Skip to main content
SpringerLink
Log in

Privacy-Preserving Sharing of Mobile Sensor Data

  • Conference paper
  • First Online:
Mobile Computing, Applications, and Services (MobiCASE 2021)

  • 309 Accesses

Abstract

To personalize modern mobile services (e.g., advertisement, navigation, healthcare) for individual users, mobile apps continuously collect and analyze sensor data. By sharing their sensor data collections, app providers can improve the quality of mobile services. However, the data privacy of both app providers and users must be protected against data leakage attacks. To address this problem, we present differentially privatized on-device sharing of sensor data, a framework through which app providers can safely collaborate with each other to personalize their mobile services. As a trusted intermediary, the framework aggregates the sensor data contributed by individual apps, accepting statistical queries against the combined datasets. A novel adaptive privacy-preserving scheme: 1) balances utility and privacy by computing and adding the required amount of noise to the query results; 2) incentivizes app providers to keep contributing data; 3) secures all data processing by integrating a Trusted Execution Environment. Our evaluation demonstrates the framework’s efficiency, utility, and safety: all queries complete in <10 ms; the data sharing collaborations satisfy participants’ dissimilar privacy/utility requirements; mobile services are effectively personalized, while preserving the data privacy of both app providers and users.

Y. Liu and B. D. Cruz—This work done in the Software Innovations Lab at Virginia Tech.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Android mobile platform takes \(\approx \)85% of the global mobile market [21].

  2. 2.

    An app provider can have multiple apps, while an app has one provider only. For ease of exposition, we assume a one-to-one correspondence between a provider and an app, so we can use the terms “app provider” and “app” interchangeably.

  3. 3.

    Each data type has its own combined dataset.

  4. 4.

    Hereafter, individual refers to an app provider, and private information refers to the sensor data collected by a provider.

  5. 5.

    A common practice for studying various performance trade-offs on the Android platform [6].

  6. 6.

    A portable framework for code to run on any standardized TEEs.

  7. 7.

    The Yeti is a metaphor that describes any real-world user with a similar behavioral profile in this application scenario.

  8. 8.

      queries “how many times does value ‘m’ appear in the combined dataset?”.

  9. 9.

    As a rule of thumb of practical statistical analysis, the minimum sample size is typically between 20 and 30 [30].

References

  1. CVE-2016-6540 (2016). https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6540

  2. Acquisti, A., Taylor, C., Wagman, L.: The economics of privacy. J. Econ. Lit. 54(2), 442–92 (2016)

    Article  Google Scholar 

  3. Almuhimedi, H., et al.: Your location has been shared 5,398 times! a field study on mobile app privacy nudging. In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems, pp. 787–796 (2015)

    Google Scholar 

  4. Anderson, C., Andersson, M.P.: Long tail (2004)

    Google Scholar 

  5. Apple Inc.: App groups entitlement (2017). https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_security_application-groups

  6. Armando, A., Merlo, A., Migliardi, M., Verderame, L.: Would you mind forking this process? A denial of service attack on android (and some countermeasures). In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IAICT, vol. 376, pp. 13–24. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-30436-1_2

    Chapter  Google Scholar 

  7. Asokan, N., et al.: CrowdShare: secure mobile resource sharing. In: Jacobson, M., Locasto, M., Mohassel, P., Safavi-Naini, R. (eds.) ACNS 2013. LNCS, vol. 7954, pp. 432–440. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38980-1_27

    Chapter  Google Scholar 

  8. Binns, R., Lyngs, U., Van Kleek, M., Zhao, J., Libert, T., Shadbolt, N.: Third party tracking in the mobile ecosystem. In: Proceedings of the 10th ACM Conference on Web Science, pp. 23–31 (2018)

    Google Scholar 

  9. Canetti, R.: Security and composition of multiparty cryptographic protocols. J. Cryptol. 13(1), 143–202 (2000)

    Article  MathSciNet  Google Scholar 

  10. Dwork, C.: Differential privacy: a survey of results. In: Agrawal, M., Du, D., Duan, Z., Li, A. (eds.) TAMC 2008. LNCS, vol. 4978, pp. 1–19. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-79228-4_1

    Chapter  MATH  Google Scholar 

  11. Dwork, C., McSherry, F., Nissim, K., Smith, A.: Calibrating noise to sensitivity in private data analysis. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 265–284. Springer, Heidelberg (2006). https://doi.org/10.1007/11681878_14

    Chapter  Google Scholar 

  12. Gaboardi, M., Honaker, J., King, G., Nissim, K., Ullman, J., Vadhan, S.: PSI: a private data sharing interface. arXiv:1609.04340 (2016)

  13. GlobalPlatform: GlobalPlatform, TEE system architecture, technical report (2011). www.globalplatform.org/specificationsdevice.asp

  14. Google: Android studio - select the minimum API level (2018). https://developer.android.com/studio/projects/create-project

  15. Google: Distribution dashboard (2018). https://developer.android.com/about/dashboards

  16. Google: Connect to the network (2019). https://developer.android.com/training/basics/network-ops/connecting

  17. Google Play Store: Noroot firewall (2019). https://play.google.com/store/apps/details?id=app.greyshirts.firewall&hl=en

  18. Han, S., Philipose, M.: The case for onloading continuous high-datarate perception to the phone. In: Presented as Part of the 14th Workshop on Hot Topics in Operating Systems (2013)

    Google Scholar 

  19. Hendrycks, D., Mazeika, M., Dietterich, T.G.: Deep anomaly detection with outlier exposure. arXiv preprint arXiv:1812.04606 (2018)

  20. Huberman, B.A., Franklin, M., Hogg, T.: Enhancing privacy and trust in electronic communities. In: Proceedings of the 1st ACM Conference on Electronic Commerce, pp. 78–86. ACM (1999)

    Google Scholar 

  21. IDC: Smartphone OS market share (2017). https://www.idc.com/promo/smartphone-market-share/os

  22. Kiss, Á., Liu, J., Schneider, T., Asokan, N., Pinkas, B.: Private set intersection for unequal set sizes with mobile applications. Proc. Priv. Enhancing Technol. 2017(4), 177–197 (2017)

    Article  Google Scholar 

  23. KQED Science: Scientists looked at DNA supposedly from a Yeti and here’s what they found, December 2017. https://goo.gl/uDvypP

  24. Lee, J., Clifton, C.: How much is enough? Choosing \(\varepsilon \) for differential privacy. In: Lai, X., Zhou, J., Li, H. (eds.) ISC 2011. LNCS, vol. 7001, pp. 325–340. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24861-0_22

    Chapter  Google Scholar 

  25. Malkhi, D., Nisan, N., Pinkas, B., Sella, Y., et al.: Fairplay-secure two-party computation system. In: USENIX Security Symposium (2004)

    Google Scholar 

  26. McGillion, B., Dettenborn, T., Nyman, T., Asokan, N.: Open-TEE-an open virtual trusted execution environment. In: 2015 IEEE Trustcom/BigDataSE/ISPA, vol. 1, pp. 400–407. IEEE (2015)

    Google Scholar 

  27. McSherry, F.D.: Privacy integrated queries: an extensible platform for privacy-preserving data analysis. In: Proceedings of the 2009 ACM SIGMOD International Conference on Management of Data, pp. 19–30. ACM (2009)

    Google Scholar 

  28. Miller, A., Hicks, M., Katz, J., Shi, E.: Authenticated data structures, generically. In: ACM SIGPLAN Notices, vol. 49, pp. 411–423. ACM (2014)

    Google Scholar 

  29. Miller, R.B.: Response time in man-computer conversational transactions. In: Proceedings of the December 9–11, 1968, Fall Joint Computer Conference, Part I, pp. 267–277. ACM (1968)

    Google Scholar 

  30. Minitab: Proceed with the analysis if the sample is large enough (2020). https://support.minitab.com/en-us/minitab/19/help-and-how-to/statistics/basic-statistics/supporting-topics/normality/what-to-do-with-nonnormal-data/

  31. MOCACARE: Blood pressure monitor (2020). https://www.mocacare.com/mocacuff/

  32. Mohan, P., Thakurta, A., Shi, E., Song, D., Culler, D.: GUPT: privacy preserving data analysis made easy. In: Proceedings of the 2012 ACM SIGMOD International Conference on Management of Data, pp. 349–360. ACM (2012)

    Google Scholar 

  33. Mohassel, P., Franklin, M.: Efficiency tradeoffs for malicious two-party computation. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 458–473. Springer, Heidelberg (2006). https://doi.org/10.1007/11745853_30

    Chapter  Google Scholar 

  34. Nguyen, N.: A lot of apps sell your data. here’s what you can do about it (2018). https://www.buzzfeednews.com/article/nicolenguyen/how-apps-take-your-data-and-sell-it-without-you-even

  35. Omron: Omron wearable blood pressure monitor (2020). https://omronhealthcare.com/products/heartguide-wearable-blood-pressure-monitor-bp8000m/

  36. O’Sullivan, D.: Cloud leak: how a Verizon partner exposed millions of customer accounts (2017). https://www.upguard.com/breaches/verizon-cloud-leak

  37. Pang, G., Cao, L., Chen, L., Liu, H.: Unsupervised feature selection for outlier detection by modelling hierarchical value-feature couplings. In: 2016 IEEE 16th International Conference on Data Mining (ICDM), pp. 410–419. IEEE (2016)

    Google Scholar 

  38. Paverd, A., Martin, A., Brown, I.: Modelling and automatically analysing privacy properties for honest-but-curious adversaries. Technical report (2014)

    Google Scholar 

  39. Roy, I., Setty, S.T.V., Kilzer, A., Shmatikov, V., Witchel, E.: Airavat: security and privacy for MapReduce. In: Proceedings of the 7th USENIX Conference on Networked Systems Design and Implementation, NSDI 2010, p. 20. USENIX Association, Berkeley (2010). http://dl.acm.org/citation.cfm?id=1855711.1855731

  40. Singer, N.: New data rules could empower patients but undermine their privacy (2020). https://www.nytimes.com/2020/03/09/technology/medical-app-patients-data-privacy.html

  41. Statt, N.: Some major android apps are still sending data directly to Facebook (2019). https://www.theverge.com/2019/3/5/18252397/facebook-android-apps-sending-data-user-privacy-developer-tools-violation

  42. F. Marketing Team: How much money can you earn with an app in 2019 (2019). https://fueled.com/blog/much-money-can-earn-app/

  43. The New Daily: Federal government to force tech giants to reveal user data (2018). https://thenewdaily.com.au/news/national/2018/08/14/tech-surveillance-laws/

  44. Vallina-Rodriguez, N., et al.: When David helps goliath: the case for 3G onloading. In: Proceedings of the 11th ACM Workshop on Hot Topics in Networks, pp. 85–90. ACM (2012)

    Google Scholar 

  45. VARONIS: 2018 VARONIS global data risk report (2018). https://www.varonis.com/2018-data-risk-report/

  46. Vu, X.S., Jiang, L.: Self-adaptive privacy concern detection for user-generated content. arXiv preprint arXiv:1806.07221 (2018)

  47. Wendt, N., Julien, C.: PACO: a system-level abstraction for on-loading contextual data to mobile devices. IEEE Trans. Mob. Comput. 17(9), 2127–2140 (2018)

    Article  Google Scholar 

Download references

Acknowledgements

The authors thank the anonymous reviewers, whose insightful comments helped improve this paper. NSF supported this research through the grant #1717065.

Author information

Authors and Affiliations

  1. Faculty of Information Technology, Beijing University of Technology, Beijing, 100124, China

    Yin Liu

  2. Laboratory for Software Design, Iowa State University, Ames, USA

    Breno Dantas Cruz

  3. Software Innovations Lab, Virginia Tech, Blacksburg, USA

    Eli Tilevich

Authors
  1. Yin Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Breno Dantas Cruz
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Eli Tilevich
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yin Liu .

Editor information

Editors and Affiliations

  1. Zhejiang University, Hangzhou, China

    Shuiguang Deng

  2. University of Sydney, Sydney, NSW, Australia

    Albert Zomaya

  3. Beijing Information Science and Technology University, Beijing, China

    Ning Li

Rights and permissions

Reprints and permissions

Copyright information

© 2022 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Liu, Y., Cruz, B.D., Tilevich, E. (2022). Privacy-Preserving Sharing of Mobile Sensor Data. In: Deng, S., Zomaya, A., Li, N. (eds) Mobile Computing, Applications, and Services. MobiCASE 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 434. Springer, Cham. https://doi.org/10.1007/978-3-030-99203-3_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-99203-3_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-99202-6

  • Online ISBN: 978-3-030-99203-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation