Balancing Behavioral Privacy and Information Utility in Sensory Data Flows

The democratization of computing and sensing through smart phones and embedded devices has led to widespread instrumentation of our personal and social spaces. The sensor data thus collected, has embedded in them minute details of our daily life. On the one hand, this has enabled a multitude of exciting applications where decisions at various time-scales are driven by inferences that are computationally derived from the shared sensory information and used for purposes such as targeted advertisements,behavior tailored interventions and automated control. On the other hand, the ability to derive rich inferences about user behaviors and contexts and their use in critical decision making also present various concerns of personal privacy. Prior approaches to handling the privacy concerns have often been ad hoc and focused on disassociating the user identity from the shared data, thus preventing an adversary from tracing a sensitive inference back to the user. However, in many application domains (e.g., mHealth, insurance) user identity is an inalienable part of the shared data. In such settings, instead of identity privacy, the focus is on the more general inference privacy problem, pertaining to the privacy of sensitive inferences that can be derived from the shared sensor data. The objective of this research has been to develop a principled understanding of the inference privacy problem and design formalisms, algorithms, and system mechanisms to effectively address it. The contributions of this dissertation are multi-fold. First, using information-theoretic notions we formulate the inference privacy problem in terms of a whitelist of utility providing allowed inferences, and a blacklist of sensitive inferences. We define utility and privacy parameters, derive bounds on the feasible region spanned by these parameters, and provide constructive schemes for achieving the boundary points of the feasible region. Second, using insights from the theoretical exploration, we design and implementipShield, a privacy-enforcing system by modifying the Android OS. ipShield, is a step towards reducing the user burden of configuring fine-grained privacy policies. It does so by changing the basic privacy abstraction, from access control on sensors to privacy preferences over higher level possible inferences. The user preferences are then used by a rule recommender to auto-generate privacy rules on sensors. Finally, we present iDeceit, a framework that implements model-based plausible falsification of sensor data to protect the privacy of sensitive inferences while maximizing the utility of the shared data. A graphical model is used to capture the temporal and spatial patterns that exists in user behavior. The model is then used, together with privacy and utility metrics and a novel plausibility metric, to generate falsified data stream that conforms to typical user-behavior ensuring perfect privacy. Extensive evaluation results are detailed for both ipShield and iDeceit to validate their efficiency and feasibility on mobile platforms

Reliable and secure low energy sensed spectrum communication for time critical cloud computing applications

Reliability and security of data transmission and access are of paramount importance to enhance the dependability of time critical remote monitoring systems (e.g. tele-monitoring patients, surveillance of smart grid components). Potential failures for data transmissions include wireless channel unavailability and delays due to the interruptions. Reliable data transmission demands seamless channel availability with minimum delays in spite of interruptions (e.g. fading, denial-of-service attacks). Secure data transmissions require sensed data to be transmitted over unreliable wireless channels with sucient security using suitable encryption techniques. The transmitted data are stored in secure cloud repositories. Potential failures for data access include unsuccessful user authentications due to mis-management of digital identities and insucient permissions to authorize situation specic data access requests. Reliable and secure data access requires robust user authentication and context-dependent authorization to fulll situation specic data utility needs in cloud repositories. The work herein seeks to enhance the dependability of time critical remote monitoring applications, by reducing these failure conditions which may degrade the reliability and security of data transmission or access. As a result of an extensive literature survey, in order to achieve the above said security and reliability, the following areas have been selected for further investigations. The enhancement of opportunistic transmissions in cognitive radio networks to provide greater channel availability as opposed to xed spectrum allocations in conventional wireless networks. Delay sensitive channel access methods to ensure seamless connectivity in spite of multiple interruptions in cognitive radio networks. Energy ecient encryption and route selection mechanisms to enhance both secure and reliable data transmissions. Trustworthy digital identity management in cloud platforms which can facilitate ecient user authentication to ensure reliable access to the sensed remote monitoring data. Context-aware authorizations to reliably handle the exible situation specic data access requests. Main contributions of this thesis include a novel trust metric to select non-malicious cooperative spectrum sensing users to reliably detect vacant channels, a reliable delaysensitive cognitive radio spectrum hand-o management method for seamless connectivity and an energy-aware physical unclonable function based encryption key size selection method for secure data transmission. Furthermore, a trust based identity provider selection method for user authentications and a reliable context-aware situation specic authorization method are developed for more reliable and secure date access in cloud repositories. In conclusion, these contributions can holistically contribute to mitigate the above mentioned failure conditions to achieve the intended dependability of the timecritical remote monitoring applications