Linlin Yang,Wei Wang,Yanjiao Chen,Qian Zhang

DOI: https://doi.org/10.1016/j.comnet.2014.12.017

IF: 5.493

2015-01-01

Computer Networks

Abstract:With the prosperity of the Internet, many advertisers choose to deliver their advertisements by online targeting, where the ad broker is responsible for matching advertisements with users who are likely to be interested in the underlying products or services. However, this online advertisement targeting system requires user profile information and may fail due to privacy issues. In light of growing privacy concerns, we propose a privacy-aware framework for online advertisement targeting, where users are compensated for their privacy leakage and motivated to click more advertisements. In the framework, an ad broker pays a varying amount of money to users for clicking different advertisements due to distinct privacy leakage. Meanwhile advertisers send advertisements to the ad broker and determine the price per user click they need to pay. We model the interactions among advertisers, the ad broker and users as a three-stage game, where every player aims at maximizing its own utility, and Nash Equilibrium is achieved by backward induction. We further analyze the optimal strategies for advertisers, the ad broker and users. Numerical results have shown that the proposed privacy-aware framework is effective as it enables all advertisers, the ad broker and users to maximize their utilities in case of different levels of user privacy sensitivities. In addition, the proposed framework produces higher profits for advertisers and the ad broker than the traditional “paid to click” system.

Rongxing Lu,Xiaodong Lin,Zhiguo Shi,Jun Shao

DOI: https://doi.org/10.1109/infocom.2014.6848003

2014-01-01

Abstract:In this paper, we propose a privacy-preserving framework, called PLAM, for local-area mobile social networks. The proposed PLAM framework employs a privacy-preserving request aggregation protocol with k-Anonymity and l-Diversity properties while without involving a trusted anonymizer server to keep user preference privacy when querying location-based service (LBS), and integrates unlinkable pseudo-ID technique to achieve user identity privacy, location privacy. Moreover, the proposed PLAM framework also introduces the privacy-preserving and verifiable polynomial computation to keep LBS provider's functions private while preventing the provider from cheating in computation. Detailed security analysis shows that the proposed PLAM framework can not only achieve desirable privacy requirements but also resist outside attacks on source authentication, data integrity and availability. In addition, extensive simulations are also conducted, and simulation results guide us on how to set proper thresholds for k-anonymity, l-diversity to make a tradeoff between the desirable user preference privacy level and the request delay in different scenarios.

Yan Leng,Yijun Chen,Xiaowen Dong,Junfeng Wu,Guodong Shi

DOI: https://doi.org/10.2139/ssrn.3875878

2021-01-01

SSRN Electronic Journal

Abstract:There exists a growing concern about the privacy threats inherently encoded in the increasingly available behavioral data. In this paper, we focus on online service providers over which users reveal preferences (e.g., ratings or reviews) as publicly available behavioral data. We model users' strategic interactions in making these decisions as quadratic games on networks, where a user's payoff depends not only on their actions but also on their neighbors in a social interaction network. Based on the assumption that the observed preferences correspond to the Nash equilibrium of the game, we investigate whether eavesdroppers or competitors having access to such behavioral data could potentially infer or even thoroughly learn the hidden social interaction network from the observed user actions, leading to privacy risks at a system level for the platform. We introduce three notions of privacy risks on networks: fundamental privacy, conditional privacy, and practical privacy. We establish necessary and sufficient conditions for fundamental and conditional privacy of the social interaction structure, suggesting that at the system level, such interaction structure is not facing a critical risk of being fully exposed regardless of the amount of data available. To study practical privacy, we further propose and analyze a novel learning framework by solving a joint optimization problem for the network structure and the individual marginal benefits in the game. Extensive experiments on synthetic and real-world data demonstrate the effectiveness of the proposed framework, hence illustrating that behavioral data indeed present substantial privacy risks in practice. Broadly, this study enriches the network privacy literature and provides implications for online platforms by revealing the unexpected consequence of leaking network connections due to public consumer revealed preferences.

Saba Eskandarian

DOI: https://doi.org/10.2478/popets-2021-0048

2021-04-27

Proceedings on Privacy Enhancing Technologies

Abstract:Abstract Loyalty programs in the form of punch cards that can be redeemed for benefits have long been a ubiquitous element of the consumer landscape. However, their increasingly popular digital equivalents, while providing more convenience and better bookkeeping, pose a considerable privacy risk. This paper introduces a privacy-preserving punch card protocol that allows firms to digitize their loyalty programs without forcing customers to submit to corporate surveillance. We also present a number of extensions that allow our scheme to provide other privacy-preserving customer loyalty features. Compared to the best prior work, we achieve a 14× reduction in the computation and a 11× reduction in the communication required to perform a “hole punch,” a 55× reduction in the communication required to redeem a punch card, and a 128× reduction in the computation time required to redeem a card. Much of our performance improvement can be attributed to removing the reliance on pairings or range proofs present in prior work, which has only addressed this problem in the context of more general loyalty systems. By tailoring our scheme to punch cards and related loyalty systems, we demonstrate that we can reduce communication and computation costs by orders of magnitude.

English Else

Ranjan Pal,Yixuan Wang,Swades De,Bodhibrata Nag,Pan Hui

DOI: https://doi.org/10.48550/arXiv.2012.05484

2020-12-10

Computers and Society

Abstract:The question we raise through this paper is: Is it economically feasible to trade consumer personal information with their formal consent (permission) and in return provide them incentives (monetary or otherwise)?. In view of (a) the behavioral assumption that humans are `compromising' beings and have privacy preferences, (b) privacy as a good not having strict boundaries, and (c) the practical inevitability of inappropriate data leakage by data holders downstream in the data-release supply-chain, we propose a design of regulated efficient/bounded inefficient economic mechanisms for oligopoly data trading markets using a novel preference function bidding approach on a simplified sellers-broker market. Our methodology preserves the heterogeneous privacy preservation constraints (at a grouped consumer, i.e., app, level) upto certain compromise levels, and at the same time satisfies information demand (via the broker) of agencies (e.g., advertising organizations) that collect client data for the purpose of targeted behavioral advertising.

Josep Domingo-Ferrer,Alberto Blanco-Justicia

DOI: https://doi.org/10.48550/arXiv.1412.0529

2014-12-02

Abstract:We show how group discounts can be offered without forcing buyers to surrender their anonymity, as long as buyers can use their own computing devices (e.g. smartphone, tablet or computer) to perform a purchase. Specifically, we present a protocol for privacy-preserving group discounts. The protocol allows a group of buyers to prove how many they are without disclosing their identities. Coupled with an anonymous payment system, this makes group discounts compatible with buyer privacy (that is, buyer anonymity).

Cryptography and Security

Yaser Baseri,Abdelhakim Senhaji Hafid,Dimitrios Makrakis

2024-10-28

Abstract:User profiling is a critical component of adaptive risk-based authentication, yet it raises significant privacy concerns, particularly when handling sensitive data. Profiling involves collecting and aggregating various user features, potentially creating quasi-identifiers that can reveal identities and compromise privacy. Even anonymized profiling methods remain vulnerable to re-identification attacks through these quasi-identifiers. This paper introduces a novel privacy-enhanced adaptive authentication protocol that leverages Oblivious Pseudorandom Functions (OPRF), anonymous tokens, and Differential Privacy (DP) to provide robust privacy guarantees. Our proposed approach dynamically adjusts authentication requirements based on real-time risk assessments, enhancing security while safeguarding user privacy. By integrating privacy considerations into the core of adaptive risk-based adaptive authentication, this approach addresses a gap often overlooked in traditional models. Advanced cryptographic techniques ensure confidentiality, integrity, and unlinkability of user data, while differential privacy mechanisms minimize the impact of individual data points on overall analysis. Formal security and privacy proofs demonstrate the protocol's resilience against various threats and its ability to provide strong privacy guarantees. Additionally, a comprehensive performance evaluation reveals that the computational and communication overheads are manageable, making the protocol practical for real-world deployment. By adhering to data protection regulations such as GDPR and CCPA, our protocol not only enhances security but also fosters user trust and compliance with legal standards.

Cryptography and Security

Lennart Bader,Jan Pennekamp,Emildeon Thevaraj,Maria Spiß,Salil S. Kanhere,Klaus Wehrle

2023-11-02

Abstract:Consumers frequently interact with reputation systems to rate products, services, and deliveries. While past research extensively studied different conceptual approaches to realize such systems securely and privacy-preservingly, these concepts are not yet in use in business-to-business environments. In this paper, (1) we thus outline which specific challenges privacy-cautious stakeholders in volatile supply chain networks introduce, (2) give an overview of the diverse landscape of privacy-preserving reputation systems and their properties, and (3) based on well-established concepts from supply chain information systems and cryptography, we further propose an initial concept that accounts for the aforementioned challenges by utilizing fully homomorphic encryption. For future work, we identify the need of evaluating whether novel systems address the supply chain-specific privacy and confidentiality needs.

Cryptography and Security

Xiao-Bai Li,Srinivasan Raghunathan

DOI: https://doi.org/10.1016/j.dss.2013.10.006

IF: 6.969

2014-03-01

Decision Support Systems

Abstract:Organizations today regularly share their customer data with their partners to gain competitive advantages. They are also often requested or even required by a third party to provide customer data that are deemed sensitive. In these circumstances, organizations are obligated to protect the privacy of the individuals involved while still benefiting from sharing data or meeting the requirement for releasing data. In this study, we analyze the tradeoff between privacy and data utility from the perspective of the data owner. We develop an incentive-compatible mechanism for the data owner to price and disseminate private data. With this mechanism, a data user is motivated to reveal his true purpose of data usage and acquire the data that suits to that purpose. Existing economic studies of information privacy primarily consider the interplay between the data owner and the individuals, focusing on problems that occur in the <i>collection</i> of private data. This study, however, examines the privacy issue facing a data owner organization in the <i>distribution</i> of private data to a third party data user when the real purpose of data usage is unclear and the released data could be misused.

computer science, information systems, artificial intelligence,operations research & management science

Davide Di Ruscio,Paola Inverardi,Patrizio Migliarini,Phuong T. Nguyen

DOI: https://doi.org/10.1007/s10515-024-00415-2

IF: 1.677

2024-02-19

Automated Software Engineering

Abstract:Protecting privacy and ethics of citizens is among the core concerns raised by an increasingly digital society. Profiling users is common practice for software applications triggering the need for users, also enforced by laws, to manage privacy settings properly. Users need to properly manage these settings to protect personally identifiable information and express personal ethical preferences. This has shown to be very difficult for several concurrent reasons. However, profiling technologies can also empower users in their interaction with the digital world by reflecting personal ethical preferences and allowing for automatizing/assisting users in privacy settings. In this way, if properly reflecting users' preferences, privacy profiling can become a key enabler for a trustworthy digital society. We focus on characterizing/collecting users' privacy preferences and contribute a step in this direction through an empirical study on an existing dataset collected from the fitness domain. We aim to understand which set of questions is more appropriate to differentiate users according to their privacy preferences. The results reveal that a compact set of semantic-driven questions (about domain-independent privacy preferences) helps distinguish users better than a complex domain-dependent one. Based on the outcome, we implement a recommender system to provide users with suitable recommendations related to privacy choices. We then show that the proposed recommender system provides relevant settings to users, obtaining high accuracy.

computer science, software engineering

Javier Parra-Arnau

DOI: https://doi.org/10.48550/arXiv.1701.00740

2017-01-04

Abstract:Very recently, we are witnessing the emergence of a number of start-ups that enables individuals to sell their private data directly to brokers and businesses. While this new paradigm may shift the balance of power between individuals and companies that harvest data, it raises some practical, fundamental questions for users of these services: how they should decide which data must be vended and which data protected, and what a good deal is. In this work, we investigate a mechanism that aims at helping users address these questions. The investigated mechanism relies on a hard-privacy model and allows users to share partial or complete profile data with broker companies in exchange for an economic reward. The theoretical analysis of the trade-off between privacy and money posed by such mechanism is the object of this work. We adopt a generic measure of privacy although part of our analysis focuses on some important examples of Bregman divergences. We find a parametric solution to the problem of optimal exchange of privacy for money, and obtain a closed-form expression and characterize the trade-off between profile-disclosure risk and economic reward for several interesting cases.

Cryptography and Security,Computers and Society

Raymond Chi-Wing Wong,Yubao Liu,Jian Yin,Zhilan Huang,Ada Wai-Chee Fu,Jian Pei

2007-01-01

Abstract:Privacy-preserving data publication for data mining is to protect sensitive information of individuals in published data while the distortion to the data is minimized. Recently, it is shown that (a, k)anonymity is a feasible technique when we are given some sensitive attribute(s) and quasi- identifier attributes. In previous work, generalization of the given data table has been used for the anonymization. In this paper, we show that we can project the data onto two tables for publishing in such a way that the privacy protection for (a, k)-anonymity can be achieved with less distortion. In the two tables, one table contains the undisturbed non-sensitive values and the other table contains the undisturbed sensitive values. Privacy preservation is guaranteed by the lossy join property of the two tables. We show by experiments that the results are better than previous approaches.

Adish Singla,Eric Horvitz,Ece Kamar,Ryen White

DOI: https://doi.org/10.48550/arXiv.1404.5454

2014-04-22

Abstract:Online services such as web search and e-commerce applications typically rely on the collection of data about users, including details of their activities on the web. Such personal data is used to enhance the quality of service via personalization of content and to maximize revenues via better targeting of advertisements and deeper engagement of users on sites. To date, service providers have largely followed the approach of either requiring or requesting consent for opting-in to share their data. Users may be willing to share private information in return for better quality of service or for incentives, or in return for assurances about the nature and extend of the logging of data. We introduce \emph{stochastic privacy}, a new approach to privacy centering on a simple concept: A guarantee is provided to users about the upper-bound on the probability that their personal data will be used. Such a probability, which we refer to as \emph{privacy risk}, can be assessed by users as a preference or communicated as a policy by a service provider. Service providers can work to personalize and to optimize revenues in accordance with preferences about privacy risk. We present procedures, proofs, and an overall system for maximizing the quality of services, while respecting bounds on allowable or communicated privacy risk. We demonstrate the methodology with a case study and evaluation of the procedures applied to web search personalization. We show how we can achieve near-optimal utility of accessing information with provable guarantees on the probability of sharing data.

Artificial Intelligence

Sergio Mascetti,Claudio Bettini,X. Sean Wang,Dario Freni,Sushil Jajodia

DOI: https://doi.org/10.1109/mdm.2009.28

2009-01-01

Abstract:One of the privacy threats recognized in the use of LBS is represented by an adversary having information about the presence of individuals in certain locations, and using this information together with an (anonymous) LBS request to re-identify the issuer of the request associating her to the requested service. Several papers have proposed techniques to prevent this, assuming that the use of the service is considered sensitive. In this paper we investigate the more general case in which the adversary is also able to recognize traces of LBS requests by the same anonymous user, so that the identification of the issuer of one request can lead to the disclosure of the same user being in other possibly sensitive locations at different times or using sensitive services.Using the notion of ``historical k-anonymity'', this paper provides the first formalization of this class of privacy threats. Through extensive experiments based on realistic simulations, and runs of an optimal algorithm, we show some negative results for the defenses based on spatial generalization against these attacks under very conservative assumptions. Under more realistic location knowledge assumptions, we propose two defense algorithms, based on a strategy of changing and reusing of pseudo-identifiers, whose correctness is formally proved. Our experiments show that, among all the proposed algorithms, the ProvidentHider algorithm is particularly effective in protecting privacy for reasonably long sequences of requests.

Tianpei Lu,Bingsheng Zhang,Kui Ren

DOI: https://doi.org/10.1109/tdsc.2023.3284565

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Privacy concerns often raise when sensitive data are collected, traded, and processed. The data owner typically loses her ultimate control of the data after data-outsourcing. In this work, we present the PrivData Network – a community-controlled privacy-preserving data factory and trading market. It can be viewed as a standalone data ecosystem that enables privacy-preserving data-driven workflows in a controlled environment for orchestrating and automating data movement and data transformation. In particular, we design a data encapsulation mechanism with privacy assurance, which can guarantee data privacy, usage policy compliance and metadata validity. We also design a privacy policy language and utilize a static analysis library that transfers the program to the defined policy language. To ensure the correctness of data processing, we propose a publicly verifiable secure multiparty computation protocol for mixed circuits, which guarantees the output correctness even if all parties are corrupted. Its online efficiency is comparable to conventional semi-honest secret-sharing-based MPC schemes. Finally, we implemented a prototype of our system in C++ and benchmark it on various tasks, such as biometric matching, logistic regression, and decision trees, etc.

Weiwei Liu,Yi Mu,Guomin Yang,Yong Yu

DOI: https://doi.org/10.1007/s11235-016-0201-3

2016-01-01

Telecommunication Systems

Abstract:We propose two novel e-coupon systems that can achieve the following new properties: (1) The coupon issuer (or service provider) can trace the identity of a dishonest user while the identity privacy (or anonymity) of a honest user is still well protected. (2) A honest user’s redemption privacy (i.e., the items chosen when redeeming an e-coupon) is well protected from the service provider. (3) If a dishonest user redeems an e-coupon for more than the pre-determined number of times, then the user will lose the redemption privacy (i.e., all the choices the user has made in the previous redemptions can be revealed). We first propose a novel blind signature scheme that we employ together with oblivious transfer to construct our first e-coupon system, which achieves the first two properties without the involvement of any trusted third party. Then we propose a novel oblivious transfer scheme and use it to construct the second e-coupon system that can achieve all the properties given above. We also define the formal security models for these new security requirements, and show that our new e-coupon systems are proven secure in the proposed models.

Zhixuan Fang,Longbo Huang,Adam Wierman

DOI: https://doi.org/10.1016/j.peva.2020.102105

IF: 2.205

2020-11-01

Performance Evaluation

Abstract:<p>Loyalty programs are important tools for sharing platforms seeking to grow supply. Online sharing platforms use loyalty programs to heavily subsidize resource providers, encouraging participation and boosting supply. As the sharing economy has evolved and competition has increased, the design of loyalty programs has begun to play a crucial role in the pursuit of maximal revenue. In this paper, we first characterize the optimal loyalty program for a platform with homogeneous users. We then show that optimal revenue in a heterogeneous market can be achieved by a class of multi-threshold loyalty program (MTLP) which admits a simple implementation-friendly structure. We also study the performance of loyalty programs in a setting with two competing sharing platforms, showing that the degree of heterogeneity is a crucial factor for both loyalty programs and pricing strategies. Our results show that sophisticated loyalty programs that reward suppliers via stepwise linear functions outperform simple sign-up bonuses, which give them a one time reward for participating.</p>

computer science, theory & methods, hardware & architecture

An Liu,Weiqi Wang,Zhixu Li,Guanfeng Liu,Qing Li,Xiaofang Zhou,Xiangliang Zhang

DOI: https://doi.org/10.1109/access.2017.2765317

IF: 3.9

2017-01-01

IEEE Access

Abstract:Point-of-interest (POI) recommendation has attracted many interests recently because of its significant potential for helping users to explore new places and helping location-based service (LBS) providers to carry out precision marketing. Compared with the user-item rating matrix in conventional recommender systems, the user-location check-in matrix in POI recommendation is usually much more sparse, which makes the notorious cold start problem more prominent in POI recommendation. Trust-oriented recommendation is an effective way to deal with this problem but it requires that the recommender has access to user check-in and trust data. In practice, however, these data are usually owned by different businesses who are not willing to share their data with the recommender mainly due to privacy and legal concerns. In this paper, we propose a privacy-preserving framework to boost data owners willingness to share their data with untrustworthy businesses. More specifically, we utilize partially homomorphic encryption to design two protocols for privacy-preserving trust-oriented POI recommendation. By offline encryption and parallel computing, these protocols can efficiently protect the private data of every party involved in the recommendation. We prove that the proposed protocols are secure against semi-honest adversaries. Experiments on both synthetic data and real data show that our protocols can achieve privacy-preserving with acceptable computation and communication cost.

Jing Yao,Yifeng Zheng,Yu Guo,Chengjun Cai,Anxin Zhou,Cong Wang,Xiaolin Gui

DOI: https://doi.org/10.1109/ACCESS.2019.2937669

IF: 3.9

2019-01-01

IEEE Access

Abstract:It is increasingly popular to use behavioral targeting in online coupon service for targeted coupon delivery, wherein customized coupons can be delivered to only eligible users whose behavioral profiles match targeting profiles specified by the vendor. While allowing the vendor to personalize the service and build loyalty, such practice also raises the security challenges of protecting users' behavioral profiles and the vendor' targeting profiles. Our research caters for the trend of targeted coupons yet aims to offer privacy assurance. Unlike prior works which are largely constrained by the mere support for secure behavioral targeting, we ambitiously target a new system design that uniquely provides comprehensive functionalities to satisfy practical needs. Specifically, we explore and present the first full-fledged system design for targeted coupon service with three practical functionalities: (i) Private range search on coupon discounts: it enables a user to securely search for encrypted targeted coupons with certain discount range; (ii) Private behavioral targeting: it ensures that only eligible users can decrypt the ciphertexts of targeted coupons obtained from search; (iii) Private blockchain-empowered coupon redemption: it enables coupon redemption to be securely and transparently settled on the blockchain. We conduct extensive experiments and the results show that our secure system design is practically affordable.

Bishwas Mandal,George Amariucai,Shuangqing Wei

2024-04-08

Abstract:We propose a novel problem formulation to address the privacy-utility tradeoff, specifically when dealing with two distinct user groups characterized by unique sets of private and utility attributes. Unlike previous studies that primarily focus on scenarios where all users share identical private and utility attributes and often rely on auxiliary datasets or manual annotations, we introduce a collaborative data-sharing mechanism between two user groups through a trusted third party. This third party uses adversarial privacy techniques with our proposed data-sharing mechanism to internally sanitize data for both groups and eliminates the need for manual annotation or auxiliary datasets. Our methodology ensures that private attributes cannot be accurately inferred while enabling highly accurate predictions of utility features. Importantly, even if analysts or adversaries possess auxiliary datasets containing raw data, they are unable to accurately deduce private features. Additionally, our data-sharing mechanism is compatible with various existing adversarially trained privacy techniques. We empirically demonstrate the effectiveness of our approach using synthetic and real-world datasets, showcasing its ability to balance the conflicting goals of privacy and utility.

Machine Learning,Cryptography and Security