Fitness trackers and wearable devices: how to prevent inference risks?

Wearable and personal devices are becoming more and more part of people's everyday lives. These devices produce enormous amount of personal data which are handled by third parties as authorized by the user. However, such third parties may be able to infer sensitive information using the collected personal information. In this paper we present a case study based on fitness trackers and we sketch our model for privacy management and inference prevention. For this study, we built a Bayesian Network and used it to compute the risk of inferring unknown data. Using the simulated case we show the feasibility of inferring some private data from a set of personal data available to a third party as authorized by the user (i.e., sensor data and profiling data provided by the user while registering for the service). This paper provides a step towards the open issues of privacy and security management in the field of ubiquitous devices.

[1]  Qiang Li,et al.  Auditeur: a mobile-cloud service platform for acoustic event detection on smartphones , 2013, MobiSys '13.

[2]  Gerald Friedland,et al.  Sherlock holmes' evil twin: on the impact of global inference for online privacy , 2011, NSPW '11.

[3]  Adam W. Hoover,et al.  A New Method for Measuring Meal Intake in Humans via Automated Wrist Motion Tracking , 2012, Applied Psychophysiology and Biofeedback.

[4]  Ilaria Torre,et al.  Escaping the Big Brother: An empirical study on factors influencing identification and information leakage on the Web , 2014, J. Inf. Sci..

[5]  Evangelos Kalogerakis,et al.  RisQ: recognizing smoking gestures with inertial sensors on a wristband , 2014, MobiSys.

[6]  R B D'Agostino,et al.  Probability of stroke: a risk profile from the Framingham Study. , 1991, Stroke.

[7]  Ilaria Torre,et al.  User data discovery and aggregation: The CS-UDD algorithm , 2014, Inf. Sci..

[8]  Ilaria Torre,et al.  Preventing Disclosure of Personal Data in IoT Networks , 2016, 2016 12th International Conference on Signal-Image Technology & Internet-Based Systems (SITIS).

[9]  Sangki Yun,et al.  Turning a Mobile Device into a Mouse in the Air , 2015, MobiSys.

[10]  Alex Pentland,et al.  Decentralizing Privacy: Using Blockchain to Protect Personal Data , 2015, 2015 IEEE Security and Privacy Workshops.

[11]  Nan Zhang,et al.  Privacy Disclosure from Wearable Devices , 2015, PAMCO '15.

[12]  Mani B. Srivastava,et al.  mSieve: differential behavioral privacy in time series of mobile sensor data , 2016, UbiComp.

[13]  Jeffrey Knockel,et al.  Every step you fake: a comparative analysis of fitness tracker privacy and security , 2016 .

[14]  Hamed Haddadi,et al.  Personal Data: Thinking Inside the Box , 2015, Aarhus Conference on Critical Alternatives.

[15]  Deborah Estrin,et al.  Using mobile phones to determine transportation modes , 2010, TOSN.

[16]  Igor Bilogrevic,et al.  (Smart)watch your taps: side-channel keystroke inference attacks using smartwatches , 2015, SEMWEB.

[17]  Romit Roy Choudhury,et al.  Using mobile phones to write in air , 2011, MobiSys '11.

[18]  Ilaria Torre,et al.  A framework for personal data protection in the IoT , 2016, 2016 11th International Conference for Internet Technology and Secured Transactions (ICITST).

[19]  Mani B. Srivastava,et al.  ipShield: A Framework For Enforcing Context-Aware Privacy , 2014, NSDI.

[20]  Deborah Estrin,et al.  SensLoc: sensing everyday places and paths using less energy , 2010, SenSys '10.

[21]  Roberto Bruschi,et al.  In-Network Programmability for Next-generation Personal Cloud Service Support (INPUT) , 2016, Cloud Forward.

[22]  Reihaneh Safavi-Naini,et al.  Privacy and Utility of Inference Control Mechanisms for Social Computing Applications , 2016, AsiaCCS.

[23]  Patrick E. McSharry,et al.  Advanced Methods And Tools for ECG Data Analysis , 2006 .

[24]  G. Singaravel,et al.  AN ANALYSIS OF PRIVACY RISKS AND DESIGN PRINCIPLES FOR DEVELOPING COUNTERMEASURES IN PRIVACY PRESERVING SENSITIVE DATA PUBLISHING , 2014 .

[25]  Emre Ertin,et al.  puffMarker: a multi-sensor approach for pinpointing the timing of first lapse in smoking cessation , 2015, UbiComp.

[26]  Xu-Cheng Yin,et al.  An Overview of Bayesian Network Applications in Uncertain Domains , 2015 .

[27]  Corrado Moiso,et al.  Building an Eco-System of Trusted Services via User Control and Transparency on Personal Data , 2015, IFIPTM.

[28]  Siddharth Shah,et al.  AutoSense: unobtrusively wearable sensor suite for inferring the onset, causality, and consequences of stress in the field , 2011, SenSys.

[29]  Jun Han,et al.  ACCessory: password inference using accelerometers on smartphones , 2012, HotMobile '12.