what-when-how
In Depth Tutorials and Information
real physical clusters. hose clusters in diferent places form an STN. he attackers
can try to interpret users' data and infringe STN privacy.
In this chapter, we will provide a review on the privacy preserving schemes
in the cloud-computing-based STNs. As an important requirement for privacy,
anonymity is considered in many application domains. For instance,
K-anonymity
(to be discussed later) hides the identity of an entity by forming a group of simi-
lar entities. hus, the probability of identifying the entity is less than 1/
k
. Group
formation depends on broadcast and multicast to hide the identity of the receiver
side.
STNs should be anonymized effectively in order to compromise the pri-
vacy attacks. However, there are more challenges in privacy preservation in
STNs such as the difficulty in modeling the background knowledge of social
attacks, to measure the data loss, and to anonymize the social identities and
relationships.
In terms of STN privacy preservation, we are concerned about end-to-end con-
fidentiality, access control, data integrity, authentication, and availability [8]. Some
attacks such as man-in-the-middle, impersonation attack, sybil attack [9], denial of
service, and black hole attack can breach privacy preservation.
In the following sections we will introduce a few efficient methods to preserve
privacy in STNs.
10.2 PrivacyPreserving(Anonymization)
BasedonGraphModel
In [1], the authors have introduced
neighborhoodattacks
, a prevalent type of privacy
attacks in STNs. Even if we mask all the identities of vertices (a vertex in network
graph represents a node in STNs), a malicious person can still infer part of the pri-
vate information of the target vertex with some available information published in
the networks. For example, in Figure 10.2, several users are identiied. he igure
shows that an anonymized STN graph Ada can be identified with the knowledge
of Ada's unique 1-neighborhood graph (Figure 10.2c). A malicious person can find
Bob through such a graph.
In [1], it makes use of the
k
-anonymity model [2] by adding a noise edge
between Harry and Irene as shown in Figure 10.2d;
k
-anonymity is defined as that
any vertices in the anonymized network can be identified with a probability lower
than 1/
k
. In Figure 10.2d,
k
equals 2.
In [1], it applies graph theory to model a network as
G
=
(
V
,
E
,
L
,
φ
),
where
V
is a set of vertices,
E
is a set of edges,
L
is a set of labels, and
φ
:
V
→
L
is a labeling function. For a graph
G
,
V
(
G
),
E
(
G
),
L
G
, and
φ
G
are the set of
vertices, the set of edges, the set of labels, and the labeling function in
G
,
respectively.
