Privacy Leakage through Sensory Data on Smart Devices

Mobile devices are becoming more and more indispensable in people’s daily life. They bring variety of conveniences. However, many privacy issues also arise along with the ubiquitous usage of smart devices. Nowadays, people rely on smart devices for business and work, thus much sensitive information is released. Although smart device manufactures spend much effort to provide system level strategies for privacy preservation, lots of studies have shown that these strategies are far from perfect. In this dissertation, many privacy risks are explored. Smart devices are becoming more and more powerful as more and more sensors are embedded into smart devices. In this thesis, the relationship between sensory data and a user’s location information is analyzed first. A novel inference model and a corresponding algorithm are proposed to infer a user’s location information solely based on sensory data. The proposed approach is validated towards real-world sensory data. Another privacy issue investigated in this thesis is the inference of user behaviors based on sensory data. From extensive experiment results, it is observed that there is a strong correlation between sensory data and the tap position on a smart device’s screen. A sensory data collection app is developed to collect sensory data from more than 100 volunteers. A conventional neural network based method is proposed to infer a user’s input on a smart phone. The proposed inference model and algorithm are compared with several previous methods through extensive experiments. The results show that our method has much better accuracy. Furthermore, based on this inference model, several possible ways to steal private information are illustrated

Privacy Preservation & Security Solutions in Blockchain Network

Blockchain has seen exponential progress over the past few years, and today its usage extends well beyond cryptocurrencies. Its features, including openness, transparency, secure communication, difficult falsification, and multi-consensus, have made it one of the most valuable technology in the world. In most open blockchain platforms, any node can access the data on the blockchain, which leads to a potential risk of personal information leakage. So the issue of blockchain privacy and security is particularly prominent and has become an important research topic in the field of blockchain. This dissertation mainly summarizes my research on blockchain privacy and security protection issues throughout recent years. We first summarize the security and privacy vulnerabilities in the mining pools of traditional bitcoin networks and some possible protection measures. We then propose a new type of attack: coin hopping attack, in the case of multiple blockchains under an IoT environment. This attack is only feasible in blockchain-based IoT scenarios, and can significantly reduce the operational efficiency of the entire blockchain network in the long run. We demonstrate the feasibility of this attack by theoretical analysis of four different attack models and propose two possible solutions. We also propose an innovative hybrid blockchain crowdsourcing platform solution to settle the performance bottlenecks and various challenges caused by privacy, scalability, and verification efficiency problems of current blockchain-based crowdsourcing systems. We offer flexible task-based permission control and a zero-knowledge proof mechanism in the implementation of smart contracts to flexibly obtain different levels of privacy protection. By performing several tests on Ethereum and Hyperledger Fabric, EoS.io blockchains, the performance of the proposed platform consensus under different transaction volumes is verified. At last, we also propose further investigation on the topics of the privacy issues when combining AI with blockchain and propose some defense strategies

Privacy Preserving Data Publishing

Recent years have witnessed increasing interest among researchers in protecting individual privacy in the big data era, involving social media, genomics, and Internet of Things. Recent studies have revealed numerous privacy threats and privacy protection methodologies, that vary across a broad range of applications. To date, however, there exists no powerful methodologies in addressing challenges from: high-dimension data, high-correlation data and powerful attackers. In this dissertation, two critical problems will be investigated: the prospects and some challenges for elucidating the attack capabilities of attackers in mining individuals’ private information; and methodologies that can be used to protect against such inference attacks, while guaranteeing significant data utility. First, this dissertation has proposed a series of works regarding inference attacks laying emphasis on protecting against powerful adversaries with auxiliary information. In the context of genomic data, data dimensions and computation feasibility is highly challenging in conducting data analysis. This dissertation proved that the proposed attack can effectively infer the values of the unknown SNPs and traits in linear complexity, which dramatically improve the computation cost compared with traditional methods with exponential computation cost. Second, putting differential privacy guarantee into high-dimension and high-correlation data remains a challenging problem, due to high-sensitivity, output scalability and signal-to-noise ratio. Consider there are tens-of-millions of genomes in a human DNA, it is infeasible for traditional methods to introduce noise to sanitize genomic data. This dissertation has proposed a series of works and demonstrated that the proposed differentially private method satisfies differential privacy; moreover, data utility is improved compared with the states of the arts by largely lowering data sensitivity. Third, putting privacy guarantee into social data publishing remains a challenging problem, due to tradeoff requirements between data privacy and utility. This dissertation has proposed a series of works and demonstrated that the proposed methods can effectively realize privacy-utility tradeoff in data publishing. Finally, two future research topics are proposed. The first topic is about Privacy Preserving Data Collection and Processing for Internet of Things. The second topic is to study Privacy Preserving Big Data Aggregation. They are motivated by the newly proposed data mining, artificial intelligence and cybersecurity methods

Data Collection and Aggregation in Mobile Sensing

Nowadays, smartphones have become ubiquitous and are playing a critical role in key aspects of people\u27s daily life such as communication, entertainment and social activities. Most smartphones are equipped with multiple embedded sensors such as GPS (Global Positioning System), accelerometer, camera, etc, and have diverse sensing capacity. Moreover, the emergence of wearable devices also enhances the sensing capabilities of smartphones since most wearable devices can exchange sensory data with smartphones via network interfaces. Therefore, mobile sensing have led to numerous innovative applications in various fields including environmental monitoring, transportation, healthcare, safety and so on. While all these applications are based on two critical techniques in mobile sensing, which are data collection and data aggregation, respectively. Data collection is to collect all the sensory data in the network while data aggregation is any process in which information is gathered and expressed in a summary form such as SUM or AVERAGE. Obviously, the above two problems can be solved by simply collect all the sensory data in the whole network. But that will lead to huge communication cost. This dissertation is to reduce the huge communication cost in data collection and data aggregation in mobile sensing where the following two technical routes are applied. The first technical route is to use sampling techniques such as uniform sampling or Bernoulli sampling. In this way, an aggregation result with acceptable error can be can be calculate while only a small part of mobile phones need to submit their sensory data. The second technical rout is location-based sensing in which every mobile phone submits its geographical position and the mobile sensing platform will use the submitted positions to filter useless sensory data. The experiment results indicate the proposed methods have high performance

Computational Complexity And Algorithms For Dirty Data Evaluation And Repairing

In this dissertation, we study the dirty data evaluation and repairing problem in relational database. Dirty data is usually inconsistent, inaccurate, incomplete and stale. Existing methods and theories of consistency describe using integrity constraints, such as data dependencies. However, integrity constraints are good at detection but not at evaluating the degree of data inconsistency and cannot guide the data repairing. This dissertation first studies the computational complexity of and algorithms for the database inconsistency evaluation. We define and use the minimum tuple deletion to evaluate the database inconsistency. For such minimum tuple deletion problem, we study the relationship between the size of rule set and its computational complexity. We show that the minimum tuple deletion problem is NP-hard to approximate the minimum tuple deletion within 17/16 if given three functional dependencies and four attributes involved. A near optimal approximated algorithm for computing the minimum tuple deletion is proposed with a ratio of 2 − 1/2r , where r is the number of given functional dependencies. To guide the data repairing, this dissertation also investigates the data repairing method by using query feedbacks, formally studies two decision problems, functional dependency restricted deletion and insertion propagation problem, corresponding to the feedbacks of deletion and insertion. A comprehensive analysis on both combined and data complexity of the cases is provided by considering different relational operators and feedback types. We have identified the intractable and tractable cases to picture the complexity hierarchy of these problems, and provided the efficient algorithm on these tractable cases. Two improvements are proposed, one focuses on figuring out the minimum vertex cover in conflict graph to improve the upper bound of tuple deletion problem, and the other one is a better dichotomy for deletion and insertion propagation problems at the absence of functional dependencies from the point of respectively considering data, combined and parameterized complexities

Privacy-Preserved Linkable Social-Physical Data Publication

In this dissertation, we investigate the privacy-preserved data publication problems towards pervasively existing linkable social-physical contents. On the one hand, data publication has been considered as a critical approach to facilitate numerous utilities for individuals, populations, platform owners, and all third-party service providers. On the other hand, the unprecedented adoption of mobile devices and the dramatic development of Internet-of-Thing (IoT) systems have pushed the collection of surrounding physical information among populations to a totally novel stage. The collected contents can provide a fine-grained access to both physical and social aspects of the crowds, which introduces a comprehensively linkable and potentially sensitive information domain. The linkage includes the related index like privacy, utility, and efficiency for sophisticated applications, the inherent correlations among multiple data sources or information dimensions, and the connections among individuals. As the linkage leads to various novel challenges for privacy preservation, there should be a body of novel mechanisms for linkable social-physical data publications. As a result, this dissertation proposes a series of mechanisms for privacy-preserved linkable social-physical data publication. Firstly, we study the publication of physical data where the co-existing useful social proles and the sensitive physical proles of the data should be carefully maintained. Secondly, we investigate the data publication problem jointly considering the privacy preservation, data utility, and resource efficiency for task completion in crowd-sensing systems. Thirdly, we investigate the publication of private contents used for the recommendation, where contents of a user contribute to the recommendation results for others. Fourthly, we study the publications of reviews in local business service systems, where users expect to conceal their frequently visited locations while cooperatively maintain the utility of the whole system. Fifthly, we study the acquisition of privacy-preserved knowledge on cyber-physical social networks, where third-party service providers can derive the community structure without accessing the sensitive social links. We also provide detailed analysis and discussion for proposed mechanisms, and extensively validate their performance via real-world datasets. Both results demonstrate that the proposed mechanisms can properly preserve the privacy while maintaining the data utility. At last, we also propose the future research topics to complete the whole dissertation. The first topic focuses on the privacy preservation towards correlations beneath multiple data sources. The second topic studies more privacy issues for the whole population during data publication, including both the novel threats for related communities, and the disclosure of trends within crowds

Location Privacy Leakage through Sensory Data

Mobile devices bring benefits as well as the risk of exposing users’ location information, as some embedded sensors can be accessed without users’ permission and awareness. In this paper, we show that, only by using the data collected from the embedded sensors in mobile devices instead of GPS data, we can infer a user’s location information with high accuracy. Three issues are addressed which are route identification, user localization in a specific route, and user localization in a bounded area. The Dynamic Time Warping based technique is designed and we develop a Hidden Markov Model to solve the localization problem. Real experiments are performed to evaluate our proposed methods