George Drosatos

A Privacy-Preserving Cloud Computing System for Creating Participatory Noise Maps

Participatory sensing is a crowd-sourcing technique which relies both on active contribution of citizens and on their location and mobility patterns. As such, it is particularly vulnerable to privacy concerns, which may seriously hamper the large-scale adoption of participatory sensing applications. In this paper, we present a privacy-preserving system architecture for participatory sensing contexts which relies on cryptographic techniques and distributed computations in the cloud. Each individual is represented by a personal software agent, which is deployed on one of the popular commercial cloud computing services. The system enables individuals to aggregate and analyse sensor data by performing a collaborative distributed computation among multiple agents. No personal data is disclosed to anyone, including the cloud service providers. The distributed computation proceeds by having agents execute a cryptographic protocol based on a homomorphic encryption scheme in order to aggregate data. We show formally that our architecture is secure in the Honest-But-Curious model both for the users and the cloud providers. Our approach was implemented and validated on top of the NoiseTube system [1], [2], which enables participatory sensing of noise. In particular, we repeated several mapping experiments carried out with NoiseTube, and show that our system is able to produce identical outcomes in a privacy-preserving way. We experimented with real and simulated data, and present a live demo running on a heterogeneous set of commercial cloud providers. The results show that our approach goes beyond a proof-of-concept and can actually be deployed in a real-world setting. To the best of our knowledge this system is the first operational privacy-preserving approach for participatory sensing. While validated in terms of NoiseTube, our approach is useful in any setting where data aggregation can be performed with efficient homomorphic cryptosystems.

Privacy-preserving computation of participatory noise maps in the cloud

Abstract This paper presents a privacy-preserving system for participatory sensing, which relies on cryptographic techniques and distributed computations in the cloud. Each individual user is represented by a personal software agent, deployed in the cloud, where it collaborates on distributed computations without loss of privacy, including with respect to the cloud service providers. We present a generic system architecture involving a cryptographic protocol based on a homomorphic encryption scheme for aggregating sensing data into maps, and demonstrate security in the Honest-But-Curious model both for the users and the cloud service providers. We validate our system in the context of NoiseTube, a participatory sensing framework for noise pollution, presenting experiments with real and artificially generated data sets, and a demo on a heterogeneous set of commercial cloud providers. To the best of our knowledge our system is the first operational privacy-preserving system for participatory sensing. While our validation pertains to the noise domain, the approach used is applicable in any crowd-sourcing application relying on location-based contributions of citizens where maps are produced by aggregating data – also beyond the domain of environmental monitoring.

A query scrambler for search privacy on the internet

We propose a method for search privacy on the Internet, focusing on enhancing plausible deniability against search engine query-logs. The method approximates the target search results, without submitting the intended query and avoiding other exposing queries, by employing sets of queries representing more general concepts. We model the problem theoretically, and investigate the practical feasibility and effectiveness of the proposed solution with a set of real queries with privacy issues on a large web collection. The findings may have implications for other IR research areas, such as query expansion and fusion in meta-search. Finally, we discuss ideas for privacy, such as k-anonymity, and how these may be applied to search tasks.

Versatile Query Scrambling for Private Web Search

AbstractWe consider the problem of privacy leaks suffered by Internet users when they perform web searches, and propose a framework to mitigate them. In brief, given a ‘sensitive’ search query, the objective of our work is to retrieve the target documents from a search engine without disclosing the actual query. Our approach, which builds upon and improves recent work on search privacy, approximates the target search results by replacing the private user query with a set of blurred or scrambled queries. The results of the scrambled queries are then used to cover the private user interest. We model the problem theoretically, define a set of privacy objectives with respect to web search and investigate the effectiveness of the proposed solution with a set of queries with privacy issues on a large web collection. Experiments show great improvements in retrieval effectiveness over a previously reported baseline in the literature. Furthermore, the methods are more versatile, predictably-behaved, applicable to a wider range of information needs, and the privacy they provide is more comprehensible to the end-user. Additionally, we investigate the perceived privacy via a user study, as well as, measure the system’s usefulness taking into account the trade off between retrieval effectiveness and privacy. The practical feasibility of the methods is demonstrated in a field experiment, scrambling queries against a popular web search engine. The findings may have implications for other IR research areas, such as query expansion, query decomposition, and distributed retrieval.

Pythia: A Privacy-Enhanced Personalized Contextual Suggestion System for Tourism

We present Pythia, a privacy-enhanced non-invasive contextual suggestion system for tourists, with important architectural innovations. The system offers high quality personalized recommendations, non-invasive operation and protection of user privacy. A key feature of Pythia is the exploitation of the vast amounts of personal data generated by smartphones to automatically build user profiles, and make contextual suggestions to tourists. More precisely, the system utilizes (sensitive) personal data, such as location traces, browsing history and web searches (query logs), to build a POI-based user profile. This profile is then used by a contextual suggestion engine for making POI recommendations to the user based on her current location. Strong privacy guarantees are achieved by placing both mechanisms at the user-side. As a proof of concept, we present a Pythia prototype which implements the aforementioned mechanisms as mobile applications for Android, as well as, web applications.

Enhancing deniability against query-logs

We propose a method for search privacy on the Internet, focusing on enhancing plausible deniability against search engine query-logs. The method approximates the target search results, without submitting the intended query and avoiding other exposing queries, by employing sets of queries representing more general concepts. We model the problem theoretically, and investigate the practical feasibility and effectiveness of the proposed solution with a set of real queries with privacy issues on a large web collection. The findings may have implications for other IR research areas, such as query expansion and fusion in meta-search.

An efficient privacy-preserving solution for finding the nearest doctor

In this work, we define the Nearest Doctor Problem for finding the nearest doctor in case of an emergency and present a privacy-preserving protocol for solving it. The solution is based on cryptographic primitives and makes use of the current location of each participating doctor. The protocol is efficient and protects the privacy of the doctors’ locations. A prototype implementing the proposed solution for a community of doctors that use mobile devices to obtain their current location is presented. The prototype is evaluated on experimental communities with up to several hundred doctor agents.

Notarization of Knowledge Retrieval from Biomedical Repositories Using Blockchain Technology

Biomedical research and clinical decision depend increasingly on a number of authoritative databases, mostly public and continually enriched via peer scientific contributions. Given the dynamic nature of data and their usage in the sensitive domain of biomedical science, it is important to ensure retrieved data integrity and non-repudiation, that is, ensure that retrieved data cannot be modified after retrieval and that the database cannot validly deny that the particular data has been provided as a result of a specific query. In this paper, we propose the use of blockchain technology in combination with digital signatures to create smart digital contracts to seal the query and the respective results each time a third-party requests evidence from a reference biomedical database. The feasibility of the proposed approach is demonstrated using a real blockchain infrastructure and a publicly available medical risk factor reference repository.

A versatile tool for privacy-enhanced web search

We consider the problem of privacy leaks suffered by Internet users when they perform web searches, and propose a framework to mitigate them. Our approach, which builds upon and improves recent work on search privacy, approximates the target search results by replacing the private user query with a set of blurred or scrambled queries. The results of the scrambled queries are then used to cover the original user interest. We model the problem theoretically, define a set of privacy objectives with respect to web search and investigate the effectiveness of the proposed solution with a set of real queries on a large web collection. Experiments show great improvements in retrieval effectiveness over a previously reported baseline in the literature. Furthermore, the methods are more versatile, predictably-behaved, applicable to a wider range of information needs, and the privacy they provide is more comprehensible to the end-user.

Privacy-Preserving Television Audience Measurement Using Smart TVs

Internet-enabled television systems, often referred to as Smart TVs, are a new development in television and home entertainment technologies. In this work, we propose a new, privacy-preserving, approach for Television Audience Measurement (TAM), utilizing the capabilities of the Smart TV technologies. We propose a novel application to calculate aggregate audience measurements using Smart TV computation capabilities and permanent Internet access. Cryptographic techniques, including homomorphic encryption and zero-knowledge proofs, are used to ensure both that the privacy of the participating individuals is preserved and that the computed results are valid. Additionally, participants can be compensated for sharing their information. Preliminary experimental results on an Android-based Smart TV platform show the viability of the approach.