DEEProtect: Enabling Inference-based Access Control on Mobile Sensing Applications

Personal sensory data is used by context-aware mobile applications to provide utility. However, the same data can also be used by an adversary to make sensitive inferences about a user thereby violating her privacy. We present DEEProtect, a framework that enables a novel form of inference control, in which mobile apps with access to sensor data are limited (provably) in their ability to make inferences about user's sensitive data and behavior. DEEProtect adopts a two-layered privacy strategy. First, it leverages novel autoencoder techniques to perform data minimization and limits the amount of information being shared; the learning network is used to derive a compact representation of sensor data consisting only of features relevant to authorized utility-providing inferences. Second, DEEProtect obfuscates the previously learnt features, thereby providing an additional layer of protection against sensitive inferences. Our framework supports both conventional as well as a novel relaxed notion of local differential privacy that enhances utility. Through theoretical analysis and extensive experiments using real-world datasets, we demonstrate that when compared to existing approaches DEEProtect provides provable privacy guarantees with up to 8x improvement in utility. Finally, DEEProtect shares obfuscated but raw sensor data reconstructed from the perturbed features, thus requiring no changes to the existing app interfaces.

[1]  Russell A. McCann,et al.  mHealth for mental health: Integrating smartphone technology in behavioral healthcare. , 2011 .

[2]  Nitesh Saxena,et al.  SMASheD: Sniffing and Manipulating Android Sensor Data for Offensive Purposes , 2016, IEEE Transactions on Information Forensics and Security.

[3]  Nello Cristianini,et al.  An Introduction to Support Vector Machines and Other Kernel-based Learning Methods , 2000 .

[4]  Cynthia Dwork,et al.  Differential Privacy for Statistics: What we Know and What we Want to Learn , 2010, J. Priv. Confidentiality.

[5]  Yuqiong Sun,et al.  AWare: Preventing Abuse of Privacy-Sensitive Sensors via Operation Bindings , 2017, USENIX Security Symposium.

[6]  Claudio Soriente,et al.  Participatory privacy: Enabling privacy in participatory sensing , 2012, IEEE Network.

[7]  Chuan Qin,et al.  Progressive Authentication: Deciding When to Authenticate on Mobile Phones , 2012, USENIX Security Symposium.

[8]  John N. Tsitsiklis,et al.  Neuro-dynamic programming: an overview , 1995, Proceedings of 1995 34th IEEE Conference on Decision and Control.

[9]  J. Canny,et al.  AMMON : A Speech Analysis Library for Analyzing Affect , Stress , and Mental Health on Mobile Phones , 2011 .

[10]  Mauro Conti,et al.  Mind how you answer me!: transparently authenticating the user of a smartphone when answering or placing a call , 2011, ASIACCS '11.

[11]  Gabi Nakibly,et al.  Gyrophone: Recognizing Speech from Gyroscope Signals , 2014, USENIX Security Symposium.

[12]  Ling Bao,et al.  Activity Recognition from User-Annotated Acceleration Data , 2004, Pervasive.

[13]  Jun Han,et al.  ACCessory: password inference using accelerometers on smartphones , 2012, HotMobile '12.

[14]  Emiliano De Cristofaro,et al.  Preserving Query Privacy in Urban Sensing Systems , 2012, ICDCN.

[15]  Romit Roy Choudhury,et al.  Tapprints: your finger taps have fingerprints , 2012, MobiSys '12.

[16]  Ian Goodfellow,et al.  Deep Learning with Differential Privacy , 2016, CCS.

[17]  Philip S. Yu,et al.  Correlated network data publication via differential privacy , 2013, The VLDB Journal.

[18]  Elisa Bertino,et al.  IdentiDroid: Android can finally Wear its Anonymous Suit , 2014, Trans. Data Priv..

[19]  Peng Ning,et al.  EASEAndroid: Automatic Policy Analysis and Refinement for Security Enhanced Android via Large-Scale Semi-Supervised Learning , 2015, USENIX Security Symposium.

[20]  Vitaly Shmatikov,et al.  A Scanner Darkly: Protecting User Privacy from Perceptual Applications , 2013, 2013 IEEE Symposium on Security and Privacy.

[21]  David J. Crandall,et al.  PlaceRaider: Virtual Theft in Physical Spaces with Smartphones , 2012, NDSS.

[22]  Xiao Wang,et al.  SenSec: Mobile security through passive sensing , 2013, 2013 International Conference on Computing, Networking and Communications (ICNC).

[23]  Ramesh Govindan,et al.  Cloud-enabled privacy-preserving collaborative learning for mobile sensing , 2012, SenSys '12.

[24]  Prateek Mittal,et al.  Dependence Makes You Vulnberable: Differential Privacy Under Dependent Tuples , 2016, NDSS.

[25]  A. Bjorck,et al.  SOLVING LINEAR LEAST SQUARES PROBLEMS BY GRAM-SCHMIDT ORTHOGONALIZATION , 2005 .

[26]  Dawn Xiaodong Song,et al.  Touchalytics: On the Applicability of Touchscreen Input as a Behavioral Biometric for Continuous Authentication , 2012, IEEE Transactions on Information Forensics and Security.

[27]  Lida Xu,et al.  Compressed Sensing Signal and Data Acquisition in Wireless Sensor Networks and Internet of Things , 2013, IEEE Transactions on Industrial Informatics.

[28]  Norman M. Sadeh,et al.  Modeling Users' Mobile App Privacy Preferences: Restoring Usability in a Sea of Permission Settings , 2014, SOUPS.

[29]  Jun Sun,et al.  Compressive data gathering for large-scale wireless sensor networks , 2009, MobiCom '09.

[30]  Yoshua Bengio,et al.  Extracting and composing robust features with denoising autoencoders , 2008, ICML '08.

[31]  A. Anonymous,et al.  Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy , 2013, J. Priv. Confidentiality.

[32]  Michael Backes,et al.  Boxify: Full-fledged App Sandboxing for Stock Android , 2015, USENIX Security Symposium.

[33]  Suman Nath,et al.  Differentially private aggregation of distributed time-series with transformation and encryption , 2010, SIGMOD Conference.

[34]  Sharon Goldberg,et al.  Calibrating Data to Sensitivity in Private Data Analysis , 2012, Proc. VLDB Endow..

[35]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[36]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[37]  Amit Kumar Sikder,et al.  6thSense: A Context-aware Sensor-based Attack Detector for Smart Devices , 2017, USENIX Security Symposium.

[38]  Romit Roy Choudhury,et al.  SurroundSense: mobile phone localization via ambience fingerprinting , 2009, MobiCom '09.

[39]  Qinghua Li,et al.  Efficient Privacy-Preserving Stream Aggregation in Mobile Sensing with Low Aggregation Error , 2013, Privacy Enhancing Technologies.

[40]  Nicholas D. Lane,et al.  Can Deep Learning Revolutionize Mobile Sensing? , 2015, HotMobile.

[41]  Joon Hee Han,et al.  Local Decorrelation For Improved Pedestrian Detection , 2014, NIPS.

[42]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[43]  Michael E. Tipping,et al.  Probabilistic Principal Component Analysis , 1999 .

[44]  Alastair R. Beresford,et al.  MockDroid: trading privacy for application functionality on smartphones , 2011, HotMobile '11.

[45]  Patrick Traynor,et al.  (sp)iPhone: decoding vibrations from nearby keyboards using mobile phone accelerometers , 2011, CCS '11.

[46]  Zhi Xu,et al.  TapLogger: inferring user inputs on smartphone touchscreens using on-board motion sensors , 2012, WISEC '12.

[47]  Trevor Darrell,et al.  Caffe: Convolutional Architecture for Fast Feature Embedding , 2014, ACM Multimedia.

[48]  Hao Chen,et al.  TouchLogger: Inferring Keystrokes on Touch Screen from Smartphone Motion , 2011, HotSec.

[49]  S L Warner,et al.  Randomized response: a survey technique for eliminating evasive answer bias. , 1965, Journal of the American Statistical Association.

[50]  Mani B. Srivastava,et al.  ipShield: A Framework For Enforcing Context-Aware Privacy , 2014, NSDI.

[51]  Deborah Estrin,et al.  SensLoc: sensing everyday places and paths using less energy , 2010, SenSys '10.

[52]  Qiang Li,et al.  Auditeur: a mobile-cloud service platform for acoustic event detection on smartphones , 2013, MobiSys '13.

[53]  Yuqiong Sun,et al.  AuDroid: Preventing Attacks on Audio Channels in Mobile Devices , 2015, ACSAC.

[54]  Thomas J. Watson,et al.  An empirical study of the naive Bayes classifier , 2001 .

[55]  Seungyeop Han,et al.  These aren't the droids you're looking for: retrofitting android to protect data from imperious applications , 2011, CCS '11.

[56]  Frank McSherry,et al.  Privacy integrated queries: an extensible platform for privacy-preserving data analysis , 2009, SIGMOD Conference.

[57]  Alexander Gruenstein,et al.  Accurate and compact large vocabulary speech recognition on mobile devices , 2013, INTERSPEECH.

[58]  Martin J. Wainwright,et al.  Local privacy and statistical minimax rates , 2013, 2013 51st Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[59]  Seth J. Teller,et al.  Online pose classification and walking speed estimation using handheld devices , 2012, UbiComp '12.

[60]  Thomas Hofmann,et al.  Support vector machine learning for interdependent and structured output spaces , 2004, ICML.

[61]  Niels Brouwers Delft Detecting Dwelling in Urban Environments Using GPS , WiFi , and Geolocation Measurements , 2011 .

[62]  Arthur E. Hoerl,et al.  Ridge Regression: Biased Estimation for Nonorthogonal Problems , 2000, Technometrics.

[63]  Ashwin Machanavajjhala,et al.  Blowfish privacy: tuning privacy-utility trade-offs using policies , 2013, SIGMOD Conference.

[64]  Yonina C. Eldar,et al.  Blind Compressed Sensing , 2010, IEEE Transactions on Information Theory.

[65]  Honglak Lee,et al.  Sparse deep belief net model for visual area V2 , 2007, NIPS.

[66]  Yin Yang,et al.  Heavy Hitter Estimation over Set-Valued Data with Local Differential Privacy , 2016, CCS.

[67]  Geoffrey E. Hinton,et al.  Reducing the Dimensionality of Data with Neural Networks , 2006, Science.

[68]  Ramachandran Ramjee,et al.  Nericell: rich monitoring of road and traffic conditions using mobile smartphones , 2008, SenSys '08.

[69]  Zhi Xu,et al.  SemaDroid: A Privacy-Aware Sensor Management Framework for Smartphones , 2015, CODASPY.

[70]  Minho Shin,et al.  Anonysense: privacy-aware people-centric sensing , 2008, MobiSys '08.

[71]  Xiangyu Liu,et al.  When Good Becomes Evil: Keystroke Inference with Smartwatch , 2015, CCS.

[72]  L. Bottou Stochastic Gradient Learning in Neural Networks , 1991 .

[73]  Deborah Estrin,et al.  Using mobile phones to determine transportation modes , 2010, TOSN.

[74]  Jun Han,et al.  ACComplice: Location inference using accelerometers on smartphones , 2012, 2012 Fourth International Conference on Communication Systems and Networks (COMSNETS 2012).

[75]  Wei Zhang,et al.  The IBM speech-to-speech translation system for smartphone: Improvements for resource-constrained tasks , 2013, Comput. Speech Lang..

[76]  Daniel Gatica-Perez,et al.  StressSense: detecting stress in unconstrained acoustic environments using smartphones , 2012, UbiComp.

[77]  Suman Nath,et al.  MaskIt: privately releasing user context streams for personalized mobile applications , 2012, SIGMOD Conference.

[78]  Cynthia Dwork,et al.  Differential Privacy: A Survey of Results , 2008, TAMC.

[79]  Vitaly Shmatikov,et al.  Privacy-preserving deep learning , 2015, 2015 53rd Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[80]  Úlfar Erlingsson,et al.  RAPPOR: Randomized Aggregatable Privacy-Preserving Ordinal Response , 2014, CCS.

[81]  Johan A. K. Suykens,et al.  Least Squares Support Vector Machine Classifiers , 1999, Neural Processing Letters.

[82]  Cecilia Mascolo,et al.  EmotionSense: a mobile phones based adaptive platform for experimental social psychology research , 2010, UbiComp.

[83]  Ruby B. Lee,et al.  Multi-sensor authentication to improve smartphone security , 2015, 2015 International Conference on Information Systems Security and Privacy (ICISSP).

[84]  Aaron Roth,et al.  The Algorithmic Foundations of Differential Privacy , 2014, Found. Trends Theor. Comput. Sci..

[85]  Å. Björck Solving linear least squares problems by Gram-Schmidt orthogonalization , 1967 .

[86]  Leonidas J. Guibas,et al.  Data structures for mobile data , 1997, SODA '97.

[87]  Sasu Tarkoma,et al.  Accelerometer-based transportation mode detection on smartphones , 2013, SenSys '13.

[88]  A. Pfitzmann,et al.  A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management , 2010 .

[89]  David Kotz,et al.  ZEBRA: Zero-Effort Bilateral Recurring Authentication , 2014, IEEE Symposium on Security and Privacy.

[90]  Kang G. Shin,et al.  EchoTag: Accurate Infrastructure-Free Indoor Location Tagging with Smartphones , 2015, MobiCom.

[91]  Ashwin Machanavajjhala,et al.  Pufferfish , 2014, ACM Trans. Database Syst..