Aggregation and Privacy in Multi-Relational Databases

Jafer, Yasser

11 April 2012

Most existing data mining approaches perform data mining tasks on a single data table. However, increasingly, data repositories such as financial data and medical records, amongst others, are stored in relational databases. The inability of applying traditional data mining techniques directly on such relational database thus poses a serious challenge. To address this issue, a number of researchers convert a relational database into one or more flat files and then apply traditional data mining algorithms. The above-mentioned process of transforming a relational database into one or more flat files usually involves aggregation. Aggregation functions such as maximum, minimum, average, standard deviation, count and sum are commonly used in such a flattening process. Our research aims to address the following question: Is there a link between aggregation and possible privacy violations during relational database mining? In this research we investigate how, and if, applying aggregation functions will affect the privacy of a relational database, during supervised learning, or classification, where the target concept is known. To this end, we introduce the PBIRD (Privacy Breach Investigation in Relational Databases) methodology. The PBIRD methodology combines multi-view learning with feature selection, to discover the potentially dangerous sets of features as hidden within a database. Our approach creates a number of views, which consist of subsets of the data, with and without aggregation. Then, by identifying and investigating the set of selected features in each view, potential privacy breaches are detected. In this way, our PBIRD algorithm is able to discover those features that are correlated with the classification target that may also lead to revealing of sensitive information in the database. Our experimental results show that aggregation functions do, indeed, change the correlation between attributes and the classification target. We show that with aggregation, we obtain a set of features which can be accurately linked to the classification target and used to predict (with high accuracy) the confidential information. On the other hand, the results show that, without aggregation we obtain another different set of potentially harmful features. By identifying the complete set of potentially dangerous attributes, the PBIRD methodology provides a solution where the database designers/owners can be warned, to subsequently perform necessary adjustments to protect the privacy of the relational database. In our research, we also perform a comparative study to investigate the impact of aggregation on the classification accuracy and on the time required to build the models. Our results suggest that in the case where a database consists only of categorical data, aggregation should especially be used with caution. This is due to the fact that aggregation causes a decrease in overall accuracies of the resulting models. When the database contains mixed attributes, the results show that the accuracies without aggregation and with aggregation are comparable. However, even in such scenarios, schemas without aggregation tend to slightly outperform. With regard to the impact of aggregation on the model building time, the results show that, in general, the models constructed with aggregation require shorter building time. However, when the database is small and consists of nominal attributes with high cardinality, aggregation causes a slower model building time.

Aggregation

Privacy

Relational Database

Data Mining

The costs of bonding: negotiating personal information disclosure among Millennials and Boomers on Facebook

Callegher, Jonathan

January 2013

Since early 2010, Facebook.com, the world’s most popular social network site (SNS), has come under a storm of media criticism over the commercial use of its users’ personal information. Yet even as more became known about the fact that Facebook sells publicly shared information to companies for advertising purposes, two years later the SNS amassed one billion members in October 2012. Based on in-depth interviews 30 Millennials (18 to 32-year olds) and 10 Boomers (48 to 58-year olds) that are daily users of Facebook, this dissertation provides a qualitative analysis of attitudes toward privacy and personal information disclosure on Facebook. What steps—if any—are being taken by users to regulate their personal information disclosure? How do users feel about the website selling their personal information to advertisers? What are the benefits of using Facebook and do they outweigh the risks of having one’s information used for commercial purposes? Or is it even seen as a risk at all? What are the sociological implications of users’ answers to these questions? I challenge prevailing conclusions that the intensity of Facebook use is associated with higher levels of social capital and that Facebook is especially useful for maintaining and building bridging ties to one’s acquaintances. On the contrary, among Millennials in my study, the website is used for maintaining bonding ties between close friends and family members, not bridging ties between acquaintances; that the maintaining of bridging social capital is by comparison merely a passive benefit. As well, while the Boomers in my study use Facebook to maintain bridging ties, maintaining social capital is not a consideration. In arriving at this conclusion, I thematically broke out the benefits of using Facebook as Facebook is my life online, Facebook is my primary connection to others, and Facebook is a convenient communication and information tool. As well, the perceived risks of using Facebook involve a lack of privacy and, to a lesser extent, issues of control. For the Millennials and Boomers in my study, the practical benefits of using Facebook outweigh the perceived risks, and the perception of control on the user’s part is a key factor in rationalizing their ongoing use of the website. As a practical application of my findings, I propose how the marketing research industry might apply these findings toward learning more about consumers.

Facebook

Millennials

Privacy

Social Capital

SNS

Sociology

Distributed Approaches for Location Privacy

Zhong, Ge

January 2008

With the advance of location technologies, people can now determine their location in various ways, for instance, with GPS or based on nearby cellphone towers. These technologies have led to the introduction of location-based services, which allow people to get information relevant to their current location. Location privacy is of utmost concern for such location-based services, since knowing a person's location can reveal information about her activities or her interests. In this thesis, we first focus on location-based services that need to know only a person's location, but not her identity. We propose a solution using location cloaking based on k-anonymity, which requires neither a single trusted location broker, which is a central server that knows everybody's location, nor trust in all users of the system and that integrates nicely with existing infrastructures. We present two such protocols. The evaluation of our sample implementation demonstrates that one of the protocol is sufficiently fast to be practical, but the performance of the other protocol is not acceptable for its use in practice. In addition to the distributed k-anonymity protocol we then propose four protocols---Louis, Lester, Pierre and Wilfrid--- for a specific, identity required, location-based service: the nearby-friend application, where users (and their devices) can learn information about their friends' location if and only if their friends are actually nearby. Our solutions do not require any central trusted server or only require a semi-trusted third party that dose not learn any location information. Moreover, users of our protocol do not need to be members of the same cellphone provider, as in existing approaches. The evaluation on our implementation shows that all of the four protocols are efficient.

location privacy

cryptography

security

Computer Science

91 Days

Greathouse, Candice M

01 May 2012

91 Days is a multi-channel video installation composed over a period of ninety-one days, and comprised of thousands of photographs. The photographs create a visual archive of the daily experiences of the home. The corresponding text discusses the link between privacy and self-representation, specifically in relation to the family album.

Archive

Privacy

Self-representation

Family album

Highly Scalable and Secure Mobile Applications in Cloud Computing Systems

Tysowski, Piotr Konrad

23 April 2013

Cloud computing provides scalable processing and storage resources that are hosted on a third-party provider to permit clients to economically meet real-time service demands. The confidentiality of client data outsourced to the cloud is a paramount concern since the provider cannot necessarily be trusted with read access to voluminous sensitive client data. A particular challenge of mobile cloud computing is that a cloud application may be accessed by a very large and dynamically changing population of mobile devices requiring access control. The thesis addresses the problems of achieving efficient and highly scalable key management for resource-constrained users of an untrusted cloud, and also of preserving the privacy of users. A model for key distribution is first proposed that is based on dynamic proxy re-encryption of data. Keys are managed inside the client domain for trust reasons, computationally-intensive re-encryption is performed by the cloud provider, and key distribution is minimized to conserve communication. A mechanism manages key evolution for a continuously changing user population. Next, a novel form of attribute-based encryption is proposed that authorizes users based on the satisfaction of required attributes. The greater computational load from cryptographic operations is performed by the cloud provider and a trusted manager rather than the mobile data owner. Furthermore, data re-encryption may be optionally performed by the cloud provider to reduce the expense of user revocation. Another key management scheme based on threshold cryptography is proposed where encrypted key shares are stored in the cloud, taking advantage of the scalability of storage in the cloud. The key share material erodes over time to allow user revocation to occur efficiently without additional coordination by the data owner; multiple classes of user privileges are also supported. Lastly, an alternative exists where cloud data is considered public knowledge, but the specific information queried by a user must be kept private. A technique is presented utilizing private information retrieval, where the query is performed in a computationally efficient manner without requiring a trusted third-party component. A cloaking mechanism increases the privacy of a mobile user while maintaining constant traffic cost.

cloud

mobile

security

privacy

Electrical and Computer Engineering

En studie om studenters användning av vänlistor på Facebook / A Study on Students' Use of Friend Lists on Facebook

Lundberg, Niklas

January 2011

Friend lists allow Facebook users to group their friends and may be used to share certain information only with those in a specific list. This function has been around for several years, but has never gained any particular popularity among users, most of whom probably did not know it even existed a couple of years ago. In the fall of 2011, however, the function was updated and made more visible on the site. There are several possible uses of friend lists, such as privacy control, filtering of the news feed, self-presentation and targeted information sharing. This paper aims to investigate the extent to which friend lists are used by students today, as well as why students actually use their lists, i.e. for what purposes. Judging from the results of this study in comparison with earlier research, there seems to have been a somewhat recent increase in the awareness of the fact that friend lists actually do exist, but still most users tend not to utilize them. Moreover, the results indicate that friend lists quite rarely are used for privacy control, or anything else for that matter, probably due to a number of drawbacks that they possess as of today.

Facebook

friend grouping

identity

lists

privacy

sharing

Distributed Approaches for Location Privacy

Zhong, Ge

January 2008

With the advance of location technologies, people can now determine their location in various ways, for instance, with GPS or based on nearby cellphone towers. These technologies have led to the introduction of location-based services, which allow people to get information relevant to their current location. Location privacy is of utmost concern for such location-based services, since knowing a person's location can reveal information about her activities or her interests. In this thesis, we first focus on location-based services that need to know only a person's location, but not her identity. We propose a solution using location cloaking based on k-anonymity, which requires neither a single trusted location broker, which is a central server that knows everybody's location, nor trust in all users of the system and that integrates nicely with existing infrastructures. We present two such protocols. The evaluation of our sample implementation demonstrates that one of the protocol is sufficiently fast to be practical, but the performance of the other protocol is not acceptable for its use in practice. In addition to the distributed k-anonymity protocol we then propose four protocols---Louis, Lester, Pierre and Wilfrid--- for a specific, identity required, location-based service: the nearby-friend application, where users (and their devices) can learn information about their friends' location if and only if their friends are actually nearby. Our solutions do not require any central trusted server or only require a semi-trusted third party that dose not learn any location information. Moreover, users of our protocol do not need to be members of the same cellphone provider, as in existing approaches. The evaluation on our implementation shows that all of the four protocols are efficient.

location privacy

cryptography

security

Computer Science

Privacy and Security Attitudes, Beliefs and Behaviours: Informing Future Tool Design

Weber, Janna-Lynn

24 August 2010

Usable privacy and security has become a significant area of interest for many people in both industry and academia. A better understanding of the knowledge and motivation is an important factor in the design of privacy and security tools. However, users of these tools are a heterogeneous group, and many past studies of user characteristics in the security and privacy domain have looked only at a small subset of factors to define differences between groups of users. The goal of this research is to critically look at the difference between people, their opinions and habits when it comes to issues of privacy and security. To address this goal, 32 in-depth qualitative interviews were conducted and analyzed to look at the heterogenous nature of this community. The participant’s attitudes and actions around the dimensions of knowledge about tools and of motivation for self-protection were used to cluster participants. The traits of these participant clusters are used to create a set of privacy and security personas, or prototypical privacy and security tool users. These personas are a tool for incorporating a broader understanding of the diversity of users into the design of privacy and security tools.

Privacy

Security

Persona

User Study

Computer Science

Managing and Complementing Public Key Infrastructure for Securing Vehicular Ad Hoc Networks

Wasef, Albert

January 2011

Recently, vehicular ad-hoc network (VANET) has emerged as an excellent candidate to change the life style of the traveling passengers along the roads and highways in terms of improving the safety levels and providing a wide range of comfort applications. Due to the foreseen impact of VANETs on our lives, extensive attentions in industry and academia are directed towards bringing VANETs into real life and standardizing its network operation. Unfortunately, the open medium nature of wireless communications and the high-speed mobility of a large number of vehicles in VANETs pose many challenges that should be solved before deploying VANETs. It is evident that any malicious behavior of a user, such as injecting false information, modifying and replaying the disseminated messages, could be fatal to other legal users. In addition, users show prime interest in protecting their privacy. The privacy of users must be guaranteed in the sense that the privacy-related information of a vehicle should be protected to prevent an observer from revealing the real identities of the users, tracking their locations, and inferring sensitive data. From the aforementioned discussion, it is clear that security and privacy preservation are among the critical challenges for the deployment of VANETs. Public Key Infrastructure (PKI) is a well-recognized solution to secure VANETs. However, the traditional management of PKI cannot meet the security requirements of VANETs. In addition, some security services such as location privacy and fast authentication cannot be provided by the traditional PKI. Consequently, to satisfy the security and privacy requirements, it is prerequisite to elaborately design an efficient management of PKI and complementary mechanisms for PKI to achieve security and privacy preservation for practical VANETs. In this thesis, we focus on developing an efficient certificate management in PKI and designing PKI complementary mechanisms to provide security and privacy for VANETs. The accomplishments of this thesis can be briefly summarized as follows. Firstly, we propose an efficient Distributed Certificate Service (DCS) scheme for vehicular networks. The proposed scheme offers a flexible interoperability for certificate service in heterogeneous administrative authorities, and an efficient way for any On-Board Units (OBUs) to update its certificate from the available infrastructure Road-Side Units (RSUs) in a timely manner. In addition, the DCS scheme introduces an aggregate batch verification technique for authenticating certificate-based signatures, which significantly decreases the verification overhead. Secondly, we propose an Efficient Decentralized Revocation (EDR) protocol based on a novel pairing-based threshold scheme and a probabilistic key distribution technique. Because of the decentralized nature of the EDR protocol, it enables a group of legitimate vehicles to perform fast revocation of a nearby misbehaving vehicle. Consequently, the EDR protocol improves the safety levels in VANETs as it diminishes the revocation vulnerability window existing in the conventional Certificate Revocation Lists (CRLs). Finally, we propose complementing PKI with group communication to achieve location privacy and expedite message authentication. In specific, the proposed complemented PKI features the following. First, it employs a probabilistic key distribution to establish a shared secret group key between non-revoked OBUs. Second, it uses the shared secret group key to perform expedite message authentication (EMAP) which replaces the time-consuming CRL checking process by an efficient revocation checking process. Third, it uses the shared secret group key to provide novel location privacy preservation through random encryption periods (REP) which ensures that the requirements to track a vehicle are always violated. Moreover, in case of revocation an OBU can calculate the new group key and update its compromised keys even if the OBU missed previous rekeying process. For each of the aforementioned accomplishments, we conduct security analysis and performance evaluation to demonstrate the reliable security and efficiency of the proposed schemes.

Security

Privacy

VANET

PKI

Electrical and Computer Engineering

Improving understanding of website privacy policies

Levy, Stephen Eric

24 January 2005

Machine-readable privacy policies have been developed to help reduce user effort in understanding how websites will use personally identifiable information (PII). The goal of these policies is to enable the user to make informed decisions about the disclosure of personal information in web-based transactions. However, these privacy policies are complex, requiring that a user agent evaluate conformance between the users privacy preferences and the sites privacy policy, and indicate this conformance information to the user. The problem addressed in this thesis is that even with machine-readable policies and current user agents, it is still difficult for users to determine the cause and origin of a conflict between privacy preferences and privacy policies. The problem arises partly because current standards operate at the page level: they do not allow a fine-grained treatment of conformance down to the level of a specific field in a web form. In this thesis the Platform for Privacy Preferences (P3P) is extended to enable field-level comparisons, field-specific conformance displays, and faster access to additional field-specific conformance information. An evaluation of a prototype agent based on these extensions showed that they allow users to more easily understand how the website privacy policy relates to the users privacy preferences, and where conformance conflicts occur.

Usability

Human-Computer Interaction

P3P

Privacy

E-commerce