Linlin Yang,Wei Wang,Yanjiao Chen,Qian Zhang

DOI: https://doi.org/10.1016/j.comnet.2014.12.017

IF: 5.493

2015-01-01

Computer Networks

Abstract:With the prosperity of the Internet, many advertisers choose to deliver their advertisements by online targeting, where the ad broker is responsible for matching advertisements with users who are likely to be interested in the underlying products or services. However, this online advertisement targeting system requires user profile information and may fail due to privacy issues. In light of growing privacy concerns, we propose a privacy-aware framework for online advertisement targeting, where users are compensated for their privacy leakage and motivated to click more advertisements. In the framework, an ad broker pays a varying amount of money to users for clicking different advertisements due to distinct privacy leakage. Meanwhile advertisers send advertisements to the ad broker and determine the price per user click they need to pay. We model the interactions among advertisers, the ad broker and users as a three-stage game, where every player aims at maximizing its own utility, and Nash Equilibrium is achieved by backward induction. We further analyze the optimal strategies for advertisers, the ad broker and users. Numerical results have shown that the proposed privacy-aware framework is effective as it enables all advertisers, the ad broker and users to maximize their utilities in case of different levels of user privacy sensitivities. In addition, the proposed framework produces higher profits for advertisers and the ad broker than the traditional “paid to click” system.

Chao Wu,Yike Guo

DOI: https://doi.org/10.1109/bigdata.2013.6691688

2013-01-01

Abstract:Personal data collection is becoming pervasive these days, these data has the risk of being abused by current application and application marketplace model, because only the price of application is explicitly indicated without clear agreement on usage of data, and the granularity of data access authentication is not enough to protect users privacy. In this short paper, we propose a new model of user data privacy. Data usage of the application is explicitly shown, and controlled by an authentication service, to protect users from the abuse of their data, especially in mobile application.

Yajin Zhou,Kapil Singh,Xuxian Jiang

DOI: https://doi.org/10.1007/978-3-319-08593-7_4

2014-01-01

Abstract:Modern smartphone apps tend to contain and use vast amounts of data that can be broadly classified as structured and unstructured. Structured data, such as an user's geolocation, has predefined semantics that can be retrieved by well-defined platform APIs. Unstructured data, on the other hand, relies on the context of the apps to reflect its meaning and value, and is typically provided by the user directly into an app's interface. Recent research has shown that third-party apps are leaking highly-sensitive unstructured data, including user's banking credentials. Unfortunately, none of the current solutions focus on the protection of unstructured data. In this paper, we propose an owner-centric solution to protect unstructured data on smartphones. Our approach allows the data owners to specify security policies when providing their untrusted data to third-party apps. It tracks the flow of information to enforce the owner's policies at strategic exit points. Based on this approach, we design and implement a system, called <Literal>DataChest</Literal>. We develop several mechanisms to reduce user burden and keep interruption to the minimum, while at the same time preventing the malicious apps from tricking the user. We evaluate our system against a set of real-world malicious apps and a series of synthetic attacks to show that it can successfully prevent the leakage of unstructured data while incurring reasonable performance overhead.

Peng Qian,Zhenguang Liu,Xun Wang,Jianhai Chen,Bei Wang,Roger Zimmermann

DOI: https://doi.org/10.1109/ccis48116.2019.9073733

2019-01-01

Abstract:The protection of digital resource copyrights has drawn extensive public concern in the past decade. Traditional methods, however, fail to satisfy the requirements due to their poor timeliness, frequent infringement, and cumbersome in rights confirmation, etc. In this paper, we investigate and design a novel approach for cross-platform digital resource rights confirmation and infringement tracking based on smart contracts. We utilize smart contracts to realize rights transactions and protection. As another contribution, we propose to establish fine-grained digital resource rights, which are divided into ownership and usufruct. For tracking infringement acts, we invoke smart contracts to extract the rights transfer chain for resources. Furthermore, we reveal the source of resource leakage by embedding digital watermarks when distributing the resources. By combining resource rights transfer chain and digital watermarking, we can effectively achieve digital resource rights confirmation and infringement tracking. Extensive experiments show the effectiveness of our proposed method.

Gong Chen,Shouling Ji,John A. Copeland

DOI: https://doi.org/10.1109/ICPADS.2016.0068

2016-01-01

Abstract:To date, app developers are allowed to monetize their apps in two services: in-app advertising and in-app billing. Of these two, in-app billing is not prevalently used by users, whereas in-app advertising is considered an important funding source for developers. However, this service incurs a number of criticisms: (1) users must passively receive all mobile ads while using apps, (2) users get nothing from viewing or clicking ads, (3) ad networks transfer user private information to remote servers in an unencrypted format without user consent, and (4) negative impressions brought from irrelevant ads may harm the advertised brands. To overcome these problems, we propose In-App AdPay, a framework that combines the advantages of "in-app advertising" and "in-app billing" together so that ad networks can overtly ask users' permissions in order to serve more tailored ads, but in return, advertisers will pay targeted users' virtual transactions within the app (e.g., coins in mobile games) via a secure channel. While mobile users can be brought into the monetization loop, it will be technically and legitimately easier for ad networks to study users. We implemented the proof-of-concept framework and conducted a test with 42 volunteers. Based on these studies, we believe that "In-App AdPay" would balance user privacy and user experience without interfering with the existing monetization arrangements. Lastly, we reveal how tracked-by-consent users react in different test scenarios and value the permissions used in ad libraries.

Mpyana Mwamba Merlec,Youn Kyu Lee,Seng-Phil Hong,Hoh Peter In

DOI: https://doi.org/10.3390/s21237994

IF: 3.9

2021-11-30

Sensors

Abstract:A massive amount of sensitive personal data is being collected and used by scientists, businesses, and governments. This has led to unprecedented threats to privacy rights and the security of personal data. There are few solutions that empower individuals to provide systematic consent agreements on distinct personal information and control who can collect, access, and use their data for specific purposes and periods. Individuals should be able to delegate consent rights, access consent-related information, and withdraw their given consent at any time. We propose a smart-contract-based dynamic consent management system, backed by blockchain technology, targeting personal data usage under the general data protection regulation. Our user-centric dynamic consent management system allows users to control their personal data collection and consent to its usage throughout the data lifecycle. Transaction history and logs are recorded in a blockchain that provides trusted tamper-proof data provenance, accountability, and traceability. A prototype of our system was designed and implemented to demonstrate its feasibility. The acceptability and reliability of the system were assessed by experimental testing and validation processes. We also analyzed the security and privacy of the system and evaluated its performance.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Steven C. Isley

DOI: https://doi.org/10.48550/arXiv.1501.00335

2015-01-02

Abstract:In today's mobile application marketplace, the ability of consumers to make informed choices regarding their privacy is extremely limited. Consumers largely rely on privacy policies and app permission mechanisms, but these do an inadequate job of conveying how information will be collected, used, stored, and shared. Mobile application developers go largely unrewarded for making apps more privacy conscious as it is difficult to communicate these features to consumers while they are searching for a new app. This paper provides an overview of a framework designed to help consumers make informed choices, and an incentive mechanism to encourage app developers to implement it. This framework includes machine readable privacy policies encouraged by mobile app stores and enhanced by user software agents. Such a framework would provide the foundation required for more advanced forms of privacy management to develop.

Computers and Society

Lindah Kotut,Timothy L. Stelter,Michael Horning,D. Scott McCrickard

DOI: https://doi.org/10.48550/arXiv.1909.02674

2019-09-06

Abstract:There is an increased sensitivity by people about how companies collect information about them, and how this information is packaged, used and sold. This perceived lack of control is highlighted by the helplessness of users of various platforms in managing or halting what data is collected from/about them. In a future where users have wrested control of their data and have the autonomy to decide what information is collected, how it is used and most importantly, how much it is worth, a new market emerges. This design fiction considers possible steps prescient companies would take to meet these demands, such as providing third-party subscription platforms offering personal data trade as a service. These services would provide a means for transparent transactions that preserve an owner's control over their data; allowing them to individually make decisions about what data they avail for sale, and the amount of compensation they would accept in trade.

Human-Computer Interaction

Rongrong Zhu,Maofeng Wang,Xiaofang Zhang,Xinyun Peng

DOI: https://doi.org/10.1038/s41598-023-48661-w

IF: 4.6

2023-12-12

Scientific Reports

Abstract:Blockchain technology is increasingly being used in personal data protection. Inspired by the importance of data security, this paper proposes a personal data protection mechanism based on blockchain, combined with distributed hash tables and cryptography, to enhance users' control over the data generated using web applications. This paper designs this mechanism's system model and describes the three aspects in detail: data storage mechanism, data encryption mechanism, and data trading mechanism. Among them, the data storage mechanism restricts user data to be stored only in the local storage space of the user terminal, the decentralized blockchain network, and the distributed hash table network to ensure that enterprises providing network applications cannot privately store user interaction data, the encryption mechanism is responsible for encrypting all user data recorded in the network and allows users to control the key of the data to ensure the security of the user data in the blockchain and distributed hash tables, the data transaction mechanism allows users to trade their data, and to incentivize enterprises to assist users in collecting personal data, data transaction contracts are built into the data transaction mechanism, allowing enterprises to receive a share of the revenue from user data transactions. Then, for data transactions, use the Stackelberg game to simulate the revenue sharing between users and service providers in data trading to incentivize enterprises providing web services to assist users in collecting their data. The simulation results show that when the number of users is 1000, the revenues of this scheme for service providers are 31%, 561%, and 19% higher than the existing scheme. Finally, the personal data protection platform is implemented by code to verify the feasibility of the theory proposed in this paper in personal data protection.

multidisciplinary sciences

Zhenan Wu,Han Zheng,Lan Zhang,Xiang-Yang Li

DOI: https://doi.org/10.1109/bigcom.2019.00040

2019-01-01

Abstract:Data trading has become a promising way to bridge numerous data islands and benefit a wide range of data driven applications. However, due to the high risk of data privacy, the easy-to-copy feature of data, and potential malicious behaviors of users, there still lacks data trading solutions to provide privacy protection, copyright/ownership protection and auditability of user behaviors. In this work, we propose a blockchain and smart contract based framework to keep tamper-proof records of data trading transactions, which also preserves users' identity, behavior and data privacy. Data fingerprint is introduced to track data and protect data ownership. A set of protocols are also designed to prevent dishonest behaviors and ensure the security of data trading.

Mira Shah,Chao Li,Ming Sheng,Yong Zhang,Chunxiao Xing

DOI: https://doi.org/10.1007/978-3-030-60290-1_11

2020-01-01

Abstract:The healthcare industry faces serious problems in data fragmentation and insufficient data sharing between patients, healthcare service providers and medical researchers. At the same time, patients’ privacy must be protected, and patients should have authority over who can access their data. Researchers have proposed blockchain-based solutions to health data sharing, using blockchain for consent management. However, the implementation of the smart contracts that underpin these solutions has not been studied in detail. In this paper, we develop a blockchain-based framework for consent management in interorganizational health data sharing. We study the design of smart contracts that support the operation of our framework and evaluate its efficiency based on the execution costs on Ethereum. Our design improves on those previously proposed, lowering the computational costs of the framework significantly. This allows the framework to operate at scale and is more feasible for widespread adoption. Additionally, we introduce a novel contract that supports searching for patients in the framework that match certain criteria. This feature would be useful to medical researchers looking to obtain patient data.

Michael Bartholic,Zhengrong Gu,Jianan Su,Justin Goldstein,Shin'ichiro Matsuo

DOI: https://doi.org/10.48550/arXiv.2102.03410

2021-02-05

Cryptography and Security

Abstract:Data driven approaches to problem solving are, in many regards, the holy grail of evidence backed decision making. Using first-party empirical data to analyze behavior and establish predictions yields us the ability to base in-depth analyses on particular individuals and reduce our dependence on generalizations. Modern mobile and embedded devices provide a wealth of sensors and means for collecting and tracking individualized data. Applying these assets to the realm of insurance (which is a statistically backed endeavor at heart) is certainly nothing new; yet doing so in a way that is privacy-driven and secure has not been a central focus of implementers. Existing data-driven insurance technologies require a certain level of trust in the data tracking agency (i.e. insurer) to not misuse, mishandle, or over-collect user data. Smart contracts and blockchain technology provide us an opportunity to re-balance these systems such that the blockchain itself is a trusted agent which both insurers and the insured can confide in. We propose a "Smart Auto Insurance" system that minimizes data sharing while simultaneously providing quality-of-life improvements to both sides. Furthermore, we use a simple game theoretical argument to show that the clients using such a system are disincentivized from behaving adversarially.

Dongxiao Liu,Cheng Huang,Jianbing Ni,Xiaodong Lin,Xuemin Sherman Shen

DOI: https://doi.org/10.1109/tc.2022.3150724

2022-01-01

Abstract:Data are generated by Internet of Things (IoT) devices and centralized at a cloud server, that can later be traded with third parties, i.e., data marketing, to enable various data-intensive applications. However, the centralized approach is recently under debate due to the lack of (1) transparent and distributed marketplace management, and (2) marketing fairness for both IoT users (data sellers) and third parties (data buyers). In this paper, we propose a Blockchain-Cloud Transparent Data Marketing ( Block-DM ) with consortium management and executable fairness. First, we introduce a hybrid data-marketing architecture, where the cloud acts as an efficient data management unit and a consortium blockchain serves as a transparent marketing controller. Under the architecture, consent-based secure data trading and identity privacy for data owners are achieved with the distributed credential issuance and threshold credential openings. Second, with a consortium committee, we design a fair on/off-chain data marketing protocol. By financial incentives and succinct ‘commitments’ of marketing operations, the protocol can achieve the marketing fairness and effective detection of unfair marketing operations. We demonstrate the security of Block-DM with thorough analysis. We conduct extensive experiments with a consortium blockchain network on Hyperledger Fabric to show the feasibility and practicality of Block-DM .

Yang Xiao,Ning Zhang,Jin Li,Wenjing Lou,Y. Thomas Hou

DOI: https://doi.org/10.48550/arXiv.1904.07275

2020-07-16

Abstract:The abundance and rich varieties of data are enabling many transformative applications of big data analytics that have profound societal impacts. However, there are also increasing concerns regarding the improper use of individual data owner's private data. In this paper, we propose PrivacyGuard, a system that leverages blockchain smart contract and trusted execution environment (TEE) to enable individual's control over the access and usage of their private data. Smart contracts are used to specify data usage policy, i.e., who can use what data under which conditions and what analytics to perform, while the distributed blockchain ledger is used to keep an irreversible and non-repudiable data usage record. To address the efficiency problem of on-chain contract execution and to prevent exposing private data on the publicly viewable blockchain, PrivacyGuard incorporates a novel TEE-based off-chain contract execution engine along with a protocol to securely commit the execution result onto blockchain. We have built and deployed a prototype of PrivacyGuard with Ethereum and Intel SGX. Our experiment result demonstrates that PrivacyGuard fulfills the promised privacy goal and supports analytics on data from a considerable number of data owners.

Cryptography and Security

Affan Yasin,Lin Liu

DOI: https://doi.org/10.1109/compsac.2016.2

2016-01-01

Abstract:In today's online environment, people attend various kinds of activities, exhibit different digital presence, build personal digital reputations, issuing and receiving feedbacks from online communities being involved with. These diverse information sources once aggregated can provide a valuablefuture reference for personal online digital identity and credits check. The primary objective of this paper is to propose a systematic framework for aggregating online identity and reputation information, to provide a holistic approach to personal online behavioral ratings. Major contributions include: An identity aggregation mechanism based on social dependency network is proposed, a smart contract management framework referring to personal online ratings based on the aggregated digital identity, an experiment implementation based on blockchain technology, with illustrative examples and theoretical evaluations to the proposed approach.

Luca Bedogni,Stefano Ferretti

2024-08-20

Abstract:Crowd-sensing has emerged as a powerful data retrieval model, enabling diverse applications by leveraging active user participation. However, data availability and privacy concerns pose significant challenges. Traditional methods like data encryption and anonymization, while essential, may not fully address these issues. For instance, in sparsely populated areas, anonymized data can still be traced back to individual users. Additionally, the volume of data generated by users can reveal their identities. To develop credible crowd-sensing systems, data must be anonymized, aggregated and separated into uniformly sized chunks. Furthermore, decentralizing the data management process, rather than relying on a single server, can enhance security and trust. This paper proposes a system utilizing smart contracts and blockchain technologies to manage crowd-sensing campaigns. The smart contract handles user subscriptions, data encryption, and decentralized storage, creating a secure data marketplace. Incentive policies within the smart contract encourage user participation and data diversity. Simulation results confirm the system's viability, highlighting the importance of user participation for data credibility and the impact of geographical data scarcity on rewards. This approach aims to balance data origin and reduce cheating risks.

Cryptography and Security,Networking and Internet Architecture

Juan Luis Herrera,Javier Berrocal,Jose Garcia-Alonso,Juan Manuel Murillo,Hsiao-Yuan Chen,Christine Julien,Niko Mäkitalo,Tommi Mikkonen

DOI: https://doi.org/10.48550/arXiv.2103.17109

2021-03-31

Computers and Society

Abstract:We live in an era in which the most valued services are not paid for in money, but in personal data. Every day, service providers collect the personal information of billions of individuals, information that sustain their infrastructure by marketing profiles labeled with this information to personal data consumers, such as advertisers. Not all uses of this personal data are for marketing; data consumers can also include, for instance, public health authorities tracking pandemics. In either case, individuals have undergone a process of Personal Data Gentrification, as data ownership has shifted from individuals to service providers and data consumers, as if the data is worth nothing to the individuals; these new owners then harness the data to obtain large profits. Current privacy-enhancing technologies are beginning to allow individuals to control and share less information. However, not sharing individuals' personal information at all could lead to Personal Data Blight, in which the potential of personal data in applications that benefit all of society remains forever latent. In this paper, we propose Personal Data Enfranchisement as a middle ground, empowering individuals to control the sharing of their personal information to shift the business flows of personal information. Based on these insights, we propose a model to gradually and incrementally make a shift from our current situation towards one of Personal Data Enfranchisement. Finally, we present a roadmap and some challenges towards achieving this bold vision.

Ghazaleh Beigi,Kai Shu,Yanchao Zhang,Huan Liu

DOI: https://doi.org/10.48550/arXiv.1805.00519

2018-05-02

Abstract:Social media users generate tremendous amounts of data. To better serve users, it is required to share the user-related data among researchers, advertisers and application developers. Publishing such data would raise more concerns on user privacy. To encourage data sharing and mitigate user privacy concerns, a number of anonymization and de-anonymization algorithms have been developed to help protect privacy of social media users. In this work, we propose a new adversarial attack specialized for social media data. We further provide a principled way to assess effectiveness of anonymizing different aspects of social media data. Our work sheds light on new privacy risks in social media data due to innate heterogeneity of user-generated data which require striking balance between sharing user data and protecting user privacy.

Cryptography and Security,Social and Information Networks

Gonçalo Pestana,Iñigo Querejeta-Azurmendi,Panagiotis Papadopoulos,Benjamin Livshits

DOI: https://doi.org/10.48550/arXiv.2106.01940

2021-06-03

Abstract:Online advertising fuels the (seemingly) free internet. However, although users can access most of the web services free of charge, they pay a heavy coston their privacy. They are forced to trust third parties and intermediaries, who not only collect behavioral data but also absorb great amounts of ad revenues. Consequently, more and more users opt out from advertising by resorting to ad blockers, thus costing publishers millions of dollars in lost ad revenues. Albeit there are various privacy-preserving advertising proposals (e.g.,Adnostic, Privad, Brave Ads) from both academia and industry, they all rely on centralized management that users have to blindly trust without being able to audit, while they also fail to guarantee the integrity of the per-formance analytics they provide to advertisers. In this paper, we design and deploy THEMIS, a novel, decentralized and privacy-by-design ad platform that requires zero trust by users. THEMIS (i) provides auditability to its participants, (ii) rewards users for viewing ads, and (iii) allows advertisers to verify the performance and billing reports of their ad campaigns. By leveraging smart contracts and zero-knowledge schemes, we implement a prototype of THEMIS and early performance evaluation results show that it can scale linearly on a multi sidechain setup while it supports more than 51M users on a single-sidechain.

Cryptography and Security

DOI: https://doi.org/10.1007/s12083-024-01732-9

IF: 3.488

2024-06-05

Peer-to-Peer Networking and Applications

Abstract:With development of e-commerce and intelligent devices, large amounts of asset transaction data and traders' identity information have been generated. It poses huge challenges to the data security and privacy when data are stored in a centralized trading system. Here, considering the need of data sharing and data privacy in asset trading, we proposed a blockchain-based privacy protecting framework to accommodate both aspects of these requirements. The proposed framework combines a multi-channel access control model and smart contracts to enhance the security and transparency of asset trading within permissioned channels while maintaining privacy for transactions occurring outside of these channels. Furthermore, regarding market efficiency and transaction fairness, we design trading algorithm of double auction to make transaction more automated and intelligent. Finally, we implement asset trading prototype based on Hyperledger Fabric and evaluate the performance of model. The experimental results show that the proposed multi-channel blockchain-based framework realized intra-channel date sharing and extra-channel privacy protection. Our framework achieves enhanced security, high efficiency and strong traceability for assert trading.

computer science, information systems,telecommunications