SensorSafe : Managing Health-related Sensory Information with Fine-grained Privacy Controls

Miniature wireless sensors, worn by individuals or embedded in assistive devices carried by them, allow health-related data about individuals to be continually gathered as they lead their daily lives, outside the confines of clinics, hospitals, and laboratories. With their ability to provide insight into individuals' physical, physiological, psychological, and behavioral states that cannot be measured from sporadic testing and retrospective self-reporting, these sensing systems are revolutionizing both research and practice of medicine. However, with such ubiquitous sensing come new challenges of information privacy. Contemporary privacy practices in managing health data center on the notion of "personally identifiable information'' and "informed consent''. But the traditional approach to privacy, such as removing explicit identifiers, encrypting data, using trusted software, and securing servers, is not enough for the highly personal information traces captured by the sensors. Embedded in the sensor traces is information that correlates with our identity and our behaviors. When combined with publicly available innocuous facts the so called "digital footprints'' and "information breadcrumbs'' that we all leave behind as we lead our lives these sensor information traces can be de-anonymized, and individuals' identities and life patterns can be inferred statistically. To address this challenge, we have designed SensorSafe, a system for privacy-aware and secure management of health-related sensory information flows. SensorSafe enables individuals to retain control over their sensor data throughout its life cycle: its capture, processing, sharing, retention, and reuse. The core mechanism is a framework for individuals to specify fine-grained privacy rules on disclosure of sensory information to authenticated users based on its value, location-stamp, time-stamp, and other attributes. These rules are integrated with a flexible query framework using which applications and other consumers of data access the sensor information in a privacy-regulated manner. We describe the design and implementation details of our system, and evaluate its application and performance in several usage scenarios.

[1]  K. Patrick A Tool for Geospatial Analysis of Physical Activity: Physical Activity Location Measurement System (PALMS) , 2009 .

[2]  Ryan Newton,et al.  XStream: a Signal-Oriented Data Stream Management System , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[3]  Nhin December Forum The Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information , 2008 .

[4]  Emiliano Miluzzo,et al.  People-centric urban sensing , 2006, WICON '06.

[5]  E. Candès,et al.  Stable signal recovery from incomplete and inaccurate measurements , 2005, math/0503066.

[6]  Deborah Estrin,et al.  Using mobile phones to determine transportation modes , 2010, TOSN.

[7]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[8]  John Krumm,et al.  Inference Attacks on Location Tracks , 2007, Pervasive.

[9]  ASHWIN MACHANAVAJJHALA,et al.  L-diversity: privacy beyond k-anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[10]  Min Y. Mun,et al.  Designing the Personal Data Stream: Enabling Participatory Privacy in Mobile Personal Sensing , 2009 .

[11]  S. Sastry,et al.  Security and Privacy Issues with Health Care Information Technology , 2006, 2006 International Conference of the IEEE Engineering in Medicine and Biology Society.

[12]  Edward Y. Chang,et al.  Adaptive sampling for sensor networks , 2004, DMSN '04.

[13]  Minho Shin,et al.  Anonysense: privacy-aware people-centric sensing , 2008, MobiSys '08.

[14]  Philip S. Yu,et al.  Privacy-preserving data publishing: A survey of recent developments , 2010, CSUR.

[15]  Mark H. Hansen,et al.  Urban sensing: out of the woods , 2008, CACM.

[16]  Ninghui Li,et al.  t-Closeness: Privacy Beyond k-Anonymity and l-Diversity , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[17]  Sasikanth Avancha,et al.  A privacy framework for mobile health and home-care systems , 2009, SPIMACS '09.

[18]  L. Umansky The Data-Driven Life , 2012 .