ABSTRACT
This paper develops mathematical foundations and architectural components for providing privacy guarantees on stream data in grassroots participatory sensing applications, where groups of participants use privately-owned sensors to collectively measure aggregate phenomena of mutual interest. Grassroots applications refer to those initiated by members of the community themselves as opposed to by some governing or official entities. The potential lack of a hierarchical trust structure in such applications makes it harder to enforce privacy. To address this problem, we develop a privacy-preserving architecture, called PoolView, that relies on data perturbation on the client-side to ensure individuals' privacy and uses community-wide reconstruction techniques to compute the aggregate information of interest. PoolView allows arbitrary parties to start new services, called pools, to compute new types of aggregate information for their clients. Both the client-side and server-side components of PoolView are implemented and available for download, including the data perturbation and reconstruction components. Two simple sensing services are developed for illustration; one computes traffic statistics from subscriber GPS data and the other computes weight statistics for a particular diet. Evaluation, using actual data traces collected by the authors, demonstrates the privacy-preserving aggregation functionality in PoolView.
- T. Abdelzaher et al. Mobiscopes for human spaces. IEEE Pervasive Computing, 6(2):20--29, 2007. Google ScholarDigital Library
- D. Agrawal and C. C. Aggarwal. On the design and quantification of privacy preserving data mining algorithms. In Proc. of ACM Principles of Database Systems, pages 247--255, 2001. Google ScholarDigital Library
- R. Agrawal and R. Srikant. Privacy preserving data mining. In Proc. of ACM Conf. on Management of Data, pages 439--450, May 2000. Google ScholarDigital Library
- S. S. Alpert. A two-reservoir energy model of the human body. The American Journal of Clinical Nutrition, 32(8):1710--1718, 1979.Google ScholarCross Ref
- J. Burke et al. Participatory sensing. Workshop on World-Sensor-Web, co-located with ACM SenSys, 2006.Google Scholar
- C. Carson and H. Kevin. The dynamics of human body weight change. PLOS Computational Biology, 4(3):1000045, March 2008.Google ScholarCross Ref
- K. Chen and L. Liu. Privacy preserving data classification with rotation perturbation. In Proc. of IEEE International Conference on Data Mining, pages 589--592, 2005. Google ScholarDigital Library
- M. Davis et al. Mmm2: Mobile media metadata for media sharing. In CHI Extended Abstracts on Human Factors in Computing Systems, pages 1335--1338, 2005. Google ScholarDigital Library
- W. Du and Z. Zhan. Using randomized response techniques for privacy-preserving data mining. In Proc. of ACM SIGKDD Conf., pages 505--510, 2003. Google ScholarDigital Library
- S. B. Eisenman et al. The bikenet mobile sensing system for cyclist experience mapping. In Proc. of SenSys, November 2007. Google ScholarDigital Library
- A. Evfimievski. Randomization in privacy preserving data mining. ACM SIGKDD Explorations Newsletter, 4(2):43--48, December 2002. Google ScholarDigital Library
- A. Evfimievski, J. Gehrke, and R. Srikant. Limiting privacy breaches in privacy preserving data mining. In Proceedings of the SIGMOD/PODS Conference, pages 211--222, 2003. Google ScholarDigital Library
- G. B. Forbes. Weight loss during fasting: Implications for the obese. The American Journal of Clinical Nutrition, 23(9):1212--1219, September 1970.Google ScholarCross Ref
- R. K. Ganti, P. Jayachandran, T. F. Abdelzaher, and J. A. Stankovic. Satire: a software architecture for smart attire. In Proc. of ACM MobiSys, pages 110--123, 2006. Google ScholarDigital Library
- Garmin eTrex Legend. www8.garmin.com/products/etrexlegend.Google Scholar
- O. Goldreich. Secure multi-party computation (draft). Technical report, Weizmann Institute of Science, 2002.Google Scholar
- C. Guestrin et al. Distributed regression: An efficient framework for modeling sensor network data. In Proc. of IPSN '04, pages 1--10, April 2004. Google ScholarDigital Library
- J. Han and M. Kamber. Data Mining: Concepts and Techniques. Morgan Kaufmann, second edition, 2006. Google ScholarDigital Library
- M. Herty, A. Klar, and A. K. Singh. An ode traffic network model. J. Comput. Appl. Math., 203(2):419--436, 2007. Google ScholarDigital Library
- J.-H. Huang, S. Amjad, and S. Mishra. Cenwits: a sensor-based loosely coupled search and rescue system using witnesses. In Proc. of SenSys, pages 180--191, 2005. Google ScholarDigital Library
- Z. Huang, W. Du, and B. Chen. Deriving private information from randomized data. In Proc. of ACM SIGMOD Conference, pages 37--48, June 2005. Google ScholarDigital Library
- B. Hull et al. Cartel: a distributed mobile sensor computing system. In Proc. of SenSys, pages 125--138, 2006. Google ScholarDigital Library
- M. G. Kang and A. K. Katsaggelos. General choice of the regularization functional in regularized image restoration. IEEE Transaction on Image Processing, 4(5):594--602, May 1995. Google ScholarDigital Library
- H. Kargutpa, S. Datta, Q. Wang, and K. Sivakumar. On the privacy preserving properties of random data perturbation techniques. In Proc. of the IEEE ICDM, pages 99--106, 2003. Google ScholarDigital Library
- A. Krause, E. Horvitz, A. Kansal, and F. Zhao. Toward community sensing. In Proc. of IPSN, 2008. Google ScholarDigital Library
- R. E. Mickens, D. N. Brewley, and M. L. Russell. A model of dieting. SIAM Review, 40(3):667--672, September 1998. Google ScholarDigital Library
- S. R. M. Oliveira and O. R. Zaiane. Privacy preservation when sharing data for clustering. In Proc. of International Workshop on Secure Data Management in a Connected World, pages 67--82, August 2004.Google ScholarCross Ref
- S. Papadimitriou, F. Li, G. Kollios, and P. S. Yu. Time series compressibility and privacy. In Proc. of VLDB '07, pages 459--470, September 2007. Google ScholarDigital Library
- A. Parker et al. Network system challenges in selective sharing and verification for personal, social, and urban-scale sensing applications. In Proceedings of HotNets-V, pages 37--42, 2006.Google Scholar
- PoolView. http://smart-attire.cs.uiuc.edu/poolview/.Google Scholar
- PoolView Protocol Specifications. http://smart-attire.cs.uiuc.edu/poolview/files/fdtp.pdf.Google Scholar
- S. Reddy et al. Image browsing, processing, and clustering for participatory sensing: Lessons from a dietsense prototype. In Proc of EmNets, pages 13--17, 2007. Google ScholarDigital Library
- SciLab. www.scilab.org.Google Scholar
- A. N. Tikhonov and V. Y. Arsenin. Solution of Ill Posed Problems. V. H. Winstons and Sons, 1977.Google Scholar
- S. L. Warner. Randomized response: A survey technique for eliminating evasive answer bias. Jnl of the American Stat Association, 60(309):63--69, March 1965.Google ScholarCross Ref
Index Terms
- PoolView: stream privacy for grassroots participatory sensing
Recommendations
Suppressing microdata to prevent classification based inference
The revolution of the Internet together with the progression in computer technology makes it easy for institutions to collect an unprecedented amount of personal data. This pervasive data collection rally coupled with the increasing necessity of ...
Disclosure Control of Confidential Data by Applying Pac Learning Theory
This paper examines privacy protection in a statistical database from the perspective of an intruder using learning theory to discover private information. With the rapid development of information technology, massive data collection is relatively ...
Architecture for user-controlled e-privacy
SAC '03: Proceedings of the 2003 ACM symposium on Applied computingEmpowering users to make informed decision-making over online release of private data is a challenge in today's society. A large majority of users has rejected many e-privacy business models including Lumeria's, Zero-Knowledge's, and Microsoft's ...
Comments