Study On Security Architecture And Privacy Preserving Technologies For Digital Community

The digital community is an information integrated system, which utilize digital information technology and computer technology to make interconnected between users, management provider and service provider, has many function such as public service, business service, administrative management, resource sharing, monitoring and supervision and so on. Different from traditional networks, digital community networks has unique characteristics including heterogeneous integration, cross-domain, collaborative autonomy, dynamic changes and open interconnection raise a number of security challenges for system security and information security. These challenges include security architecture design, seamless connection between security protocols, heterogeneous networks integration and user privacy preservation. Therefore, it’s especially important to study the security architecture, key security technologies and privacy preservation technologies which has important theoretical and practical value for the development of digital community.In allusion to the security issues above, we make integrated and systematic studies on security architecture, privacy preserving data collection and privacy preserving data publishing in digital community. The main contributions in this paper are as follows:1. Security architecture and key security technologies in the digital community networks environment are studied. In allusion to the digital community network characteristic and system security issue, we propose an hierarchical security architecture based on the analysis of digital community network security requirements and threat model. In the information domain, we analyse the security requirements and security issues for each layer according to the hierarchical network structure, and set up security mechanism for each layer in order to achieve defense-in-deep cybersecurity in information domain; In the control domain, we analyse the security requirements and security issues, and utilize distribute control theory and self-healing model to achieve security control mechanism in control domain. We discuss key technologise associated with security authentication, security control and privacy preservation, and propose a high-assurance trust model for digital community according to security mechanism of information and control domain.2. The privacy preserving data collection model in the digital community networks environment is studied. The widespread use of mobile devices in digital community has promoted the variety of data collecting methods. However, the privacy of individuals and corporations plays an important role in data process or data transmission, and such information should be protected. In this paper, (oc,k)-anonymity model, a widely used privacy-preserving model, is adopted as a security frame for privacy preserving. Then, a privacy-preserving data collection model ((∝,k)-CM) based on (∝,k)-anonymity is proposed and the threat model is analyzed. To resist the possible attack, we propose a generalization-encryption method to achieve a desired privacy level in (∝,k)-CM. Generalization can decrease the data size and save the resource but induce information loss in data process; while encryption can decrease information loss but cause the waste of resource. Generalization-encryption method dynamically encrypts a portion of the data with maximum information loss and adjusts the portion to balance the trade-off metric in the process of generalization. Experimental results and theoretical analysis show that this method is effective in terms of privacy levels and data quality with low resource consumption.3. The privacy preserving data publishing model in the digital community networks environment is studied. Privacy-Preserving Data Publishing (PPDP) deals with data publishing while preserving individual’s privacy in the data. In order to keep the sensitive information of individual data security, the data publisher usually do not publish the raw data, they release the anonymous data intead. Recent researches show that knowledge of mechanism of anonymization provides a loophole for attacks, we call this kind of attack a mechanism-based attack. In this paper, we first give a comprehensive study of mechanism-based attack and point out that the range of mechanism-based disclosure is much broader than ever said. Then, we analyze the rationale of mechanism-based attack and give the definition of mechanism-based attack formally. To counteract mechanism-based attack, we introduce a model called e -secrecy and corresponding solution algorithm MAIA. We conduct a comprehensive set of experiments to show mechanism-based attacks are practical concern in the real-world data sets and that our method introduces better data utility and very minor computation than the existing algorithms.