ABSTRACT
We study the competing goals of utility and privacy as they arise when a user shares personal sensor data with apps on a smartphone. On the one hand, there can be value to the user for sharing data in the form of various personalized services and recommendations; on the other hand, there is the risk of revealing behaviors to the app producers that the user would like to keep private. The current approaches to privacy, usually defined in multi-user settings, rely on anonymization to prevent such sensitive behaviors from being traced back to the user---a strategy which does not apply if user identity is already known, as is the case here.
Instead of protecting identity, we focus on the more general problem of choosing what data to share, in such a way that certain kinds of inferences---i.e., those indicating the user's sensitive behavior---cannot be drawn. The use of inference functions allows us to establish a terminology to unify prior notions of privacy as special cases of this more general problem. We identify several information disclosure regimes, each corresponding to a specific privacy-utility tradeoff, as well as privacy mechanisms designed to realize these tradeoff points. Finally, we propose ipShield as a privacy-aware framework which uses current user context together with a model of user behavior to quantify an adversary's knowledge regarding a sensitive inference, and obfuscate data accordingly before sharing. We conclude by describing initial work towards realizing this framework.
- http://http://developer.android.com/guide/basics/what-is-android.html.Google Scholar
- github.com/gsbabil/PDroid-AOSP-JellyBean.Google Scholar
- http://funf.org.Google Scholar
- S. Chakraborty, K. R. Raghavan, and M. Srivastava. Poster: Model-based context privacy for personal data streams. CCS, 2012. Google ScholarDigital Library
- D. Chu, A. Kansal, J. Liu, and F. Zhao. Mobile apps: it's time to move up to condos. HotOS, 2011. Google ScholarDigital Library
- C. Dwork. Differential privacy: a survey of results. TAMC, 2008. Google ScholarDigital Library
- W. Enck and et. al. Taintdroid: an information-flow tracking system for realtime privacy monitoring on smartphones. OSDI, 2010. Google ScholarDigital Library
- C. Gentry and S. Halevi. Implementing gentry's fully-homomorphic encryption scheme. EUROCRYPT, 2011. Google ScholarDigital Library
- C. Gibler, J. Crussell, J. Erickson, and H. Chen. Androidleaks: automatically detecting potential privacy leaks in android applications on a large scale. TRUST, 2012. Google ScholarDigital Library
- S. Goldwasser, S. Micali, and C. Rackoff. The knowledge complexity of interactive proof-systems. STOC, 1985. Google ScholarDigital Library
- P. Golle and K. Partridge. On the anonymity of home/work location pairs. Pervasive, 2009. Google ScholarDigital Library
- M. Götz, S. Nath, and J. Gehrke. Maskit: privately releasing user context streams for personalized mobile applications. SIGMOD, 2012. Google ScholarDigital Library
- K. Kenthapadi, A. Korolova, I. Mironov, and N. Mishra. Privacy via the johnson-lindenstrauss transform. CoRR, abs/1204.2606, 2012.Google Scholar
- E. Kim, S. Helal, and D. Cook. Human activity recognition and pattern discovery. IEEE Pervasive Computing, 2010. Google ScholarDigital Library
- J. Lin, N. Sadeh, S. Amini, J. Lindqvist, J. I. Hong, and J. Zhang. Expectation and purpose: understanding users' mental models of mobile app privacy through crowdsourcing. UbiComp, 2012. Google ScholarDigital Library
- K. Liu, H. Kargupta, and J. Ryan. Random projection-based multiplicative data perturbation for privacy preserving distributed data mining. IEEE Trans. on Knowl.&Data Eng., 2006. Google ScholarDigital Library
- A. Machanavajjhala, D. Kifer, J. Gehrke, and M. Venkitasubramaniam. L-diversity: Privacy beyond k-anonymity. ACM Trans. Knowl. Discov. Data, 2007. Google ScholarDigital Library
- A. Narayanan and V. Shmatikov. Robust de-anonymization of large sparse datasets. In IEEE Symposium on Security and Privacy, 2008. Google ScholarDigital Library
- A. Narayanan and V. Shmatikov. Myths and fallacies of "personally identifiable information". Commun. ACM, 2010. Google ScholarDigital Library
- H.-S. Park and S.-B. Cho. Predicting user activities in the sequence of mobile context for ambient intelligence environment using dynamic bayesian network. In ICAART, 2010.Google Scholar
- K. R. Raghavan, S. Chakraborty, and M. Srivastava. Override: A mobile privacy framework for context-driven perturbation and synthesis of sensor data streams. PhoneSense, 2012. Google ScholarDigital Library
- L. Sankar, S. Rajagopalan, and V. Poor. A theory of utility and privacy of data sources. ISIT, 2010.Google ScholarCross Ref
- M. Srivatsa and M. Hicks. Deanonymizing mobility traces: Using social network as a side-channel. CCS, 2012. Google ScholarDigital Library
- L. Sweeney. k-anonymity: a model for protecting privacy. Int. J. Uncertain. Fuzziness Knowl.-Based Syst., 2002. Google ScholarDigital Library
- T. Vila, R. Greenstadt, and D. Molnar. Why we can't be bothered to read privacy policies models of privacy economics as a lemons market. ICEC, 2003. Google ScholarDigital Library
- T. Yan, D. Chu, D. Ganesan, A. Kansal, and J. Liu. Fast app launching for mobile devices using predictive user context. MobiSys, 2012. Google ScholarDigital Library
- A. C.-C. Yao. How to generate and exchange secrets. SFCS, 1986. Google ScholarDigital Library
Index Terms
- A framework for context-aware privacy of sensor data on mobile systems
Recommendations
A privacy agent in context-aware ubiquitous computing environments
CMS'06: Proceedings of the 10th IFIP TC-6 TC-11 international conference on Communications and Multimedia SecurityThis paper targets personal privacy protection in context-aware ubiquitous computing environments. It proposes a privacy agent technology to help notify people of relevant information disclosure, and to empower them to manage privacy with relative ease. ...
Fast track article: Balancing behavioral privacy and information utility in sensory data flows
Miniaturized smart sensors are increasingly being used to collect personal data which embed minute details of our everyday life. When shared, the data streams can easily be mined to draw a rich set of inferences regarding private behaviors and lifestyle ...
Collaborative privacy management: mobile privacy beyond your own devices
SPME '14: Proceedings of the ACM MobiCom workshop on Security and privacy in mobile environmentsAs the development of mobile devices and applications, mobile privacy has become a very important issue. Current researches on mobile privacy mainly focus on potential leakages on a particular device. However, leakage of sensitive data on a mobile ...
Comments