully preserved. The patient-physician relationship can suffer from the new information gain on both sides since private information of both healthcare provider and consumer may be accessible through the Internet. Physicians need to ensure they keep the borders between private and professional intact. Beyond, preserving patient anonymity when citing Internet content is crucial for research studies. Conclusion Exploiting medical social-media in healthcare applications requires a careful reflection of roles and responsibilities. Availability of data and information can be useful in many settings, but the abuse of data needs to be prevented. Preserving privacy and confidentiality of online users is a main issue, as well as providing means for patients or Internet users to express concerns on data usage. PMID:26293861

A Probabilistic Approach to Mitigate Composition Attacks on Privacy in Non-Coordinated Environments

PubMed Central

Sarowar Sattar, A.H.M.; Li, Jiuyong; Liu, Jixue; Heatherly, Raymond; Malin, Bradley

2014-01-01

Organizations share data about individuals to drive business and comply with law and regulation. However, an adversary may expose confidential information by tracking an individual across disparate data publications using quasi-identifying attributes (e.g., age, geocode and sex) associated with the records. Various studies have shown that well-established privacy protection models (e.g., k-anonymity and its extensions) fail to protect an individual’s privacy against this “composition attack”. This type of attack can be thwarted when organizations coordinate prior to data publication, but such a practice is not always feasible. In this paper, we introduce a probabilistic model called (d, α)-linkable, which mitigates composition attack without coordination. The model ensures that d confidential values are associated with a quasi-identifying group with a likelihood of α. We realize this model through an efficient extension to k-anonymization and use extensive experiments to show our strategy significantly reduces the likelihood of a successful composition attack and can preserve more utility than alternative privacy models, such as differential privacy. PMID:25598581

The organizational structure and governing principles of the Food and Drug Administration's Mini-Sentinel pilot program.

PubMed

Forrow, Susan; Campion, Daniel M; Herrinton, Lisa J; Nair, Vinit P; Robb, Melissa A; Wilson, Marcus; Platt, Richard

2012-01-01

The US Food and Drug Administration's Mini-Sentinel pilot program is developing an organizational structure as well as principles and policies to govern its operations. These will inform the structure and function of the eventual Sentinel System. Mini-Sentinel is a collaboration that includes 25 participating institutions. We describe the program's current organizational structure and its major principles and policies. The organization includes a coordinating center with program leadership provided by a principal investigator; a planning board and subcommittees; an operations center; and data, methods, and protocol cores. Ad hoc workgroups are created as needed. A privacy panel advises about protection of individual health information. Principles and policies are intended to ensure that Mini-Sentinel conforms to the principles of fair information practices, protects the privacy of individual health information, maintains the security and integrity of data, assures the confidentiality of proprietary information, provides accurate and timely communications, prevents or manages conflicts of interest, and preserves respect for intellectual property rights. Copyright © 2012 John Wiley & Sons, Ltd.

"May We Please Have Sex Tonight?"--People with Learning Difficulties Pursuing Privacy in Residential Group Settings

ERIC Educational Resources Information Center

Hollomotz, Andrea

2009-01-01

Many residential group settings for people with learning difficulties do not provide individuals with the private space in which they can explore their sexual relationships in a safe and dignified manner. Lack of agreed private spaces seriously infringes the individual's human rights. Many people with learning difficulties who lack privacy have no…

MV-OPES: Multivalued-Order Preserving Encryption Scheme: A Novel Scheme for Encrypting Integer Value to Many Different Values

NASA Astrophysics Data System (ADS)

Kadhem, Hasan; Amagasa, Toshiyuki; Kitagawa, Hiroyuki

Encryption can provide strong security for sensitive data against inside and outside attacks. This is especially true in the “Database as Service” model, where confidentiality and privacy are important issues for the client. In fact, existing encryption approaches are vulnerable to a statistical attack because each value is encrypted to another fixed value. This paper presents a novel database encryption scheme called MV-OPES (Multivalued — Order Preserving Encryption Scheme), which allows privacy-preserving queries over encrypted databases with an improved security level. Our idea is to encrypt a value to different multiple values to prevent statistical attacks. At the same time, MV-OPES preserves the order of the integer values to allow comparison operations to be directly applied on encrypted data. Using calculated distance (range), we propose a novel method that allows a join query between relations based on inequality over encrypted values. We also present techniques to offload query execution load to a database server as much as possible, thereby making a better use of server resources in a database outsourcing environment. Our scheme can easily be integrated with current database systems as it is designed to work with existing indexing structures. It is robust against statistical attack and the estimation of true values. MV-OPES experiments show that security for sensitive data can be achieved with reasonable overhead, establishing the practicability of the scheme.

Choosing blindly but wisely: differentially private solicitation of DNA datasets for disease marker discovery.

PubMed

Zhao, Yongan; Wang, Xiaofeng; Jiang, Xiaoqian; Ohno-Machado, Lucila; Tang, Haixu

2015-01-01

To propose a new approach to privacy preserving data selection, which helps the data users access human genomic datasets efficiently without undermining patients' privacy. Our idea is to let each data owner publish a set of differentially-private pilot data, on which a data user can test-run arbitrary association-test algorithms, including those not known to the data owner a priori. We developed a suite of new techniques, including a pilot-data generation approach that leverages the linkage disequilibrium in the human genome to preserve both the utility of the data and the privacy of the patients, and a utility evaluation method that helps the user assess the value of the real data from its pilot version with high confidence. We evaluated our approach on real human genomic data using four popular association tests. Our study shows that the proposed approach can help data users make the right choices in most cases. Even though the pilot data cannot be directly used for scientific discovery, it provides a useful indication of which datasets are more likely to be useful to data users, who can therefore approach the appropriate data owners to gain access to the data. © The Author 2014. Published by Oxford University Press on behalf of the American Medical Informatics Association.

Recognition and pseudonymisation of medical records for secondary use.

PubMed

Heurix, Johannes; Fenz, Stefan; Rella, Antonio; Neubauer, Thomas

2016-03-01

Health records rank among the most sensitive personal information existing today. An unwanted disclosure to unauthorised parties usually results in significant negative consequences for an individual. Therefore, health records must be adequately protected in order to ensure the individual's privacy. However, health records are also valuable resources for clinical studies and research activities. In order to make the records available for privacy-preserving secondary use, thorough de-personalisation is a crucial prerequisite to prevent re-identification. This paper introduces MEDSEC, a system which automatically converts paper-based health records into de-personalised and pseudonymised documents which can be accessed by secondary users without compromising the patients' privacy. The system converts the paper-based records into a standardised structure that facilitates automated processing and the search for useful information.

Privacy-preserving search for chemical compound databases.

PubMed

Shimizu, Kana; Nuida, Koji; Arai, Hiromi; Mitsunari, Shigeo; Attrapadung, Nuttapong; Hamada, Michiaki; Tsuda, Koji; Hirokawa, Takatsugu; Sakuma, Jun; Hanaoka, Goichiro; Asai, Kiyoshi

2015-01-01

Searching for similar compounds in a database is the most important process for in-silico drug screening. Since a query compound is an important starting point for the new drug, a query holder, who is afraid of the query being monitored by the database server, usually downloads all the records in the database and uses them in a closed network. However, a serious dilemma arises when the database holder also wants to output no information except for the search results, and such a dilemma prevents the use of many important data resources. In order to overcome this dilemma, we developed a novel cryptographic protocol that enables database searching while keeping both the query holder's privacy and database holder's privacy. Generally, the application of cryptographic techniques to practical problems is difficult because versatile techniques are computationally expensive while computationally inexpensive techniques can perform only trivial computation tasks. In this study, our protocol is successfully built only from an additive-homomorphic cryptosystem, which allows only addition performed on encrypted values but is computationally efficient compared with versatile techniques such as general purpose multi-party computation. In an experiment searching ChEMBL, which consists of more than 1,200,000 compounds, the proposed method was 36,900 times faster in CPU time and 12,000 times as efficient in communication size compared with general purpose multi-party computation. We proposed a novel privacy-preserving protocol for searching chemical compound databases. The proposed method, easily scaling for large-scale databases, may help to accelerate drug discovery research by making full use of unused but valuable data that includes sensitive information.

Privacy-preserving search for chemical compound databases

PubMed Central

2015-01-01

Background Searching for similar compounds in a database is the most important process for in-silico drug screening. Since a query compound is an important starting point for the new drug, a query holder, who is afraid of the query being monitored by the database server, usually downloads all the records in the database and uses them in a closed network. However, a serious dilemma arises when the database holder also wants to output no information except for the search results, and such a dilemma prevents the use of many important data resources. Results In order to overcome this dilemma, we developed a novel cryptographic protocol that enables database searching while keeping both the query holder's privacy and database holder's privacy. Generally, the application of cryptographic techniques to practical problems is difficult because versatile techniques are computationally expensive while computationally inexpensive techniques can perform only trivial computation tasks. In this study, our protocol is successfully built only from an additive-homomorphic cryptosystem, which allows only addition performed on encrypted values but is computationally efficient compared with versatile techniques such as general purpose multi-party computation. In an experiment searching ChEMBL, which consists of more than 1,200,000 compounds, the proposed method was 36,900 times faster in CPU time and 12,000 times as efficient in communication size compared with general purpose multi-party computation. Conclusion We proposed a novel privacy-preserving protocol for searching chemical compound databases. The proposed method, easily scaling for large-scale databases, may help to accelerate drug discovery research by making full use of unused but valuable data that includes sensitive information. PMID:26678650

Acoustical considerations for secondary uses of government facilities

NASA Astrophysics Data System (ADS)

Evans, Jack B.

2003-10-01

Government buildings are by their nature, public and multi-functional. Whether in meetings, presentations, documentation processing, work instructions or dispatch, speech communications are critical. Full-time occupancy facilities may require sleep or rest areas adjacent to active spaces. Rooms designed for some other primary use may be used for public assembly, receptions or meetings. In addition, environmental noise impacts to the building or from the building should be considered, especially where adjacent to hospitals, hotels, apartments or other urban sensitive land uses. Acoustical criteria and design parameters for reverberation, background noise and sound isolation should enhance speech intelligibility and privacy. This presentation looks at unusual spaces and unexpected uses of spaces with regard to room acoustics and noise control. Examples of various spaces will be discussed, including an atrium used for reception and assembly, multi-jurisdictional (911) emergency control center, frequent or long-duration use of emergency generators, renovations of historically significant buildings, and the juxtaposition of acoustically incompatible functions. Brief case histories of acoustical requirements, constraints and design solutions will be presented, including acoustical measurements, plan illustrations and photographs. Acoustical criteria for secondary functional uses of spaces will be proposed.

Confidentiality and the rape victim: ethical intent versus political reality.

PubMed

Nass, Deanna

1991-01-01

... The clinician who works with the victim of rape, either in hospital emergency departments, community mental health settings, college environments, or private practice, should consider ways that would effect the many overdue reforms for which this specialty cries out. The need for sensitivity in the area of record keeping, particularly as to how such records might be used, can hardly be debated. Beyond this, there is the role of patient advocate, calling upon the clinician to serve an educative function with reference to the members of his profession and of the larger society. Confidentiality of patient records can be preserved only to the extent that the cultural context in which they exist values such privacy.

Utilization of community pharmacy space to enhance privacy: a qualitative study.

PubMed

Hattingh, H Laetitia; Emmerton, Lynne; Ng Cheong Tin, Pascale; Green, Catherine

2016-10-01

Community pharmacists require access to consumers' information about their medicines and health-related conditions to make informed decisions regarding treatment options. Open communication between consumers and pharmacists is ideal although consumers are only likely to disclose relevant information if they feel that their privacy requirements are being acknowledged and adhered to. This study sets out to explore community pharmacy privacy practices, experiences and expectations and the utilization of available space to achieve privacy. Qualitative methods were used, comprising a series of face-to-face interviews with 25 pharmacists and 55 pharmacy customers in Perth, Western Australia, between June and August 2013. The use of private consultation areas for certain services and sensitive discussions was supported by pharmacists and consumers although there was recognition that workflow processes in some pharmacies may need to change to maximize the use of private areas. Pharmacy staff adopted various strategies to overcome privacy obstacles such as taking consumers to a quieter part of the pharmacy, avoiding exposure of sensitive items through packaging, lowering of voices, interacting during pharmacy quiet times and telephoning consumers. Pharmacy staff and consumers regularly had to apply judgement to achieve the required level of privacy. Management of privacy can be challenging in the community pharmacy environment, and on-going work in this area is important. As community pharmacy practice is increasingly becoming more involved in advanced medication and disease state management services with unique privacy requirements, pharmacies' layouts and systems to address privacy challenges require a proactive approach. © 2015 The Authors. Health Expectations Published by John Wiley & Sons Ltd.

An Anonymous Credit Card System

NASA Astrophysics Data System (ADS)

Androulaki, Elli; Bellovin, Steven

Credit cards have many important benefits; however, these same benefits often carry with them many privacy concerns. In particular, the need for users to be able to monitor their own transactions, as well as bank’s need to justify its payment requests from cardholders, entitle the latter to maintain a detailed log of all transactions its credit card customers were involved in. A bank can thus build a profile of each cardholder even without the latter’s consent. In this paper, we present a practical and accountable anonymous credit system based on ecash, with a privacy preserving mechanism for error correction and expense-reporting.

Data Anonymization that Leads to the Most Accurate Estimates of Statistical Characteristics: Fuzzy-Motivated Approach

PubMed Central

Xiang, G.; Ferson, S.; Ginzburg, L.; Longpré, L.; Mayorga, E.; Kosheleva, O.

2013-01-01

To preserve privacy, the original data points (with exact values) are replaced by boxes containing each (inaccessible) data point. This privacy-motivated uncertainty leads to uncertainty in the statistical characteristics computed based on this data. In a previous paper, we described how to minimize this uncertainty under the assumption that we use the same standard statistical estimates for the desired characteristics. In this paper, we show that we can further decrease the resulting uncertainty if we allow fuzzy-motivated weighted estimates, and we explain how to optimally select the corresponding weights. PMID:25187183

Enabling Analytics on Sensitive Medical Data with Secure Multi-Party Computation.

PubMed

Veeningen, Meilof; Chatterjea, Supriyo; Horváth, Anna Zsófia; Spindler, Gerald; Boersma, Eric; van der Spek, Peter; van der Galiën, Onno; Gutteling, Job; Kraaij, Wessel; Veugen, Thijs

2018-01-01

While there is a clear need to apply data analytics in the healthcare sector, this is often difficult because it requires combining sensitive data from multiple data sources. In this paper, we show how the cryptographic technique of secure multi-party computation can enable such data analytics by performing analytics without the need to share the underlying data. We discuss the issue of compliance to European privacy legislation; report on three pilots bringing these techniques closer to practice; and discuss the main challenges ahead to make fully privacy-preserving data analytics in the medical sector commonplace.

Minutiae Matching with Privacy Protection Based on the Combination of Garbled Circuit and Homomorphic Encryption

PubMed Central

Li, Mengxing; Zhao, Jian; Yang, Mei; Kang, Lijun; Wu, Lili

2014-01-01

Biometrics plays an important role in authentication applications since they are strongly linked to holders. With an increasing growth of e-commerce and e-government, one can expect that biometric-based authentication systems are possibly deployed over the open networks in the near future. However, due to its openness, the Internet poses a great challenge to the security and privacy of biometric authentication. Biometric data cannot be revoked, so it is of paramount importance that biometric data should be handled in a secure way. In this paper we present a scheme achieving privacy-preserving fingerprint authentication between two parties, in which fingerprint minutiae matching algorithm is completed in the encrypted domain. To improve the efficiency, we exploit homomorphic encryption as well as garbled circuits to design the protocol. Our goal is to provide protection for the security of template in storage and data privacy of two parties in transaction. The experimental results show that the proposed authentication protocol runs efficiently. Therefore, the protocol can run over open networks and help to alleviate the concerns on security and privacy of biometric applications over the open networks. PMID:24711729

Minutiae matching with privacy protection based on the combination of garbled circuit and homomorphic encryption.

PubMed

Li, Mengxing; Feng, Quan; Zhao, Jian; Yang, Mei; Kang, Lijun; Wu, Lili

2014-01-01

Biometrics plays an important role in authentication applications since they are strongly linked to holders. With an increasing growth of e-commerce and e-government, one can expect that biometric-based authentication systems are possibly deployed over the open networks in the near future. However, due to its openness, the Internet poses a great challenge to the security and privacy of biometric authentication. Biometric data cannot be revoked, so it is of paramount importance that biometric data should be handled in a secure way. In this paper we present a scheme achieving privacy-preserving fingerprint authentication between two parties, in which fingerprint minutiae matching algorithm is completed in the encrypted domain. To improve the efficiency, we exploit homomorphic encryption as well as garbled circuits to design the protocol. Our goal is to provide protection for the security of template in storage and data privacy of two parties in transaction. The experimental results show that the proposed authentication protocol runs efficiently. Therefore, the protocol can run over open networks and help to alleviate the concerns on security and privacy of biometric applications over the open networks.

Efficient spatial privacy preserving scheme for sensor network

NASA Astrophysics Data System (ADS)

Debnath, Ashmita; Singaravelu, Pradheepkumar; Verma, Shekhar

2013-03-01

The privacy of sensitive events observed by a wireless sensor networks (WSN) needs to be protected. Adversaries with the knowledge of sensor deployment and network protocols can infer the location of a sensed event by monitoring the communication from the sensors even when the messages are encrypted. Encryption provides confidentiality; however, the context of the event can used to breach the privacy of sensed objects. An adversary can track the trajectory of a moving object or determine the location of the occurrence of a critical event to breach its privacy. In this paper, we propose ring signature to obfuscate the spatial information. Firstly, the extended region of location of an event of interest as estimated from a sensor communication is presented. Then, the increase in this region of spatial uncertainty due to the effect of ring signature is determined. We observe that ring signature can effectively enhance the region of location uncertainty of a sensed event. As the event of interest can be situated anywhere in the enhanced region of uncertainty, its privacy against local or global adversary is ensured. Both analytical and simulation results show that induced delay and throughput are insignificant with negligible impact on the performance of a WSN.

Criminal Prohibition of Wrongful Re‑identification: Legal Solution or Minefield for Big Data?

PubMed

Phillips, Mark; Dove, Edward S; Knoppers, Bartha M

2017-12-01

The collapse of confidence in anonymization (sometimes also known as de-identification) as a robust approach for preserving the privacy of personal data has incited an outpouring of new approaches that aim to fill the resulting trifecta of technical, organizational, and regulatory privacy gaps left in its wake. In the latter category, and in large part due to the growth of Big Data-driven biomedical research, falls a growing chorus of calls for criminal and penal offences to sanction wrongful re-identification of "anonymized" data. This chorus cuts across the fault lines of polarized privacy law scholarship that at times seems to advocate privacy protection at the expense of Big Data research or vice versa. Focusing on Big Data in the context of biomedicine, this article surveys the approaches that criminal or penal law might take toward wrongful re-identification of health data. It contextualizes the strategies within their respective legal regimes as well as in relation to emerging privacy debates focusing on personal data use and data linkage and assesses the relative merit of criminalization. We conclude that this approach suffers from several flaws and that alternative social and legal strategies to deter wrongful re-identification may be preferable.

78 FR 69289 - Privacy Act; Implementation

Federal Register 2010, 2011, 2012, 2013, 2014

2013-11-19

... for Disclosures) because release of the accounting of disclosures could alert the subject of an... efforts to preserve national security. Disclosure of the accounting would also permit the individual who... individual will be provided access to the information exempt to the extent that disclosure would reveal the...

Combining Different Privacy-Preserving Record Linkage Methods for Hospital Admission Data.

PubMed

Stausberg, Jürgen; Waldenburger, Andreas; Borgs, Christian; Schnell, Rainer

2017-01-01

Record linkage (RL) is the process of identifying pairs of records that correspond to the same entity, for example the same patient. The basic approach assigns to each pair of records a similarity weight, and then determines a certain threshold, above which the two records are considered to be a match. Three different RL methods were applied under privacy-preserving conditions on hospital admission data: deterministic RL (DRL), probabilistic RL (PRL), and Bloom filters. The patient characteristics like names were one-way encrypted (DRL, PRL) or transformed to a cryptographic longterm key (Bloom filters). Based on one year of hospital admissions, the data set was split randomly in 30 thousand new and 1,5 million known patients. With the combination of the three RL-methods, a positive predictive value of 83 % (95 %-confidence interval 65 %-94 %) was attained. Thus, the application of the presented combination of RL-methods seem to be suited for other applications of population-based research.

CP-ABE Based Privacy-Preserving User Profile Matching in Mobile Social Networks

PubMed Central

Cui, Weirong; Du, Chenglie; Chen, Jinchao

2016-01-01

Privacy-preserving profile matching, a challenging task in mobile social networks, is getting more attention in recent years. In this paper, we propose a novel scheme that is based on ciphertext-policy attribute-based encryption to tackle this problem. In our scheme, a user can submit a preference-profile and search for users with matching-profile in decentralized mobile social networks. In this process, no participant’s profile and the submitted preference-profile is exposed. Meanwhile, a secure communication channel can be established between the pair of successfully matched users. In contrast to existing related schemes which are mainly based on the secure multi-party computation, our scheme can provide verifiability (both the initiator and any unmatched user cannot cheat each other to pretend to be matched), and requires few interactions among users. We provide thorough security analysis and performance evaluation on our scheme, and show its advantages in terms of security, efficiency and usability over state-of-the-art schemes. PMID:27337001

CP-ABE Based Privacy-Preserving User Profile Matching in Mobile Social Networks.

PubMed

Cui, Weirong; Du, Chenglie; Chen, Jinchao

2016-01-01

Privacy-preserving profile matching, a challenging task in mobile social networks, is getting more attention in recent years. In this paper, we propose a novel scheme that is based on ciphertext-policy attribute-based encryption to tackle this problem. In our scheme, a user can submit a preference-profile and search for users with matching-profile in decentralized mobile social networks. In this process, no participant's profile and the submitted preference-profile is exposed. Meanwhile, a secure communication channel can be established between the pair of successfully matched users. In contrast to existing related schemes which are mainly based on the secure multi-party computation, our scheme can provide verifiability (both the initiator and any unmatched user cannot cheat each other to pretend to be matched), and requires few interactions among users. We provide thorough security analysis and performance evaluation on our scheme, and show its advantages in terms of security, efficiency and usability over state-of-the-art schemes.

A Randomized Response Model For Privacy Preserving Smart Metering.

PubMed

Wang, Shuang; Cui, Lijuan; Que, Jialan; Choi, Dae-Hyun; Jiang, Xiaoqian; Cheng, Samuel; Xie, Le

2012-09-01

The adoption of smart meters may bring new privacy concerns to the general public. Given the fact that metering data of individual homes/factories is accumulated every 15 minutes, it is possible to infer the pattern of electricity consumption of individual users. In order to protect the privacy of users in a completely de-centralized setting (i.e., individuals do not communicate with one another), we propose a novel protocol, which allows individual meters to report the true electricity consumption reading with a pre-determinted probability. Load serving entities (LSE) can reconstruct the total electricity consumption of a region or a district through inference algorithm, but their ability of identifying individual users' energy consumption pattern is significantly reduced. Using simulated data, we verify the feasibility of the proposed method and demonstrate performance advantages over existing approaches.

48 CFR 52.224-2 - Privacy Act.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 2 2014-10-01 2014-10-01 false Privacy Act. 52.224-2... AND FORMS SOLICITATION PROVISIONS AND CONTRACT CLAUSES Text of Provisions and Clauses 52.224-2 Privacy... agency function: Privacy Act (APR 1984) (a) The Contractor agrees to— (1) Comply with the Privacy Act of...

Privacy preserving data anonymization of spontaneous ADE reporting system dataset.

PubMed

Lin, Wen-Yang; Yang, Duen-Chuan; Wang, Jie-Teng

2016-07-18

To facilitate long-term safety surveillance of marketing drugs, many spontaneously reporting systems (SRSs) of ADR events have been established world-wide. Since the data collected by SRSs contain sensitive personal health information that should be protected to prevent the identification of individuals, it procures the issue of privacy preserving data publishing (PPDP), that is, how to sanitize (anonymize) raw data before publishing. Although much work has been done on PPDP, very few studies have focused on protecting privacy of SRS data and none of the anonymization methods is favorable for SRS datasets, due to which contain some characteristics such as rare events, multiple individual records, and multi-valued sensitive attributes. We propose a new privacy model called MS(k, θ (*) )-bounding for protecting published spontaneous ADE reporting data from privacy attacks. Our model has the flexibility of varying privacy thresholds, i.e., θ (*) , for different sensitive values and takes the characteristics of SRS data into consideration. We also propose an anonymization algorithm for sanitizing the raw data to meet the requirements specified through the proposed model. Our algorithm adopts a greedy-based clustering strategy to group the records into clusters, conforming to an innovative anonymization metric aiming to minimize the privacy risk as well as maintain the data utility for ADR detection. Empirical study was conducted using FAERS dataset from 2004Q1 to 2011Q4. We compared our model with four prevailing methods, including k-anonymity, (X, Y)-anonymity, Multi-sensitive l-diversity, and (α, k)-anonymity, evaluated via two measures, Danger Ratio (DR) and Information Loss (IL), and considered three different scenarios of threshold setting for θ (*) , including uniform setting, level-wise setting and frequency-based setting. We also conducted experiments to inspect the impact of anonymized data on the strengths of discovered ADR signals. With all three different threshold settings for sensitive value, our method can successively prevent the disclosure of sensitive values (nearly all observed DRs are zeros) without sacrificing too much of data utility. With non-uniform threshold setting, level-wise or frequency-based, our MS(k, θ (*))-bounding exhibits the best data utility and the least privacy risk among all the models. The experiments conducted on selected ADR signals from MedWatch show that only very small difference on signal strength (PRR or ROR) were observed. The results show that our method can effectively prevent the disclosure of patient sensitive information without sacrificing data utility for ADR signal detection. We propose a new privacy model for protecting SRS data that possess some characteristics overlooked by contemporary models and an anonymization algorithm to sanitize SRS data in accordance with the proposed model. Empirical evaluation on the real SRS dataset, i.e., FAERS, shows that our method can effectively solve the privacy problem in SRS data without influencing the ADR signal strength.

A Utility Maximizing and Privacy Preserving Approach for Protecting Kinship in Genomic Databases.

PubMed

Kale, Gulce; Ayday, Erman; Tastan, Oznur

2017-09-12

Rapid and low cost sequencing of genomes enabled widespread use of genomic data in research studies and personalized customer applications, where genomic data is shared in public databases. Although the identities of the participants are anonymized in these databases, sensitive information about individuals can still be inferred. One such information is kinship. We define two routes kinship privacy can leak and propose a technique to protect kinship privacy against these risks while maximizing the utility of shared data. The method involves systematic identification of minimal portions of genomic data to mask as new participants are added to the database. Choosing the proper positions to hide is cast as an optimization problem in which the number of positions to mask is minimized subject to privacy constraints that ensure the familial relationships are not revealed.We evaluate the proposed technique on real genomic data. Results indicate that concurrent sharing of data pertaining to a parent and an offspring results in high risks of kinship privacy, whereas the sharing data from further relatives together is often safer. We also show arrival order of family members have a high impact on the level of privacy risks and on the utility of sharing data. Available at: https://github.com/tastanlab/Kinship-Privacy. erman@cs.bilkent.edu.tr or oznur.tastan@cs.bilkent.edu.tr. Supplementary data are available at Bioinformatics online. © The Author (2017). Published by Oxford University Press. All rights reserved. For Permissions, please email: journals.permissions@oup.com

Scalable privacy-preserving data sharing methodology for genome-wide association studies.

PubMed

Yu, Fei; Fienberg, Stephen E; Slavković, Aleksandra B; Uhler, Caroline

2014-08-01

The protection of privacy of individual-level information in genome-wide association study (GWAS) databases has been a major concern of researchers following the publication of "an attack" on GWAS data by Homer et al. (2008). Traditional statistical methods for confidentiality and privacy protection of statistical databases do not scale well to deal with GWAS data, especially in terms of guarantees regarding protection from linkage to external information. The more recent concept of differential privacy, introduced by the cryptographic community, is an approach that provides a rigorous definition of privacy with meaningful privacy guarantees in the presence of arbitrary external information, although the guarantees may come at a serious price in terms of data utility. Building on such notions, Uhler et al. (2013) proposed new methods to release aggregate GWAS data without compromising an individual's privacy. We extend the methods developed in Uhler et al. (2013) for releasing differentially-private χ(2)-statistics by allowing for arbitrary number of cases and controls, and for releasing differentially-private allelic test statistics. We also provide a new interpretation by assuming the controls' data are known, which is a realistic assumption because some GWAS use publicly available data as controls. We assess the performance of the proposed methods through a risk-utility analysis on a real data set consisting of DNA samples collected by the Wellcome Trust Case Control Consortium and compare the methods with the differentially-private release mechanism proposed by Johnson and Shmatikov (2013). Copyright © 2014 Elsevier Inc. All rights reserved.

Secure and Privacy-Preserving Distributed Information Brokering

ERIC Educational Resources Information Center

Li, Fengjun

2010-01-01

As enormous structured, semi-structured and unstructured data are collected and archived by organizations in many realms ranging from business to health networks to government agencies, the needs for efficient yet secure inter-organization information sharing naturally arise. Unlike early information sharing approaches that only involve a small…

Privacy Preserving PCA on Distributed Bioinformatics Datasets

ERIC Educational Resources Information Center

Li, Xin

2011-01-01

In recent years, new bioinformatics technologies, such as gene expression microarray, genome-wide association study, proteomics, and metabolomics, have been widely used to simultaneously identify a huge number of human genomic/genetic biomarkers, generate a tremendously large amount of data, and dramatically increase the knowledge on human…

Navigating spatial and temporal complexity in developing a long-term land use database for an agricultural watershed

USDA-ARS?s Scientific Manuscript database

No comprehensive protocols exist for the collection, standardization, and storage of agronomic management information into a database that preserves privacy, maintains data uncertainty, and translates everyday decisions into quantitative values. This manuscript describes the development of a databas...

Newspapers and Electronic Databases: Present Technology.

ERIC Educational Resources Information Center

Newcombe, Barbara; Trivedi, Harish

1984-01-01

Discusses technology used to preserve, control, index, and retrieve information in newspapers, highlighting ways to record analyses of news stories, storage/indexing systems based on computers, information as salable commodity, preparation of news for electronic storage, answering in-house queries, questions of copyright and invasion of privacy,…

78 FR 73466 - Privacy Act

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-06

... Subpart A--General. Sec. 707.11 Scope and purpose. Sec. 707.12 Definitions. Sec. 707.13 Preservation of records. Subpart B--Requests for access to records; amendment of records, accounting of disclosures.... Sec. 707.23 Requests for amendment of records. Sec. 707.24 Requests for an accounting of record...

On orthogonal expansions of the space of vector functions which are square-summable over a given domain and the vector analysis operators

NASA Technical Reports Server (NTRS)

Bykhovskiy, E. B.; Smirnov, N. V.

1983-01-01

The Hilbert space L2(omega) of vector functions is studied. A breakdown of L2(omega) into orthogonal subspaces is discussed and the properties of the operators for projection onto these subspaces are investigated from the standpoint of preserving the differential properties of the vectors being projected. Finally, the properties of the operators are examined.

High-order local maximum principle preserving (MPP) discontinuous Galerkin finite element method for the transport equation

NASA Astrophysics Data System (ADS)

Anderson, R.; Dobrev, V.; Kolev, Tz.; Kuzmin, D.; Quezada de Luna, M.; Rieben, R.; Tomov, V.

2017-04-01

In this work we present a FCT-like Maximum-Principle Preserving (MPP) method to solve the transport equation. We use high-order polynomial spaces; in particular, we consider up to 5th order spaces in two and three dimensions and 23rd order spaces in one dimension. The method combines the concepts of positive basis functions for discontinuous Galerkin finite element spatial discretization, locally defined solution bounds, element-based flux correction, and non-linear local mass redistribution. We consider a simple 1D problem with non-smooth initial data to explain and understand the behavior of different parts of the method. Convergence tests in space indicate that high-order accuracy is achieved. Numerical results from several benchmarks in two and three dimensions are also reported.

76 FR 60387 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security Federal...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-09-29

...)(3) (Accounting for Disclosures) because release of the accounting of disclosures could alert the... recipient agency. Disclosure of the accounting would therefore present a serious impediment to law enforcement efforts and/or efforts to preserve national security. Disclosure of the accounting would also...

76 FR 60385 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security U.S...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-09-29

... for Disclosures) because release of the accounting of disclosures could alert the subject of an... efforts to preserve national security. Disclosure of the accounting would also permit the individual who... ongoing law enforcement, national security or fraud investigation; to avoid disclosure of investigative...

32 CFR 318.15 - Rules of conduct

Code of Federal Regulations, 2010 CFR

2010-07-01

... DEFENSE THREAT REDUCTION AGENCY PRIVACY PROGRAM § 318.15 Rules of conduct (a) DTRA personnel shall: (1... of records, to which they have access or are using incident to the conduct of official business, shall be protected so that the security and confidentiality of the information shall be preserved. (2...

A privacy-preserved analytical method for ehealth database with minimized information loss.

PubMed

Chen, Ya-Ling; Cheng, Bo-Chao; Chen, Hsueh-Lin; Lin, Chia-I; Liao, Guo-Tan; Hou, Bo-Yu; Hsu, Shih-Chun

2012-01-01

Digitizing medical information is an emerging trend that employs information and communication technology (ICT) to manage health records, diagnostic reports, and other medical data more effectively, in order to improve the overall quality of medical services. However, medical information is highly confidential and involves private information, even legitimate access to data raises privacy concerns. Medical records provide health information on an as-needed basis for diagnosis and treatment, and the information is also important for medical research and other health management applications. Traditional privacy risk management systems have focused on reducing reidentification risk, and they do not consider information loss. In addition, such systems cannot identify and isolate data that carries high risk of privacy violations. This paper proposes the Hiatus Tailor (HT) system, which ensures low re-identification risk for medical records, while providing more authenticated information to database users and identifying high-risk data in the database for better system management. The experimental results demonstrate that the HT system achieves much lower information loss than traditional risk management methods, with the same risk of re-identification.

Genomes in the cloud: balancing privacy rights and the public good.

PubMed

Ohno-Machado, Lucila; Farcas, Claudiu; Kim, Jihoon; Wang, Shuang; Jiang, Xiaoqian

2013-01-01

The NIH-funded iDASH1 National Center for Biomedical Computing was created in 2010 with the goal of developing infrastructure, algorithms, and tools to integrate Data for Analysis, 'anonymization,' and SHaring. iDASH is based on the premise that, while a strong case for not sharing information to preserve individual privacy can be made, an equally compelling case for sharing genome information for the public good (i.e., to support new discoveries that promote health or alleviate the burden of disease) should also be made. In fact, these cases do not need to be mutually exclusive: genome data sharing on a cloud does not necessarily have to compromise individual privacy, although current practices need significant improvement. So far, protection of subject data from re-identification and misuse has been relying primarily on regulations such as HIPAA, the Common Rule, and GINA. However, protection of biometrics such as a genome requires specialized infrastructure and tools.

Efficiently hiding sensitive itemsets with transaction deletion based on genetic algorithms.

PubMed

Lin, Chun-Wei; Zhang, Binbin; Yang, Kuo-Tung; Hong, Tzung-Pei

2014-01-01

Data mining is used to mine meaningful and useful information or knowledge from a very large database. Some secure or private information can be discovered by data mining techniques, thus resulting in an inherent risk of threats to privacy. Privacy-preserving data mining (PPDM) has thus arisen in recent years to sanitize the original database for hiding sensitive information, which can be concerned as an NP-hard problem in sanitization process. In this paper, a compact prelarge GA-based (cpGA2DT) algorithm to delete transactions for hiding sensitive itemsets is thus proposed. It solves the limitations of the evolutionary process by adopting both the compact GA-based (cGA) mechanism and the prelarge concept. A flexible fitness function with three adjustable weights is thus designed to find the appropriate transactions to be deleted in order to hide sensitive itemsets with minimal side effects of hiding failure, missing cost, and artificial cost. Experiments are conducted to show the performance of the proposed cpGA2DT algorithm compared to the simple GA-based (sGA2DT) algorithm and the greedy approach in terms of execution time and three side effects.

The Effective Dynamics of the Volume Preserving Mean Curvature Flow

NASA Astrophysics Data System (ADS)

Chenn, Ilias; Fournodavlos, G.; Sigal, I. M.

2018-04-01

We consider the dynamics of small closed submanifolds (`bubbles') under the volume preserving mean curvature flow. We construct a map from (n+1 )-dimensional Euclidean space into a given (n+1 )-dimensional Riemannian manifold which characterizes the existence, stability and dynamics of constant mean curvature submanifolds. This is done in terms of a reduced area function on the Euclidean space, which is given constructively and can be computed perturbatively. This allows us to derive adiabatic and effective dynamics of the bubbles. The results can be mapped by rescaling to the dynamics of fixed size bubbles in almost Euclidean Riemannian manifolds.

Towards a privacy preserving cohort discovery framework for clinical research networks.

PubMed

Yuan, Jiawei; Malin, Bradley; Modave, François; Guo, Yi; Hogan, William R; Shenkman, Elizabeth; Bian, Jiang

2017-02-01

The last few years have witnessed an increasing number of clinical research networks (CRNs) focused on building large collections of data from electronic health records (EHRs), claims, and patient-reported outcomes (PROs). Many of these CRNs provide a service for the discovery of research cohorts with various health conditions, which is especially useful for rare diseases. Supporting patient privacy can enhance the scalability and efficiency of such processes; however, current practice mainly relies on policy, such as guidelines defined in the Health Insurance Portability and Accountability Act (HIPAA), which are insufficient for CRNs (e.g., HIPAA does not require encryption of data - which can mitigate insider threats). By combining policy with privacy enhancing technologies we can enhance the trustworthiness of CRNs. The goal of this research is to determine if searchable encryption can instill privacy in CRNs without sacrificing their usability. We developed a technique, implemented in working software to enable privacy-preserving cohort discovery (PPCD) services in large distributed CRNs based on elliptic curve cryptography (ECC). This technique also incorporates a block indexing strategy to improve the performance (in terms of computational running time) of PPCD. We evaluated the PPCD service with three real cohort definitions: (1) elderly cervical cancer patients who underwent radical hysterectomy, (2) oropharyngeal and tongue cancer patients who underwent robotic transoral surgery, and (3) female breast cancer patients who underwent mastectomy) with varied query complexity. These definitions were tested in an encrypted database of 7.1 million records derived from the publically available Healthcare Cost and Utilization Project (HCUP) Nationwide Inpatient Sample (NIS). We assessed the performance of the PPCD service in terms of (1) accuracy in cohort discovery, (2) computational running time, and (3) privacy afforded to the underlying records during PPCD. The empirical results indicate that the proposed PPCD can execute cohort discovery queries in a reasonable amount of time, with query runtime in the range of 165-262s for the 3 use cases, with zero compromise in accuracy. We further show that the search performance is practical because it supports a highly parallelized design for secure evaluation over encrypted records. Additionally, our security analysis shows that the proposed construction is resilient to standard adversaries. PPCD services can be designed for clinical research networks. The security construction presented in this work specifically achieves high privacy guarantees by preventing both threats originating from within and beyond the network. Copyright © 2016 Elsevier Inc. All rights reserved.

Privacy functions and wilderness recreation: Use density and length of stay effects on experience

Treesearch

David N. Cole; Troy E. Hall

2010-01-01

Privacy and its functions are desirable attributes of the human experience in wilderness areas, where outstanding opportunities for solitude is legally mandated. Privacy, the ability to choose how and when to interact and exchange information with other people, enhances opportunities for both personal growth and interaction with the wilderness environment. This study...

User Privacy in RFID Networks

NASA Astrophysics Data System (ADS)

Singelée, Dave; Seys, Stefaan

Wireless RFID networks are getting deployed at a rapid pace and have already entered the public space on a massive scale: public transport cards, the biometric passport, office ID tokens, customer loyalty cards, etc. Although RFID technology offers interesting services to customers and retailers, it could also endanger the privacy of the end-users. The lack of protection mechanisms being deployed could potentially result in a privacy leakage of personal data. Furthermore, there is the emerging threat of location privacy. In this paper, we will show some practical attack scenarios and illustrates some of them with cases that have received press coverage. We will present the main challenges of enhancing privacy in RFID networks and evaluate some solutions proposed in literature. The main advantages and shortcomings will be briefly discussed. Finally, we will give an overview of some academic and industrial research initiatives on RFID privacy.

Attenuation - The Ugly Stepsister of Velocity in the Noise Correlation Family

NASA Astrophysics Data System (ADS)

Lawrence, J. F.; Prieto, G.; Denolle, M.; Seats, K. J.

2012-12-01

Noise correlation functions and noise transfer functions have shown in practice to preserve the relative amplitude information, despite the challenge to reliably resolve it compared to phase information. Yet amplitude contains important information about wavefield interactions with the subsurface structure, including focusing/defocusing and seismic attenuation. To focus on the anelastic effects, or attenuation, we measure amplitude decay with increased station separation (distance). We present numerical results showing that the noise correlation functions (NCFs) preserve the relative amplitude information and properly retrieve seismic attenuation for sufficient noise source distribution and appropriate processing. Attenuation is only preserved through the relative decay of distinct waves from multiple simultaneous source locations. With appropriate whitening (and no time domain normalization), the coherency preserves correlation amplitudes proportional to the relative decay expected with all the inter-station spacing. We present new attenuation results for the United States, and particularly the Yellowstone region that illustrate lateral variations that strongly correlate with known geological features such as sedimentary basins, crustal blocks and active volcanism.

Variation of preserving organic matter bound in interlayer of montmorillonite induced by microbial metabolic process.

PubMed

Zhao, Yulian; Dong, Faqin; Dai, Qunwei; Li, Gang; Ma, Jie

2017-07-25

This paper aimed to investigate the variation of preserving organic matter bound in the interlayer space of montmorillonite (Mt) induced by a microbe metabolic process. We selected Bacillus pumilus as the common soil native bacteria. The alteration of d 001 value, functional group, and C,N organic matter contents caused by bacteria were analyzed by XRD, FTIR, and elementary analyzer, respectively. XRD results showed that the d 001 value of montmorillonite increased with the concentration decreasing and decreased with the culture time increasing after interacting with bacteria indicating the interlayer space of montmorillonite was connected with the organic matter. The findings of long-term interaction by resetting culture conditions implied that the montmorillonite buffered the organic matter when the nutrition was enough and released again when the nutrition was lacking. The results of the elementary analyzer declared the content of organic matter was according to the d 001 value of montmorillonite and N organic matter which played a major impact. FTIR results confirmed that the Si-O stretching vibrations of Mt were affected by the functional group of organic matter. Our results showed that the montmorillonite under the influence of soil bacteria has a strong buffering capacity for preserving organic matter into the interlayer space in a short-term. It might provide critical implications for understanding the evolution process and the preservation of fertilization which was in the over-fertilization or less-fertilization conditions on farmland.

48 CFR 52.224-1 - Privacy Act Notification.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 48 Federal Acquisition Regulations System 2 2013-10-01 2013-10-01 false Privacy Act Notification....224-1 Privacy Act Notification. As prescribed in 24.104, insert the following clause in solicitations... required to accomplish an agency function: Privacy Act Notification (APR 1984) The Contractor will be...

48 CFR 52.224-1 - Privacy Act Notification.

Code of Federal Regulations, 2012 CFR

2012-10-01

... 48 Federal Acquisition Regulations System 2 2012-10-01 2012-10-01 false Privacy Act Notification....224-1 Privacy Act Notification. As prescribed in 24.104, insert the following clause in solicitations... required to accomplish an agency function: Privacy Act Notification (APR 1984) The Contractor will be...

48 CFR 52.224-1 - Privacy Act Notification.

Code of Federal Regulations, 2011 CFR

2011-10-01

... 48 Federal Acquisition Regulations System 2 2011-10-01 2011-10-01 false Privacy Act Notification....224-1 Privacy Act Notification. As prescribed in 24.104, insert the following clause in solicitations... required to accomplish an agency function: Privacy Act Notification (APR 1984) The Contractor will be...

48 CFR 52.224-1 - Privacy Act Notification.

Code of Federal Regulations, 2014 CFR

2014-10-01

... 48 Federal Acquisition Regulations System 2 2014-10-01 2014-10-01 false Privacy Act Notification....224-1 Privacy Act Notification. As prescribed in 24.104, insert the following clause in solicitations... required to accomplish an agency function: Privacy Act Notification (APR 1984) The Contractor will be...

48 CFR 52.224-1 - Privacy Act Notification.

Code of Federal Regulations, 2010 CFR

2010-10-01

... 48 Federal Acquisition Regulations System 2 2010-10-01 2010-10-01 false Privacy Act Notification....224-1 Privacy Act Notification. As prescribed in 24.104, insert the following clause in solicitations... required to accomplish an agency function: Privacy Act Notification (APR 1984) The Contractor will be...

Development of a web service for analysis in a distributed network.

PubMed

Jiang, Xiaoqian; Wu, Yuan; Marsolo, Keith; Ohno-Machado, Lucila

2014-01-01

We describe functional specifications and practicalities in the software development process for a web service that allows the construction of the multivariate logistic regression model, Grid Logistic Regression (GLORE), by aggregating partial estimates from distributed sites, with no exchange of patient-level data. We recently developed and published a web service for model construction and data analysis in a distributed environment. This recent paper provided an overview of the system that is useful for users, but included very few details that are relevant for biomedical informatics developers or network security personnel who may be interested in implementing this or similar systems. We focus here on how the system was conceived and implemented. We followed a two-stage development approach by first implementing the backbone system and incrementally improving the user experience through interactions with potential users during the development. Our system went through various stages such as concept proof, algorithm validation, user interface development, and system testing. We used the Zoho Project management system to track tasks and milestones. We leveraged Google Code and Apache Subversion to share code among team members, and developed an applet-servlet architecture to support the cross platform deployment. During the development process, we encountered challenges such as Information Technology (IT) infrastructure gaps and limited team experience in user-interface design. We figured out solutions as well as enabling factors to support the translation of an innovative privacy-preserving, distributed modeling technology into a working prototype. Using GLORE (a distributed model that we developed earlier) as a pilot example, we demonstrated the feasibility of building and integrating distributed modeling technology into a usable framework that can support privacy-preserving, distributed data analysis among researchers at geographically dispersed institutes.

Development of a Web Service for Analysis in a Distributed Network

PubMed Central

Jiang, Xiaoqian; Wu, Yuan; Marsolo, Keith; Ohno-Machado, Lucila

2014-01-01

Objective: We describe functional specifications and practicalities in the software development process for a web service that allows the construction of the multivariate logistic regression model, Grid Logistic Regression (GLORE), by aggregating partial estimates from distributed sites, with no exchange of patient-level data. Background: We recently developed and published a web service for model construction and data analysis in a distributed environment. This recent paper provided an overview of the system that is useful for users, but included very few details that are relevant for biomedical informatics developers or network security personnel who may be interested in implementing this or similar systems. We focus here on how the system was conceived and implemented. Methods: We followed a two-stage development approach by first implementing the backbone system and incrementally improving the user experience through interactions with potential users during the development. Our system went through various stages such as concept proof, algorithm validation, user interface development, and system testing. We used the Zoho Project management system to track tasks and milestones. We leveraged Google Code and Apache Subversion to share code among team members, and developed an applet-servlet architecture to support the cross platform deployment. Discussion: During the development process, we encountered challenges such as Information Technology (IT) infrastructure gaps and limited team experience in user-interface design. We figured out solutions as well as enabling factors to support the translation of an innovative privacy-preserving, distributed modeling technology into a working prototype. Conclusion: Using GLORE (a distributed model that we developed earlier) as a pilot example, we demonstrated the feasibility of building and integrating distributed modeling technology into a usable framework that can support privacy-preserving, distributed data analysis among researchers at geographically dispersed institutes. PMID:25848586

32 CFR 724.811 - Privacy Act information.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 32 National Defense 5 2012-07-01 2012-07-01 false Privacy Act information. 724.811 Section 724.811... BOARD Procedures of Naval Discharge Review Board § 724.811 Privacy Act information. Information protected under the Privacy Act is involved in the discharge review functions. The provisions of SECNAVINST...

32 CFR 724.811 - Privacy Act information.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 32 National Defense 5 2014-07-01 2014-07-01 false Privacy Act information. 724.811 Section 724.811... BOARD Procedures of Naval Discharge Review Board § 724.811 Privacy Act information. Information protected under the Privacy Act is involved in the discharge review functions. The provisions of SECNAVINST...

32 CFR 865.119 - Privacy Act information.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 6 2013-07-01 2013-07-01 false Privacy Act information. 865.119 Section 865.119...-GENERAL PERSONNEL REVIEW BOARDS Air Force Discharge Review Board § 865.119 Privacy Act information. Information protected under the Privacy Act is involved in discharge review functions. The provisions of 32...

32 CFR 865.119 - Privacy Act information.

Code of Federal Regulations, 2012 CFR

2012-07-01

... 32 National Defense 6 2012-07-01 2012-07-01 false Privacy Act information. 865.119 Section 865.119...-GENERAL PERSONNEL REVIEW BOARDS Air Force Discharge Review Board § 865.119 Privacy Act information. Information protected under the Privacy Act is involved in discharge review functions. The provisions of 32...

32 CFR 724.811 - Privacy Act information.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 5 2011-07-01 2011-07-01 false Privacy Act information. 724.811 Section 724.811... BOARD Procedures of Naval Discharge Review Board § 724.811 Privacy Act information. Information protected under the Privacy Act is involved in the discharge review functions. The provisions of SECNAVINST...

32 CFR 865.119 - Privacy Act information.

Code of Federal Regulations, 2014 CFR

2014-07-01

... 32 National Defense 6 2014-07-01 2014-07-01 false Privacy Act information. 865.119 Section 865.119...-GENERAL PERSONNEL REVIEW BOARDS Air Force Discharge Review Board § 865.119 Privacy Act information. Information protected under the Privacy Act is involved in discharge review functions. The provisions of 32...

45 CFR 155.260 - Privacy and security of personally identifiable information.

Code of Federal Regulations, 2013 CFR

2013-10-01

... 45 Public Welfare 1 2013-10-01 2013-10-01 false Privacy and security of personally identifiable... AFFORDABLE CARE ACT General Functions of an Exchange § 155.260 Privacy and security of personally... must establish and implement privacy and security standards that are consistent with the following...

32 CFR 724.811 - Privacy Act information.

Code of Federal Regulations, 2013 CFR

2013-07-01

... 32 National Defense 5 2013-07-01 2013-07-01 false Privacy Act information. 724.811 Section 724.811... BOARD Procedures of Naval Discharge Review Board § 724.811 Privacy Act information. Information protected under the Privacy Act is involved in the discharge review functions. The provisions of SECNAVINST...

32 CFR 865.119 - Privacy Act information.

Code of Federal Regulations, 2011 CFR

2011-07-01

... 32 National Defense 6 2011-07-01 2011-07-01 false Privacy Act information. 865.119 Section 865.119...-GENERAL PERSONNEL REVIEW BOARDS Air Force Discharge Review Board § 865.119 Privacy Act information. Information protected under the Privacy Act is involved in discharge review functions. The provisions of 32...

32 CFR 724.811 - Privacy Act information.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 5 2010-07-01 2010-07-01 false Privacy Act information. 724.811 Section 724.811... BOARD Procedures of Naval Discharge Review Board § 724.811 Privacy Act information. Information protected under the Privacy Act is involved in the discharge review functions. The provisions of SECNAVINST...

32 CFR 865.119 - Privacy Act information.

Code of Federal Regulations, 2010 CFR

2010-07-01

... 32 National Defense 6 2010-07-01 2010-07-01 false Privacy Act information. 865.119 Section 865.119...-GENERAL PERSONNEL REVIEW BOARDS Air Force Discharge Review Board § 865.119 Privacy Act information. Information protected under the Privacy Act is involved in discharge review functions. The provisions of 32...

Understanding and Capturing People’s Mobile App Privacy Preferences

DTIC Science & Technology

2013-10-28

The entire apps’ metadata takes up about 500MB of storage space when stored in a MySQL database and all the binary files take approximately 300GB of...functionality that can de- compile Dalvik bytecodes to Java source code faster than other de-compilers. Given the scale of the app analysis we planned on... java libraries, such as parser, sql connectors, etc Targeted Ads 137 admob, adwhirl, greystripe… Provided by mobile behavioral ads company to

Camelot 3: Habitability criteria space research and design studio

NASA Technical Reports Server (NTRS)

Arroyo, F.; Budet, O.; Garcia, A.; Lee, J.; Lopez, R.; Lugo, R.; Mateo, A.; Mellado, R.; Mendez, H.; Ortiz, N.

1989-01-01

Acknowledging the importance of human beings on a mission to Mars, the University of Puerto Rico studied both psychological and physiological aspects. Different conditions necessary for human health and well-being were considered. As a result, habitability criteria were developed. The criteria are as follows: personal identification; social interaction; unpredictable conditions; contact with nature; mental landscapes; privacy; equalitarian conditions; variety; functionality; sensory stimulation; music and environmental sound; stability and security; comfort; and sense of orientation.

78 FR 77503 - Privacy Act of 1974; Privacy Act System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2013-12-23

... System Manager title. Human Experimental and Research Data Records/NASA 10HERD: Refine system locations... aeronautics, astronautics, space science, and other concerns of NASA. CATEGORIES OF RECORDS IN THE SYSTEM... and other disciplines) or any other interested individuals for research in writing dissertations...

Frequent Itemset Hiding Algorithm Using Frequent Pattern Tree Approach

ERIC Educational Resources Information Center

Alnatsheh, Rami

2012-01-01

A problem that has been the focus of much recent research in privacy preserving data-mining is the frequent itemset hiding (FIH) problem. Identifying itemsets that appear together frequently in customer transactions is a common task in association rule mining. Organizations that share data with business partners may consider some of the frequent…

You, Me, and We: Biolabs for the 21st Century.

PubMed

Kornberg, Ken

2016-03-10

Twenty-first century biomedical research is advantaged by institutional infrastructures that foster a collaborative, multidisciplinary approach. A few critical elements in the design of labs, research buildings, or campus can make interaction easier while preserving privacy and comfort for the individual researcher. Copyright © 2016 Elsevier Inc. All rights reserved.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Not Available

The Transportation Secure Data Center (TSDC) at www.nrel.gov/tsdc provides free, web-based access to detailed transportation data from a variety of travel surveys conducted across the nation. While preserving the privacy of survey participants, this online repository makes vital transportation data broadly available to users from the comfort of their own desks via a secure online connection.

78 FR 58254 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/U.S. Customs...

Federal Register 2010, 2011, 2012, 2013, 2014

2013-09-23

...)(3) and (4) (Accounting for Disclosures) because release of the accounting of disclosures could alert... the recipient agency. Disclosure of the accounting would therefore present a serious impediment to law enforcement efforts and/or efforts to preserve national security. Disclosure of the accounting would also...

76 FR 70638 - Privacy Act of 1974: Implementation of Exemptions; Department of Homeland Security/U.S...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-11-15

... Disclosures) because release of the accounting of disclosures could alert the subject of an investigation of... efforts to preserve national security. Disclosure of the accounting would also permit the individual who... of Federal Regulations, as follows: PART 5--DISCLOSURE OF RECORDS AND INFORMATION 0 1. The authority...

Politic of Security, Privacy and Transparency in Human Learning Systems

ERIC Educational Resources Information Center

Jeghal, Adil; Oughdir, Lahcen; Tairi, Hamid

2016-01-01

The preservation of confidentiality has become a major issue for the majority of applications that process personal information, the sensitivity of this information requires creators to set rules for the sharing and use of access control policies. A great deal of research has already been conducted in educational environments. However, one aspect…

Privacy-Preserving and Usable Data Publishing and Analysis

ERIC Educational Resources Information Center

Shen, Entong

2013-01-01

In the current digital world, data is becoming an increasingly valuable resource and the demand for sharing or releasing data has never been higher. Organizations need to make available versions of the data they collected for business or legal reasons and at the same time they are under strong obligation to protect sensitive information about…

Privacy-Preserving Security for Vehicular Communications

ERIC Educational Resources Information Center

Weerasinghe, Hesiri Dhammika

2011-01-01

Because of the large number of deaths, severe injuries and huge financial loss due to auto accidents and poor traffic management, road safety and traffic management have become very important areas of interest among research community. As a result, Vehicular Ad-hoc Network (VANET) becomes a promising technology to improve road safety and quality…

Clinic exam room design: present and future.

PubMed

Freihoefer, Kara; Nyberg, Gary; Vickery, Christine

2013-01-01

This article aims to deconstruct various design qualities and strategies of clinic exam rooms, and discuss how they influence users' interaction and behavior in the space. Relevant literature supports the advantages and disadvantages of different design strategies. Annotated exam room prototypes illustrate the design qualities and strategies discussed. Advancements in technology and medicine, along with new legislative policies, are influencing the way care providers deliver care and ultimately clinic exam room designs. The patient-centered medical home model has encouraged primary care providers to make patients more active leaders of their health plan which will influence the overall functionality and configuration of clinic exam rooms. Specific design qualities discussed include overall size, location of doors and privacy curtains, positioning of exam tables, influence of technology in the consultation area, types of seating, and placement of sink and hand sanitizing dispensers. In addition, future trends of exam room prototypes are presented. There is a general lack of published evidence to support design professionals' design solutions for outpatient exam rooms. Future research should investigate such topics as the location of exam tables and privacy curtains as they relate to patient privacy; typical size and location of consultation table as it relates to patient connection and communication; and placement of sinks and sanitization dispensers as they relate to frequency and patterns of usage. Literature review, outpatient, technology, visual privacy.

Reducing side effects of hiding sensitive itemsets in privacy preserving data mining.

PubMed

Lin, Chun-Wei; Hong, Tzung-Pei; Hsu, Hung-Chuan

2014-01-01

Data mining is traditionally adopted to retrieve and analyze knowledge from large amounts of data. Private or confidential data may be sanitized or suppressed before it is shared or published in public. Privacy preserving data mining (PPDM) has thus become an important issue in recent years. The most general way of PPDM is to sanitize the database to hide the sensitive information. In this paper, a novel hiding-missing-artificial utility (HMAU) algorithm is proposed to hide sensitive itemsets through transaction deletion. The transaction with the maximal ratio of sensitive to nonsensitive one is thus selected to be entirely deleted. Three side effects of hiding failures, missing itemsets, and artificial itemsets are considered to evaluate whether the transactions are required to be deleted for hiding sensitive itemsets. Three weights are also assigned as the importance to three factors, which can be set according to the requirement of users. Experiments are then conducted to show the performance of the proposed algorithm in execution time, number of deleted transactions, and number of side effects.

kACTUS 2: Privacy Preserving in Classification Tasks Using k-Anonymity

NASA Astrophysics Data System (ADS)

Kisilevich, Slava; Elovici, Yuval; Shapira, Bracha; Rokach, Lior

k-anonymity is the method used for masking sensitive data which successfully solves the problem of re-linking of data with an external source and makes it difficult to re-identify the individual. Thus k-anonymity works on a set of quasi-identifiers (public sensitive attributes), whose possible availability and linking is anticipated from external dataset, and demands that the released dataset will contain at least k records for every possible quasi-identifier value. Another aspect of k is its capability of maintaining the truthfulness of the released data (unlike other existing methods). This is achieved by generalization, a primary technique in k-anonymity. Generalization consists of generalizing attribute values and substituting them with semantically consistent but less precise values. When the substituted value doesn’t preserve semantic validity the technique is called suppression which is a private case of generalization. We present a hybrid approach called compensation which is based on suppression and swapping for achieving privacy. Since swapping decreases the truthfulness of attribute values there is a tradeoff between level of swapping (information truthfulness) and suppression (information loss) incorporated in our algorithm.

Privacy preservation and authentication on secure geographical routing in VANET

NASA Astrophysics Data System (ADS)

Punitha, A.; Manickam, J. Martin Leo

2017-05-01

Vehicular Ad hoc Networks (VANETs) play an important role in vehicle-to-vehicle communication as it offers a high level of safety and convenience to drivers. In order to increase the level of security and safety in VANETs, in this paper, we propose a Privacy Preservation and Authentication on Secure Geographical Routing Protocol (PPASGR) for VANET. It provides security by detecting and preventing malicious nodes through two directional antennas such as forward (f-antenna) and backward (b-antenna). The malicious nodes are detected by direction detection, consistency detection and conflict detection. The location of the trusted neighbour is identified using TNT-based location verification scheme after the implementation of the Vehicle Tamper Proof Device (VTPD), Trusted Authority (TA) is generated that produces the anonymous credentials. Finally, VTPD generates pseudo-identity using TA which retrieves the real identity of the sender. Through this approach, the authentication, integrity and confidentiality for routing packets can be achieved. The simulation results show that the proposed approach reduces the packet drop due to attack and improves the packet delivery ratio.

Reducing Side Effects of Hiding Sensitive Itemsets in Privacy Preserving Data Mining

PubMed Central

Lin, Chun-Wei; Hong, Tzung-Pei; Hsu, Hung-Chuan

2014-01-01

Data mining is traditionally adopted to retrieve and analyze knowledge from large amounts of data. Private or confidential data may be sanitized or suppressed before it is shared or published in public. Privacy preserving data mining (PPDM) has thus become an important issue in recent years. The most general way of PPDM is to sanitize the database to hide the sensitive information. In this paper, a novel hiding-missing-artificial utility (HMAU) algorithm is proposed to hide sensitive itemsets through transaction deletion. The transaction with the maximal ratio of sensitive to nonsensitive one is thus selected to be entirely deleted. Three side effects of hiding failures, missing itemsets, and artificial itemsets are considered to evaluate whether the transactions are required to be deleted for hiding sensitive itemsets. Three weights are also assigned as the importance to three factors, which can be set according to the requirement of users. Experiments are then conducted to show the performance of the proposed algorithm in execution time, number of deleted transactions, and number of side effects. PMID:24982932

"I Always Vet Things": Navigating Privacy and the Presentation of Self on Health Discussion Boards Among Individuals with Long-Term Conditions.

PubMed

Brady, Ellen; Segar, Julia; Sanders, Caroline

2016-10-13

The ethics of research into online communities is a long-debated issue, with many researchers arguing that open-access discussion groups are publically accessible data and do not require informed consent from participants for their use for research purposes. However, it has been suggested that there is a discrepancy between the perceived and actual privacy of user-generated online content by community members. There has been very little research regarding how privacy is experienced and enacted online. The objective of this study is to address this gap by qualitatively exploring the expectations of privacy on Internet forums among individuals with long-term conditions. Semistructured interviews were conducted with 20 participants with myalgic encephalomyelitis/chronic fatigue syndrome (ME/CFS) and 21 participants with type 1 and 2 diabetes mellitus, and were analyzed using thematic analysis. Participants were recruited via online and offline routes, namely forums, email lists, newsletters, and face-to-face support groups. The findings indicate that privacy online is a nebulous concept. Rather than individuals drawing a clear-cut distinction between what they would and would not be comfortable sharing online, it was evident that these situations were contextually dependent and related to a number of unique and individual factors. Interviewees were seen to carefully manage how they presented themselves on forums, filtering and selecting the information that they shared about themselves in order to develop and maintain a particular online persona, while maintaining and preserving an acceptable level of privacy.

UK National Data Guardian for Health and Care's Review of Data Security: Trust, better security and opt-outs.

PubMed

Chan, Tom; Di Iorio, Concetta Tania; De Lusignan, Simon; Lo Russo, Daniel; Kuziemsky, Craig; Liaw, Siaw-Teng

2016-12-20

Sharing health and social care data is essential to the delivery of high quality health care as well as disease surveillance, public health, and for conducting research. However, these societal benefits may be constrained by privacy and data protection principles. Hence, societies are striving to find a balance between the two competing public interests. Whilst the spread of IT advancements in recent decades has increased the demand for an increased privacy and data protection in many ways health is a special case. UK are adopting guidelines, codes of conduct and regulatory instruments aimed to implement privacy principles into practical settings and enhance public trust. Accordingly, in 2015, the UK National Data Guardian (NDG) requested to conduct a further review of data protection, referred to as Caldicott 3.  The scope of this review is to strengthen data security standards and confidentiality. It also proposes a consent system based on an "opt-out" model rather than on "opt-in.Across Europe as well as internationally the privacy-health data sharing balance is not fixed.  In Europe enactment of the new EU Data Protection Regulation in 2016 constitute a major breakthrough, which is likely to have a profound effect on European countries and beyond.  In Australia and across North America different ways are being sought to balance out these twin requirements of a modern society - to preserve privacy alongside affording high quality health care for an ageing population.  Whilst in the UK privacy legal framework remains complex and fragmented into different layers of legislation, which may negatively impact on both the rights to privacy and health the UK is at the forefront in the uptake of international and EU privacy and data protection principles. And, if the privacy regime were reorganised in a more comprehensive manner, it could be used as a sound implementation model for other countries.

Preserving privacy of online digital physiological signals using blind and reversible steganography.

PubMed

Shiu, Hung-Jr; Lin, Bor-Sing; Huang, Chien-Hung; Chiang, Pei-Ying; Lei, Chin-Laung

2017-11-01

Physiological signals such as electrocardiograms (ECG) and electromyograms (EMG) are widely used to diagnose diseases. Presently, the Internet offers numerous cloud storage services which enable digital physiological signals to be uploaded for convenient access and use. Numerous online databases of medical signals have been built. The data in them must be processed in a manner that preserves patients' confidentiality. A reversible error-correcting-coding strategy will be adopted to transform digital physiological signals into a new bit-stream that uses a matrix in which is embedded the Hamming code to pass secret messages or private information. The shared keys are the matrix and the version of the Hamming code. An online open database, the MIT-BIH arrhythmia database, was used to test the proposed algorithms. The time-complexity, capacity and robustness are evaluated. Comparisons of several evaluations subject to related work are also proposed. This work proposes a reversible, low-payload steganographic scheme for preserving the privacy of physiological signals. An (n,  m)-hamming code is used to insert (n - m) secret bits into n bits of a cover signal. The number of embedded bits per modification is higher than in comparable methods, and the computational power is efficient and the scheme is secure. Unlike other Hamming-code based schemes, the proposed scheme is both reversible and blind. Copyright © 2017 Elsevier B.V. All rights reserved.

Functional brain injury rehabilitation: survivor experiences reported by families and professionals.

PubMed

Wallace, Sarah E; Evans, Kelli; Arnold, Taylor; Hux, Karen

2007-12-01

The researchers investigated rehabilitation experiences of brain injury (BI) survivors participating in a functional programme. The researchers used a phenomenological approach involving the collection of artifacts and the analysis of focus group discussions through horizontalizing statements, creating meaning units and clustering codes. Focus groups including staff members and survivors' relatives reported perceptions about the programme and survivors' experiences; programme artifacts (e.g. survivors' schedules, website information) provided additional information. Survivors verified focus group responses and an analysis using five assessment measures served to validate positive functional changes among programme participants. Three general categories of themes emerged: components of functional therapy, programme/culture features supporting functional therapy and family members' and survivors' reactions to a functional programme. Sub-categories and themes provided details about issues central to functional BI treatment. The findings suggest that functional therapy programmes: (a) address family and survivors' goals, (b) occur in the community or real world, (c) are implemented by people in survivors' environments, (d) are collaborative, (e) focus on a positive culture, (f) build on basic skills, (g) allow exploration of discharge options, (h) preserve survivors' privacy and dignity and (i) recognize difficulties associated with transitioning from acute to post-acute rehabilitation.

Coexistence of Anti-Glomerular Basement Membrane Glomerulonephritis and Membranous Nephropathy in a Female Patient with Preserved Renal Function.

PubMed

Ogawara, Aoi; Harada, Makoto; Ichikawa, Tohru; Fujii, Kazuaki; Ehara, Takashi; Kobayashi, Mamoru

2017-12-01

Renal prognosis for anti-glomerular basement membrane (GBM) glomerulonephritis is poor. The greater the amount of anti-GBM antibody binding the antigen (type IV collagen of the glomerular basement membrane), the greater the number of crescents that develop in glomeruli, resulting in progression of renal impairment. Immunofluorescence staining reveals linear IgG depositions on glomerular capillary walls. Membranous nephropathy (MN) is one of the most common causes of nephrotic syndrome in middle-aged to elderly patients. Immune complex is deposited in the sub-epithelial space of the glomerulus resulting in the development of a membranous lesion. Immunofluorescence staining reveals granular IgG depositions on glomerular capillary walls. Coexisting anti-GBM glomerulonephritis and MN are rare and, here we report a case of coexisting anti-GBM glomerulonephritis and MN with preserved renal function. There are some cases of coexisting anti-GBM glomerulonephritis and MN do not show severely decreased renal function. A 76-year-old Japanese woman presented with nephrotic syndrome, microscopic hematuria, and was positive for anti-GBM antibody. Kidney biopsy revealed linear and granular IgG depositions in glomerular capillary walls, crescent formations, and electron-dense deposits in the sub-epithelial space. She was diagnosed with anti-GBM glomerulonephritis and MN. Steroid and cyclosporine therapy achieved complete remission, and kidney function was preserved. In conclusion, coexisting anti-GBM glomerulonephritis and MN can have preserved renal function. IgG subclass of deposited anti-GBM antibody may be associated with the severity of anti-GBM glomerulonephritis. In addition, in the case of nephrotic syndrome with hematuria, we should consider the possibility of coexisting anti-GBM glomerulonephritis and MN.

25 CFR 273.54 - Privacy Act requirements.

Code of Federal Regulations, 2012 CFR

2012-04-01

... 25 Indians 1 2012-04-01 2011-04-01 true Privacy Act requirements. 273.54 Section 273.54 Indians... Privacy Act requirements. (a) When a contractor operates a system of records to accomplish a Bureau function, the contractor shall comply with subpart D of 43 CFR part 2 which implements the Privacy Act (5 U...

25 CFR 273.54 - Privacy Act requirements.

Code of Federal Regulations, 2013 CFR

2013-04-01

... 25 Indians 1 2013-04-01 2013-04-01 false Privacy Act requirements. 273.54 Section 273.54 Indians... Privacy Act requirements. (a) When a contractor operates a system of records to accomplish a Bureau function, the contractor shall comply with subpart D of 43 CFR part 2 which implements the Privacy Act (5 U...

25 CFR 273.54 - Privacy Act requirements.

Code of Federal Regulations, 2011 CFR

2011-04-01

... 25 Indians 1 2011-04-01 2011-04-01 false Privacy Act requirements. 273.54 Section 273.54 Indians... Privacy Act requirements. (a) When a contractor operates a system of records to accomplish a Bureau function, the contractor shall comply with subpart D of 43 CFR part 2 which implements the Privacy Act (5 U...

25 CFR 273.54 - Privacy Act requirements.

Code of Federal Regulations, 2014 CFR

2014-04-01

... 25 Indians 1 2014-04-01 2014-04-01 false Privacy Act requirements. 273.54 Section 273.54 Indians... Privacy Act requirements. (a) When a contractor operates a system of records to accomplish a Bureau function, the contractor shall comply with subpart D of 43 CFR part 2 which implements the Privacy Act (5 U...

25 CFR 273.54 - Privacy Act requirements.

Code of Federal Regulations, 2010 CFR

2010-04-01

... 25 Indians 1 2010-04-01 2010-04-01 false Privacy Act requirements. 273.54 Section 273.54 Indians... Privacy Act requirements. (a) When a contractor operates a system of records to accomplish a Bureau function, the contractor shall comply with subpart D of 43 CFR part 2 which implements the Privacy Act (5 U...

Privacy and the Private Eye in Space.

ERIC Educational Resources Information Center

Smith, William E.

Land remote-sensing satellites are developing as a commercial communications technology after years under a government monopoly. The shift to the private sector and improving quality of the pictures produced have given rise to increased concerns about the potential for violations of privacy rights. Although satellites can currently photograph only…

Peculiar velocity effect on galaxy correlation functions in nonlinear clustering regime

NASA Astrophysics Data System (ADS)

Matsubara, Takahiko

1994-03-01

We studied the distortion of the apparent distribution of galaxies in redshift space contaminated by the peculiar velocity effect. Specifically we obtained the expressions for N-point correlation functions in redshift space with given functional form for velocity distribution f(v) and evaluated two- and three-point correlation functions quantitatively. The effect of velocity correlations is also discussed. When the two-point correlation function in real space has a power-law form, Xir(r) is proportional to r(-gamma), the redshift-space counterpart on small scales also has a power-law form but with an increased power-law index: Xis(s) is proportional to s(1-gamma). When the three-point correlation function has the hierarchical form and the two-point correlation function has the power-law form in real space, the hierarchical form of the three-point correlation function is almost preserved in redshift space. The above analytic results are compared with the direct analysis based on N-body simulation data for cold dark matter models. Implications on the hierarchical clustering ansatz are discussed in detail.

A new method of enhancing telecommand security: the application of GCM in TC protocol

NASA Astrophysics Data System (ADS)

Zhang, Lei; Tang, Chaojing; Zhang, Quan

2007-11-01

In recent times, security has grown to a topic of major importance for the space missions. Many space agencies have been engaged in research on the selection of proper algorithms for ensuring Telecommand security according to the space communication environment, especially in regard to the privacy and authentication. Since space missions with high security levels need to ensure both privacy and authentication, Authenticated Encryption with Associated Data schemes (AEAD) be integrated into normal Telecommand protocols. This paper provides an overview of the Galois Counter Mode (GCM) of operation, which is one of the available two-pass AEAD schemes, and some preliminary considerations and analyses about its possible application to Telecommand frames specified by CCSDS.

EOS Interpolation and Thermodynamic Consistency

DOE Office of Scientific and Technical Information (OSTI.GOV)

Gammel, J. Tinka

2015-11-16

As discussed in LA-UR-08-05451, the current interpolator used by Grizzly, OpenSesame, EOSPAC, and similar routines is the rational function interpolator from Kerley. While the rational function interpolator is well-suited for interpolation on sparse grids with logarithmic spacing and it preserves monotonicity in 1-d, it has some known problems.

32 CFR 323.3 - Definitions.

Code of Federal Regulations, 2012 CFR

2012-07-01

... subject's legal guardian. (e) Individual. A living citizen of the United States or an alien lawfully... functions or public life. (k) Privacy Act. The Privacy Act of 1974, as amended, 5 U.S.C. 552a. (l) Privacy...

Performance-Oriented Privacy-Preserving Data Integration

DOE Office of Scientific and Technical Information (OSTI.GOV)

Pon, R K; Critchlow, T

2004-09-15

Current solutions to integrating private data with public data have provided useful privacy metrics, such as relative information gain, that can be used to evaluate alternative approaches. Unfortunately, they have not addressed critical performance issues, especially when the public database is very large. The use of hashes and noise yields better performance than existing techniques while still making it difficult for unauthorized entities to distinguish which data items truly exist in the private database. As we show here, leveraging the uncertainty introduced by collisions caused by hashing and the injection of noise, we present a technique for performing a relationalmore » join operation between a massive public table and a relatively smaller private one.« less

User Evaluation of Neonatology Ward Design.

PubMed

Trujillo, Juan Luis Higuera; Aviñó, Antoni Montañana I; Millán, Carmen Llinares

2017-01-01

The object of this article is to identify the set of affective and emotional factors behind users' assessments of a space in a neonatology unit and to propose design guidelines based on these. The importance of the neonatology service and the variety of users place great demands on the space at all levels. Despite the repercussions, the emotional aspects of the environment have received less attention. To avoid incurring limitations in the user mental scheme, this study uses two complementary methodologies: focus group and semantic differential. The (qualitative) focus group methodology provides exploratory information and concepts. The (quantitative) semantic differential methodology then uses these concepts to extract the conceptual structures that users employ in their assessment of the space. Of the total 175 subjects, 31 took part in focus groups and 144 in semantic differential. Five independent concepts were identified: privacy, functionality and professional nature, spaciousness, lighting, and cleanliness. In relation to the importance of the overall positive assessment of the space, the perception of privacy and sensations of dominance and pleasure are fundamental. Six relevant design aspects were also identified: provide spacious surroundings, facilitate sufficient separation between the different posts or cots, use different colors from those usually found in health-care centers, as some aversion was found to white and especially green, design areas with childhood themes, use warm artificial light, and choose user-friendly equipment. Results provide design recommendations of interest and show the possibilities offered by combining both systems to analyze user response.

Privacy-preserving techniques of genomic data-a survey.

PubMed

Aziz, Md Momin Al; Sadat, Md Nazmus; Alhadidi, Dima; Wang, Shuang; Jiang, Xiaoqian; Brown, Cheryl L; Mohammed, Noman

2017-11-07

Genomic data hold salient information about the characteristics of a living organism. Throughout the past decade, pinnacle developments have given us more accurate and inexpensive methods to retrieve genome sequences of humans. However, with the advancement of genomic research, there is a growing privacy concern regarding the collection, storage and analysis of such sensitive human data. Recent results show that given some background information, it is possible for an adversary to reidentify an individual from a specific genomic data set. This can reveal the current association or future susceptibility of some diseases for that individual (and sometimes the kinship between individuals) resulting in a privacy violation. Regardless of these risks, our genomic data hold much importance in analyzing the well-being of us and the future generation. Thus, in this article, we discuss the different privacy and security-related problems revolving around human genomic data. In addition, we will explore some of the cardinal cryptographic concepts, which can bring efficacy in secure and private genomic data computation. This article will relate the gaps between these two research areas-Cryptography and Genomics. © The Author 2017. Published by Oxford University Press. All rights reserved. For Permissions, please email: journals.permissions@oup.com.

Efficient and secure outsourcing of genomic data storage.

PubMed

Sousa, João Sá; Lefebvre, Cédric; Huang, Zhicong; Raisaro, Jean Louis; Aguilar-Melchor, Carlos; Killijian, Marc-Olivier; Hubaux, Jean-Pierre

2017-07-26

Cloud computing is becoming the preferred solution for efficiently dealing with the increasing amount of genomic data. Yet, outsourcing storage and processing sensitive information, such as genomic data, comes with important concerns related to privacy and security. This calls for new sophisticated techniques that ensure data protection from untrusted cloud providers and that still enable researchers to obtain useful information. We present a novel privacy-preserving algorithm for fully outsourcing the storage of large genomic data files to a public cloud and enabling researchers to efficiently search for variants of interest. In order to protect data and query confidentiality from possible leakage, our solution exploits optimal encoding for genomic variants and combines it with homomorphic encryption and private information retrieval. Our proposed algorithm is implemented in C++ and was evaluated on real data as part of the 2016 iDash Genome Privacy-Protection Challenge. Results show that our solution outperforms the state-of-the-art solutions and enables researchers to search over millions of encrypted variants in a few seconds. As opposed to prior beliefs that sophisticated privacy-enhancing technologies (PETs) are unpractical for real operational settings, our solution demonstrates that, in the case of genomic data, PETs are very efficient enablers.

Overview: Human Factors Issues in Space Station Architecture

NASA Technical Reports Server (NTRS)

Cohen, M. M.

1985-01-01

An overview is presented of human factors issues in space station architecture. The status of the space station program is given. Habitability concerns such as vibroacoustics, lighting systems, privacy and work stations are discussed in detail.

Privacy protection schemes for fingerprint recognition systems

NASA Astrophysics Data System (ADS)

Marasco, Emanuela; Cukic, Bojan

2015-05-01

The deployment of fingerprint recognition systems has always raised concerns related to personal privacy. A fingerprint is permanently associated with an individual and, generally, it cannot be reset if compromised in one application. Given that fingerprints are not a secret, potential misuses besides personal recognition represent privacy threats and may lead to public distrust. Privacy mechanisms control access to personal information and limit the likelihood of intrusions. In this paper, image- and feature-level schemes for privacy protection in fingerprint recognition systems are reviewed. Storing only key features of a biometric signature can reduce the likelihood of biometric data being used for unintended purposes. In biometric cryptosystems and biometric-based key release, the biometric component verifies the identity of the user, while the cryptographic key protects the communication channel. Transformation-based approaches only a transformed version of the original biometric signature is stored. Different applications can use different transforms. Matching is performed in the transformed domain which enable the preservation of low error rates. Since such templates do not reveal information about individuals, they are referred to as cancelable templates. A compromised template can be re-issued using a different transform. At image-level, de-identification schemes can remove identifiers disclosed for objectives unrelated to the original purpose, while permitting other authorized uses of personal information. Fingerprint images can be de-identified by, for example, mixing fingerprints or removing gender signature. In both cases, degradation of matching performance is minimized.

Query Monitoring and Analysis for Database Privacy - A Security Automata Model Approach

PubMed Central

Kumar, Anand; Ligatti, Jay; Tu, Yi-Cheng

2015-01-01

Privacy and usage restriction issues are important when valuable data are exchanged or acquired by different organizations. Standard access control mechanisms either restrict or completely grant access to valuable data. On the other hand, data obfuscation limits the overall usability and may result in loss of total value. There are no standard policy enforcement mechanisms for data acquired through mutual and copyright agreements. In practice, many different types of policies can be enforced in protecting data privacy. Hence there is the need for an unified framework that encapsulates multiple suites of policies to protect the data. We present our vision of an architecture named security automata model (SAM) to enforce privacy-preserving policies and usage restrictions. SAM analyzes the input queries and their outputs to enforce various policies, liberating data owners from the burden of monitoring data access. SAM allows administrators to specify various policies and enforces them to monitor queries and control the data access. Our goal is to address the problems of data usage control and protection through privacy policies that can be defined, enforced, and integrated with the existing access control mechanisms using SAM. In this paper, we lay out the theoretical foundation of SAM, which is based on an automata named Mandatory Result Automata. We also discuss the major challenges of implementing SAM in a real-world database environment as well as ideas to meet such challenges. PMID:26997936

Ensuring Privacy When Integrating Patient-Based Datasets: New Methods and Developments in Record Linkage.

PubMed

Brown, Adrian P; Ferrante, Anna M; Randall, Sean M; Boyd, James H; Semmens, James B

2017-01-01

In an era where the volume of structured and unstructured digital data has exploded, there has been an enormous growth in the creation of data about individuals that can be used for understanding and treating disease. Joining these records together at an individual level provides a complete picture of a patient's interaction with health services and allows better assessment of patient outcomes and effectiveness of treatment and services. Record linkage techniques provide an efficient and cost-effective method to bring individual records together as patient profiles. These linkage procedures bring their own challenges, especially relating to the protection of privacy. The development and implementation of record linkage systems that do not require the release of personal information can reduce the risks associated with record linkage and overcome legal barriers to data sharing. Current conceptual and experimental privacy-preserving record linkage (PPRL) models show promise in addressing data integration challenges. Enhancing and operationalizing PPRL protocols can help address the dilemma faced by some custodians between using data to improve quality of life and dealing with the ethical, legal, and administrative issues associated with protecting an individual's privacy. These methods can reduce the risk to privacy, as they do not require personally identifying information to be shared. PPRL methods can improve the delivery of record linkage services to the health and broader research community.

Ensuring Privacy When Integrating Patient-Based Datasets: New Methods and Developments in Record Linkage

PubMed Central

Brown, Adrian P.; Ferrante, Anna M.; Randall, Sean M.; Boyd, James H.; Semmens, James B.

2017-01-01

In an era where the volume of structured and unstructured digital data has exploded, there has been an enormous growth in the creation of data about individuals that can be used for understanding and treating disease. Joining these records together at an individual level provides a complete picture of a patient’s interaction with health services and allows better assessment of patient outcomes and effectiveness of treatment and services. Record linkage techniques provide an efficient and cost-effective method to bring individual records together as patient profiles. These linkage procedures bring their own challenges, especially relating to the protection of privacy. The development and implementation of record linkage systems that do not require the release of personal information can reduce the risks associated with record linkage and overcome legal barriers to data sharing. Current conceptual and experimental privacy-preserving record linkage (PPRL) models show promise in addressing data integration challenges. Enhancing and operationalizing PPRL protocols can help address the dilemma faced by some custodians between using data to improve quality of life and dealing with the ethical, legal, and administrative issues associated with protecting an individual’s privacy. These methods can reduce the risk to privacy, as they do not require personally identifying information to be shared. PPRL methods can improve the delivery of record linkage services to the health and broader research community. PMID:28303240

Query Monitoring and Analysis for Database Privacy - A Security Automata Model Approach.

PubMed

Kumar, Anand; Ligatti, Jay; Tu, Yi-Cheng

2015-11-01

Privacy and usage restriction issues are important when valuable data are exchanged or acquired by different organizations. Standard access control mechanisms either restrict or completely grant access to valuable data. On the other hand, data obfuscation limits the overall usability and may result in loss of total value. There are no standard policy enforcement mechanisms for data acquired through mutual and copyright agreements. In practice, many different types of policies can be enforced in protecting data privacy. Hence there is the need for an unified framework that encapsulates multiple suites of policies to protect the data. We present our vision of an architecture named security automata model (SAM) to enforce privacy-preserving policies and usage restrictions. SAM analyzes the input queries and their outputs to enforce various policies, liberating data owners from the burden of monitoring data access. SAM allows administrators to specify various policies and enforces them to monitor queries and control the data access. Our goal is to address the problems of data usage control and protection through privacy policies that can be defined, enforced, and integrated with the existing access control mechanisms using SAM. In this paper, we lay out the theoretical foundation of SAM, which is based on an automata named Mandatory Result Automata. We also discuss the major challenges of implementing SAM in a real-world database environment as well as ideas to meet such challenges.

Phagocytosis of photoreceptor outer segments by transplanted human neural stem cells as a neuroprotective mechanism in retinal degeneration.

PubMed

Cuenca, Nicolás; Fernández-Sánchez, Laura; McGill, Trevor J; Lu, Bin; Wang, Shaomei; Lund, Raymond; Huhn, Stephen; Capela, Alexandra

2013-10-15

Transplantation of human central nervous system stem cells (HuCNS-SC) into the subretinal space of Royal College of Surgeons (RCS) rats preserves photoreceptors and visual function. To explore possible mechanism(s) of action underlying this neuroprotective effect, we performed a detailed morphologic and ultrastructure analysis of HuCNS-SC transplanted retinas. The HuCNS-SC were transplanted into the subretinal space of RCS rats. Histologic examination of the transplanted retinas was performed by light and electron microscopy. Areas of the retina adjacent to HuCNS-SC graft (treated regions) were analyzed and compared to control sections obtained from the same retina, but distant from the transplant site (untreated regions). The HuCNS-SC were detected as a layer of STEM 121 immunopositive cells in the subretinal space. In treated regions, preserved photoreceptor nuclei, as well as inner and outer segments were identified readily. In contrast, classic signs of degeneration were observed in the untreated regions. Interestingly, detailed ultrastructure analysis revealed a striking preservation of the photoreceptor-bipolar-horizontal cell synaptic contacts in the outer plexiform layer (OPL) of treated areas, in stark contrast with untreated areas. Finally, the presence of phagosomes and vesicles exhibiting the lamellar structure of outer segments also was detected within the cytosol of HuCNS-SC, indicating that these cells have phagocytic capacity in vivo. This study reveals the novel finding that preservation of specialized synaptic contacts between photoreceptors and second order neurons, as well as phagocytosis of photoreceptor outer segments, are potential mechanism(s) of HuCNS-SC transplantation, mediating functional rescue in retinal degeneration.

piBox: A Platform for Privacy-Preserving Apps

DTIC Science & Technology

2012-10-03

media Arcade/Action! Books! Brain/Puzzles! Business! Cards/Casino! Casual! Comics! Communication! Education ! Entertainment! Finance! Health/Fitness... Lifestyle ! Live Wallpaper! Media/Video! Medical! Music/Audio! News/Magazines! Personalization! Photography! Productivity! Racing! Shopping! Social! Sports...Cells: A virtual mobile smartphone architecture. In SOSP, 2011. [4] Google App Engine. https://developers. google.com/appengine. [5] M. Backes, A. Kate

Privacy-Preserving Distributed Information Sharing

DTIC Science & Technology

2006-07-01

80 B.2.4 Analysis for Bloom Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 B.3 Details of One...be chosen by slightly adjusting the analysis given in the proof of Theorem 26. 59 Using Bloom Filters. Bloom filters provide a compact probabilistic...representation of set membership [6]. Instead of using T filters, we can use a combined Bloom filter. This achieves the same asymptotic communication

Trust information-based privacy architecture for ubiquitous health.

PubMed

Ruotsalainen, Pekka Sakari; Blobel, Bernd; Seppälä, Antto; Nykänen, Pirkko

2013-10-08

Ubiquitous health is defined as a dynamic network of interconnected systems that offers health services independent of time and location to a data subject (DS). The network takes place in open and unsecure information space. It is created and managed by the DS who sets rules that regulate the way personal health information is collected and used. Compared to health care, it is impossible in ubiquitous health to assume the existence of a priori trust between the DS and service providers and to produce privacy using static security services. In ubiquitous health features, business goals and regulations systems followed often remain unknown. Furthermore, health care-specific regulations do not rule the ways health data is processed and shared. To be successful, ubiquitous health requires novel privacy architecture. The goal of this study was to develop a privacy management architecture that helps the DS to create and dynamically manage the network and to maintain information privacy. The architecture should enable the DS to dynamically define service and system-specific rules that regulate the way subject data is processed. The architecture should provide to the DS reliable trust information about systems and assist in the formulation of privacy policies. Furthermore, the architecture should give feedback upon how systems follow the policies of DS and offer protection against privacy and trust threats existing in ubiquitous environments. A sequential method that combines methodologies used in system theory, systems engineering, requirement analysis, and system design was used in the study. In the first phase, principles, trust and privacy models, and viewpoints were selected. Thereafter, functional requirements and services were developed on the basis of a careful analysis of existing research published in journals and conference proceedings. Based on principles, models, and requirements, architectural components and their interconnections were developed using system analysis. The architecture mimics the way humans use trust information in decision making, and enables the DS to design system-specific privacy policies using computational trust information that is based on systems' measured features. The trust attributes that were developed describe the level systems for support awareness and transparency, and how they follow general and domain-specific regulations and laws. The monitoring component of the architecture offers dynamic feedback concerning how the system enforces the polices of DS. The privacy management architecture developed in this study enables the DS to dynamically manage information privacy in ubiquitous health and to define individual policies for all systems considering their trust value and corresponding attributes. The DS can also set policies for secondary use and reuse of health information. The architecture offers protection against privacy threats existing in ubiquitous environments. Although the architecture is targeted to ubiquitous health, it can easily be modified to other ubiquitous applications.

Trust Information-Based Privacy Architecture for Ubiquitous Health

PubMed Central

2013-01-01

Background Ubiquitous health is defined as a dynamic network of interconnected systems that offers health services independent of time and location to a data subject (DS). The network takes place in open and unsecure information space. It is created and managed by the DS who sets rules that regulate the way personal health information is collected and used. Compared to health care, it is impossible in ubiquitous health to assume the existence of a priori trust between the DS and service providers and to produce privacy using static security services. In ubiquitous health features, business goals and regulations systems followed often remain unknown. Furthermore, health care-specific regulations do not rule the ways health data is processed and shared. To be successful, ubiquitous health requires novel privacy architecture. Objective The goal of this study was to develop a privacy management architecture that helps the DS to create and dynamically manage the network and to maintain information privacy. The architecture should enable the DS to dynamically define service and system-specific rules that regulate the way subject data is processed. The architecture should provide to the DS reliable trust information about systems and assist in the formulation of privacy policies. Furthermore, the architecture should give feedback upon how systems follow the policies of DS and offer protection against privacy and trust threats existing in ubiquitous environments. Methods A sequential method that combines methodologies used in system theory, systems engineering, requirement analysis, and system design was used in the study. In the first phase, principles, trust and privacy models, and viewpoints were selected. Thereafter, functional requirements and services were developed on the basis of a careful analysis of existing research published in journals and conference proceedings. Based on principles, models, and requirements, architectural components and their interconnections were developed using system analysis. Results The architecture mimics the way humans use trust information in decision making, and enables the DS to design system-specific privacy policies using computational trust information that is based on systems’ measured features. The trust attributes that were developed describe the level systems for support awareness and transparency, and how they follow general and domain-specific regulations and laws. The monitoring component of the architecture offers dynamic feedback concerning how the system enforces the polices of DS. Conclusions The privacy management architecture developed in this study enables the DS to dynamically manage information privacy in ubiquitous health and to define individual policies for all systems considering their trust value and corresponding attributes. The DS can also set policies for secondary use and reuse of health information. The architecture offers protection against privacy threats existing in ubiquitous environments. Although the architecture is targeted to ubiquitous health, it can easily be modified to other ubiquitous applications. PMID:25099213

Preservation Methods Utilized for Space Food

NASA Technical Reports Server (NTRS)

Vodovotz, Yael; Bourland, Charles

2000-01-01

Food for manned space flight has been provided by NASA-Johnson Space Center since 1962. The various mission scenarios and space craft designs dictated the type of food preservation methodologies required to meet mission objectives. The preservation techniques used in space flight include freeze-dehydration, thermostabilization, irradiation, freezing and moisture adjustment. Innovative packaging material and techniques enhanced the shelf-stability of the food items. Future space voyages may include extended duration exploration missions requiring new packaging materials and advanced preservation techniques to meet mission goals of up to 5-year shelf-life foods.

A case study of the Secure Anonymous Information Linkage (SAIL) Gateway: a privacy-protecting remote access system for health-related research and evaluation.

PubMed

Jones, Kerina H; Ford, David V; Jones, Chris; Dsilva, Rohan; Thompson, Simon; Brooks, Caroline J; Heaven, Martin L; Thayer, Daniel S; McNerney, Cynthia L; Lyons, Ronan A

2014-08-01

With the current expansion of data linkage research, the challenge is to find the balance between preserving the privacy of person-level data whilst making these data accessible for use to their full potential. We describe a privacy-protecting safe haven and secure remote access system, referred to as the Secure Anonymised Information Linkage (SAIL) Gateway. The Gateway provides data users with a familiar Windows interface and their usual toolsets to access approved anonymously-linked datasets for research and evaluation. We outline the principles and operating model of the Gateway, the features provided to users within the secure environment, and how we are approaching the challenges of making data safely accessible to increasing numbers of research users. The Gateway represents a powerful analytical environment and has been designed to be scalable and adaptable to meet the needs of the rapidly growing data linkage community. Copyright © 2014 The Aurthors. Published by Elsevier Inc. All rights reserved.

A case study of the Secure Anonymous Information Linkage (SAIL) Gateway: A privacy-protecting remote access system for health-related research and evaluation☆

PubMed Central

Jones, Kerina H.; Ford, David V.; Jones, Chris; Dsilva, Rohan; Thompson, Simon; Brooks, Caroline J.; Heaven, Martin L.; Thayer, Daniel S.; McNerney, Cynthia L.; Lyons, Ronan A.

2014-01-01

With the current expansion of data linkage research, the challenge is to find the balance between preserving the privacy of person-level data whilst making these data accessible for use to their full potential. We describe a privacy-protecting safe haven and secure remote access system, referred to as the Secure Anonymised Information Linkage (SAIL) Gateway. The Gateway provides data users with a familiar Windows interface and their usual toolsets to access approved anonymously-linked datasets for research and evaluation. We outline the principles and operating model of the Gateway, the features provided to users within the secure environment, and how we are approaching the challenges of making data safely accessible to increasing numbers of research users. The Gateway represents a powerful analytical environment and has been designed to be scalable and adaptable to meet the needs of the rapidly growing data linkage community. PMID:24440148

Cost-Efficient and Multi-Functional Secure Aggregation in Large Scale Distributed Application

PubMed Central

Zhang, Ping; Li, Wenjun; Sun, Hua

2016-01-01

Secure aggregation is an essential component of modern distributed applications and data mining platforms. Aggregated statistical results are typically adopted in constructing a data cube for data analysis at multiple abstraction levels in data warehouse platforms. Generating different types of statistical results efficiently at the same time (or referred to as enabling multi-functional support) is a fundamental requirement in practice. However, most of the existing schemes support a very limited number of statistics. Securely obtaining typical statistical results simultaneously in the distribution system, without recovering the original data, is still an open problem. In this paper, we present SEDAR, which is a SEcure Data Aggregation scheme under the Range segmentation model. Range segmentation model is proposed to reduce the communication cost by capturing the data characteristics, and different range uses different aggregation strategy. For raw data in the dominant range, SEDAR encodes them into well defined vectors to provide value-preservation and order-preservation, and thus provides the basis for multi-functional aggregation. A homomorphic encryption scheme is used to achieve data privacy. We also present two enhanced versions. The first one is a Random based SEDAR (REDAR), and the second is a Compression based SEDAR (CEDAR). Both of them can significantly reduce communication cost with the trade-off lower security and lower accuracy, respectively. Experimental evaluations, based on six different scenes of real data, show that all of them have an excellent performance on cost and accuracy. PMID:27551747

Cost-Efficient and Multi-Functional Secure Aggregation in Large Scale Distributed Application.

PubMed

Zhang, Ping; Li, Wenjun; Sun, Hua

2016-01-01

Secure aggregation is an essential component of modern distributed applications and data mining platforms. Aggregated statistical results are typically adopted in constructing a data cube for data analysis at multiple abstraction levels in data warehouse platforms. Generating different types of statistical results efficiently at the same time (or referred to as enabling multi-functional support) is a fundamental requirement in practice. However, most of the existing schemes support a very limited number of statistics. Securely obtaining typical statistical results simultaneously in the distribution system, without recovering the original data, is still an open problem. In this paper, we present SEDAR, which is a SEcure Data Aggregation scheme under the Range segmentation model. Range segmentation model is proposed to reduce the communication cost by capturing the data characteristics, and different range uses different aggregation strategy. For raw data in the dominant range, SEDAR encodes them into well defined vectors to provide value-preservation and order-preservation, and thus provides the basis for multi-functional aggregation. A homomorphic encryption scheme is used to achieve data privacy. We also present two enhanced versions. The first one is a Random based SEDAR (REDAR), and the second is a Compression based SEDAR (CEDAR). Both of them can significantly reduce communication cost with the trade-off lower security and lower accuracy, respectively. Experimental evaluations, based on six different scenes of real data, show that all of them have an excellent performance on cost and accuracy.

Ambiguity in Social Network Data for Presence, Sensitive-Attribute, Degree and Relationship Privacy Protection.

PubMed

Rajaei, Mehri; Haghjoo, Mostafa S; Miyaneh, Eynollah Khanjari

2015-01-01

Maintaining privacy in network data publishing is a major challenge. This is because known characteristics of individuals can be used to extract new information about them. Recently, researchers have developed privacy methods based on k-anonymity and l-diversity to prevent re-identification or sensitive label disclosure through certain structural information. However, most of these studies have considered only structural information and have been developed for undirected networks. Furthermore, most existing approaches rely on generalization and node clustering so may entail significant information loss as all properties of all members of each group are generalized to the same value. In this paper, we introduce a framework for protecting sensitive attribute, degree (the number of connected entities), and relationships, as well as the presence of individuals in directed social network data whose nodes contain attributes. First, we define a privacy model that specifies privacy requirements for the above private information. Then, we introduce the technique of Ambiguity in Social Network data (ASN) based on anatomy, which specifies how to publish social network data. To employ ASN, individuals are partitioned into groups. Then, ASN publishes exact values of properties of individuals of each group with common group ID in several tables. The lossy join of those tables based on group ID injects uncertainty to reconstruct the original network. We also show how to measure different privacy requirements in ASN. Simulation results on real and synthetic datasets demonstrate that our framework, which protects from four types of private information disclosure, preserves data utility in tabular, topological and spectrum aspects of networks at a satisfactory level.

Ambiguity in Social Network Data for Presence, Sensitive-Attribute, Degree and Relationship Privacy Protection

PubMed Central

Rajaei, Mehri; Haghjoo, Mostafa S.; Miyaneh, Eynollah Khanjari

2015-01-01

Maintaining privacy in network data publishing is a major challenge. This is because known characteristics of individuals can be used to extract new information about them. Recently, researchers have developed privacy methods based on k-anonymity and l-diversity to prevent re-identification or sensitive label disclosure through certain structural information. However, most of these studies have considered only structural information and have been developed for undirected networks. Furthermore, most existing approaches rely on generalization and node clustering so may entail significant information loss as all properties of all members of each group are generalized to the same value. In this paper, we introduce a framework for protecting sensitive attribute, degree (the number of connected entities), and relationships, as well as the presence of individuals in directed social network data whose nodes contain attributes. First, we define a privacy model that specifies privacy requirements for the above private information. Then, we introduce the technique of Ambiguity in Social Network data (ASN) based on anatomy, which specifies how to publish social network data. To employ ASN, individuals are partitioned into groups. Then, ASN publishes exact values of properties of individuals of each group with common group ID in several tables. The lossy join of those tables based on group ID injects uncertainty to reconstruct the original network. We also show how to measure different privacy requirements in ASN. Simulation results on real and synthetic datasets demonstrate that our framework, which protects from four types of private information disclosure, preserves data utility in tabular, topological and spectrum aspects of networks at a satisfactory level. PMID:26110762

“I Always Vet Things”: Navigating Privacy and the Presentation of Self on Health Discussion Boards Among Individuals with Long-Term Conditions

PubMed Central

Segar, Julia; Sanders, Caroline

2016-01-01

Background The ethics of research into online communities is a long-debated issue, with many researchers arguing that open-access discussion groups are publically accessible data and do not require informed consent from participants for their use for research purposes. However, it has been suggested that there is a discrepancy between the perceived and actual privacy of user-generated online content by community members. Objective There has been very little research regarding how privacy is experienced and enacted online. The objective of this study is to address this gap by qualitatively exploring the expectations of privacy on Internet forums among individuals with long-term conditions. Methods Semistructured interviews were conducted with 20 participants with myalgic encephalomyelitis/chronic fatigue syndrome (ME/CFS) and 21 participants with type 1 and 2 diabetes mellitus, and were analyzed using thematic analysis. Participants were recruited via online and offline routes, namely forums, email lists, newsletters, and face-to-face support groups. Results The findings indicate that privacy online is a nebulous concept. Rather than individuals drawing a clear-cut distinction between what they would and would not be comfortable sharing online, it was evident that these situations were contextually dependent and related to a number of unique and individual factors. Conclusions Interviewees were seen to carefully manage how they presented themselves on forums, filtering and selecting the information that they shared about themselves in order to develop and maintain a particular online persona, while maintaining and preserving an acceptable level of privacy. PMID:27737819

Manifold Learning by Preserving Distance Orders.

PubMed

Ataer-Cansizoglu, Esra; Akcakaya, Murat; Orhan, Umut; Erdogmus, Deniz

2014-03-01

Nonlinear dimensionality reduction is essential for the analysis and the interpretation of high dimensional data sets. In this manuscript, we propose a distance order preserving manifold learning algorithm that extends the basic mean-squared error cost function used mainly in multidimensional scaling (MDS)-based methods. We develop a constrained optimization problem by assuming explicit constraints on the order of distances in the low-dimensional space. In this optimization problem, as a generalization of MDS, instead of forcing a linear relationship between the distances in the high-dimensional original and low-dimensional projection space, we learn a non-decreasing relation approximated by radial basis functions. We compare the proposed method with existing manifold learning algorithms using synthetic datasets based on the commonly used residual variance and proposed percentage of violated distance orders metrics. We also perform experiments on a retinal image dataset used in Retinopathy of Prematurity (ROP) diagnosis.

δ-dependency for privacy-preserving XML data publishing.

PubMed

Landberg, Anders H; Nguyen, Kinh; Pardede, Eric; Rahayu, J Wenny

2014-08-01

An ever increasing amount of medical data such as electronic health records, is being collected, stored, shared and managed in large online health information systems and electronic medical record systems (EMR) (Williams et al., 2001; Virtanen, 2009; Huang and Liou, 2007) [1-3]. From such rich collections, data is often published in the form of census and statistical data sets for the purpose of knowledge sharing and enabling medical research. This brings with it an increasing need for protecting individual people privacy, and it becomes an issue of great importance especially when information about patients is exposed to the public. While the concept of data privacy has been comprehensively studied for relational data, models and algorithms addressing the distinct differences and complex structure of XML data are yet to be explored. Currently, the common compromise method is to convert private XML data into relational data for publication. This ad hoc approach results in significant loss of useful semantic information previously carried in the private XML data. Health data often has very complex structure, which is best expressed in XML. In fact, XML is the standard format for exchanging (e.g. HL7 version 3(1)) and publishing health information. Lack of means to deal directly with data in XML format is inevitably a serious drawback. In this paper we propose a novel privacy protection model for XML, and an algorithm for implementing this model. We provide general rules, both for transforming a private XML schema into a published XML schema, and for mapping private XML data to the new privacy-protected published XML data. In addition, we propose a new privacy property, δ-dependency, which can be applied to both relational and XML data, and that takes into consideration the hierarchical nature of sensitive data (as opposed to "quasi-identifiers"). Lastly, we provide an implementation of our model, algorithm and privacy property, and perform an experimental analysis, to demonstrate the proposed privacy scheme in practical application. Copyright © 2014. Published by Elsevier Inc.

A Distributed Ensemble Approach for Mining Healthcare Data under Privacy Constraints

PubMed Central

Li, Yan; Bai, Changxin; Reddy, Chandan K.

2015-01-01

In recent years, electronic health records (EHRs) have been widely adapted at many healthcare facilities in an attempt to improve the quality of patient care and increase the productivity and efficiency of healthcare delivery. These EHRs can accurately diagnose diseases if utilized appropriately. While the EHRs can potentially resolve many of the existing problems associated with disease diagnosis, one of the main obstacles in effectively using them is the patient privacy and sensitivity of the medical information available in the EHR. Due to these concerns, even if the EHRs are available for storage and retrieval purposes, sharing of the patient records between different healthcare facilities has become a major concern and has hampered some of the effective advantages of using EHRs. Due to this lack of data sharing, most of the facilities aim at building clinical decision support systems using limited amount of patient data from their own EHR systems to provide important diagnosis related decisions. It becomes quite infeasible for a newly established healthcare facility to build a robust decision making system due to the lack of sufficient patient records. However, to make effective decisions from clinical data, it is indispensable to have large amounts of data to train the decision models. In this regard, there are conflicting objectives of preserving patient privacy and having sufficient data for modeling and decision making. To handle such disparate goals, we develop two adaptive distributed privacy-preserving algorithms based on a distributed ensemble strategy. The basic idea of our approach is to build an elegant model for each participating facility to accurately learn the data distribution, and then can transfer the useful healthcare knowledge acquired on their data from these participators in the form of their own decision models without revealing and sharing the patient-level sensitive data, thus protecting patient privacy. We demonstrate that our approach can successfully build accurate and robust prediction models, under privacy constraints, using the healthcare data collected from different geographical locations. We demonstrate the performance of our method using the Type-2 diabetes EHRs accumulated from multiple sources from all fifty states in the U.S. Our method was evaluated on diagnosing diabetes in the presence of insufficient number of patient records from certain regions without revealing the actual patient data from other regions. Using the proposed approach, we also discovered the important biomarkers, both universal and region-specific, and validated the selected biomarkers using the biomedical literature. PMID:26681811

A Distributed Ensemble Approach for Mining Healthcare Data under Privacy Constraints.

PubMed

Li, Yan; Bai, Changxin; Reddy, Chandan K

2016-02-10

In recent years, electronic health records (EHRs) have been widely adapted at many healthcare facilities in an attempt to improve the quality of patient care and increase the productivity and efficiency of healthcare delivery. These EHRs can accurately diagnose diseases if utilized appropriately. While the EHRs can potentially resolve many of the existing problems associated with disease diagnosis, one of the main obstacles in effectively using them is the patient privacy and sensitivity of the medical information available in the EHR. Due to these concerns, even if the EHRs are available for storage and retrieval purposes, sharing of the patient records between different healthcare facilities has become a major concern and has hampered some of the effective advantages of using EHRs. Due to this lack of data sharing, most of the facilities aim at building clinical decision support systems using limited amount of patient data from their own EHR systems to provide important diagnosis related decisions. It becomes quite infeasible for a newly established healthcare facility to build a robust decision making system due to the lack of sufficient patient records. However, to make effective decisions from clinical data, it is indispensable to have large amounts of data to train the decision models. In this regard, there are conflicting objectives of preserving patient privacy and having sufficient data for modeling and decision making. To handle such disparate goals, we develop two adaptive distributed privacy-preserving algorithms based on a distributed ensemble strategy. The basic idea of our approach is to build an elegant model for each participating facility to accurately learn the data distribution, and then can transfer the useful healthcare knowledge acquired on their data from these participators in the form of their own decision models without revealing and sharing the patient-level sensitive data, thus protecting patient privacy. We demonstrate that our approach can successfully build accurate and robust prediction models, under privacy constraints, using the healthcare data collected from different geographical locations. We demonstrate the performance of our method using the Type-2 diabetes EHRs accumulated from multiple sources from all fifty states in the U.S. Our method was evaluated on diagnosing diabetes in the presence of insufficient number of patient records from certain regions without revealing the actual patient data from other regions. Using the proposed approach, we also discovered the important biomarkers, both universal and region-specific, and validated the selected biomarkers using the biomedical literature.

Tools for Protecting the Privacy of Specific Individuals in Video

NASA Astrophysics Data System (ADS)

Chen, Datong; Chang, Yi; Yan, Rong; Yang, Jie

2007-12-01

This paper presents a system for protecting the privacy of specific individuals in video recordings. We address the following two problems: automatic people identification with limited labeled data, and human body obscuring with preserved structure and motion information. In order to address the first problem, we propose a new discriminative learning algorithm to improve people identification accuracy using limited training data labeled from the original video and imperfect pairwise constraints labeled from face obscured video data. We employ a robust face detection and tracking algorithm to obscure human faces in the video. Our experiments in a nursing home environment show that the system can obtain a high accuracy of people identification using limited labeled data and noisy pairwise constraints. The study result indicates that human subjects can perform reasonably well in labeling pairwise constraints with the face masked data. For the second problem, we propose a novel method of body obscuring, which removes the appearance information of the people while preserving rich structure and motion information. The proposed approach provides a way to minimize the risk of exposing the identities of the protected people while maximizing the use of the captured data for activity/behavior analysis.

Privacy-preserved behavior analysis and fall detection by an infrared ceiling sensor network.

PubMed

Tao, Shuai; Kudo, Mineichi; Nonaka, Hidetoshi

2012-12-07

An infrared ceiling sensor network system is reported in this study to realize behavior analysis and fall detection of a single person in the home environment. The sensors output multiple binary sequences from which we know the existence/non-existence of persons under the sensors. The short duration averages of the binary responses are shown to be able to be regarded as pixel values of a top-view camera, but more advantageous in the sense of preserving privacy. Using the "pixel values" as features, support vector machine classifiers succeeded in recognizing eight activities (walking, reading, etc.) performed by five subjects at an average recognition rate of 80.65%. In addition, we proposed a martingale framework for detecting falls in this system. The experimental results showed that we attained the best performance of 95.14% (F1 value), the FAR of 7.5% and the FRR of 2.0%. This accuracy is not sufficient in general but surprisingly high with such low-level information. In summary, it is shown that this system has the potential to be used in the home environment to provide personalized services and to detect abnormalities of elders who live alone.

Context Sensing System Analysis for Privacy Preservation Based on Game Theory.

PubMed

Wang, Shengling; Li, Luyun; Sun, Weiman; Guo, Junqi; Bie, Rongfang; Lin, Kai

2017-02-10

In a context sensing system in which a sensor-equipped mobile phone runs an unreliable context-aware application, the application can infer the user's contexts, based on which it provides personalized services. However, the application may sell the user's contexts to some malicious adversaries to earn extra profits, which will hinder its widespread use. In the real world, the actions of the user, the application and the adversary in the context sensing system affect each other, so that their payoffs are constrained mutually. To figure out under which conditions they behave well (the user releases, the application does not leak and the adversary does not retrieve the context), we take advantage of game theory to analyze the context sensing system. We use the extensive form game and the repeated game, respectively, to analyze two typical scenarios, single interaction and multiple interaction among three players, from which Nash equilibriums and cooperation conditions are obtained. Our results show that the reputation mechanism for the context-sensing system in the former scenario is crucial to privacy preservation, so is the extent to which the participants are concerned about future payoffs in the latter one.

14 CFR 1212.602 - Requirements for collecting information.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Requirements for collecting information. 1212.602 Section 1212.602 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Instructions for NASA Employees § 1212.602 Requirements for collecting...

14 CFR 1212.202 - Identification procedures.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Identification procedures. 1212.202 Section 1212.202 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Access to Records § 1212.202 Identification procedures. (a) The system manager will release...

14 CFR 1212.705 - Assistant Administrator for Procurement.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Assistant Administrator for Procurement. 1212.705 Section 1212.705 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS NASA Authority and Responsibilities § 1212.705 Assistant Administrator for...

14 CFR 1212.701 - Assistant Deputy Administrator.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Assistant Deputy Administrator. 1212.701 Section 1212.701 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS NASA Authority and Responsibilities § 1212.701 Assistant Deputy Administrator. The Assistant...

14 CFR 1212.705 - Assistant Administrator for Procurement.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Assistant Administrator for Procurement. 1212.705 Section 1212.705 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS NASA Authority and Responsibilities § 1212.705 Assistant Administrator for...

14 CFR 1212.202 - Identification procedures.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Identification procedures. 1212.202 Section 1212.202 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Access to Records § 1212.202 Identification procedures. (a) The system manager will release...

14 CFR 1212.701 - Assistant Deputy Administrator.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Assistant Deputy Administrator. 1212.701 Section 1212.701 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS NASA Authority and Responsibilities § 1212.701 Assistant Deputy Administrator. The Assistant...

14 CFR 1212.602 - Requirements for collecting information.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Requirements for collecting information. 1212.602 Section 1212.602 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Instructions for NASA Employees § 1212.602 Requirements for collecting...

14 CFR 1212.203 - Disclosures.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Disclosures. 1212.203 Section 1212.203 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Access to... computer matching programs (See NASA Management Instruction (NMI) 1382.18). (b) Disclosure accountings are...

Freedom of Thought and Mental Integrity: The Moral Requirements for Any Neural Prosthesis

PubMed Central

Lavazza, Andrea

2018-01-01

There are many kinds of neural prostheses available or being researched today. In most cases they are intended to cure or improve the condition of patients affected by some cerebral deficiency. In other cases, their goal is to provide new means to maintain or improve an individual's normal performance. In all these circumstances, one of the possible risks is that of violating the privacy of brain contents (which partly coincide with mental contents) or of depriving individuals of full control over their thoughts (mental states), as the latter are at least partly detectable by new prosthetic technologies. Given the (ethical) premise that the absolute privacy and integrity of the most relevant part of one's brain data is (one of) the most valuable and inviolable human right(s), I argue that a (technical) principle should guide the design and regulation of new neural prostheses. The premise is justified by the fact that whatever the coercion, the threat or the violence undergone, the person can generally preserve a “private repository” of thought in which to defend her convictions and identity, her dignity, and autonomy. Without it, the person may end up in a state of complete subjection to other individuals. The following functional principle is that neural prostheses should be technically designed and built so as to prevent such outcomes. They should: (a) incorporate systems that can find and signal the unauthorized detection, alteration, and diffusion of brain data and brain functioning; (b) be able to stop any unauthorized detection, alteration, and diffusion of brain data. This should not only regard individual devices, but act as a general (technical) operating principle shared by all interconnected systems that deal with decoding brain activity and brain functioning. PMID:29515355

Elliptic surface grid generation in three-dimensional space

NASA Technical Reports Server (NTRS)

Kania, Lee

1992-01-01

A methodology for surface grid generation in three dimensional space is described. The method solves a Poisson equation for each coordinate on arbitrary surfaces using successive line over-relaxation. The complete surface curvature terms were discretized and retained within the nonhomogeneous term in order to preserve surface definition; there is no need for conventional surface splines. Control functions were formulated to permit control of grid orthogonality and spacing. A method for interpolation of control functions into the domain was devised which permits their specification not only at the surface boundaries but within the interior as well. An interactive surface generation code which makes use of this methodology is currently under development.

Supersymmetric dS/CFT

NASA Astrophysics Data System (ADS)

Hertog, Thomas; Tartaglino-Mazzucchelli, Gabriele; Van Riet, Thomas; Venken, Gerben

2018-02-01

We put forward new explicit realisations of dS/CFT that relate N = 2 supersymmetric Euclidean vector models with reversed spin-statistics in three dimensions to specific supersymmetric Vasiliev theories in four-dimensional de Sitter space. The partition function of the free supersymmetric vector model deformed by a range of low spin deformations that preserve supersymmetry appears to specify a well-defined wave function with asymptotic de Sitter boundary conditions in the bulk. In particular we find the wave function is globally peaked at undeformed de Sitter space, with a low amplitude for strong deformations. This suggests that supersymmetric de Sitter space is stable in higher-spin gravity and in particular free from ghosts. We speculate this is a limiting case of the de Sitter realizations in exotic string theories.

Space Mathematics: A Resource for Secondary School Teachers

NASA Technical Reports Server (NTRS)

Kastner, Bernice

1985-01-01

A collection of mathematical problems related to NASA space science projects is presented. In developing the examples and problems, attention was given to preserving the authenticity and significance of the original setting while keeping the level of mathematics within the secondary school curriculum. Computation and measurement, algebra, geometry, probability and statistics, exponential and logarithmic functions, trigonometry, matrix algebra, conic sections, and calculus are among the areas addressed.

14 CFR 1212.706 - Delegation of authority.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Delegation of authority. 1212.706 Section 1212.706 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS NASA Authority and Responsibilities § 1212.706 Delegation of authority. Authority necessary to...

14 CFR 1212.706 - Delegation of authority.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Delegation of authority. 1212.706 Section 1212.706 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS NASA Authority and Responsibilities § 1212.706 Delegation of authority. Authority necessary to...

Patient privacy protection using anonymous access control techniques.

PubMed

Weerasinghe, D; Rajarajan, M; Elmufti, K; Rakocevic, V

2008-01-01

The objective of this study is to develop a solution to preserve security and privacy in a healthcare environment where health-sensitive information will be accessed by many parties and stored in various distributed databases. The solution should maintain anonymous medical records and it should be able to link anonymous medical information in distributed databases into a single patient medical record with the patient identity. In this paper we present a protocol that can be used to authenticate and authorize patients to healthcare services without providing the patient identification. Healthcare service can identify the patient using separate temporary identities in each identification session and medical records are linked to these temporary identities. Temporary identities can be used to enable record linkage and reverse track real patient identity in critical medical situations. The proposed protocol provides main security and privacy services such as user anonymity, message privacy, message confidentiality, user authentication, user authorization and message replay attacks. The medical environment validates the patient at the healthcare service as a real and registered patient for the medical services. Using the proposed protocol, the patient anonymous medical records at different healthcare services can be linked into one single report and it is possible to securely reverse track anonymous patient into the real identity. The protocol protects the patient privacy with a secure anonymous authentication to healthcare services and medical record registries according to the European and the UK legislations, where the patient real identity is not disclosed with the distributed patient medical records.

Efficient Privacy-Aware Record Integration.

PubMed

Kuzu, Mehmet; Kantarcioglu, Murat; Inan, Ali; Bertino, Elisa; Durham, Elizabeth; Malin, Bradley

2013-01-01

The integration of information dispersed among multiple repositories is a crucial step for accurate data analysis in various domains. In support of this goal, it is critical to devise procedures for identifying similar records across distinct data sources. At the same time, to adhere to privacy regulations and policies, such procedures should protect the confidentiality of the individuals to whom the information corresponds. Various private record linkage (PRL) protocols have been proposed to achieve this goal, involving secure multi-party computation (SMC) and similarity preserving data transformation techniques. SMC methods provide secure and accurate solutions to the PRL problem, but are prohibitively expensive in practice, mainly due to excessive computational requirements. Data transformation techniques offer more practical solutions, but incur the cost of information leakage and false matches. In this paper, we introduce a novel model for practical PRL, which 1) affords controlled and limited information leakage, 2) avoids false matches resulting from data transformation. Initially, we partition the data sources into blocks to eliminate comparisons for records that are unlikely to match. Then, to identify matches, we apply an efficient SMC technique between the candidate record pairs. To enable efficiency and privacy, our model leaks a controlled amount of obfuscated data prior to the secure computations. Applied obfuscation relies on differential privacy which provides strong privacy guarantees against adversaries with arbitrary background knowledge. In addition, we illustrate the practical nature of our approach through an empirical analysis with data derived from public voter records.

On s*g-continuous Functions on Topological Spaces

NASA Astrophysics Data System (ADS)

Khan, M.; Hussain, Murad

2010-11-01

The aim of this paper is to introduce and study the concept of s*g-continuous and s*g-closed functions. We investigate their relation with already existing notions. We also introduce s*g-irresolute function and investigate its relation with s*g-continuous function. When the s*g-closed sets are preserved, is also studied. In the end, we define and study the notions of s*g-compactness and s*g-connectedness.

28 CFR 0.24 - General functions.

Code of Federal Regulations, 2010 CFR

2010-07-01

... agencies and the Department; (e) Responding to initial requests made under the FOIA and the Privacy Act for... such component under the FOIA and the Privacy Act. (f) Acting on behalf of the Attorney General on FOIA and Privacy Act access administrative appeals for all components of the Department, except that a...

45 CFR 155.260 - Privacy and security of personally identifiable information.

Code of Federal Regulations, 2014 CFR

2014-10-01

... AFFORDABLE CARE ACT General Functions of an Exchange § 155.260 Privacy and security of personally... information to the extent such information is necessary: (i) For the Exchange to carry out the functions described in § 155.200; (ii) For the Exchange to carry out other functions not described in paragraph (a)(1...

Distributed clinical data sharing via dynamic access-control policy transformation.

PubMed

Rezaeibagha, Fatemeh; Mu, Yi

2016-05-01

Data sharing in electronic health record (EHR) systems is important for improving the quality of healthcare delivery. Data sharing, however, has raised some security and privacy concerns because healthcare data could be potentially accessible by a variety of users, which could lead to privacy exposure of patients. Without addressing this issue, large-scale adoption and sharing of EHR data are impractical. The traditional solution to the problem is via encryption. Although encryption can be applied to access control, it is not applicable for complex EHR systems that require multiple domains (e.g. public and private clouds) with various access requirements. This study was carried out to address the security and privacy issues of EHR data sharing with our novel access-control mechanism, which captures the scenario of the hybrid clouds and need of access-control policy transformation, to provide secure and privacy-preserving data sharing among different healthcare enterprises. We introduce an access-control mechanism with some cryptographic building blocks and present a novel approach for secure EHR data sharing and access-control policy transformation in EHR systems for hybrid clouds. We propose a useful data sharing system for healthcare providers to handle various EHR users who have various access privileges in different cloud environments. A systematic study has been conducted on data sharing in EHR systems to provide a solution to the security and privacy issues. In conclusion, we introduce an access-control method for privacy protection of EHRs and EHR policy transformation that allows an EHR access-control policy to be transformed from a private cloud to a public cloud. This method has never been studied previously in the literature. Furthermore, we provide a protocol to demonstrate policy transformation as an application scenario. Copyright © 2016 Elsevier Ireland Ltd. All rights reserved.

75 FR 2117 - Privacy Act of 1974; System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-01-14

... Force, 30 Space Communications Squadron, Building 12000, Room 104, 867 Washington Ave., Suite 205... Wing Space Communications Squadron, 867 Washington Avenue, Suite 200-1, Vandenberg Air Force Base... Superintendent, 30 Space Wing Command Post 867 Washington Ave, Suite 205, Vandenberg Air Force Base, California...

75 FR 56533 - Privacy Act System of Records

Federal Register 2010, 2011, 2012, 2013, 2014

2010-09-16

... add one new system of records, FCC/OMD-23, ``Cadapult Space Management System (CSMS).'' The FCC's Space Management Center (SMC) in the Office of Managing Director (OMD) will use the CSMS information... and contractors following the FCC/National Treasury Union (NTEU) space assignment policy. In the event...

76 FR 1195 - Privacy Act System of Records Notice (11-001)

Federal Register 2010, 2011, 2012, 2013, 2014

2011-01-07

... Aeronautics and Space Administration Washington, DC 20546-0001 Location 2 Ames Research Center, National Aeronautics and Space Administration, Moffett Field, CA 94035-1000 Location 3 Dryden Flight Research Center... Center, FL 32899-0001 Location 7 Langley Research Center, National Aeronautics and Space Administration...

14 CFR 1212.700 - NASA employees.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 14 Aeronautics and Space 5 2013-01-01 2013-01-01 false NASA employees. 1212.700 Section 1212.700 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS NASA Authority and Responsibilities § 1212.700 NASA employees. (a) Each NASA employee is responsible for adhering...

14 CFR 1212.700 - NASA employees.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true NASA employees. 1212.700 Section 1212.700 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS NASA Authority and Responsibilities § 1212.700 NASA employees. (a) Each NASA employee is responsible for adhering...

14 CFR 1212.700 - NASA employees.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false NASA employees. 1212.700 Section 1212.700 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS NASA Authority and Responsibilities § 1212.700 NASA employees. (a) Each NASA employee is responsible for adhering...

14 CFR 1212.700 - NASA employees.

Code of Federal Regulations, 2012 CFR

2012-01-01

... 14 Aeronautics and Space 5 2012-01-01 2012-01-01 false NASA employees. 1212.700 Section 1212.700 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS NASA Authority and Responsibilities § 1212.700 NASA employees. (a) Each NASA employee is responsible for adhering...

14 CFR 1212.201 - Requesting a record.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Requesting a record. 1212.201 Section 1212.201 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS... appropriate system manager, or, if unknown, to the NASA Headquarters or Field Installation Information Center...

14 CFR 1212.702 - Associate Administrator for Management Systems and Facilities.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Associate Administrator for Management Systems and Facilities. 1212.702 Section 1212.702 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS NASA Authority and Responsibilities § 1212.702 Associate...

14 CFR 1212.201 - Requesting a record.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Requesting a record. 1212.201 Section 1212.201 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS... appropriate system manager, or, if unknown, to the NASA Headquarters or Field Installation Information Center...

14 CFR 1212.603 - Mailing lists.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Mailing lists. 1212.603 Section 1212.603 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Instructions for NASA Employees § 1212.603 Mailing lists. NASA will not sell, rent, or otherwise disclose an...

14 CFR 1212.801 - Criminal penalties.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Criminal penalties. 1212.801 Section 1212.801 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Failure To Comply With Requirements of This Part § 1212.801 Criminal penalties. (a) A NASA officer or...

14 CFR 1212.603 - Mailing lists.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Mailing lists. 1212.603 Section 1212.603 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Instructions for NASA Employees § 1212.603 Mailing lists. NASA will not sell, rent, or otherwise disclose an...

14 CFR 1212.702 - Associate Administrator for Management Systems and Facilities.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Associate Administrator for Management Systems and Facilities. 1212.702 Section 1212.702 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS NASA Authority and Responsibilities § 1212.702 Associate...

14 CFR 1212.605 - Safeguarding information in systems of records.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Safeguarding information in systems of records. 1212.605 Section 1212.605 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Instructions for NASA Employees § 1212.605 Safeguarding information in...

14 CFR 1212.801 - Criminal penalties.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Criminal penalties. 1212.801 Section 1212.801 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Failure To Comply With Requirements of This Part § 1212.801 Criminal penalties. (a) A NASA officer or...

14 CFR 1212.400 - Appeals.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Appeals. 1212.400 Section 1212.400 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Appeals and... request. (b) An appeal shall: (1) Be in writing and addressed to the Assistant Deputy Administrator, NASA...

The Different Functions of Speech in Defamation and Privacy Cases.

ERIC Educational Resources Information Center

Kebbel, Gary

1984-01-01

Reviews United States Supreme Court decisions since 1900 to show that free speech decisions often rest on the circumstances surrounding the speech. Indicates that freedom of speech wins out over privacy when social or political function but not when personal happiness is the issue.

Strategies for Preserving Owner Privacy in the National Information Management System of the USDA Forest Service's Forest Inventory and Analysis Unit

Treesearch

Andrew Lister; Charles Scott; Susan King; Michael Hoppus; Brett Butler; Douglas Griffith

2005-01-01

The Food Security Act of 1985 prohibits the disclosure of any information collected by the USDA Forest Service's FIA program that would link individual landowners to inventory plot information. To address this, we developed a technique based on a "swapping" procedure in which plots with similar characteristics are exchanged, and on a ...

Security and Privacy Preservation in Human-Involved Networks

NASA Astrophysics Data System (ADS)

Asher, Craig; Aumasson, Jean-Philippe; Phan, Raphael C.-W.

This paper discusses security within human-involved networks, with a focus on social networking services (SNS). We argue that more secure networks could be designed using semi-formal security models inspired from cryptography, as well as notions like that of ceremony, which exploits human-specific abilities and psychology to assist creating more secure protocols. We illustrate some of our ideas with the example of the SNS Facebook.

Wiretapping the Internet

NASA Astrophysics Data System (ADS)

Antonelli, Charles J.; Honeyman, Peter

2001-02-01

This paper describes the Advanced Packet Vault, a technology for creating such a record by collecting and securely storing all packets observed on a network, with a scalable architecture intended to support network speeds in excess of 100 Mbps. Encryption is used to preserve users' security and privacy, permitting selected traffic to be made available without revealing other traffic. The Vault implementation, based on Linux and OpenBSD, is open-source.

Visual cryptography for face privacy

NASA Astrophysics Data System (ADS)

Ross, Arun; Othman, Asem A.

2010-04-01

We discuss the problem of preserving the privacy of a digital face image stored in a central database. In the proposed scheme, a private face image is dithered into two host face images such that it can be revealed only when both host images are simultaneously available; at the same time, the individual host images do not reveal the identity of the original image. In order to accomplish this, we appeal to the field of Visual Cryptography. Experimental results confirm the following: (a) the possibility of hiding a private face image in two unrelated host face images; (b) the successful matching of face images that are reconstructed by superimposing the host images; and (c) the inability of the host images, known as sheets, to reveal the identity of the secret face image.

Recognizing Bedside Events Using Thermal and Ultrasonic Readings

PubMed Central

Asbjørn, Danielsen; Jim, Torresen

2017-01-01

Falls in homes of the elderly, in residential care facilities and in hospitals commonly occur in close proximity to the bed. Most approaches for recognizing falls use cameras, which challenge privacy, or sensor devices attached to the bed or the body to recognize bedside events and bedside falls. We use data collected from a ceiling mounted 80 × 60 thermal array combined with an ultrasonic sensor device. This approach makes it possible to monitor activity while preserving privacy in a non-intrusive manner. We evaluate three different approaches towards recognizing location and posture of an individual. Bedside events are recognized using a 10-second floating image rule/filter-based approach, recognizing bedside falls with 98.62% accuracy. Bed-entry and exit events are recognized with 98.66% and 96.73% accuracy, respectively. PMID:28598394

14 CFR 1212.703 - NASA Chief Information Officer.

Code of Federal Regulations, 2013 CFR

2013-01-01

... 14 Aeronautics and Space 5 2013-01-01 2013-01-01 false NASA Chief Information Officer. 1212.703 Section 1212.703 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS NASA Authority and Responsibilities § 1212.703 NASA Chief Information Officer. (a) The NASA Chief...

14 CFR § 1212.700 - NASA employees.

Code of Federal Regulations, 2014 CFR

2014-01-01

... 14 Aeronautics and Space 5 2014-01-01 2014-01-01 false NASA employees. § 1212.700 Section § 1212.700 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS NASA Authority and Responsibilities § 1212.700 NASA employees. (a) Each NASA employee is responsible...

14 CFR 1212.204 - Fees.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Fees. 1212.204 Section 1212.204 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Access to Records § 1212.204 Fees. (a) Fees will not be charged for: (1) Search for a retrieval of the requesting...

14 CFR 1212.205 - Exceptions to individual's rights of access.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Exceptions to individual's rights of access. 1212.205 Section 1212.205 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Access to Records § 1212.205 Exceptions to individual's rights of access. (a) The...

14 CFR 1212.205 - Exceptions to individual's rights of access.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Exceptions to individual's rights of access. 1212.205 Section 1212.205 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Access to Records § 1212.205 Exceptions to individual's rights of access. (a) The...

14 CFR 1212.703 - Headquarters and Field or Component Installations.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Headquarters and Field or Component Installations. 1212.703 Section 1212.703 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS NASA Authority and Responsibilities § 1212.703 Headquarters and Field or...

14 CFR 1212.703 - Headquarters and Field or Component Installations.

Code of Federal Regulations, 2011 CFR

2011-01-01

... 14 Aeronautics and Space 5 2011-01-01 2010-01-01 true Headquarters and Field or Component Installations. 1212.703 Section 1212.703 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS NASA Authority and Responsibilities § 1212.703 Headquarters and Field or...

14 CFR 1212.601 - Maintenance and publication requirements for systems of records.

Code of Federal Regulations, 2010 CFR

2010-01-01

... 14 Aeronautics and Space 5 2010-01-01 2010-01-01 false Maintenance and publication requirements for systems of records. 1212.601 Section 1212.601 Aeronautics and Space NATIONAL AERONAUTICS AND SPACE ADMINISTRATION PRIVACY ACT-NASA REGULATIONS Instructions for NASA Employees § 1212.601 Maintenance and...