Shengling Wang,Luyun Li,Weiman Sun,Junqi Guo,Rongfang Bie,Kai Lin

DOI: https://doi.org/10.3390/s17020339

2017-02-10

Abstract:In a context sensing system in which a sensor-equipped mobile phone runs an unreliable context-aware application, the application can infer the user's contexts, based on which it provides personalized services. However, the application may sell the user's contexts to some malicious adversaries to earn extra profits, which will hinder its widespread use. In the real world, the actions of the user, the application and the adversary in the context sensing system affect each other, so that their payoffs are constrained mutually. To figure out under which conditions they behave well (the user releases, the application does not leak and the adversary does not retrieve the context), we take advantage of game theory to analyze the context sensing system. We use the extensive form game and the repeated game, respectively, to analyze two typical scenarios, single interaction and multiple interaction among three players, from which Nash equilibriums and cooperation conditions are obtained. Our results show that the reputation mechanism for the context-sensing system in the former scenario is crucial to privacy preservation, so is the extent to which the participants are concerned about future payoffs in the latter one.

Wei Wang,Qian Zhang

DOI: https://doi.org/10.1109/TNET.2015.2512301

2016-01-01

Abstract:The proliferation of sensor-equipped smartphones has enabled an increasing number of context-aware applications that provide personalized services based on users' contexts. However, most of these applications aggressively collect users' sensing data without providing clear statements on the usage and disclosure strategies of such sensitive information, which raises severe privacy concerns and leads to some initial investigation on privacy preservation mechanisms design. While most prior studies have assumed static adversary models, we investigate the context dynamics and call attention to the existence of intelligent adversaries. In this paper, we identify the context privacy problem with consideration of the context dynamics and malicious adversaries with capabilities of adjusting their attacking strategies. Then, we formulate the interactive competition between users and adversaries as a competitive Markov decision process MDP, in which the users attempt to preserve the context-based service quality and their context privacy in the long-term defense against the strategic adversaries with the opposite interests. In addition, we propose an efficient minimax learning algorithm to obtain the optimal policy of the users and prove that the algorithm quickly converges to the unique Nash equilibrium point. Our evaluations on real smartphone context traces of 94 users demonstrate that the proposed algorithm largely improves the convergence speed by three orders of magnitude compared with traditional algorithm and the optimal policy obtained by our minimax learning algorithm outperforms the baseline algorithms.

Wei Wang,Qian Zhang

DOI: https://doi.org/10.1109/infocom.2014.6848177

2014-01-01

Abstract:The proliferation of sensor-equipped smartphones has enabled an increasing number of context-aware applications that provide personalized services based on users' contexts. However, most of these applications aggressively collect users sensing data without providing clear statements on the usage and disclosure strategies of such sensitive information, which raises severe privacy concerns and leads to some initial investigation on privacy preservation mechanisms design. While most prior studies have assumed static adversary models, we investigate the context dynamics and call attention to the existence of intelligent adversaries. In this paper, we first identify the context privacy problem with consideration of the context dynamics and malicious adversaries with capabilities of adjusting their attacking strategies, and then formulate the interactive competition between users and adversaries as a zero-sum stochastic game. In addition, we propose an efficient minimax learning algorithm to obtain the optimal defense strategy. Our evaluations on real smartphone context traces of 94 users validate the proposed algorithm.

Wei Li,Chunqiang Hu,Tianyi Song,Jiguo Yu,Xiaoshuang Xing,Zhipeng Cai

DOI: https://doi.org/10.1109/pac.2018.00014

2018-01-01

Abstract:Thanks to the development and popularity of context-aware applications, the quality of users' life has been improved through a wide variety of customized services. Meanwhile, users are suffering severe risk of privacy leakage and their privacy concerns are growing over time. To tackle the contradiction between the serious privacy issues and the growing privacy concerns in context-aware applications, in this paper, we propose a privacy-preserving data collection scheme by incorporating the complicated interactions among user, attacker, and service provider into a three-antithetic-party game. Under such a novel game model, we identify and rigorously prove the best strategies of the three parties and the equilibriums of the games. Furthermore, we evaluate the performance of our proposed data collection game by performing extensive numerical experiments, confirming that the user's data privacy can be effective preserved.

Yan Huang,Wei Li,Jinbao Wang,Zhipeng Cai,Anu G. Bourgeois

DOI: https://doi.org/10.1016/j.jnca.2021.103115

IF: 7.574

2021-01-01

Journal of Network and Computer Applications

Abstract:The popularity of context-aware services is improving the quality of life, while raising serious privacy issues. In order for users to receive quality service, they are at risk of leaking private information by adversaries that are possibly eavesdropping on the data and/or by the untrusted service platform selling off its data to adversaries. Game theory has been utilized as a powerful tool to achieve privacy preservation by strategically balancing the trade-off between profit (service) and cost (data leakage) for the user. However, most of the existing schemes cannot fully exploit the power of game theory, as they fail to depict the mutual relationship between any two (of the three) parties involved: user, platform, and adversary. Existing schemes are also not always able to provide specific guidance for a user to reduce the impact of the joint threats from the platform and adversary. In this paper, we design a privacy-preserving game to quantify the three parties’ concerns and capture interactions between any two of them. We also identify the best strategy for each party at a fine-grained level, i.e. specific settings, not simply binary choices. We validate the performance of our proposed game model through both a theoretical analysis and experiments.

Yan Leng,Yijun Chen,Xiaowen Dong,Junfeng Wu,Guodong Shi

DOI: https://doi.org/10.2139/ssrn.3875878

2021-01-01

SSRN Electronic Journal

Abstract:There exists a growing concern about the privacy threats inherently encoded in the increasingly available behavioral data. In this paper, we focus on online service providers over which users reveal preferences (e.g., ratings or reviews) as publicly available behavioral data. We model users' strategic interactions in making these decisions as quadratic games on networks, where a user's payoff depends not only on their actions but also on their neighbors in a social interaction network. Based on the assumption that the observed preferences correspond to the Nash equilibrium of the game, we investigate whether eavesdroppers or competitors having access to such behavioral data could potentially infer or even thoroughly learn the hidden social interaction network from the observed user actions, leading to privacy risks at a system level for the platform. We introduce three notions of privacy risks on networks: fundamental privacy, conditional privacy, and practical privacy. We establish necessary and sufficient conditions for fundamental and conditional privacy of the social interaction structure, suggesting that at the system level, such interaction structure is not facing a critical risk of being fully exposed regardless of the amount of data available. To study practical privacy, we further propose and analyze a novel learning framework by solving a joint optimization problem for the network structure and the individual marginal benefits in the game. Extensive experiments on synthetic and real-world data demonstrate the effectiveness of the proposed framework, hence illustrating that behavioral data indeed present substantial privacy risks in practice. Broadly, this study enriches the network privacy literature and provides implications for online platforms by revealing the unexpected consequence of leaking network connections due to public consumer revealed preferences.

Yajin Zhou,Xinwen Zhang,Xuxian Jiang,Vincent W. Freeh

DOI: https://doi.org/10.1007/978-3-642-21599-5_7

2011-01-01

Abstract:Smartphones have been becoming ubiquitous and mobile users are increasingly relying on them to store and handle personal information. However, recent studies also reveal the disturbing fact that users' personal information is put at risk by (rogue) smartphone applications. Existing solutions exhibit limitations in their capabilities in taming these privacy-violating smartphone applications. In this paper, we argue for the need of a new privacy mode in smartphones. The privacy mode can empower users to flexibly control in a fine-grained manner what kinds of personal information will be accessible to an application. Also, the granted access can be dynamically adjusted at runtime in a fine-grained manner to better suit a user's needs in various scenarios (e.g., in a different time or location). We have developed a system called TISSA that implements such a privacy mode on Android. The evaluation with more than a dozen of information-leaking Android applications demonstrates its effectiveness and practicality. Furthermore, our evaluation shows that TISSA introduces negligible performance overhead.

Lichen Zhang,Yingshu Li,Liang Wang,Junling Lu,Peng Li,Xiaoming Wang

DOI: https://doi.org/10.1155/2017/4842694

IF: 1.968

2017-01-01

Security and Communication Networks

Abstract:With the proliferation of smartphones and the usage of the smartphone apps, privacy preservation has become an important issue. The existing privacy preservation approaches for smartphones usually have less efficiency due to the absent consideration of the active defense policies and temporal correlations between contexts related to users. In this paper, through modeling the temporal correlations among contexts, we formalize the privacy preservation problem to an optimization problem and prove its correctness and the optimality through theoretical analysis. To further speed up the running time, we transform the original optimization problem to an approximate optimal problem, a linear programming problem. By resolving the linear programming problem, an efficient context-aware privacy preserving algorithm (CAPP) is designed, which adopts active defense policy and decides how to release the current context of a user to maximize the level of quality of service (QoS) of context-aware apps with privacy preservation. The conducted extensive simulations on real dataset demonstrate the improved performance of CAPP over other traditional approaches.

Wei Wang,Qian Zhang

DOI: https://doi.org/10.1109/mwc.2015.7224725

IF: 12.777

2015-01-01

IEEE Wireless Communications

Abstract:Sensor-equipped smartphones as well as wearable devices have undoubtedly become the predominant source of user-generated data in mobile networks. The proliferation of user-generated data has created a plethora of opportunities for personalized services based on the states of users and their surrounding environments. Those personalized services, although improving users' perceived quality of experience, have raised severe privacy concerns, as most of these applications aggressively collect users' personal data without providing clear statements on the usage and disclosure policies of such sensitive information. In order to sustain personalized services with long-term privacy preservation, disruptive paradigms are required. We envision that context awareness is a key pillar to providing long-term quality of protection (QoP) for individual privacy. In particular, users transit between different contexts, including mobility modes and social activities, and these contexts are temporally or logically correlated, which can be leveraged by adversaries to compromise users' privacy. In addition, users may have different QoP preferences in different contexts. With these salient features in mind, this article investigates context-aware QoP mechanism designs for personalized services in mobile networks. We discuss possible attacks and propose corresponding countermeasures. In particular, we develop a QoP framework that exploits context awareness to achieve better trade-offs between service quality and privacy protection in long-term services. Finally, we provide some implications for future context-aware QoP mechanism designs by conducting a case study on smartphone traces.

Fan Wu,He Li,Wenhao Fan,Bihua Tang,Yuanan Liu

DOI: https://doi.org/10.1587/transfun.2019EAP1128

2020-01-01

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences

Abstract:Android occupies a very large market share in the field of mobile devices, and quantities of applications are created everyday allowing users to easily use them. However, privacy leaks on Android terminals may result in serious losses to businesses and individuals. Current permission model cannot effectively prevent privacy data leakage. In this paper, we find a way to protect privacy data on Android terminals from the perspective of privacy information propagation by porting the concept of contextual integrity to the realm of privacy protection. We propose a computational model of contextual integrity suiting for Android platform and design a privacy protection system based on the model. The system consists of an online phase and offline phase; the main function of online phase is to computing the value of distribution norm and making privacy decisions, while the main function of offline phase is to create a classification model that can calculate the value of the appropriateness norm. Based on the 6 million permission requests records along with 2.3 million runtime contextual records collected by dynamic analysis, we build the system and verify its feasibility. Experiment shows that the accuracy of offline classifier reaches up to 0.94. The experiment of the overall system feasibility illustrates that 70% location data requests, 84% phone data requests and 46% storage requests etc., violate the contextual integrity.

Qingsheng Zhang,Yong Qi,Jizhong Zhao,Di Hou,Tianhai Zhao,Liang Li

DOI: https://doi.org/10.1109/icccn.2007.4318009

2007-01-01

Abstract:By using personal information in a pervasive computing environment, context-aware applications can provide appropriate services for people. This personal information is often involved in personal privacy. In order to protect personal privacy concerns about personal information, privacy role is proposed to control access personal information. We also construct an information system about the privacy decision of personal information disclosure based on people's interaction history. In the initial period of personal information disclosure, the privacy decision is made by people and the information system is constructed based on the decision data. Then privacy disclosure policies are extracted from this information system using rough set theory. According to deducing from the privacy disclosure policies and people's context information, the context-aware application is assigned to an adequate privacy role. It reduces the distraction of privacy decision for people. A case study further shows the proposed method is effective. Finally, it provides about the overload performance of privacy role analysis engine.

Li Kuang,Yujia Zhu,Shuqi Li,Xuejin Yan,Han Yan,Shuiguang Deng

DOI: https://doi.org/10.1155/2018/3486529

IF: 1.968

2018-01-01

Security and Communication Networks

Abstract:With the rapid development of sensor acquisition technology, more and more data are collected, analyzed, and encapsulated into application services. However, most of applications are developed by untrusted third parties. Therefore, it has become an urgent problem to protect users’ privacy in data publication. Since the attacker may identify the user based on the combination of user’s quasi-identifiers and the fewer quasi-identifier fields result in a lower probability of privacy leaks, therefore, in this paper, we aim to investigate an optimal number of quasi-identifier fields under the constraint of trade-offs between service quality and privacy protection. We first propose modelling the service development process as a cooperative game between the data owner and consumers and employing the Stackelberg game model to determine the number of quasi-identifiers that are published to the data development organization. We then propose a way to identify when the new data should be learned, as well, a way to update the parameters involved in the model, so that the new strategy on quasi-identifier fields can be delivered. The experiment first analyses the validity of our proposed model and then compares it with the traditional privacy protection approach, and the experiment shows that the data loss of our model is less than that of the traditional k-anonymity especially when strong privacy protection is applied.

Mulugeta Kassaw Tefera,Xiaolong Yang

DOI: https://doi.org/10.3390/s19071581

IF: 3.9

2019-04-01

Sensors

Abstract:Recently, the growing ubiquity of location-based service (LBS) technology has increased the likelihood of users’ privacy breaches due to the exposure of their real-life information to untrusted third parties. Extensive use of such LBS applications allows untrusted third-party adversarial entities to collect large quantities of information regarding users’ locations over time, along with their identities. Due to the high risk of private information leakage using resource-constrained smart mobile devices, most LBS users may not be adequately encouraged to access all LBS applications. In this paper, we study the use of game theory to protect users against private information leakage in LBSs due to malicious or selfish behavior of third-party observers. In this study, we model a scenario of privacy protection gameplay between a privacy protector and an outside visitor and then derive the situation of the prisoner’s dilemma game to analyze the traditional privacy protection problems. Based on the analysis, we determine the corresponding benefits to both players using a point of view that allows the visitor to access a certain amount of information and denies further access to the user’s private information when exposure of privacy is forthcoming. Our proposed model uses the collection of private information about historical access data and current LBS access scenario to effectively determine the probability that the visitor’s access is an honest one. Moreover, we present the procedures involved in the privacy protection model and framework design, using game theory for decision-making. Finally, by employing a comparison analysis, we perform some experiments to assess the effectiveness and superiority of the proposed game-theoretic model over the traditional solutions.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Qi Yong,Zhang Qingsheng,He Hui,Niu Yujie

DOI: https://doi.org/10.1109/COMPSAC.2008.76

2008-01-01

Abstract:Personal context information is important to enable context-aware applications in pervasive spaces. As privacy, many investigators have pointed out that it must be in the controllable state by using personal privacy policy. The long term objective of this research was to extract privacy policy from personal context information database with machine learning method. A context-aware telephone system was designed to collect data, learn policy and examine the accuracy of policy. In the step of PDA simulation, the results showed that the method was possible to make suitable decision for telephone communication in consideration of privacy protection. In order to further validate the proposed privacy protection method, the pervasive space was designed and implemented to get more real data about using context-aware telephone. At the step of pervasive space simulation, we design and code the prototype of context-aware telephone system from the view of software engineering.

Shengling Wang,Jian-Hui Huang,Luyun Li,Liran Ma,Xiuzhen Cheng

DOI: https://doi.org/10.1145/3084041.3084059

2017-01-01

Abstract:Personalized applications often provide their functionality by extracting sensitive data from users. Such a strategy brings potential threats to users' privacy because malicious applications may sell users' sensitive data to third-parties for economic interests. The state-of-the-art literature addresses the privacy issue mainly from a technical perspective. In this paper, we take a different angle in which the main players involving privacy leakage are studied from a connected perspective rather than an isolated one. More specifically, we propose the concept of application ecosystem, which consists of user, application, and adversary (malicious third-party) as entities. Our aim is to analyze the tension forces inside the application ecosystem and their impacts on the behavior of each player, which can serve as a theoretical basis for designing effective and efficient privacy preservation solutions from a management level. Another outstanding trait of our analysis is the adoption of quantum game theory to model the application ecosystem, which is suitable because the important property of entanglement in quantum games can be employed to well depict the inner tension forces among the user, application, and adversary. This makes us take an important step towards understanding the complexity of decision-making from rational individuals. To the best of our knowledge, we are the first to quantize the privacy leakage issue. The simulation results quantitatively demonstrate how the mutual restrictions among all players determine their strategies and hence the development of the application ecosystem.

Jie Gu,Yunjie Xu,Heng Xu,Hong Ling

DOI: https://doi.org/10.1109/HICSS.2015.421

2015-01-01

Abstract:The prevalence of mobile applications poses a new challenge in privacy protection. To address privacy concerns, prior studies have identified the direct effects of contextual cues but few have revealed their interaction effects. In reality, contextual cues do not appear in isolation, existence of multiple contextual cues introduces an extra complexity in a user's privacy decision-making. This study aims to address the research question of how contextual cues interactively shape privacy concerns. This study focuses on the Android application downloading context. Three contextual cues (i.e., App popularity, permission sensitivity, permission explanation) are identified. Our experimental study postulates both the direct effect and interaction effects of contextual cues on privacy concerns. This study contributes to literature with a better understanding of the combinatory effects of multiple contextual cues.

Guoyun Li,Yaozhi Zhang,Xianqi Yu,Yuqing Sun

DOI: https://doi.org/10.1109/UIC-ATC-ScalCom-CBDCom-IoP.2015.83

2015-01-01

Abstract:Summary form only given. Intelligent mobile devices are more and more popular in recent years. There are millions of mobile applications, which provide variant functionalities. They bring great convinces to people's lives. However, these applications often request different access requests, which relate with many user privacy information such as identity, contact list or location etc. Some of them are actually not necessary for applications. Although there exist some security applications for privacy protection, in many cases, users do not know how to make privacy setting or even have no knowledge about their privacy leakage. This fact brings user privacy facing serious threat. To solve this problem, we propose a mobile privacy protection framework achieve a fine-grained and context aware permission control. We propose several recommendation algorithms to recommend an appropriate privacy setting when a user requests help. To help a user understand how his/her privacy status, we design and implement a privacy management plug in for Android platform.

Xiaohui Li,Chaoyang Chen,Feng Liu,Bo Li,Yajun Wang

DOI: https://doi.org/10.1088/1757-899x/719/1/012011

2020-01-01

Abstract:In order to protect the user privacy in the big data environment, We propose a security method based on game theory through trust management mechanism. The main contribution of this paper include:(1) analysis service game relationship in the big data environment,(2)combine trust evaluation with decision management, and apply game theory to design a user-centric scheme to protect privacy,(3)proposing a service selection method. By using game theory to restrict the service interaction between the users and services in big data, we introduce some factors corresponding game model. we then apply the trust evaluation and decision management to describe the relationship and trust quantify in which we propose a method for service selection to implement user privacy protection. Simulation results show that the proposed method is effective and can apply the dynamic game of incomplete information relationship between user and service to make decisions on the service selection, thus providing customized privacy protection.

Shidong Pan,Zhen Tao,Thong Hoang,Dawen Zhang,Tianshi Li,Zhenchang Xing,Sherry Xu,Mark Staples,Thierry Rakotoarivelo,David Lo

2024-02-22

Abstract:Privacy policies have emerged as the predominant approach to conveying privacy notices to mobile application users. In an effort to enhance both readability and user engagement, the concept of contextual privacy policies (CPPs) has been proposed by researchers. The aim of CPPs is to fragment privacy policies into concise snippets, displaying them only within the corresponding contexts within the application's graphical user interfaces (GUIs). In this paper, we first formulate CPP in mobile application scenario, and then present a novel multimodal framework, named SeePrivacy, specifically designed to automatically generate CPPs for mobile applications. This method uniquely integrates vision-based GUI understanding with privacy policy analysis, achieving 0.88 precision and 0.90 recall to detect contexts, as well as 0.98 precision and 0.96 recall in extracting corresponding policy segments. A human evaluation shows that 77% of the extracted privacy policy segments were perceived as well-aligned with the detected contexts. These findings suggest that SeePrivacy could serve as a significant tool for bolstering user interaction with, and understanding of, privacy policies. Furthermore, our solution has the potential to make privacy notices more accessible and inclusive, thus appealing to a broader demographic. A demonstration of our work can be accessed at https://cpp4app.github.io/SeePrivacy/

Software Engineering,Cryptography and Security

Qingsheng Zhang,Yong Qi,Jizhong Zhao,Di Hou,Tianhai Zhao,Jihong Zhang

DOI: https://doi.org/10.1109/ICNC.2007.314

2007-01-01

Abstract:Context-aware applications use personal information to provide appropriate services for people. This personal information is often involved in personal privacy. In order to balance the personal privacy concerns against enjoying context-aware services, we propose a conceptual framework and privacy role to control access personal information. Privacy disclosure policy can be learned from people's interaction history about personal information disclosure using rough set theory. According to deducing from the privacy disclosure policy and context information, a context-aware application is assigned to an adequate privacy role. A case analysis and the initial performance evaluation show that the proposed method is effective.