Balancing behavioral privacy and information utility in sensory data flows

Miniaturized smart sensors are increasingly being used to collect personal data which embed minute details of our everyday life. When shared, the data streams can easily be mined to draw a rich set of inferences regarding private behaviors and lifestyle patterns. Disclosure of some of these unintended inferences gives rise to the notion of behavioral privacy different from traditional identity privacy typically addressed in the literature. From the provider's perspective, we summarize these privacy concerns into three basic questions: (i) Whom to share data with? (ii) How much data to share? and (iii) What data to share? In this paper, we outline the architecture of SensorSafe as a software-based framework with support for three basic mechanisms to allow privacy-aware data sharing. First, it provides a library of routines accessible using a simple GUI for providers to define fine-grained, context-dependent access control. Second, it uses the trust network between consumers and providers to derive the optimal rate of information flow which would maintain both provider privacy and consumer utility. Finally, it introduces a compressive sensing based feature-sharing procedure to further control the amount of information release. We provide simulation results to illustrate the efficacy of each of these mechanisms.

[1]  Xinwen Zhang,et al.  Apex: extending Android permission model and enforcement with user-defined runtime constraints , 2010, ASIACCS '10.

[2]  Marco Gruteser,et al.  USENIX Association , 1992 .

[3]  C. Badcock,et al.  Trust : making and breaking cooperative relations , 1989 .

[4]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[5]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[6]  H. Vincent Poor,et al.  Utility-Privacy Tradeoffs in Databases: An Information-Theoretic Approach , 2011, IEEE Transactions on Information Forensics and Security.

[7]  Malcolm Hall,et al.  ProtectMyPrivacy: detecting and mitigating privacy leaks on iOS devices using crowdsourcing , 2013, MobiSys '13.

[8]  Mani B. Srivastava,et al.  Privacy risks emerging from the adoption of innocuous wearable sensors in the mobile environment , 2011, CHI.

[9]  Ramesh Govindan,et al.  Cloud-enabled privacy-preserving collaborative learning for mobile sensing , 2012, SenSys '12.

[10]  Hector Garcia-Molina,et al.  The Eigentrust algorithm for reputation management in P2P networks , 2003, WWW '03.

[11]  David A. Basin,et al.  An information-theoretic model for adaptive side-channel attacks , 2007, CCS '07.

[12]  Minho Shin,et al.  Challenges in Data Quality Assurance in Pervasive Health Monitoring Systems , 2009 .

[13]  Rui Zhang,et al.  PriSense: Privacy-Preserving Data Aggregation in People-Centric Urban Sensing Systems , 2010, 2010 Proceedings IEEE INFOCOM.

[14]  Craig Gentry,et al.  Implementing Gentry's Fully-Homomorphic Encryption Scheme , 2011, EUROCRYPT.

[15]  Stephen P. Boyd,et al.  Convex Optimization , 2004, Algorithms and Theory of Computation Handbook.

[16]  Tarek F. Abdelzaher,et al.  PoolView: stream privacy for grassroots participatory sensing , 2008, SenSys '08.

[17]  Seungyeop Han,et al.  These aren't the droids you're looking for: retrofitting android to protect data from imperious applications , 2011, CCS '11.

[18]  Deborah Estrin,et al.  Using mobile phones to determine transportation modes , 2010, TOSN.

[19]  Ulrich Greveler,et al.  Multimedia Content Identification Through Smart Meter Power Usage Profiles , 2012 .

[20]  Silvio Micali,et al.  Probabilistic encryption & how to play mental poker keeping secret all partial information , 1982, STOC '82.

[21]  Meng-Chieh Chiu,et al.  Leveraging graphical models to improve accuracy and reduce privacy risks of mobile sensing , 2013, MobiSys '13.

[22]  Deepak Ganesan,et al.  mCrowd: a platform for mobile crowdsourcing , 2009, SenSys '09.

[23]  Patrick D. McDaniel,et al.  On lightweight mobile phone application certification , 2009, CCS.

[24]  Jie Liu,et al.  Mobile Apps: It's Time to Move Up to CondOS , 2011, HotOS.

[25]  Qing Zhang,et al.  A Classification Scheme for Trust Functions in Reputation-Based Trust Management , 2004, Trust@ISWC.

[26]  Nina Mishra,et al.  Privacy via the Johnson-Lindenstrauss Transform , 2012, J. Priv. Confidentiality.

[27]  Eran Halperin,et al.  Identifying Personal Genomes by Surname Inference , 2013, Science.

[28]  Mani B. Srivastava,et al.  ipShield: A Framework For Enforcing Context-Aware Privacy , 2014, NSDI.

[29]  Deborah Estrin,et al.  SensLoc: sensing everyday places and paths using less energy , 2010, SenSys '10.

[30]  Prashant J. Shenoy,et al.  Private memoirs of a smart meter , 2010, BuildSys '10.

[31]  Chatschik Bisdikian,et al.  On Sensor Sampling and Quality of Information: A Starting Point , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07).

[32]  Mukesh Singhal,et al.  Trust Management in Distributed Systems , 2007, Computer.

[33]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[34]  Romit Roy Choudhury,et al.  Tapprints: your finger taps have fingerprints , 2012, MobiSys '12.

[35]  Brent Waters,et al.  Functional Encryption: Definitions and Challenges , 2011, TCC.

[36]  Ramón Cáceres,et al.  Virtual individual servers as privacy-preserving proxies for mobile devices , 2009, MobiHeld '09.

[37]  S. Buchegger,et al.  A Robust Reputation System for P2P and Mobile Ad-hoc Networks , 2004 .

[38]  Niels Brouwers Delft Detecting Dwelling in Urban Environments Using GPS , WiFi , and Geolocation Measurements , 2011 .

[39]  Ling Liu,et al.  A reputation-based trust model for peer-to-peer ecommerce communities , 2003, EC.

[40]  N. Ahmed,et al.  Discrete Cosine Transform , 1996 .

[41]  Emmanuel J. Candès,et al.  Decoding by linear programming , 2005, IEEE Transactions on Information Theory.

[42]  Deborah Estrin,et al.  Biketastic: sensing and mapping for better biking , 2010, CHI.

[43]  Rakesh Agrawal,et al.  Keyboard acoustic emanations , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[44]  Alec Wolman,et al.  Lockr: better privacy for social networks , 2009, CoNEXT '09.

[45]  Jean-Yves Le Boudec,et al.  Quantifying Location Privacy , 2011, 2011 IEEE Symposium on Security and Privacy.

[46]  ASHWIN MACHANAVAJJHALA,et al.  L-diversity: privacy beyond k-anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[47]  Claudia Keser,et al.  Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[48]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[49]  Saikat Guha,et al.  Koi: A Location-Privacy Platform for Smartphone Apps , 2012, NSDI.

[50]  Martin Vuagnoux,et al.  Compromising Electromagnetic Emanations of Wired and Wireless Keyboards , 2009, USENIX Security Symposium.

[51]  Carmela Troncoso,et al.  Protecting location privacy: optimal strategy against localization attacks , 2012, CCS.

[52]  Paul C. van Oorschot,et al.  A methodology for empirical analysis of permission-based security models and its application to android , 2010, CCS '10.

[53]  Mani B. Srivastava,et al.  Challenges in resource monitoring for residential spaces , 2009, BuildSys '09.

[54]  Deborah Estrin,et al.  Personal data vaults: a locus of control for personal data streams , 2010, CoNEXT.

[55]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[56]  Yang Zhang,et al.  CarTel: a distributed mobile sensor computing system , 2006, SenSys '06.

[57]  Daniel Gatica-Perez,et al.  Discovering places of interest in everyday life from smartphone data , 2011, Multimedia Tools and Applications.

[58]  Audun Jøsang,et al.  Trust network analysis with subjective logic , 2006, ACSC.

[59]  Adi Shamir,et al.  RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis , 2014, CRYPTO.

[60]  Vitaly Shmatikov,et al.  πBox: A Platform for Privacy-Preserving Apps , 2013 .

[61]  Vitaly Shmatikov,et al.  Myths and fallacies of "Personally Identifiable Information" , 2010, Commun. ACM.

[62]  Mani B. Srivastava,et al.  A framework for context-aware privacy of sensor data on mobile systems , 2013, HotMobile '13.

[63]  John Krumm,et al.  A survey of computational location privacy , 2009, Personal and Ubiquitous Computing.

[64]  Munindar P. Singh,et al.  Operators for propagating trust and their evaluation in social networks , 2009, AAMAS.

[65]  H. Vincent Poor,et al.  A theory of utility and privacy of data sources , 2010, 2010 IEEE International Symposium on Information Theory.

[66]  Mani B. Srivastava,et al.  Demystifying privacy in sensory data: A QoI based approach , 2011, 2011 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops).

[67]  Siddharth Shah,et al.  AutoSense: unobtrusively wearable sensor suite for inferring the onset, causality, and consequences of stress in the field , 2011, SenSys.

[68]  片山 徹 Subspace methods for system identification , 2005 .

[69]  Yajin Zhou,et al.  Taming Information-Stealing Smartphone Applications (on Android) , 2011, TRUST.

[70]  Lorrie Faith Cranor,et al.  Locaccino: a privacy-centric location sharing application , 2010, UbiComp '10 Adjunct.

[71]  Mani B. Srivastava,et al.  Balancing value and risk in information sharing through obfuscation , 2012, 2012 15th International Conference on Information Fusion.

[72]  Stéphane Mallat,et al.  A Theory for Multiresolution Signal Decomposition: The Wavelet Representation , 1989, IEEE Trans. Pattern Anal. Mach. Intell..

[73]  Philippe Golle,et al.  On the Anonymity of Home/Work Location Pairs , 2009, Pervasive.

[74]  Wenyuan Xu,et al.  Neighborhood watch: security and privacy analysis of automatic meter reading systems , 2012, CCS.

[75]  Patrick Traynor,et al.  (sp)iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers , 2011, CCS '11.

[76]  Audun Jøsang,et al.  Trust and Reputation Systems , 2007, FOSAD.

[77]  Mani B. Srivastava,et al.  SensorSafe: A Framework for Privacy-Preserving Management of Personal Sensory Information , 2011, Secure Data Management.

[78]  J. Canny,et al.  AMMON : A Speech Analysis Library for Analyzing Affect , Stress , and Mental Health on Mobile Phones , 2011 .

[79]  Diego Gambetta Can We Trust Trust , 2000 .

[80]  Wei Pan,et al.  SoundSense: scalable sound sensing for people-centric applications on mobile phones , 2009, MobiSys '09.

[81]  Jun Han,et al.  ACComplice: Location inference using accelerometers on smartphones , 2012, 2012 Fourth International Conference on Communication Systems and Networks (COMSNETS 2012).

[82]  Steve Hanna,et al.  Android permissions demystified , 2011, CCS '11.

[83]  Daniel Gatica-Perez,et al.  StressSense: detecting stress in unconstrained acoustic environments using smartphones , 2012, UbiComp.

[84]  Stefano Battiston,et al.  Personalised and dynamic trust in social networks , 2009, RecSys '09.

[85]  Suman Nath,et al.  MaskIt: privately releasing user context streams for personalized mobile applications , 2012, SIGMOD Conference.

[86]  David A. Wagner,et al.  Android permissions: user attention, comprehension, and behavior , 2012, SOUPS.

[87]  Suman Nath,et al.  Privacy-aware regression modeling of participatory sensing data , 2010, SenSys '10.

[88]  Emre Ertin,et al.  mConverse: inferring conversation episodes from respiratory measurements collected in the field , 2011, Wireless Health.

[89]  Mani B. Srivastava,et al.  Compressive Oversampling for Robust Data Transmission in Sensor Networks , 2010, 2010 Proceedings IEEE INFOCOM.

[90]  Sasikanth Avancha,et al.  A privacy framework for mobile health and home-care systems , 2009, SPIMACS '09.

[91]  Ninghui Li,et al.  t-Closeness: Privacy Beyond k-Anonymity and l-Diversity , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[92]  Marcus Chang,et al.  Accurate caloric expenditure of bicyclists using cellphones , 2012, SenSys '12.

[93]  Todd Millstein,et al.  Dr. Android and Mr. Hide: Fine-grained security policies on unmodified Android , 2011 .

[94]  Deborah Estrin,et al.  PEIR, the personal environmental impact report, as a platform for participatory sensing systems research , 2009, MobiSys '09.

[95]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[96]  D. Estrin,et al.  Open mHealth Architecture: An Engine for Health Care Innovation , 2010, Science.

[97]  Michael Hicks,et al.  Deanonymizing mobility traces: using social network as a side-channel , 2012, CCS.

[98]  Ninghui Li,et al.  On the tradeoff between privacy and utility in data publishing , 2009, KDD.

[99]  Dawn Xiaodong Song,et al.  Timing Analysis of Keystrokes and Timing Attacks on SSH , 2001, USENIX Security Symposium.

[100]  Rathindra Sarathy,et al.  Evaluating Laplace Noise Addition to Satisfy Differential Privacy for Numeric Data , 2011, Trans. Data Priv..

[101]  Jie Liu,et al.  Fast app launching for mobile devices using predictive user context , 2012, MobiSys '12.

[102]  John Krumm,et al.  Placer: semantic place labels from diary data , 2013, UbiComp.

[103]  Cecilia Mascolo,et al.  EmotionSense: a mobile phones based adaptive platform for experimental social psychology research , 2010, UbiComp.

[104]  A. Yao,et al.  Fair exchange with a semi-trusted third party (extended abstract) , 1997, CCS '97.

[105]  Seth J. Teller,et al.  Online pose classification and walking speed estimation using handheld devices , 2012, UbiComp '12.

[106]  Philip S. Yu,et al.  Privacy-preserving data publishing: A survey of recent developments , 2010, CSUR.

[107]  Lara Dolecek,et al.  Protecting data against unwanted inferences , 2013, 2013 IEEE Information Theory Workshop (ITW).

[108]  Murat Ali Bayir,et al.  Crowd-sourced sensing and collaboration using twitter , 2010, 2010 IEEE International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM).

[109]  Paul Ohm Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization , 2009 .

[110]  Emre Ertin,et al.  Continuous inference of psychological stress from sensory measurements collected in the natural environment , 2011, Proceedings of the 10th ACM/IEEE International Conference on Information Processing in Sensor Networks.

[111]  Mani B. Srivastava,et al.  Reputation-based framework for high integrity sensor networks , 2004, SASN '04.

[112]  Adam J. Aviv,et al.  Practicality of accelerometer side channels on smartphones , 2012, ACSAC '12.

[113]  Sudheendra Hangal,et al.  PrPl: a decentralized social networking infrastructure , 2010, MCS '10.

[114]  Alastair R. Beresford,et al.  MockDroid: trading privacy for application functionality on smartphones , 2011, HotMobile '11.

[115]  Bobby Bhattacharjee,et al.  Persona: an online social network with user-defined privacy , 2009, SIGCOMM '09.

[116]  Prasant Mohapatra,et al.  Trust Computations and Trust Dynamics in Mobile Adhoc Networks: A Survey , 2012, IEEE Communications Surveys & Tutorials.

[117]  Vitaly Shmatikov,et al.  Robust De-anonymization of Large Sparse Datasets , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).