Private aggregation for presence streams

Collaboration technologies must support information sharing between collaborators, but must also take care not to share too much information or share information too widely. Systems that share information without requiring an explicit action by a user to initiate the sharing must be particularly cautious in this respect. Presence systems are an emerging class of applications that support collaboration. Through the use of pervasive sensors, these systems estimate user location, activities, and available communication channels. Because such presence data are sensitive, to achieve wide-spread adoption, sharing models must reflect the privacy and sharing preferences of their users. This paper looks at the role that privacy-preserving aggregation can play in addressing certain user sharing and privacy concerns with respect to presence data. We define conditions to achieve CollaPSE (Collaboration Presence Sharing Encryption) security, in which (i) an individual has full access to her own data, (ii) a third party performs computation on the data without learning anything about the data values, and (iii) people with special privileges called ''analysts'' can learn statistical information about groups of individuals, but nothing about the individual values contributing to the statistic other than what can be deduced from the statistic. More specifically, analysts can decrypt aggregates without being able to decrypt the individual values contributing to the aggregate. Based in part on studies we carried out that illustrate the need for the conditions encapsulated by CollaPSE security, we designed and implemented a family of CollaPSE protocols. We analyze their security, discuss efficiency tradeoffs, describe extensions, and review more recent privacy-preserving aggregation work.

[1]  James Fogarty,et al.  Presence versus availability: the design and evaluation of a context-aware communication client , 2004, Int. J. Hum. Comput. Stud..

[2]  Eric Horvitz,et al.  Learning and reasoning about interruption , 2003, ICMI '03.

[3]  James Fogarty,et al.  Toolkit support for developing and deploying sensor-based statistical models of human situations , 2007, CHI.

[4]  Adam J. Lee,et al.  When privacy and utility are in harmony: towards better design of presence technologies , 2012, Personal and Ubiquitous Computing.

[5]  Li Li,et al.  Cooperative node localization using nonlinear data projection , 2009, TOSN.

[6]  Kevin Fu,et al.  HICCUPS: health information collaborative collection using privacy and security , 2009, SPIMACS '09.

[7]  George Danezis,et al.  Privacy-Friendly Aggregation for the Smart-Grid , 2011, PETS.

[8]  Claude Castelluccia,et al.  I Have a DREAM! (DiffeRentially privatE smArt Metering) , 2011, Information Hiding.

[9]  M. Calo People Can Be So Fake: A New Dimension to Privacy and Technology Scholarship , 2009 .

[10]  P. Cochat,et al.  Et al , 2008, Archives de pediatrie : organe officiel de la Societe francaise de pediatrie.

[11]  Suman Nath,et al.  Differentially private aggregation of distributed time-series with transformation and encryption , 2010, SIGMOD Conference.

[12]  John C. Tang,et al.  Work rhythms: analyzing visualizations of awareness histories of distributed groups , 2002, CSCW '02.

[13]  Paul Dourish,et al.  Portholes: supporting awareness in a distributed work group , 1992, CHI.

[14]  Rainer Stiefelhagen,et al.  MyConnector: analysis of context cues to predict human availability for communication , 2006, ICMI '06.

[15]  Gene Tsudik,et al.  QUEST Software and , 2022 .

[16]  Adam J. Lee,et al.  Secured histories: computing group statistics on encrypted data while preserving individual privacy , 2010, ArXiv.

[17]  Thea Turner,et al.  MyUnity: Building Awareness and Fostering Community in the Workplace , 2010, ArXiv.

[18]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[19]  Elaine Shi,et al.  Privacy-Preserving Aggregation of Time-Series Data , 2011, NDSS.

[20]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[21]  Mihir Bellare,et al.  New Proofs for NMAC and HMAC: Security without Collision Resistance , 2006, Journal of Cryptology.

[22]  Adam J. Lee,et al.  Secured histories for presence systems , 2011, 2011 International Conference on Collaboration Technologies and Systems (CTS).

[23]  Ian Richardson,et al.  Smart meter data: Balancing consumer privacy concerns with legitimate applications , 2012 .

[24]  Andreas Girgensohn,et al.  Beyond 'yesterday's tomorrow': towards the design of awareness technologies for the contemporary worker , 2011, Mobile HCI.