S. Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, Gerardo Pelosi, P. Samarati
Recent approaches for protecting information in data outsourcing scenarios exploit the combined use of access control and cryptography. In this context, the number of keys to be distributed and managed by users can be maintained limited by using a public catalog of tokens that allow key derivation along a hierarchy. However, the public token catalog, by expressing the key derivation relationships, may leak information on the security policies (authorizations) enforced by the system, which the data owner may instead wish to maintain confidential.� In this paper, we present an approach to protect the privacy of the tokens published in the public catalog. Consistently with the data outsourcing scenario, our solution exploits the use of cryptography, by adding an encryption layer to the catalog. A complicating issue in this respect is that this new encryption layer should follow a derivation path that is "reversed" with respect to the key derivation. Our approach solves this problem by combining cryptography and transitive closure information. The result is an efficient solution allowing token release and traversal of the key derivation structure only to those users authorized to access the underlying resources. We also present experimental results that illustrate the behavior of our technique in large settings.
{"title":"Preserving confidentiality of security policies in data outsourcing","authors":"S. Vimercati, S. Foresti, S. Jajodia, S. Paraboschi, Gerardo Pelosi, P. Samarati","doi":"10.1145/1456403.1456417","DOIUrl":"https://doi.org/10.1145/1456403.1456417","url":null,"abstract":"Recent approaches for protecting information in data outsourcing scenarios exploit the combined use of access control and cryptography. In this context, the number of keys to be distributed and managed by users can be maintained limited by using a public catalog of tokens that allow key derivation along a hierarchy. However, the public token catalog, by expressing the key derivation relationships, may leak information on the security policies (authorizations) enforced by the system, which the data owner may instead wish to maintain confidential.\u0000 In this paper, we present an approach to protect the privacy of the tokens published in the public catalog. Consistently with the data outsourcing scenario, our solution exploits the use of cryptography, by adding an encryption layer to the catalog. A complicating issue in this respect is that this new encryption layer should follow a derivation path that is \"reversed\" with respect to the key derivation. Our approach solves this problem by combining cryptography and transitive closure information. The result is an efficient solution allowing token release and traversal of the key derivation structure only to those users authorized to access the underlying resources. We also present experimental results that illustrate the behavior of our technique in large settings.","PeriodicalId":74537,"journal":{"name":"Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Workshop on Privacy in the Electronic Society","volume":"135 1","pages":"75-84"},"PeriodicalIF":0.0,"publicationDate":"2008-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75636802","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Kazuhiro Minami, Adam J. Lee, M. Winslett, N. Borisov
A publish-subscribe system is an information dissemination infrastructure that supports many-to-many communications among publishers and subscribers. In many publish-subscribe systems, in-network aggregation of input data is considered to be an important service that reduces the bandwidth requirements of the system significantly. In this paper, we present a scheme for securing the aggregation of inputs to such a publish-subscribe system. Our scheme, which focuses on the additive aggregate function, sum, preserves the confidentiality and integrity of aggregated data in the presence of untrusted routing nodes. Our scheme allows a group of publishers to publish aggregate data to authorized subscribers without revealing their individual private inputs to either the routing nodes or the subscribers. In addition, our scheme allows subscribers to verify that routing nodes perform the aggregation operation correctly. We use a message authentication code (MAC) scheme based on the discrete logarithm property to allow subscribers to verify the correctness of aggregated data without receiving the digitally-signed raw data used as input to the aggregation. In addition to describing our secure aggregation scheme, we provide formal proofs of its soundness and safety.
{"title":"Secure aggregation in a publish-subscribe system","authors":"Kazuhiro Minami, Adam J. Lee, M. Winslett, N. Borisov","doi":"10.1145/1456403.1456419","DOIUrl":"https://doi.org/10.1145/1456403.1456419","url":null,"abstract":"A publish-subscribe system is an information dissemination infrastructure that supports many-to-many communications among publishers and subscribers. In many publish-subscribe systems, in-network aggregation of input data is considered to be an important service that reduces the bandwidth requirements of the system significantly. In this paper, we present a scheme for securing the aggregation of inputs to such a publish-subscribe system. Our scheme, which focuses on the additive aggregate function, sum, preserves the confidentiality and integrity of aggregated data in the presence of untrusted routing nodes. Our scheme allows a group of publishers to publish aggregate data to authorized subscribers without revealing their individual private inputs to either the routing nodes or the subscribers. In addition, our scheme allows subscribers to verify that routing nodes perform the aggregation operation correctly. We use a message authentication code (MAC) scheme based on the discrete logarithm property to allow subscribers to verify the correctness of aggregated data without receiving the digitally-signed raw data used as input to the aggregation. In addition to describing our secure aggregation scheme, we provide formal proofs of its soundness and safety.","PeriodicalId":74537,"journal":{"name":"Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Workshop on Privacy in the Electronic Society","volume":"23 1","pages":"95-104"},"PeriodicalIF":0.0,"publicationDate":"2008-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81052654","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Previously proposed host-based privacy protection mechanisms use pseudorandom or disposable identifiers on some or all layers of the protocol stack. These approaches either require changes to all hosts participating in the communication or do not provide privacy for the whole protocol stack or the system. Building on previous work, we propose a relatively simple approach: protocol stack virtualization. The key idea is to provide isolation for traffic sent to the network. The granularity of the isolation can be, for example, flow or process based. With process based granularity, every application uses a distinct identifier space on all layers of the protocol stack. This approach does not need any infrastructure support from the network and requires only minor changes to the single host that implements the privacy protection mechanism. To show that no changes to typical applications are required, we implemented the protocol stack virtualization as a user space daemon and tested it with various legacy applications.
{"title":"Protecting privacy with protocol stack virtualization","authors":"J. Lindqvist, J. Tapio","doi":"10.1145/1456403.1456416","DOIUrl":"https://doi.org/10.1145/1456403.1456416","url":null,"abstract":"Previously proposed host-based privacy protection mechanisms use pseudorandom or disposable identifiers on some or all layers of the protocol stack. These approaches either require changes to all hosts participating in the communication or do not provide privacy for the whole protocol stack or the system. Building on previous work, we propose a relatively simple approach: protocol stack virtualization. The key idea is to provide isolation for traffic sent to the network. The granularity of the isolation can be, for example, flow or process based. With process based granularity, every application uses a distinct identifier space on all layers of the protocol stack. This approach does not need any infrastructure support from the network and requires only minor changes to the single host that implements the privacy protection mechanism. To show that no changes to typical applications are required, we implemented the protocol stack virtualization as a user space daemon and tested it with various legacy applications.","PeriodicalId":74537,"journal":{"name":"Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Workshop on Privacy in the Electronic Society","volume":"231 1","pages":"65-74"},"PeriodicalIF":0.0,"publicationDate":"2008-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79127391","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Social network analysis (SNA) is now a commonly used tool in criminal investigations, but evidence gathering and analysis is often restricted by data privacy laws. We consider the case where multiple investigators want to collaborate, but do not yet have sufficient evidence that justifies a plaintext data exchange. This paper proposes a solution for privacy-preserving social network analysis where several investigators can collaborate without actually exchanging sensitive private information. An investigator can request data from other sites to augment his view without revealing personally identifiable data. The investigator can compute important metrics by means of a SNA on the subject while keeping the entire social network unknown him.
{"title":"Privacy-preserving social network analysis for criminal investigations","authors":"F. Kerschbaum, A. Schaad","doi":"10.1145/1456403.1456406","DOIUrl":"https://doi.org/10.1145/1456403.1456406","url":null,"abstract":"Social network analysis (SNA) is now a commonly used tool in criminal investigations, but evidence gathering and analysis is often restricted by data privacy laws. We consider the case where multiple investigators want to collaborate, but do not yet have sufficient evidence that justifies a plaintext data exchange. This paper proposes a solution for privacy-preserving social network analysis where several investigators can collaborate without actually exchanging sensitive private information. An investigator can request data from other sites to augment his view without revealing personally identifiable data. The investigator can compute important metrics by means of a SNA on the subject while keeping the entire social network unknown him.","PeriodicalId":74537,"journal":{"name":"Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Workshop on Privacy in the Electronic Society","volume":"22 1","pages":"9-14"},"PeriodicalIF":0.0,"publicationDate":"2008-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"73848828","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Katelin Bailey, Apu Kapadia, Linden Vongsathorn, Sean W. Smith
Users often log in to Internet sites from insecure computers and more recently have started divulging their email passwords to social-networking sites, thereby putting their private communications at risk. We propose and evaluate TwoKind Authentication, a simple and effective technique for limiting access to private information in untrustworthy environments. In its simplest form, TwoKind offers two modes of authentication by providing a low and a high authenticator. By using a low authenticator, users can signal to the server that they are in an untrusted environment, following which the server restricts the user's actions.� We seek to evaluate the effectiveness of multiple authenticators in promoting safer behavior in users. We demonstrate the effectiveness of this approach through a user experiment - we find that users make a distinction between the two authenticators and generally behave in a security-conscious way, protecting their high authenticator the ma jority of the time. Our study suggests that TwoKind will be beneficial to several Internet applications, particularly if the privileges associated with the low authenticator can be customized to a user's security preferences.
{"title":"TwoKind authentication: protecting private information in untrustworthy environments","authors":"Katelin Bailey, Apu Kapadia, Linden Vongsathorn, Sean W. Smith","doi":"10.1145/1456403.1456412","DOIUrl":"https://doi.org/10.1145/1456403.1456412","url":null,"abstract":"Users often log in to Internet sites from insecure computers and more recently have started divulging their email passwords to social-networking sites, thereby putting their private communications at risk. We propose and evaluate TwoKind Authentication, a simple and effective technique for limiting access to private information in untrustworthy environments. In its simplest form, TwoKind offers two modes of authentication by providing a low and a high authenticator. By using a low authenticator, users can signal to the server that they are in an untrusted environment, following which the server restricts the user's actions.\u0000 We seek to evaluate the effectiveness of multiple authenticators in promoting safer behavior in users. We demonstrate the effectiveness of this approach through a user experiment - we find that users make a distinction between the two authenticators and generally behave in a security-conscious way, protecting their high authenticator the ma jority of the time. Our study suggests that TwoKind will be beneficial to several Internet applications, particularly if the privileges associated with the low authenticator can be customized to a user's security preferences.","PeriodicalId":74537,"journal":{"name":"Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Workshop on Privacy in the Electronic Society","volume":"7 1","pages":"39-44"},"PeriodicalIF":0.0,"publicationDate":"2008-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"88430790","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In early computer systems only simple actions would be governed by security policies. However, computers are increasingly handling complex organizational tasks which may have complex preconditions and postconditions. As such, it is useful to be able to plan and schedule actions in advance in order to ensure that desired actions will be able to be carried out without violating the security policy. However, there is a possibility that planning systems could accidentally leak information about future plans which should be kept confidential. In this paper, we investigate how sensitive information could be leaked by a planning system which uses security policies to ensure that planned actions will be able to occur. We formally define information leakage in this context. Then we present two techniques which can be used to mitigate or eliminate this information leakage and prove their security.
{"title":"Avoiding information leakage in security-policy-aware planning","authors":"Keith Irwin, Ting Yu, W. Winsborough","doi":"10.1145/1456403.1456418","DOIUrl":"https://doi.org/10.1145/1456403.1456418","url":null,"abstract":"In early computer systems only simple actions would be governed by security policies. However, computers are increasingly handling complex organizational tasks which may have complex preconditions and postconditions. As such, it is useful to be able to plan and schedule actions in advance in order to ensure that desired actions will be able to be carried out without violating the security policy. However, there is a possibility that planning systems could accidentally leak information about future plans which should be kept confidential. In this paper, we investigate how sensitive information could be leaked by a planning system which uses security policies to ensure that planned actions will be able to occur. We formally define information leakage in this context. Then we present two techniques which can be used to mitigate or eliminate this information leakage and prove their security.","PeriodicalId":74537,"journal":{"name":"Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Workshop on Privacy in the Electronic Society","volume":"50 1","pages":"85-94"},"PeriodicalIF":0.0,"publicationDate":"2008-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90667173","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We discuss information-theoretic anonymity metrics, that use entropy over the distribution of all possible recipients to quantify anonymity. We identify a common misconception: the entropy of the distribution describing the potentialreceivers does not always decrease given more information.We show the relation of these a-posteriori distributions with the Shannon conditional entropy, which is an average overall possible observations.
{"title":"Does additional information always reduce anonymity?","authors":"Claudia Díaz, C. Troncoso, G. Danezis","doi":"10.1145/1314333.1314347","DOIUrl":"https://doi.org/10.1145/1314333.1314347","url":null,"abstract":"We discuss information-theoretic anonymity metrics, that use entropy over the distribution of all possible recipients to quantify anonymity. We identify a common misconception: the entropy of the distribution describing the potentialreceivers does not always decrease given more information.We show the relation of these a-posteriori distributions with the Shannon conditional entropy, which is an average overall possible observations.","PeriodicalId":74537,"journal":{"name":"Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Workshop on Privacy in the Electronic Society","volume":"1993 1","pages":"72-75"},"PeriodicalIF":0.0,"publicationDate":"2007-10-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89054661","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Mira Belenkiy, Melissa Chase, C. Erway, John Jannotti, Alptekin Küpçü, Anna Lysyanskaya, Eric Rachlin
Peer-to-peer systems have been proposed for a wide variety of applications, including file-sharing, web caching, distributed computation, cooperative backup, and onion routing. An important motivation for such systems is self-scaling. That is, increased participation increases the capacity of the system. Unfortunately, this property is at risk from selfish participants. The decentralized nature of peer-to-peer systems makes accounting difficult. We show that e-cash can be a practical solution to the desire for accountability in peer-to-peer systems while maintaining their ability to self-scale. No less important, e-cash is a natural fit for peer-to-peer systems that attempt to provide (or preserve) privacy for their participants. We show that e-cash can be used to provide accountability without compromising the existing privacy goals of a peer-to-peer system.� We show how e-cash can be practically applied to a file sharing application. Our approach includes a set of novel cryptographic protocols that mitigate the computational and communication costs of anonymous e-cash transactions, and system design choices that further reduce overhead and distribute load. We conclude that provably secure, anonymous, and scalable peer-to-peer systems are within reach.
{"title":"Making p2p accountable without losing privacy","authors":"Mira Belenkiy, Melissa Chase, C. Erway, John Jannotti, Alptekin Küpçü, Anna Lysyanskaya, Eric Rachlin","doi":"10.1145/1314333.1314339","DOIUrl":"https://doi.org/10.1145/1314333.1314339","url":null,"abstract":"Peer-to-peer systems have been proposed for a wide variety of applications, including file-sharing, web caching, distributed computation, cooperative backup, and onion routing. An important motivation for such systems is self-scaling. That is, increased participation increases the capacity of the system. Unfortunately, this property is at risk from selfish participants. The decentralized nature of peer-to-peer systems makes accounting difficult. We show that e-cash can be a practical solution to the desire for accountability in peer-to-peer systems while maintaining their ability to self-scale. No less important, e-cash is a natural fit for peer-to-peer systems that attempt to provide (or preserve) privacy for their participants. We show that e-cash can be used to provide accountability without compromising the existing privacy goals of a peer-to-peer system.\u0000 We show how e-cash can be practically applied to a file sharing application. Our approach includes a set of novel cryptographic protocols that mitigate the computational and communication costs of anonymous e-cash transactions, and system design choices that further reduce overhead and distribute load. We conclude that provably secure, anonymous, and scalable peer-to-peer systems are within reach.","PeriodicalId":74537,"journal":{"name":"Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Workshop on Privacy in the Electronic Society","volume":"55 1","pages":"31-40"},"PeriodicalIF":0.0,"publicationDate":"2007-10-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"75372796","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Need-to-know is a fundamental security concept: a party should not learn information that is irrelevant to its mission. In this paper we show that during a trust negotiation in which parties show their credentials to one another, an adversary can systematically harvest information about all of a victim's credentials that the attacker is entitled to see, regardless of their relevance to the negotiation. We present examples of need-to-know attacks with the trust negotiation approaches proposed Yu, Winslett, and Seamons; by Bonatti and Samarati; and by Winsborough and Li. Finally, we propose possible countermeasures against need-to-know attacks, and discuss their advantages and disadvantages.
{"title":"Harvesting credentials in trust negotiation as an honest-but-curious adversary","authors":"L.E. Olson, Mike Rosulek, M. Winslett","doi":"10.1145/1314333.1314345","DOIUrl":"https://doi.org/10.1145/1314333.1314345","url":null,"abstract":"Need-to-know is a fundamental security concept: a party should not learn information that is irrelevant to its mission. In this paper we show that during a trust negotiation in which parties show their credentials to one another, an adversary can systematically harvest information about all of a victim's credentials that the attacker is entitled to see, regardless of their relevance to the negotiation. We present examples of need-to-know attacks with the trust negotiation approaches proposed Yu, Winslett, and Seamons; by Bonatti and Samarati; and by Winsborough and Li. Finally, we propose possible countermeasures against need-to-know attacks, and discuss their advantages and disadvantages.","PeriodicalId":74537,"journal":{"name":"Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Workshop on Privacy in the Electronic Society","volume":"41 1","pages":"64-67"},"PeriodicalIF":0.0,"publicationDate":"2007-10-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81006560","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We perform a probabilistic analysis of onion routing. The analysis is presented in a black-box model of anonymous communication that abstracts the essential properties of onion routing in the presence of an active adversary that controls a portion of the network and knows all a priori distributions on user choices of destination. Our results quantify how much the adversary can gain in identifying users by exploiting knowledge of their probabilistic behavior. In particular, we show that a user uâ s anonymity is worst either when the other users always choose the destination u is least likely to visit or when the other users always choose the destination u chooses. This worst-case anonymity with an adversary that controls a fraction b of the routers is comparable to the bestcase anonymity against an adversary that controls a fraction pb.
{"title":"Probabilistic analysis of onion routing in a black-box model","authors":"J. Feigenbaum, Aaron Johnson, P. Syverson","doi":"10.1145/1314333.1314335","DOIUrl":"https://doi.org/10.1145/1314333.1314335","url":null,"abstract":"We perform a probabilistic analysis of onion routing. The analysis is presented in a black-box model of anonymous communication that abstracts the essential properties of onion routing in the presence of an active adversary that controls a portion of the network and knows all a priori distributions on user choices of destination. Our results quantify how much the adversary can gain in identifying users by exploiting knowledge of their probabilistic behavior. In particular, we show that a user uâ s anonymity is worst either when the other users always choose the destination u is least likely to visit or when the other users always choose the destination u chooses. This worst-case anonymity with an adversary that controls a fraction b of the routers is comparable to the bestcase anonymity against an adversary that controls a fraction pb.","PeriodicalId":74537,"journal":{"name":"Proceedings of the ACM Workshop on Privacy in the Electronic Society. ACM Workshop on Privacy in the Electronic Society","volume":"94 1","pages":"1-10"},"PeriodicalIF":0.0,"publicationDate":"2007-10-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"83556703","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: