C3P: Context-Aware Crowdsourced Cloud Privacy
1CloudSpacesPrivacy Enhancing Technologies Symposium, 2014
2
Files to Flowers
Conversion
2
Files to Flowers
Conversion
2
Files to Flowers
Conversion
2
Files to Flowers
Conversion
2
Files to Flowers
Conversion
3
60% increase in corporate data shared to the cloud in 2015
Source: Elastica’s Q2 2015 Shadow Data Report
3
20% of files shared to the cloud contain protected data
60% increase in corporate data shared to the cloud in 2015
Source: Elastica’s Q2 2015 Shadow Data Report
3
20% of files shared to the cloud contain protected data
60% of sensitive files contain PII
30% …contain health info
60% increase in corporate data shared to the cloud in 2015
Source: Elastica’s Q2 2015 Shadow Data Report
3
20% of files shared to the cloud contain protected data
60% of sensitive files contain PII
30% …contain health info
Emergence of “Shadow IT”
60% increase in corporate data shared to the cloud in 2015
Source: Elastica’s Q2 2015 Shadow Data Report
You cannot use cloud services.
You are fully protected.
Your files are always
encrypted before
uploading.
Anti-Snooping Tools for the Cloud
Examples:
4
You cannot run
software.
You are fully protected.
Your files are always
quarantined.
What if Antivirus Software was Similar?
5
Obstacles
Privacy vs. Services dilemma
Obstacles
Privacy vs. Services dilemma
Context-dependence of privacy
Obstacles
I dedicate the rest of my life for sorting out
sensitive from non-sensitive files on my HD
Privacy vs. Services dilemma
Context-dependence of privacy
Manual effort and expertise for assessing data sensitivity
6
What is needed?
Ensure serviceable protection instead of brute encryption.
What is needed?
Ensure serviceable protection instead of brute encryption.
Account for the metadata, sharing environment, and
data content.
What is needed?
I dedicate the rest of my life for sorting out
sensitive from non-sensitive files on my HD
Ensure serviceable protection instead of brute encryption.
Account for the metadata, sharing environment, and
data content.
Automatically estimate the sensitivity of shared data.
7
Introducing C3P
Various levels of information hiding
8
Introducing C3P
Define data in terms of context
Various levels of information hiding
8
Introducing C3P
I dedicate the rest of my life for sorting out
sensitive from non-sensitive files on my HD
Private crowdsourcing mechanism for gathering people privacy policies
Define data in terms of context
Various levels of information hiding
8
Introducing C3P
I dedicate the rest of my life for sorting out
sensitive from non-sensitive files on my HD
Private crowdsourcing mechanism for gathering people privacy policies
Psychologically grounded approach for estimating sensitivity
Define data in terms of context
Various levels of information hiding
8
Fine-Grained Policies
9
Defining Data through Context
10
Content Metadata Environment
Defining Data through Context
10
Content Metadata Environment
Defining Data through Context
10
Content Metadata Environment
Location
Data
TopicMedia
Home
OfficeDocument
SoftwareFinancial
Educational
Context Vocabulary
11
Privacy Preserving Crowdsourcing
12
Business Me ColleagueFinancial Me Stranger Faces Home Friend
Financial Me Stranger
Business Me Colleague
Faces Home Friend
I dedicate the rest of my life for sorting out
sensitive from non-sensitive files on my HD
User 1 User 2 User 3
Privacy Preserving Crowdsourcing
12
Business Me ColleagueFinancial Me Stranger Faces Home Friend
Financial Me Stranger
Business Me Colleague
Faces Home Friend
Faces Home Friend
Sharing Operation Context
I dedicate the rest of my life for sorting out
sensitive from non-sensitive files on my HD
User 1 User 2 User 3
Privacy Preserving Crowdsourcing
12
Business Me ColleagueFinancial Me Stranger Faces Home Friend
Financial Me Stranger
Business Me Colleague
Faces Home Friend
Faces Home Friend
WorkSea
Colleague
Family
Sharing Operation Context
I dedicate the rest of my life for sorting out
sensitive from non-sensitive files on my HD
User 1 User 2 User 3
Privacy Preserving Crowdsourcing
12
Business Me ColleagueFinancial Me Stranger Faces Home Friend
Financial Me Stranger
Business Me Colleague
Faces Home Friend
Faces Home Friend
WorkSea
Colleague
Family
Forward-AnonymityK-anonymity
Sharing Operation Context
I dedicate the rest of my life for sorting out
sensitive from non-sensitive files on my HD
User 1 User 2 User 3
Faces Home Friend
Context
Sensitivity Estimation using Item Response Theory
13
Faces Home Friend
Sensitivity Estimation using Item Response Theory
13
Faces Home Friend
High Sensitivity 75%
Sensitivity Estimation using Item Response Theory
13
Faces Home Friend
High Sensitivity 75%
High Privacy Attitude
75%
Sensitivity Estimation using Item Response Theory
13
Faces Home Friend
High Sensitivity 75%
High Privacy Attitude
75%
Sensitivity Estimation using Item Response Theory
13
Faces Home Friend
High Sensitivity 75%
High Privacy Attitude
75%
Sensitivity Estimation using Item Response Theory
13
Faces Home Friend
High Sensitivity 75%
High Privacy Attitude
75%
Sensitivity Estimation using Item Response Theory
13
Faces Home Friend
High Sensitivity 75%
Group Invariance
Faces Home Friend Faces Home Friend
High Privacy Attitude
75%
Sensitivity Estimation using Item Response Theory
13
Faces Home Friend
High Sensitivity 75%
Group Invariance
Faces Home Friend Faces Home Friend
Item Invariance
Connecting the Dots
14Client
Server
?
Connecting the Dots
14Client
Server
?
Connecting the Dots
14
Financial Me Stranger
Client
Server
Context Extraction
?
Connecting the Dots
14
Financial Me Stranger
Client
Server
Context Extraction
Sensitivity Request
?
Connecting the Dots
14
Financial Me Stranger
Client
Server
Sensitivity Reply
?
Connecting the Dots
14
Financial Me Stranger
Client
Server
Sensitivity Reply
Policy Decision
?
Connecting the Dots
14
Financial Me Stranger
Client
Server
Policy Decision
Data Sharing
?
Connecting the Dots
14
Financial Me Stranger
Client
Server
Crowdsourcing
?
Connecting the Dots
14
Financial Me Stranger
Client
Server
Crowdsourcing
? Sensitivity Computation
Evaluation
15
C3P
IRT Models Fit Privacy-Aware Cloud Sharing?
16
81
96
IRT Models Fit Privacy-Aware Cloud Sharing?
• Ex: With which privacy level would you share a project presentation with a friend?
16
81
96
IRT Models Fit Privacy-Aware Cloud Sharing?
• Ex: With which privacy level would you share a project presentation with a friend?
• Standardized Infit Statistic:• (x-axis values should lie in [-2,2])
16
81
96
Dichotomous case
Sens
itivi
ty
Infit t-statistic
A dot represents a
context
IRT Models Fit Privacy-Aware Cloud Sharing?
• Ex: With which privacy level would you share a project presentation with a friend?
• Standardized Infit Statistic:• (x-axis values should lie in [-2,2])
16
81
96
Dichotomous case
Sens
itivi
ty
Infit t-statistic
A dot represents a
context
IRT Models Fit Privacy-Aware Cloud Sharing?
• Ex: With which privacy level would you share a project presentation with a friend?
• Standardized Infit Statistic:• (x-axis values should lie in [-2,2])
16
81
96
Polytomous case
Infit t-statisticSe
nsiti
vity
Dichotomous case
Sens
itivi
ty
Infit t-statistic
A dot represents a
context
IRT Models Fit Privacy-Aware Cloud Sharing?
• Ex: With which privacy level would you share a project presentation with a friend?
• Standardized Infit Statistic:• (x-axis values should lie in [-2,2])
16
81
96
Polytomous case
Infit t-statisticSe
nsiti
vity
Dichotomous case
Sens
itivi
ty
Infit t-statistic
A dot represents a
context
IRT Models Fit Privacy-Aware Cloud Sharing?
• Ex: With which privacy level would you share a project presentation with a friend?
• Standardized Infit Statistic:• (x-axis values should lie in [-2,2])
16
81
96
Yes!
Polytomous case
Infit t-statisticSe
nsiti
vity
Dichotomous case
Sens
itivi
ty
Infit t-statistic
A dot represents a
context
Temporal Cost of Crowdsourcing & Privacy
17
Zipf context distribution
500
3125
30000
av.: 1 Item/6 hours
• Synthetic Dataset:
Temporal Cost of Crowdsourcing & Privacy
k
17
Zipf context distribution
500
3125
30000
av.: 1 Item/6 hours
• Synthetic Dataset:
Temporal Cost of Crowdsourcing & Privacy
k
17
Zipf context distribution
500
3125
30000
av.: 1 Item/6 hours
• Synthetic Dataset:
Crowdsourcing cost: Hit rate (HR) from 0 to 90% in 10 days
Temporal Cost of Crowdsourcing & Privacy
k
17
Zipf context distribution
500
3125
30000
av.: 1 Item/6 hours
• Synthetic Dataset:
Crowdsourcing cost: Hit rate (HR) from 0 to 90% in 10 daysAnonymity cost: HR difference starts high but vanishes in 10 days.
Effect of Sharing Behavior on the Temporal Cost
18
Anonymity Parameter K=3
500
3125
30000
av.: 1 Item/6 hours
• Synthetic Dataset:
Effect of Sharing Behavior on the Temporal Cost
18Effect: Long tail distribution is of lower temporal cost.
Anonymity Parameter K=3
500
3125
30000
av.: 1 Item/6 hours
• Synthetic Dataset:
Robustness Towards Malicious Users?
19
• Test: • Assign sensitivities to items
and attitudes to people. • Honest users choose policies
according to the model. • Malicious users choose
policies at random.
Robustness Towards Malicious Users?
19
• Test: • Assign sensitivities to items
and attitudes to people. • Honest users choose policies
according to the model. • Malicious users choose
policies at random.
Robustness Towards Malicious Users?
19
• Test: • Assign sensitivities to items
and attitudes to people. • Honest users choose policies
according to the model. • Malicious users choose
policies at random.
Robustness Towards Malicious Users?
19
• Test: • Assign sensitivities to items
and attitudes to people. • Honest users choose policies
according to the model. • Malicious users choose
policies at random.
Preset Sensitivity
Computed Sensitivity-Check
Robustness Towards Malicious Users?
19
• Test: • Assign sensitivities to items
and attitudes to people. • Honest users choose policies
according to the model. • Malicious users choose
policies at random.
Preset Sensitivity
Computed Sensitivity-Check
Tolerance: 25% malicious: ≈8% difference, 50% malicious: ≈17% difference
Future Work
• Recommendation of policies to users
• Batch sensitivity analysis
• Considering probabilistic attacks on the scheme
• Working with IRT alternatives.
20
ELO MF
21
22
PrivyShare
PrivyShare - Desktop
PrivyShare Benefits
• Works with any cloud service
23
PrivyShare Benefits
• Works with any cloud service• Provides “Sensitivity as a Service”
23
PrivyShare Benefits
• Works with any cloud service• Provides “Sensitivity as a Service”• Offers fine grained protection• Metadata cleaning• Face Blurring• Encryption• Encryption + Auxiliary Information (automatic summaries, blurred
thumbnails)
23
24
PrivyShare
PrivyShare - Browser
PrivySeal: Dealing with 3rd Party Cloud Apps
25
PrivySeal
privyseal.epfl.ch
Images/Media Credits
•Pixel77•Freepik
Top Related