mSieve: differential behavioral privacy in time series of mobile sensor data

Differential privacy concepts have been successfully used to protect anonymity of individuals in population-scale analysis. Sharing of mobile sensor data, especially physiological data, raise different privacy challenges, that of protecting private behaviors that can be revealed from time series of sensor data. Existing privacy mechanisms rely on noise addition and data perturbation. But the accuracy requirement on inferences drawn from physiological data, together with well-established limits within which these data values occur, render traditional privacy mechanisms inapplicable. In this work, we define a new behavioral privacy metric based on differential privacy and propose a novel data substitution mechanism to protect behavioral privacy. We evaluate the efficacy of our scheme using 660 hours of ECG, respiration, and activity data collected from 43 participants and demonstrate that it is possible to retain meaningful utility, in terms of inference accuracy (90%), while simultaneously preserving the privacy of sensitive behaviors.

[1]  Mani B. Srivastava,et al.  A framework for context-aware privacy of sensor data on mobile systems , 2013, HotMobile '13.

[2]  Rakesh Agrawal,et al.  Privacy-preserving data mining , 2000, SIGMOD 2000.

[3]  A. Porta,et al.  Relationship between spectral components of cardiovascular variabilities and direct measures of muscle sympathetic nerve activity in humans. , 1997, Circulation.

[4]  Emre Ertin,et al.  Continuous inference of psychological stress from sensory measurements collected in the natural environment , 2011, Proceedings of the 10th ACM/IEEE International Conference on Information Processing in Sensor Networks.

[5]  Moni Naor,et al.  Theory and Applications of Models of Computation , 2015, Lecture Notes in Computer Science.

[6]  Guang-Zhong Yang,et al.  Sensor Placement for Activity Detection Using Wearable Accelerometers , 2010, 2010 International Conference on Body Sensor Networks.

[7]  Moni Naor,et al.  On the complexity of differentially private data release: efficient algorithms and hardness results , 2009, STOC '09.

[8]  Benjamin C. M. Fung,et al.  Publishing set-valued data via differential privacy , 2011, Proc. VLDB Endow..

[9]  Mani B. Srivastava,et al.  ipShield: A Framework For Enforcing Context-Aware Privacy , 2014, NSDI.

[10]  Ola Pettersson,et al.  ECG analysis: a new approach in human identification , 2001, IEEE Trans. Instrum. Meas..

[11]  Yehuda Lindell,et al.  Privacy Preserving Data Mining , 2002, Journal of Cryptology.

[12]  ASHWIN MACHANAVAJJHALA,et al.  L-diversity: privacy beyond k-anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[13]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[14]  Gregory D. Abowd,et al.  A practical approach for recognizing eating moments with wrist-mounted inertial sensing , 2015, UbiComp.

[15]  Yixin Chen,et al.  Identifying drug (cocaine) intake events from acute physiological response in the presence of free-living physical activity , 2014, IPSN-14 Proceedings of the 13th International Symposium on Information Processing in Sensor Networks.

[16]  Ninghui Li,et al.  t-Closeness: Privacy Beyond k-Anonymity and l-Diversity , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[17]  Emre Ertin,et al.  puffMarker: a multi-sensor approach for pinpointing the timing of first lapse in smoking cessation , 2015, UbiComp.

[18]  Wenliang Du,et al.  Secure multi-party computation problems and their applications: a review and open problems , 2001, NSPW '01.

[19]  Alexandre V. Evfimievski,et al.  Privacy preserving mining of association rules , 2002, Inf. Syst..

[20]  Chris Clifton,et al.  Tools for privacy preserving distributed data mining , 2002, SKDD.

[21]  Tim Roughgarden,et al.  Interactive privacy via the median mechanism , 2009, STOC '10.

[22]  Reza Shokri,et al.  Synthesizing Plausible Privacy-Preserving Location Traces , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[23]  Jeffrey F. Naughton,et al.  On the complexity of privacy-preserving complex event processing , 2011, PODS.

[24]  Adam D. Smith,et al.  Discovering frequent patterns in sensitive data , 2010, KDD.

[25]  Emre Ertin,et al.  cStress: towards a gold standard for continuous stress assessment in the mobile environment , 2015, UbiComp.

[26]  Chun Yuan,et al.  Differentially Private Data Release through Multidimensional Partitioning , 2010, Secure Data Management.

[27]  Syed Monowar Hossain,et al.  mPuff: Automated detection of cigarette smoking puffs from respiration measurements , 2012, 2012 ACM/IEEE 11th International Conference on Information Processing in Sensor Networks (IPSN).

[28]  Emre Ertin,et al.  Are we there yet?: feasibility of continuous stress assessment via wireless physiological sensors , 2014, BCB.

[29]  Ninghui Li,et al.  Provably Private Data Anonymization: Or, k-Anonymity Meets Differential Privacy , 2011, ArXiv.

[30]  Suman Nath,et al.  MaskIt: privately releasing user context streams for personalized mobile applications , 2012, SIGMOD Conference.

[31]  Irit Dinur,et al.  Revealing information while preserving privacy , 2003, PODS.

[32]  Evangelos Kalogerakis,et al.  RisQ: recognizing smoking gestures with inertial sensors on a wristband , 2014, MobiSys.

[33]  Benny Pinkas,et al.  Cryptographic techniques for privacy-preserving data mining , 2002, SKDD.

[34]  Assaf Schuster,et al.  Data mining with differential privacy , 2010, KDD.

[35]  Charu C. Aggarwal,et al.  On the design and quantification of privacy preserving data mining algorithms , 2001, PODS.

[36]  Patrick E. McSharry,et al.  Advanced Methods And Tools for ECG Data Analysis , 2006 .

[37]  Zainul Charbiwala,et al.  Balancing behavioral privacy and information utility in sensory data flows , 2012, Pervasive Mob. Comput..

[38]  Dan Suciu,et al.  Boosting the accuracy of differentially private histograms through consistency , 2009, Proc. VLDB Endow..

[39]  Gu Si-yang,et al.  Privacy preserving association rule mining in vertically partitioned data , 2006 .

[40]  Emre Ertin,et al.  mConverse: inferring conversation episodes from respiratory measurements collected in the field , 2011, Wireless Health.

[41]  Ling Bao,et al.  Activity Recognition from User-Annotated Acceleration Data , 2004, Pervasive.

[42]  Cynthia Dwork,et al.  Differential Privacy: A Survey of Results , 2008, TAMC.

[43]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..