With the popularization of Internet of things (IoT), the interaction between human and IoT has become a daily life. In this interaction, the objects of IoT usually require access to personal data, which are often sensitive. We propose a lightweight privacy-preserving model based on the trust evaluation that it can effectively protect privacy based on simple threshold detection. The key issue we address in this work is how to construct trust model so that non trusted objects were prevented from accessing private data. This work can be considered as a lightweight approach to access control for privacy-preservation. The main algorithm in the proposed model is a kind of dynamic self-adjusting trust evaluation mechanism that uses a combination of interaction information occurs between the human and the Internet of things, between the human and the human. According to the given threshold, the trust model can determine the data level of object access in the IoT. We have implemented a prototype of the proposed scheme, thereby demonstrating the feasibility of the proposed scheme on resource-constrained devices.

People expose their personal information on social network services (SNSs). This paper warns of the dangers of this practice by way of an example. We show that the residence registration numbers (RRNs) of many Koreans, which are very important and confidential personal information analogous to social security numbers in the United States, can be estimated solely from the information that they have made open to the public. In our study, we utilized machine learning algorithms to infer information that was then used to extract a part of the RRNs. Consequently, we were able to extract 45.5% of SNS users' RRNs using a machine learning algorithm and brute-force search that did not consume exorbitant amounts of resources.

Recently, Chien et al. proposed an efficient timestamp-based remote user authentication scheme using smart cards. The main merits include: (1) user-independent server, i.e., there is no password or verification table kept in the server; (2) users can freely choose their passwords; (3) mutual authentication is provided between the user and the server; and (4) lower communication and computation cost. In this paper, we show that Chien et al.'s scheme is insecure against forgery attack because one adversary can easily pretend to be a legal user, pass the server's verification and login to the remote system successfully. An improved scheme is proposed that can overcome the security risk while still preserving all the above advantages.

Solutions based on error-correcting codes for the blacklisting problem of a broadcast distribution system have been proposed by Kumar, Rajagopalan and Sahai. In this paper, detailed analysis of the solutions is presented. By choosing parameters properly in their constructions, we show that the performance is improved significantly.