With the development of blockchain technology, the automatic generation of smart contract has become a hot research topic. The existing smart contract automatic generation technology still has improvement spaces in complex process, third-party specialized tools required, specific the compatibility of code and running environment. In this paper, we propose an automatic smart contract generation method, which is domain-oriented and configuration-based. It is designed and implemented with the application scenarios of government service. The process of configuration, public state database definition, code generation and formal verification are included. In the Hyperledger Fabric environment, the applicability of the generated smart contract code is verified. Furthermore, its quality and security are formally verified with the help of third-party testing tools. The experimental results show that the quality and security of the generated smart contract code meet the expect standards. The automatic smart contract generation will “elegantly” be applied on the work of anti-disclosure, privacy protection, and prophecy processing in government service. To effectively enable develop “programmable government”.

Android occupies a very large market share in the field of mobile devices, and quantities of applications are created everyday allowing users to easily use them. However, privacy leaks on Android terminals may result in serious losses to businesses and individuals. Current permission model cannot effectively prevent privacy data leakage. In this paper, we find a way to protect privacy data on Android terminals from the perspective of privacy information propagation by porting the concept of contextual integrity to the realm of privacy protection. We propose a computational model of contextual integrity suiting for Android platform and design a privacy protection system based on the model. The system consists of an online phase and offline phase; the main function of online phase is to computing the value of distribution norm and making privacy decisions, while the main function of offline phase is to create a classification model that can calculate the value of the appropriateness norm. Based on the 6 million permission requests records along with 2.3 million runtime contextual records collected by dynamic analysis, we build the system and verify its feasibility. Experiment shows that the accuracy of offline classifier reaches up to 0.94. The experiment of the overall system feasibility illustrates that 70% location data requests, 84% phone data requests and 46% storage requests etc., violate the contextual integrity.

The recent popularization of social network services (SNSs), such as YouTube, Dailymotion, and Facebook, enables people to easily publish their personal videos taken with mobile cameras. However, at the same time, such popularity has raised a new problem: video privacy. In such social videos, the privacy of people, i.e., their appearances, must be protected, but naively obscuring all people might spoil the video content. To address this problem, we focus on videographers' capture intentions. In a social video, some persons are usually essential for the video content. They are intentionally captured by the videographers, called intentionally captured persons (ICPs), and the others are accidentally framed-in (non-ICPs). Videos containing the appearances of the non-ICPs might violate their privacy. In this paper, we developed a system called BEPS, which adopts a novel conditional random field (CRF)-based method for ICP detection, as well as a novel approach to obscure non-ICPs and preserve ICPs using background estimation. BEPS reduces the burden of manually obscuring the appearances of the non-ICPs before uploading the video to SNSs. Compared with conventional systems, the following are the main advantages of BEPS: (i) it maintains the video content, and (ii) it is immune to the failure of person detection; false positives in person detection do not violate privacy. Our experimental results successfully validated these two advantages.

Our society has been getting more privacy-sensitive. Diverse information is given by users to information and communications technology (ICT) systems such as IC cards benefiting them. The information is stored as so-called big data, and there is concern over privacy violation. Visual information such as images and videos is also considered privacy-sensitive. The growing deployment of surveillance cameras and social network services has caused a privacy problem of information given from various sensors. To protect privacy of subjects presented in visual information, their face or figure is processed by means of pixelization or blurring. As image analysis technologies have made considerable progress, many attempts to automatically process flexible privacy protection have been made since 2000, and utilization of privacy information under some restrictions has been taken into account in recent years. This paper addresses the recent progress of privacy protection for visual information, showing our research projects: PriSurv, Digital Diorama (DD), and Mobile Privacy Protection (MPP). Furthermore, we discuss Harmonized Information Field (HIFI) for appropriate utilization of protected privacy information in a specific area.

Recently, video surveillance systems have been widely introduced in various places, and protecting the privacy of objects in the scene has been as important as ensuring security. Masking each moving object with a background subtraction method is an effective technique to protect its privacy. However, the background subtraction method is heavily affected by sunshine change, and a redundant masking by over-extraction is inevitable. Such superfluous masking disturbs the quality of video surveillance. In this paper, we propose a moving object masking method combining background subtraction and machine learning based on Real AdaBoost. This method can reduce the superfluous masking while maintaining the reliability of privacy protection. In the experiments, we demonstrate that the proposed method achieves about 78-94% accuracy for classifying superfluous masking regions and moving objects.

This paper introduces amplitude-only images to image trading systems in which not only the copyright of images but also the privacy of consumers are protected. In the latest framework for image trading systems, an image is divided into an unrecognizable piece and a recognizable but distorted piece to simultaneously protect the privacy of a consumer and the copyright of the image. The proposed scheme uses amplitude-only images which are completely unrecognizable as the former piece, whereas the conventional schemes leave recognizable parts to the piece which degrades privacy protection performance. Moreover, the proposed scheme improves the robustness against copyright violation regardless of the used digital fingerprinting technique, because an amplitude-only image is larger than the piece in the conventional scheme. In addition, phase-only image is used as the second piece in the proposed scheme, the consumer can confirm what he/she bought. Experimental results show the effectiveness of the proposed scheme.

In order to improve user's privacy in multi-authority Attribute-Based Encryption (ABE), we propose a solution which hides user's attributes by privacy homomorphism, such that not only the “external” adversary fails to access the private attribute of one user by eavesdropping on communications, but also the “internal” Attribute Authorities (AA), who are responsible for issuing attribute keys, are unable to build a full profile with all of the user's attributes by pooling their information on the user's ID. Meanwhile, the use of ID is essential to defend against collusion attack on ABE. Benefiting from privacy homomorphism, by which we distribute the part of the interpolation for the shares abstracted by the hidden attributes into each AA, the performance of the proposed scheme is higher than those of existing ABE schemes.

Recently, numerous service discovery protocols have been introduced in the open literature. Unfortunately, many of them did not consider security issues, and for those that did, many security and privacy problems still remain. One important issue is to protect the privacy of a service provider while enabling an end-user to search an alternative service using multiple keywords. To deal with this issue, the existing protocols assumed that a directory server should be trusted or owned by each service provider. However, an adversary may compromise the directory server due to its openness property. In this paper, we suggest an efficient verification of service subscribers to resolve this issue and analyze its performance and security. Using this method, we propose an efficient and secure service discovery protocol protecting the privacy of a service provider while providing multiple keywords search to an end-user. Also, we provide performance and security analysis of our protocol.

In this paper, we establish our child safety system model related to the addressing contradictory issue of wireless sensor networks caused by the mutual authentication and privacy protection of an end-user. Based on the system model, we propose the novel location-aware and privacy-preserving approach for providing child safety over wireless sensor networks. Although we illustrate our protocol over the sensor networks, the proposed protocol can be operated by various wireless networks (e.g., WiFi and UWB) which can support RSSI (Received Signal Strength Indication). Compared to a few previous works, the proposed approach can show the potential of enhancing accuracy with location information, preserve the privacy of an end-user, and provide the capability of controlling the child safety service to an end-user.

Because of an increasing number of security cameras, it is crucial to establish a system that protects the privacy of objects in the recorded images. To this end, we propose a framework of image processing and data hiding for security monitoring and privacy protection. First, we state the requirements of the proposed monitoring systems and suggest possible implementation that satisfies those requirements. The underlying concept of our proposed framework is as follows: (1) in the recorded images, the objects whose privacy should be protected are deteriorated by appropriate image processing; (2) the original objects are encrypted and watermarked into the output image, which is encoded using an image compression standard; (3) real-time processing is performed such that no future frame is required to generate on output bitstream. It should be noted that in this framework, anyone can observe the decoded image that includes the deteriorated objects that are unrecognizable or invisible. On the other hand, for crime investigation, this system allows a limited number of users to observe the original objects by using a special viewer that decrypts and decodes the watermarked objects with a decoding password. Moreover, the special viewer allows us to select the objects to be decoded and displayed. We provide an implementation example, experimental results, and performance evaluations to support our proposed framework.

In this paper, we propose a method of controlling personal data disclosure based on LooM (Loosely Managed Privacy Protection Method) that prevents a malicious third party from identifying a person when he/she gets context-aware services using personal data. The basic function of LooM quantitatively evaluates the anonymity level of a person who discloses his/her data, and controls the personal-data disclosure according to the level. LooM uses a normalized entropy value for quantifying the anonymity. In this version of the LooM, the disclosure control is accomplished by adding two new functions. One is an abstracting-function that generates abstractions (or summaries) from the raw personal data to reduce the danger that the malicious third party might identify the person who discloses his/her personal data to the party. The other function is a unique-value-masking function that hides the unique personal data in the database. These functions enhance the disclosure control mechanism of LooM. We evaluate the functions using simulation data and questionnaire data. Then, we confirm the effectiveness of the functions. Finally, we show a prototype of a crime-information-sharing service to confirm the feasibility of these functions.

The first refreshable anonymous token scheme proposed in [1] enables one to provide services in such a way that each of its users is allowed to enjoy only a fixed number of services at the same time. In this paper, we show that the scheme in [1] is insecure and propose a provably secure refreshable partial anonymous token scheme which is a generalization of the previous scheme. The new scheme has an additional ability to control the anonymity level of users. We also propose a formal model and security requirements of the new scheme.

Availability of network access "anytime and anywhere" will impose new requirements to presence services - server load sharing and privacy protection. In such cases, presence services would have to deal with sensor device information with maximum consideration of user's privacy. In this paper, we propose FieldCast: peer-to-peer system architecture for presence information exchange in ubiquitous computing environment. According to our proposal, presence information is exchanged directly among user's own computing resources. We illustrate our result of evaluation that proves the feasibility of our proposal.