HIDING BEHIND THE CLOUDS: EFFICIENT, PRIVACY-PRESERVING QUERIES VIA CLOUD PROXIES

This project proposes PriView, a privacy-preserving technique for querying third-party ser- vices from mobile devices. Classical private information retrieval (PIR) schemes are diffi- cult to deploy and use, since they require the target service to be replicated and modified. To avoid this problem, PriView utilizes a novel, proxy-mediated form of PIR, in which the client device fetches XORs of dummy query responses from each of two proxies and combines them to produce the required result. Unlike conventional PIR, PriView does not require the third-party service to be replicated or modified in any way. We evaluated a PriView implementation for the Google Static Maps service utilizing an Android OS front- end and Amazon EC2 proxies. PriView is able to provide tunable confidentiality with low overhead, allowing bandwidth usage, power consumption, and end-to-end latency to scale sublinearly with the provided degree of confidentiality

Privacy-preserving recommendations in context-aware mobile environments

© Emerald Publishing Limited. Purpose - This paper aims to address privacy concerns that arise from the use of mobile recommender systems when processing contextual information relating to the user. Mobile recommender systems aim to solve the information overload problem by recommending products or services to users of Web services on mobile devices, such as smartphones or tablets, at any given point in time and in any possible location. They use recommendation methods, such as collaborative filtering or content-based filtering and use aconsiderable amount of contextual information to provide relevant recommendations. However, because of privacy concerns, users are not willing to provide the required personal information that would allow their views to be recorded and make these systems usable. Design/methodology/approach - This work is focused on user privacy by providing a method for context privacy-preservation and privacy protection at user interface level. Thus, a set of algorithms that are part of the method has been designed with privacy protectionin mind, which isdone byusing realistic dummy parameter creation. Todemonstrate the applicability of the method, arelevant context-aware data set has been used to run performance and usability tests. Findings - The proposed method has been experimentally evaluated using performance and usability evaluation tests and is shown that with a small decrease in terms of performance, user privacy can be protected. Originality/value - This is a novel research paper that proposed a method for protecting the privacy of mobile recommender systems users when context parameters are used

On the anonymity risk of time-varying user profiles.

Websites and applications use personalisation services to profile their users, collect their patterns and activities and eventually use this data to provide tailored suggestions. User preferences and social interactions are therefore aggregated and analysed. Every time a user publishes a new post or creates a link with another entity, either another user, or some online resource, new information is added to the user profile. Exposing private data does not only reveal information about single users’ preferences, increasing their privacy risk, but can expose more about their network that single actors intended. This mechanism is self-evident in social networks where users receive suggestions based on their friends’ activities. We propose an information-theoretic approach to measure the differential update of the anonymity risk of time-varying user profiles. This expresses how privacy is affected when new content is posted and how much third-party services get to know about the users when a new activity is shared. We use actual Facebook data to show how our model can be applied to a real-world scenario.Peer ReviewedPostprint (published version

Privacy protection in location based services

This thesis takes a multidisciplinary approach to understanding the characteristics of Location Based Services (LBS) and the protection of location information in these transactions. This thesis reviews the state of the art and theoretical approaches in Regulations, Geographic Information Science, and Computer Science. Motivated by the importance of location privacy in the current age of mobile devices, this thesis argues that failure to ensure privacy protection under this context is a violation to human rights and poses a detriment to the freedom of users as individuals. Since location information has unique characteristics, existing methods for protecting other type of information are not suitable for geographical transactions. This thesis demonstrates methods that safeguard location information in location based services and that enable geospatial analysis. Through a taxonomy, the characteristics of LBS and privacy techniques are examined and contrasted. Moreover, mechanisms for privacy protection in LBS are presented and the resulting data is tested with different geospatial analysis tools to verify the possibility of conducting these analyses even with protected location information. By discussing the results and conclusions of these studies, this thesis provides an agenda for the understanding of obfuscated geospatial data usability and the feasibility to implement the proposed mechanisms in privacy concerning LBS, as well as for releasing crowdsourced geographic information to third-parties

Virtualization based password protection against malware in untrusted operating systems

Ministry of Education, Singapore under its Academic Research Funding Tier