Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
4.5
2.7
Journals
Applied Sciences
Special Issues
Advanced Technologies for Data Privacy and Security
share announcement

Advanced Technologies for Data Privacy and Security

A special issue of Applied Sciences (ISSN 2076-3417). This special issue belongs to the section "Computing and Artificial Intelligence".

Deadline for manuscript submissions: closed (10 September 2023) | Viewed by 17563

Special Issue Editors

Dr. Petr Dzurenda

E-Mail Website
Guest Editor
Department of Telecommunications, Brno University of Technology, 616 00 Brno, Czech Republic
Interests: cryptography; cybersecurity; privacy-enhancing technologies; access control; IoT security; network security; OS security; ethical hacking
Dr. Sara Ricci

E-Mail Website
Guest Editor
Department of Telecommunications, Brno University of Technology, 616 00 Brno, Czech Republic
Interests: privacy-enhancing technology; post-quantum cryptography; data privacy and security; elliptic curve cryptography; lattice-based cryptography
Dr. Jordi Castellà-Roca

E-Mail Website
Guest Editor
Department of Computer Engineering and Mathematics, Universitat Rovira i Virgili, Av. Països Catalans 26, E-43007 Tarragona, Catalonia, Spain
Interests: privacy; cryptography; security; data privacy

Special Issue Information

Dear Colleagues,

The COVID-19 pandemic highlighted the fact that the protection of users’ privacy, personal data, and their digital identities is a crucial issue. Several new applications with possible impacts on users’ privacy have been developed in the last few years to protect citizens and to reduce the risk of infection, such as contact tracing and COVID-19 certificate apps. However, privacy issues have been on our radar for a longer time. The rise of digitalization and the shift towards an online world have had a much larger impact on individuals’ privacy. Users have stopped being real owners of their data, losing control over their sensitive data. Service providers collect private data every day, knowing our movements and interests. This all leads to the possibility of tracking and profiling citizens. In fact, there are several EU regulations, such as General Data Protection Regulation (GDPR), which focus on protecting users’ privacy. Advanced technologies for data privacy and security play a significant role in data protection. Thanks to these technologies, anyone can access digital services anonymously, browse the Internet privately, process outsourced data without disclosing their context, and much more. However, it is difficult to implement the current technologies to Internet of Things (IoT) devices today which suffer from low power consumption and memory and computational restrictions. The complexity of current privacy-enhancing technologies such as anonymous credentials, group signatures, and attribute-based encryption is too high for constrained devices. On the other hand, using big data for digital services introduces new challenges, such as how to process medical and behavioral data for finding causes and explanations for diseases or health risks. These data include a large amount of sensitive personal information. Advanced methods for data privacy and security such as homomorphic encryption, secure multiparty computation, and differential privacy show promise for addressing these challenges. However, their complexity is too high for applicability in real-world use case scenarios.

The general goal of this Special Issue is to contribute to the expansion of knowledge in this field and to increase the protection of users’ privacy, their digital identities, and their data in current use case scenarios.

Dr. Petr Dzurenda
Dr. Sara Ricci
Dr. Jordi Castellà-Roca
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Applied Sciences is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • privacy-enhancing technology
  • cryptography
  • data privacy
  • data security
  • user's privacy
  • data anonymization and unlinkability
  • security and privacy by design

Published Papers (10 papers)

Download All Papers
Order results
Result details
Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:

Research

15 pages, 1897 KiB  
Article
An Open-Source Software Tool to Facilitate Data Protection Impact Assessments
by Layla Tabea Riemann, Felicia P. S. Hähner, Ann-Kathrin Schmitz, Maximilian Ataian, Matthias Jaster and Frank Ückert
Appl. Sci. 2023, 13(20), 11230; https://doi.org/10.3390/app132011230 - 12 Oct 2023
Viewed by 1106
Abstract
In the realm of medical research, preserving patient privacy while facilitating effective research and collaborations poses a significant challenge. Data protection impact assessments (DPIAs) and associated methodologies have emerged as a response to this dual imperative. DPIAs necessitate expertise across diverse domains, resulting [...] Read more.
In the realm of medical research, preserving patient privacy while facilitating effective research and collaborations poses a significant challenge. Data protection impact assessments (DPIAs) and associated methodologies have emerged as a response to this dual imperative. DPIAs necessitate expertise across diverse domains, resulting in a complex procedural landscape. To address this, we present “DPIA click&go”, a user-friendly tool designed to streamline the DPIA process in a plug-and-play manner. This tool enables users to semi-automatically select risks from predefined categories, construct evaluation matrices, access risk-mitigating measures, and re-evaluate risks after the application of mitigation strategies. Tailoring risks and measures to each institute’s needs is essential, facilitated by the provided data model, considerably simplifying DPIA creation at an institutional level. The efficacy of the DPIA click&go tool was validated with a real-world project, comparing its performance with a manually created DPIA in terms of risk coverage and mitigation strategies. The promising outcomes of this tool underscore its potential within the national data protection landscape, suggesting its possible foundational role in harmonizing data protection practices at a larger, potentially, European or global, scale. Full article
(This article belongs to the Special Issue Advanced Technologies for Data Privacy and Security)
Show Figures

Figure 1

24 pages, 1082 KiB  
Article
Privacy-Preserving Solution for European Union Digital Vaccine Certificates
by Petr Dzurenda, Sara Ricci, Petr Ilgner, Lukas Malina and Carles Anglès-Tafalla
Appl. Sci. 2023, 13(19), 10986; https://doi.org/10.3390/app131910986 - 05 Oct 2023
Viewed by 673
Abstract
The recent COVID-19 pandemic situation highlights the importance of digital vaccine certificates. In response, the European Union (EU) developed EU Digital Vaccine Certificates to enable proof of non-infectivity and completed vaccinations. However, these solutions suffer from several shortcomings, such as ineffective certificate holder [...] Read more.
The recent COVID-19 pandemic situation highlights the importance of digital vaccine certificates. In response, the European Union (EU) developed EU Digital Vaccine Certificates to enable proof of non-infectivity and completed vaccinations. However, these solutions suffer from several shortcomings, such as ineffective certificate holder identification and a high violation of user privacy with the disclosure of sensitive information. In this work, we present a novel solution for privacy-preserving EU Digital Vaccine Certificates. Our solution solves the aforementioned privacy and security shortcomings and is in line with current EU legislation, i.e., the General Data Protection Regulation (GDPR), the upcoming revision of the electronic IDentification, Authentication, and trust Services (eIDAS), called regulation eIDAS 2.0, and the new tools that it envisages to be led by European digital identity. This identity is intended to allow citizens to prove their identity to access online services, share digital documents, or simply prove specific personal characteristics such as age without revealing their identity or other personal information. The core of our proposal is built on our novel attribute-based credential scheme, which can be easily implemented on various handheld devices, especially on Android smartphones and smartwatches. However, due to the lightweight nature of our scheme, it can also be implemented on constrained devices such as smart cards. In order to demonstrate the security, privacy, and practicality inherent in our proposal, we provide the security analysis of the cryptographic core along with a set of experimental results conducted on smartphones and smart cards. Full article
(This article belongs to the Special Issue Advanced Technologies for Data Privacy and Security)
Show Figures

Figure 1

20 pages, 3172 KiB  
Article
A Novel Robust Geolocation-Based Multi-Factor Authentication Method for Securing ATM Payment Transactions
by Abdullah Alabdulatif, Rohan Samarasinghe and Navod Neranjan Thilakarathne
Appl. Sci. 2023, 13(19), 10743; https://doi.org/10.3390/app131910743 - 27 Sep 2023
Cited by 1 | Viewed by 1100
Abstract
Credit/debit cards are a ubiquitous form of payment at present. They offer a number of advantages over cash, including convenience, security, and fraud protection. In contrast, the inherent vulnerabilities of credit/debit cards and transaction methods have led many payment institutions to focus on [...] Read more.
Credit/debit cards are a ubiquitous form of payment at present. They offer a number of advantages over cash, including convenience, security, and fraud protection. In contrast, the inherent vulnerabilities of credit/debit cards and transaction methods have led many payment institutions to focus on strengthening the security of these electronic payment methods. Also, the increasing number of electronic payment transactions around the world have led to a corresponding increase in the amount of money lost due to fraud and cybercrime. This loss of money has a significant impact on businesses and consumers, and it necessitates the development of rigid and robust security designs for securing underlying electronic transaction methods. In this regard, this research introduces a novel geolocation-based multi-factor authentication method for improving the security of electronic payment transactions, especially ATM transactions. The proposed method leverages geolocation to verify the user’s identity and prevent fraudulent transactions. In addition, this research also proposes a novel design approach for further controlling the ownership of transactions in a convenient way (e.g., allowing users to deactivate/reactivate authentication at any time, block the card in case it is stolen or lost, and set up a withdrawal limit). Overall, this approach does not require any major modifications to the existing banking infrastructure, which would be an ideal solution for securing ATM transactions around the world. Full article
(This article belongs to the Special Issue Advanced Technologies for Data Privacy and Security)
Show Figures

Figure 1

16 pages, 504 KiB  
Article
Privacy-Preserving Federated Singular Value Decomposition
by Bowen Liu, Balázs Pejó and Qiang Tang
Appl. Sci. 2023, 13(13), 7373; https://doi.org/10.3390/app13137373 - 21 Jun 2023
Viewed by 1359
Abstract
Singular value decomposition (SVD) is a fundamental technique widely used in various applications, such as recommendation systems and principal component analyses. In recent years, the need for privacy-preserving computations has been increasing constantly, which concerns SVD as well. Federated SVD has emerged as [...] Read more.
Singular value decomposition (SVD) is a fundamental technique widely used in various applications, such as recommendation systems and principal component analyses. In recent years, the need for privacy-preserving computations has been increasing constantly, which concerns SVD as well. Federated SVD has emerged as a promising approach that enables collaborative SVD computation without sharing raw data. However, existing federated approaches still need improvements regarding privacy guarantees and utility preservation. This paper moves a step further towards these directions: we propose two enhanced federated SVD schemes focusing on utility and privacy, respectively. Using a recommendation system use-case with real-world data, we demonstrate that our schemes outperform the state-of-the-art federated SVD solution. Our utility-enhanced scheme (utilizing secure aggregation) improves the final utility and the convergence speed by more than 2.5 times compared with the existing state-of-the-art approach. In contrast, our privacy-enhancing scheme (utilizing differential privacy) provides more robust privacy protection while improving the same aspect by more than 25%. Full article
(This article belongs to the Special Issue Advanced Technologies for Data Privacy and Security)
Show Figures

Figure 1

22 pages, 3798 KiB  
Article
Implementation and Security Test of Zero-Knowledge Protocols on SSI Blockchain
by Cristina Vilchez Moya, Juan Ramón Bermejo Higuera, Javier Bermejo Higuera and Juan Antonio Sicilia Montalvo
Appl. Sci. 2023, 13(9), 5552; https://doi.org/10.3390/app13095552 - 29 Apr 2023
Cited by 2 | Viewed by 1581
Abstract
The problem of digital identity acquires more relevance every day in the eyes of a society that spends more and more time connected to the Internet. It has evolved throughout its history to reach a decentralized model known as Self-Sovereign Identity (SSI), which [...] Read more.
The problem of digital identity acquires more relevance every day in the eyes of a society that spends more and more time connected to the Internet. It has evolved throughout its history to reach a decentralized model known as Self-Sovereign Identity (SSI), which finds its natural tools in the blockchain technology and Zero-Knowledge Proofs (ZKPs). ZKPs, in this context, allow users to prove that their credentials are legitimate without revealing more information than is strictly necessary, and constitute one of the most promising areas of applied cryptography. In this work, an application is developed for the study of Zero-Knowledge Proof methods and, specifically, in their application for authentication in public-private key encryption systems. It focuses on the study of three ZKP protocols (Feige-Fiat-Shamir, Guillou-Quisquater, and Schnorr, which rely on the problems of large number factorizations and discrete logarithms for security) in the practical use-case where a prover wants to demonstrate knowledge of a private key for a public key without revealing the key itself. The application allows the user to modify the necessary parameters in each method to achieve a better understanding of their role in their safety and efficiency. Several types of attacks are carried out against the above-mentioned protocols to analyze their degree of security and what recommendations can be made to improve it. Full article
(This article belongs to the Special Issue Advanced Technologies for Data Privacy and Security)
Show Figures

Figure 1

18 pages, 580 KiB  
Article
Privacy-Preserving E-Voting System Supporting Score Voting Using Blockchain
by Ali Alshehri, Mohamed Baza, Gautam Srivastava, Wahid Rajeh, Majed Alrowaily and Majed Almusali
Appl. Sci. 2023, 13(2), 1096; https://doi.org/10.3390/app13021096 - 13 Jan 2023
Cited by 7 | Viewed by 2581
Abstract
With the advancement of cyber threats, blockchain technology has evolved to have a significant role in providing secure and reliable decentralized applications. One of these applications is a remote voting system that allow voters to participate in elections remotely. This work proposes a [...] Read more.
With the advancement of cyber threats, blockchain technology has evolved to have a significant role in providing secure and reliable decentralized applications. One of these applications is a remote voting system that allow voters to participate in elections remotely. This work proposes a privacy-preserving e-voting system supporting score voting using blockchain technology. The main challenge with score voting compared to the regular yes/no voting approach is that a voter is allowed to assign a score from a defined range for each candidate. To preserve privacy, votes shall be encrypted before submission to the Blockchain, however, a malicious voter can modify the score value before encrypting it to manipulate the elections result for the favor of a certain candidate. To address this challenge, the proposed scheme allows voters to first prove that the submitted score lies in the predefined range before the vote is added to the Blockchain to ensure fairness of the election. The performance of our scheme is evaluated against a set of comprehensive experiments designed to determine optimal bounds for workload and transaction send rates and measure the impact of exceeding these bounds on critical performance metrics. The results of these simulations and their implications therefore indicate that the proposed scheme is secure while being able to handle up to 10,000 transactions at a time. Full article
(This article belongs to the Special Issue Advanced Technologies for Data Privacy and Security)
Show Figures

Figure 1

14 pages, 5135 KiB  
Article
OMECDN: A Password-Generation Model Based on an Ordered Markov Enumerator and Critic Discriminant Network
by Jihan Jiang, Anmin Zhou, Liang Liu and Lei Zhang
Appl. Sci. 2022, 12(23), 12379; https://doi.org/10.3390/app122312379 - 03 Dec 2022
Cited by 1 | Viewed by 1630
Abstract
At present, static text passwords are still the most widely-used identity authentication method. Password-generation technology can generate large-scale password sets and then detect the defects in password-protection mechanisms, which is of great significance for evaluating password-guessing algorithms. However, the existing password-generation technology cannot [...] Read more.
At present, static text passwords are still the most widely-used identity authentication method. Password-generation technology can generate large-scale password sets and then detect the defects in password-protection mechanisms, which is of great significance for evaluating password-guessing algorithms. However, the existing password-generation technology cannot ignore low-quality passwords in the generated password set, which will lead to low-efficiency password guessing. In this paper, a password-generation model based on an ordered Markov enumerator and critic discriminant network (OMECDN) is proposed, where passwords are generated via an ordered Markov enumerator (OMEN) and a discriminant network according to the probability of the combination of passwords. OMECDN optimizes the performance of password generation with a discriminative network based on the good statistical properties of OMEN. Moreover, the final password set is formed by the selected passwords with a higher score than the preset threshold, which guarantees the superiority of the hit rate of almost all ranges of combinations of passwords over the initial password set. Finally, the experiments show that OMECDN achieves a qualitative improvement in hit rate metrics. In particular, regarding the generation of 107 passwords on the RockYou dataset, the matching entries of the password set generated by the OMECDN model are 25.18% and 243.58% higher than those generated by the OMEN model and the PassGAN model, respectively. Full article
(This article belongs to the Special Issue Advanced Technologies for Data Privacy and Security)
Show Figures

Figure 1

19 pages, 633 KiB  
Article
Privacy and Utility of Private Synthetic Data for Medical Data Analyses
by Arno Appenzeller, Moritz Leitner, Patrick Philipp, Erik Krempel and Jürgen Beyerer
Appl. Sci. 2022, 12(23), 12320; https://doi.org/10.3390/app122312320 - 01 Dec 2022
Cited by 5 | Viewed by 2676
Abstract
The increasing availability and use of sensitive personal data raises a set of issues regarding the privacy of the individuals behind the data. These concerns become even more important when health data are processed, as are considered sensitive (according to most global regulations). [...] Read more.
The increasing availability and use of sensitive personal data raises a set of issues regarding the privacy of the individuals behind the data. These concerns become even more important when health data are processed, as are considered sensitive (according to most global regulations). Privacy Enhancing Technologies (PETs) attempt to protect the privacy of individuals whilst preserving the utility of data. One of the most popular technologies recently is Differential Privacy (DP), which was used for the 2020 U.S. Census. Another trend is to combine synthetic data generators with DP to create so-called private synthetic data generators. The objective is to preserve statistical properties as accurately as possible, while the generated data should be as different as possible compared to the original data regarding private features. While these technologies seem promising, there is a gap between academic research on DP and synthetic data and the practical application and evaluation of these techniques for real-world use cases. In this paper, we evaluate three different private synthetic data generators (MWEM, DP-CTGAN, and PATE-CTGAN) on their use-case-specific privacy and utility. For the use case, continuous heart rate measurements from different individuals are analyzed. This work shows that private synthetic data generators have tremendous advantages over traditional techniques, but also require in-depth analysis depending on the use case. Furthermore, it can be seen that each technology has different strengths, so there is no clear winner. However, DP-CTGAN often performs slightly better than the other technologies, so it can be recommended for a continuous medical data use case. Full article
(This article belongs to the Special Issue Advanced Technologies for Data Privacy and Security)
Show Figures

Figure 1

21 pages, 825 KiB  
Article
On the Privacy–Utility Trade-Off in Differentially Private Hierarchical Text Classification
by Dominik Wunderlich, Daniel Bernau, Francesco Aldà, Javier Parra-Arnau and Thorsten Strufe
Appl. Sci. 2022, 12(21), 11177; https://doi.org/10.3390/app122111177 - 04 Nov 2022
Cited by 2 | Viewed by 1408
Abstract
Hierarchical text classification consists of classifying text documents into a hierarchy of classes and sub-classes. Although Artificial Neural Networks have proved useful to perform this task, unfortunately, they can leak training data information to adversaries due to training data memorization. Using differential privacy [...] Read more.
Hierarchical text classification consists of classifying text documents into a hierarchy of classes and sub-classes. Although Artificial Neural Networks have proved useful to perform this task, unfortunately, they can leak training data information to adversaries due to training data memorization. Using differential privacy during model training can mitigate leakage attacks against trained models, enabling the models to be shared safely at the cost of reduced model accuracy. This work investigates the privacy–utility trade-off in hierarchical text classification with differential privacy guarantees, and it identifies neural network architectures that offer superior trade-offs. To this end, we use a white-box membership inference attack to empirically assess the information leakage of three widely used neural network architectures. We show that large differential privacy parameters already suffice to completely mitigate membership inference attacks, thus resulting only in a moderate decrease in model utility. More specifically, for large datasets with long texts, we observed Transformer-based models to achieve an overall favorable privacy–utility trade-off, while for smaller datasets with shorter texts, convolutional neural networks are preferable. Full article
(This article belongs to the Special Issue Advanced Technologies for Data Privacy and Security)
Show Figures

Figure 1

22 pages, 6035 KiB  
Article
The Protection of Data Sharing for Privacy in Financial Vision
by Yi-Ren Wang and Yun-Cheng Tsai
Appl. Sci. 2022, 12(15), 7408; https://doi.org/10.3390/app12157408 - 23 Jul 2022
Viewed by 1463
Abstract
The primary motivation is to address difficulties in data interpretation or a reduction in model accuracy. Although differential privacy can provide data privacy guarantees, it also creates problems. Thus, we need to consider the noise setting for differential privacy is currently inconclusive. This [...] Read more.
The primary motivation is to address difficulties in data interpretation or a reduction in model accuracy. Although differential privacy can provide data privacy guarantees, it also creates problems. Thus, we need to consider the noise setting for differential privacy is currently inconclusive. This paper’s main contribution is finding a balance between privacy and accuracy. The training data of deep learning models may contain private or sensitive corporate information. These may be dangerous to attacks, leading to privacy data leakage for data sharing. Many strategies are for privacy protection, and differential privacy is the most widely applied one. Google proposed a federated learning technology to solve the problem of data silos in 2016. The technology can share information without exchanging original data and has made significant progress in the medical field. However, there is still the risk of data leakage in federated learning; thus, many models are now used with differential privacy mechanisms to minimize the risk. The data in the financial field are similar to medical data, which contains a substantial amount of personal data. The leakage may cause uncontrollable consequences, making data exchange and sharing difficult. Let us suppose that differential privacy applies to the financial field. Financial institutions can provide customers with higher value and personalized services and automate credit scoring and risk management. Unfortunately, the economic area rarely applies differential privacy and attains no consensus on parameter settings. This study compares data security with non-private and differential privacy financial visual models. The paper finds a balance between privacy protection with model accuracy. The results show that when the privacy loss parameter ϵ is between 12.62 and 5.41, the privacy models can protect training data, and the accuracy does not decrease too much. Full article
(This article belongs to the Special Issue Advanced Technologies for Data Privacy and Security)
Show Figures

Figure 1

Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:
 
Displaying articles 1-10
Back to TopTop