MaskIt: privately releasing user context streams for personalized mobile applications

The rise of smartphones equipped with various sensors has enabled personalization of various applications based on user contexts extracted from sensor readings. At the same time it has raised serious concerns about the privacy of user contexts. In this paper, we present MASKIT, a technique to filter a user context stream that provably preserves privacy. The filtered context stream can be released to applications or be used to answer their queries. Privacy is defined with respect to a set of sensitive contexts specified by the user. MASKIT limits what adversaries can learn from the filtered stream about the user being in a sensitive context - even if the adversaries are powerful and have knowledge about the filtering system and temporal correlations in the context stream. At the heart of MASKIT is a privacy check deciding whether to release or suppress the current user context. We present two novel privacy checks and explain how to choose the one with the higher utility for a user. Our experiments on real smartphone context traces of 91 users demonstrate the high utility of MASKIT.

[1]  Elisa Bertino,et al.  Preventing velocity-based linkage attacks in location-aware applications , 2009, GIS.

[2]  HelalSumi,et al.  Human Activity Recognition and Pattern Discovery , 2010 .

[3]  Claudio Bettini,et al.  Composition and Generalization of Context Data for Privacy Preservation , 2008, 2008 Sixth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom).

[4]  Jeffrey F. Naughton,et al.  On the complexity of privacy-preserving complex event processing , 2011, PODS.

[5]  Ben Taskar,et al.  Introduction to Statistical Relational Learning (Adaptive Computation and Machine Learning) , 2007 .

[6]  Lorrie Faith Cranor,et al.  When are users comfortable sharing locations with advertisers? , 2011, CHI.

[7]  Marco Gruteser,et al.  Protecting privacy, in continuous location-tracking applications , 2004, IEEE Security & Privacy Magazine.

[8]  Pierangela Samarati,et al.  Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression , 1998 .

[9]  Christopher M. Schlick,et al.  An Empirical Study of Dynamic Bayesian Networks for User Modeling , 2001 .

[10]  Zhigang Liu,et al.  Darwin phones: the evolution of sensing and inference on mobile phones , 2010, MobiSys '10.

[11]  Panos Kalnis,et al.  Private queries in location based services: anonymizers are not necessary , 2008, SIGMOD Conference.

[12]  Daniel Kifer,et al.  Attacks on privacy and deFinetti's theorem , 2009, SIGMOD Conference.

[13]  Lorrie Faith Cranor,et al.  Empirical models of privacy in location sharing , 2010, UbiComp.

[14]  Hua Lu,et al.  Location Privacy Techniques in Client-Server Architectures , 2009, Privacy in Location-Based Applications.

[15]  D. Lazer,et al.  Inferring Social Network Structure using Mobile Phone Data , 2006 .

[16]  Angelo M. Sabatini,et al.  Accelerometry-Based Classification of Human Activities Using Markov Modeling , 2011, Comput. Intell. Neurosci..

[17]  Soumen Chakrabarti,et al.  Dynamic personalized pagerank in entity-relation graphs , 2007, WWW '07.

[18]  Lorrie Faith Cranor,et al.  Location-Sharing Technologies: Privacy Risks and Controls , 2009 .

[19]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[20]  Rajeev Motwani,et al.  Towards robustness in query auditing , 2006, VLDB.

[21]  Ashwin Machanavajjhala,et al.  Worst-Case Background Knowledge for Privacy-Preserving Data Publishing , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[22]  Hinrich Schütze,et al.  Book Reviews: Foundations of Statistical Natural Language Processing , 1999, CL.

[23]  ASHWIN MACHANAVAJJHALA,et al.  L-diversity: privacy beyond k-anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[24]  Dan Boneh,et al.  Location Privacy via Private Proximity Testing , 2011, NDSS.

[25]  Philip S. Yu,et al.  Can the Utility of Anonymized Data be Used for Privacy Breaches? , 2009, TKDD.

[26]  Gerald Bieber,et al.  Activity Recognition for Everyday Life on Mobile Phones , 2009, HCI.

[27]  David Lazer,et al.  Inferring friendship network structure by using mobile phone data , 2009, Proceedings of the National Academy of Sciences.

[28]  Sergey Brin,et al.  The Anatomy of a Large-Scale Hypertextual Web Search Engine , 1998, Comput. Networks.

[29]  Yufei Tao,et al.  Transparent anonymization: Thwarting adversaries who know the algorithm , 2010, TODS.

[30]  Joseph Y. Halpern,et al.  Random worlds and maximum entropy , 1992, [1992] Proceedings of the Seventh Annual IEEE Symposium on Logic in Computer Science.

[31]  Abhinav Parate,et al.  A framework for safely publishing communication traces , 2009, CIKM.

[32]  Raghav Kaushik,et al.  On active learning of record matching packages , 2010, SIGMOD Conference.

[33]  Yu Zhang,et al.  Preserving User Location Privacy in Mobile Data Management Infrastructures , 2006, Privacy Enhancing Technologies.

[34]  Raymond Chi-Wing Wong,et al.  Minimality Attack in Privacy Preserving Data Publishing , 2007, VLDB.

[35]  Diane J. Cook,et al.  Human Activity Recognition and Pattern Discovery , 2010, IEEE Pervasive Computing.

[36]  David J. DeWitt,et al.  Mondrian Multidimensional K-Anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[37]  Marco Gruteser,et al.  USENIX Association , 1992 .

[38]  Jennifer Widom,et al.  Scaling personalized web search , 2003, WWW '03.