Implementación de un Sistema de Seguridad y Salud Ocupacional –

To address the research questions defined previously and to overcome the challenges discussed in last section, extensive studies have been performed using different privacy preservation tools and cryptography based techniques. A summary of the organization of the novel contributions corresponding to the aforementioned research questions is presented in figure 1.8. Concretely the main contributions of this thesis are presented as follows.

1. Privacy Preserving Item based Recommendation

We propose a new privacy preserving item based recommender system, which allows the computations required for recommendations in a distributed manner and preserves user privacy without compromising recommendation accuracy and efficiency. We introduce the privacy protocol based on ElGamal encryption [104] which is based on public key cryptosystem. The main advantage of this cryptosystem is that, it is semantically secure

Research Contribution 25

and allows certain types of computations on the ciphertexts. Based on this cryptosystem, we are able to split the secret keys among the users so that no single authority holds the full power to have the secret key and decrypt. When the computation on encrypted data is complete, all users in the system can share the secret keys to decrypt the results. Our recommender server is assumed to be semi honest and does not collude with any party in the system. We also propose different privacy protocols on item average and similarity computations as well as recommendations generations by which the privacy of users are preserved. Specifically our main contributions are:

a) An efficient privacy preserving item-based recommender system to protect user pri- vacy during recommendation process by sharing the secret keys.

b) Privacy preserving item average and similarity computation protocols to calculate averages and similarities among the items without compromising user ratings. More- over, which items have been rated are also hidden during these processes.

2. Privacy Preserving User based Recommendation

In relation to the first contribution we further investigate the privacy preserving recom- mendation protocol based on the similarity among the users and their ratings on items. We mainly investigate the requirements of privacy protocols in terms of user based simi- larity computations followed by recommendation generations with the encrypted weights, which are user similarities. Based on our investigation we found that the existing works suffer from certain privacy issues (they require to decrypt intermediate results by the decryption server) and communication overhead on how they perform secure multipli- cation operation (which is one of the intermediate steps in generating recommendation) homomorphically under multiparty settings. To overcome these limitations, we propose a new privacy preserving protocol using Boneh Goah Nissim cryptosystem [105] where secure multiplication can be performed by a single server and overcomes the limitation of communication overhead as well as the privacy issues (we do not require to decrypt the intermediate results). To model the protocol, we set two servers, where one acts as recommendation server and another as decryption server who are semi honest but curi-

Research Contribution 26

ous to find the information. The proposed protocol leverage the recommender server to perform private recommendations without disclosing any private information.

3. Privacy Preserving Context Aware Recommendation

To facilitate the privacy preserving context aware recommender system, we explore the influence of different contextual information in recommendation. Among various con- textual information based recommendation, we limit our study and contribution among two specific contextual information: users friendship network and locations. These two information are equally sensitive as other user information such as ratings or prefer- ences on different products. More specifically we investigate users’ friendship network into point of interest recommendation and locations into web service recommendation as an application in privacy preserving manner. In point of interest recommendation, we propose a new privacy preserving protocol where users are able to select only few friends of him/her based on whom the users wants the recommendation results to be influenced without disclosing any private information. Similarly, in location aware web service recommendation, we propose a new privacy preserving protocol where the users are able to filter a set of users who are located nearby, since users locations usually effect in web service experience/preferences. The recommendation server can use the set of nearby users’ experiences to facilitate the recommendation on unobserved web services for target/ query user without disclosing or learning any private information.

In both scenarios we use real world datasets to conduct extensive experimental analysis and prove that the proposed protocols are practical as well as private.

4. Privacy Preserving Recommendation based on Partitioned Datasets

There is such scenario where the users’ information/ ratings are distributed among mul- tiple organizations and to generate satisfactory recommendations, these data need to be integrated. However, data related to user preferences are usually confidential and it is unlikely that any organization will agree to share its own data with other entities. To provide advanced facilities for securing privacy of data in distributed recommender sys- tems, we propose a new system called Privacy-preserving Weighted Slope One Predictor

Thesis Organization 27

for Vertically Partitioned Data. In this protocol we encrypt users’ confidential rating information by means of BGN cryptosystem [105] also propose a novel privacy preserv- ing item deviation protocol which is one of the important intermediate steps to generate recommendations in this scenario. More specifically, the proposed protocol generates recommendations in a privacy preserving manner by integrating users data distributed among several different organizations by means of encrypting user information. The proposed protocol is examined using a real world dataset and shows that the proposed method is secure and outperforms previous solutions interms of computation and com- munication costs.