Multidimensional Privacy Quantification for User Empowerment

As we are living in an interconnected world, serious privacy concerns have been raised due to the ever increasing data collection. As a result, many privacy-preserving methodologies have been proposed for various domains. However, in order to argue about the effectiveness of such methodologies, i...

Full description

Bibliographic Details
Main Author: Boukoros, Spyridon
Format: Others
Language:en
Published: 2019
Online Access:http://tuprints.ulb.tu-darmstadt.de/8716/7/Spyros_Boukoros_PhD.pdf
Boukoros, Spyridon <http://tuprints.ulb.tu-darmstadt.de/view/person/Boukoros=3ASpyridon=3A=3A.html> : Multidimensional Privacy Quantification for User Empowerment. Technische Universität, Darmstadt [Ph.D. Thesis], (2019)
Description
Summary:As we are living in an interconnected world, serious privacy concerns have been raised due to the ever increasing data collection. As a result, many privacy-preserving methodologies have been proposed for various domains. However, in order to argue about the effectiveness of such methodologies, it is necessary to quantify privacy. Furthermore, such a quantification should be within the grasp of users and developers, as an important factor of any technology is adoption. In this thesis, we design privacy metrics in order to investigate the privacy guarantees offered by various defenses. In addition, we develop tools that can be used either by system designers for developing more privacy-preserving applications, or by users to estimate their privacy. The analysis in performed on three domains where millions of users already contribute data. The first part of this thesis investigates a previously unexplored dimension of location privacy: mobile crowdsourcing, where users share streams of their location data. In this thesis we shed light as to whether traditional location privacy mechanisms can be directly applied in this scenario. We elaborate on why this use case is radically different than the widely studied case of location-based services. Then, using novel privacy metrics, and realistic utility functions and datasets, derived directly from crowdsourcing projects, we highlight why existing privacy defenses are inadequate. In order to enable further research in this direction and spawn privacy-preserving crowdsourcing applications, we provide some best-practices guidelines, directions for the development of novel defense mechanisms, and we show how our work can be used as a tool to measure privacy and utility loss. In the second part of the thesis, we explore the privacy guarantees of aggregation schemes in smart metering, by modeling privacy as an indistinguishability game. In particular, we explore how many household have to be aggregated in order to provide meaningful privacy guarantees. We explain why such a modeling is flexible, able to simulate a variety of adversaries with different background information, and how the proposed game can be re-purposed to investigate as to whether single profiles belong in an aggregate or not. We investigate various aggregation sizes for privacy leakage, as well as, properties of an aggregate that affect the privacy guarantees. The last part of this thesis investigates privacy in microdata publication. A tool is proposed, that enables users to estimate their privacy level, based on a set of preferences they want to share with a service provider (eg., movies watched, music listened to etc.), a-priori sharing them. The tool does not require full access to the providers' database but rather relies on users' choices and the popularity of those. We describe the underlying privacy metric and the algorithms composing the tool. Using actual user data and comparing the tool's results with a well established privacy metric, we show that the tool is able to approximate users' privacy levels. The privacy evaluation in the domain of mobile crowdsourcing highlights that the utility functions of the domain are different than those used in traditional location-privacy literature. For this reason, the utility-privacy trade-off of various defenses is different than the one observed in the scenario of location-based services, allowing us to understand why existing defenses are not deployed in practice by crowdsourcing projects. For the domain of smart metering, our work illustrates that aggregation-based privacy mechanisms are inadequate for small or medium sized aggregates of electricity consumption data. Users' electricity consumption patterns can be quite distinct, and with some auxiliary information sensitive data can be leaked from the aggregated report. Last, the user-friendly tool proposed for the domain of microdata publications, as well as the metrics and tools developed for the domains of mobile crowdsourcing and smart metering, can enable non-technical users to better understand the privacy risks of sharing unprotected data, and guide application developers towards developing privacy-preserving systems.