C3P: Context-Aware Crowdsourced Cloud Privacy Privacy Enhancing - - PowerPoint PPT Presentation

C3P: Context-Aware Crowdsourced Cloud Privacy

1

CloudSpaces

Privacy Enhancing Technologies Symposium, 2014

2

Files to Flowers Conversion

2

Files to Flowers Conversion

2

Files to Flowers Conversion

2

Files to Flowers Conversion

2

Files to Flowers Conversion

3

60%

increase in corporate data shared to the cloud in 2015

Source: Elastica’s Q2 2015 Shadow Data Report

3

20%

• f files shared to the cloud contain protected data

60%

increase in corporate data shared to the cloud in 2015

Source: Elastica’s Q2 2015 Shadow Data Report

3

20%

• f files shared to the cloud contain protected data

60%

• f sensitive files contain PII

30%

…contain health info

60%

increase in corporate data shared to the cloud in 2015

Source: Elastica’s Q2 2015 Shadow Data Report

3

20%

• f files shared to the cloud contain protected data

60%

• f sensitive files contain PII

30%

…contain health info

Emergence of “Shadow IT”

60%

increase in corporate data shared to the cloud in 2015

Source: Elastica’s Q2 2015 Shadow Data Report

You cannot use cloud services. You are fully protected. Your files are always encrypted before uploading.

Anti-Snooping Tools for the Cloud

Examples:

4

You cannot run software. You are fully protected. Your files are always quarantined.

What if Antivirus Software was Similar?

5

Obstacles

Privacy vs. Services dilemma

Obstacles

Privacy vs. Services dilemma Context-dependence

• f privacy

Obstacles

I dedicate the rest of my life for sorting out sensitive from non-sensitive files on my HD

Privacy vs. Services dilemma Context-dependence

• f privacy

Manual effort and expertise for assessing data sensitivity

6

What is needed?

Ensure serviceable protection instead of brute encryption.

What is needed?

Ensure serviceable protection instead of brute encryption. Account for the metadata, sharing environment, and data content.

What is needed?

I dedicate the rest of my life for sorting out sensitive from non-sensitive files on my HD

Ensure serviceable protection instead of brute encryption. Account for the metadata, sharing environment, and data content. Automatically estimate the sensitivity of shared data.

7

Introducing C3P

Various levels of information hiding

8

Introducing C3P

Define data in terms of context Various levels of information hiding

8

Introducing C3P

I dedicate the rest of my life for sorting out sensitive from non-sensitive files on my HD

Private crowdsourcing mechanism for gathering people privacy policies Define data in terms of context Various levels of information hiding

8

Introducing C3P

I dedicate the rest of my life for sorting out sensitive from non-sensitive files on my HD

Private crowdsourcing mechanism for gathering people privacy policies Psychologically grounded approach for estimating sensitivity Define data in terms of context Various levels of information hiding

8

Fine-Grained Policies

9

Defining Data through Context

10

Content Metadata Environment

Defining Data through Context

10

Content Metadata Environment

Defining Data through Context

10

Content Metadata Environment

Location Data Topic Media Home Office Document Software Financial Educational

Context V

• cabulary

11

Privacy Preserving Crowdsourcing

12

Business Me Colleague Financial Me Stranger

Faces Home Friend Financial Me Stranger Business Me Colleague Faces Home Friend

I dedicate the rest of my life for sorting out sensitive from non-sensitive files on my HD

User 1 User 2 User 3

Privacy Preserving Crowdsourcing

12

Business Me Colleague Financial Me Stranger

Faces Home Friend Financial Me Stranger Business Me Colleague Faces Home Friend Faces Home Friend

Sharing Operation Context

I dedicate the rest of my life for sorting out sensitive from non-sensitive files on my HD

User 1 User 2 User 3

Privacy Preserving Crowdsourcing

12

Business Me Colleague Financial Me Stranger

Faces Home Friend Financial Me Stranger Business Me Colleague Faces Home Friend Faces Home Friend

Work Sea Colleague Family Sharing Operation Context

I dedicate the rest of my life for sorting out sensitive from non-sensitive files on my HD

User 1 User 2 User 3

Privacy Preserving Crowdsourcing

12

Business Me Colleague Financial Me Stranger

Faces Home Friend Financial Me Stranger Business Me Colleague Faces Home Friend Faces Home Friend

Work Sea Colleague Family Forward-Anonymity K-anonymity Sharing Operation Context

I dedicate the rest of my life for sorting out sensitive from non-sensitive files on my HD

User 1 User 2 User 3

Faces Home Friend

Context

Sensitivity Estimation using Item Response Theory

13

Faces Home Friend

Sensitivity Estimation using Item Response Theory

13

Faces Home Friend

High Sensitivity 75%

Sensitivity Estimation using Item Response Theory

13

Faces Home Friend

High Sensitivity 75%

High Privacy Attitude 75%

Sensitivity Estimation using Item Response Theory

13

Faces Home Friend

High Sensitivity 75%

High Privacy Attitude 75%

Sensitivity Estimation using Item Response Theory

13

Faces Home Friend

High Sensitivity 75%

High Privacy Attitude 75%

Sensitivity Estimation using Item Response Theory

13

Faces Home Friend

High Sensitivity 75%

High Privacy Attitude 75%

Sensitivity Estimation using Item Response Theory

13

Faces Home Friend

High Sensitivity 75% Group Invariance

Faces Home Friend Faces Home Friend

High Privacy Attitude 75%

Sensitivity Estimation using Item Response Theory

13

Faces Home Friend

High Sensitivity 75% Group Invariance

Faces Home Friend Faces Home Friend

Item Invariance

Connecting the Dots

14

Client Server

?

Connecting the Dots

14

Client Server

?

Connecting the Dots

14

Financial Me Stranger

Client Server

Context Extraction

?

Connecting the Dots

14

Financial Me Stranger

Client Server

Context Extraction Sensitivity Request

?

Connecting the Dots

14

Financial Me Stranger

Client Server

Sensitivity Reply

?

Connecting the Dots

14

Financial Me Stranger

Client Server

Sensitivity Reply Policy Decision

?

Connecting the Dots

14

Financial Me Stranger

Client Server

Policy Decision Data Sharing

?

Connecting the Dots

14

Financial Me Stranger

Client Server

Crowdsourcing

?

Connecting the Dots

14

Financial Me Stranger

Client Server

Crowdsourcing

?

Sensitivity Computation

Evaluation

15

C3P

IRT Models Fit Privacy-Aware Cloud Sharing?

16

81 96

IRT Models Fit Privacy-Aware Cloud Sharing?

• Ex: With which privacy level would you

share a project presentation with a friend?

16

81 96

IRT Models Fit Privacy-Aware Cloud Sharing?

• Ex: With which privacy level would you

share a project presentation with a friend?

• Standardized Infit Statistic:
• (x-axis values should lie in [-2,2])

16

81 96

Dichotomous case Sensitivity Infit t-statistic A dot represents a context

IRT Models Fit Privacy-Aware Cloud Sharing?

• Ex: With which privacy level would you

share a project presentation with a friend?

• Standardized Infit Statistic:
• (x-axis values should lie in [-2,2])

16

81 96

Dichotomous case Sensitivity Infit t-statistic A dot represents a context

IRT Models Fit Privacy-Aware Cloud Sharing?

• Ex: With which privacy level would you

share a project presentation with a friend?

• Standardized Infit Statistic:
• (x-axis values should lie in [-2,2])

16

81 96

Polytomous case Infit t-statistic Sensitivity Dichotomous case Sensitivity Infit t-statistic A dot represents a context

IRT Models Fit Privacy-Aware Cloud Sharing?

• Ex: With which privacy level would you

share a project presentation with a friend?

• Standardized Infit Statistic:
• (x-axis values should lie in [-2,2])

16

81 96

Polytomous case Infit t-statistic Sensitivity Dichotomous case Sensitivity Infit t-statistic A dot represents a context

IRT Models Fit Privacy-Aware Cloud Sharing?

• Ex: With which privacy level would you

share a project presentation with a friend?

• Standardized Infit Statistic:
• (x-axis values should lie in [-2,2])

16

81 96

Yes!

Polytomous case Infit t-statistic Sensitivity Dichotomous case Sensitivity Infit t-statistic A dot represents a context

Temporal Cost of Crowdsourcing & Privacy

17

Zipf context distribution

500 3125 30000

av.: 1 Item/6 hours

• Synthetic Dataset:

Temporal Cost of Crowdsourcing & Privacy

k

17

Zipf context distribution

500 3125 30000

av.: 1 Item/6 hours

• Synthetic Dataset:

Temporal Cost of Crowdsourcing & Privacy

k

17

Zipf context distribution

500 3125 30000

av.: 1 Item/6 hours

• Synthetic Dataset:

Crowdsourcing cost: Hit rate (HR) from 0 to 90% in 10 days

Temporal Cost of Crowdsourcing & Privacy

k

17

Zipf context distribution

500 3125 30000

av.: 1 Item/6 hours

• Synthetic Dataset:

Crowdsourcing cost: Hit rate (HR) from 0 to 90% in 10 days Anonymity cost: HR difference starts high but vanishes in 10 days.

Effect of Sharing Behavior on the Temporal Cost

18

Anonymity Parameter K=3

500 3125 30000

av.: 1 Item/6 hours

• Synthetic Dataset:

Effect of Sharing Behavior on the Temporal Cost

18

Effect: Long tail distribution is of lower temporal cost.

Anonymity Parameter K=3

500 3125 30000

av.: 1 Item/6 hours

• Synthetic Dataset:

Robustness Towards Malicious Users?

19

• Test:
• Assign sensitivities to items

and attitudes to people.

• Honest users choose policies

according to the model.

• Malicious users choose

policies at random.

Robustness Towards Malicious Users?

19

• Test:
• Assign sensitivities to items

and attitudes to people.

• Honest users choose policies

according to the model.

• Malicious users choose

policies at random.

Robustness Towards Malicious Users?

19

• Test:
• Assign sensitivities to items

and attitudes to people.

• Honest users choose policies

according to the model.

• Malicious users choose

policies at random.

Robustness Towards Malicious Users?

19

• Test:
• Assign sensitivities to items

and attitudes to people.

• Honest users choose policies

according to the model.

• Malicious users choose

policies at random.

Preset Sensitivity Computed Sensitivity

• Check

Robustness Towards Malicious Users?

19

• Test:
• Assign sensitivities to items

and attitudes to people.

• Honest users choose policies

according to the model.

• Malicious users choose

policies at random.

Preset Sensitivity Computed Sensitivity

• Check

Tolerance: 25% malicious: ≈8% difgerence, 50% malicious: ≈17% difgerence

Future Work

• Recommendation of policies to users
• Batch sensitivity analysis
• Considering probabilistic attacks on the scheme
• Working with IRT alternatives.

20

ELO MF

21

22

PrivyShare

PrivyShare - Desktop

PrivyShare Benefits

• Works with any cloud service

23

PrivyShare Benefits

• Works with any cloud service
• Provides “Sensitivity as a Service”

23

PrivyShare Benefits

• Works with any cloud service
• Provides “Sensitivity as a Service”
• Offers fine grained protection
• Metadata cleaning
• Face Blurring
• Encryption
• Encryption + Auxiliary Information (automatic summaries, blurred

thumbnails)

23

24

PrivyShare

PrivyShare - Browser

PrivySeal: Dealing with 3rd Party Cloud Apps

25

PrivySeal

privyseal.epfl.ch

26

Questions

hamzaharkous.com

Images/Media Credits

• Pixel77
• Freepik