可穿戴设备数值型敏感数据本地差分隐私保护
|
摘要
针对数据服务器不可信时,直接收集可穿戴设备多维数值型敏感数据有可能存在泄露用户隐私信息的问题,通过引入本地差分隐私模型,提出了一种可穿戴设备数值型敏感数据的个性化隐私保护方案。首先,通过设置隐私预算的阈值区间,用户在区间内设置满足个人隐私需求的隐私预算,同时也满足了个性化本地差分隐私;其次,利用属性安全域将敏感数据进行归一化;最后,利用伯努利分布分组扰动多维数值型敏感数据,并利用属性安全域对扰动结果进行归一化还原。理论分析证明了该算法满足个性化本地差分隐私。实验结果表明该算法的最大相对误差(MRE)明显低于Harmony算法,在保护用户隐私的基础上有效地提高了不可信数据服务器从可穿戴设备收集数据的可用性。
Focusing on the issue that collecting multi-dimensional numerical sensitive data directly from wearable devices may leak users' privacy information when a data server was untrusted, by introducing a local differential privacy model, a personalized local privacy protection scheme for the numerical sensitive data of wearable devices was proposed. Firstly, by setting the privacy budget threshold interval, a users' privacy budget within the interval was set to meet the individual privacy needs, which also met the definition of personalized local differential privacy. Then, security domain was used to normalize the sensitive data. Finally, the Bernoulli distribution was used to perturb multi-dimensional numerical data by grouping, and attribute security domain was used to restore the disturbance results. The theoretical analysis shows that the proposed algorithm meets the personalized local differential privacy. The experimental results demonstrate that the proposed algorithm has lower Max Relative Error(MRE) than that of Harmony algorithm, thus effectively improving the utility of aggregated data collecting from wearable devices with the untrusted data server as well as protecting users' privacy.
Focusing on the issue that collecting multi-dimensional numerical sensitive data directly from wearable devices may leak users' privacy information when a data server was untrusted, by introducing a local differential privacy model, a personalized local privacy protection scheme for the numerical sensitive data of wearable devices was proposed. Firstly, by setting the privacy budget threshold interval, a users' privacy budget within the interval was set to meet the individual privacy needs, which also met the definition of personalized local differential privacy. Then, security domain was used to normalize the sensitive data. Finally, the Bernoulli distribution was used to perturb multi-dimensional numerical data by grouping, and attribute security domain was used to restore the disturbance results. The theoretical analysis shows that the proposed algorithm meets the personalized local differential privacy. The experimental results demonstrate that the proposed algorithm has lower Max Relative Error(MRE) than that of Harmony algorithm, thus effectively improving the utility of aggregated data collecting from wearable devices with the untrusted data server as well as protecting users' privacy.
引文
[1] 郑增威,杜俊杰,霍梅梅,等.基于可穿戴传感器的人体活动识别研究综述[J].计算机应用,2018,38(5):1223-1229.(ZHENG Z W,DU J J,HUO M M,et al.Review of human activity recognition based on wearable sensors[J].Journal of Computer Applications,2018,38(5):1223-1229.)
[2] 魏书音.从Facebook数据泄露事件看网络运营者对第三方应用的安全管理责任[J].网络空间安全,2018,9(3):43-46.(WEI S Y.Analyze network operators' responsibility for security management of third-party applications from the Facebook data breach [J].Information Security and Technology,2018,9(3):43-46.)
[3] PAPAGEORGIOU A,STRIGKOS M,POLITOU E,et al.Security and privacy analysis of mobile health applications:the alarming state of practice[J].IEEE Access,2018,6(99):9390-9403.
[4] DUCHI J C,JORDAN M I,WAINWRIGHT M J.Local privacy and statistical minimax rates [C]// Proceedings of the 2013 54th Annual IEEE Symposium on Foundations of Computer Science.Piscataway,NJ:IEEE,2013:429-438.
[5] 叶青青,孟小峰,朱敏杰,等.本地化差分隐私研究综述[J].软件学报,2018,29(7):1981-2005.(YE Q Q,MENG X F,ZHU M J,et al.Survey on local differential privacy[J].Journal of Software,2018,29(7):1981-2005.)
[6] 霍峥,张坤,贺萍.满足本地化差分隐私的众包位置数据采集[J].计算机应用,2019,39(3):763-768.(HUO Z,ZHANG K,HE P.Local differentially private spatial data crowdsourcing[J].Journal of Computer Applications,2019,39(3):763-768.)
[7] RAGHAVAN K R,CHAKRABORTY S,SRIVASTAVA M,et al.OVERRIDE:a mobile privacy framework for context-driven perturbation and synthesis of sensor data streams[C]// Proceedings of the 2012 International Workshop on Sensing Applications on Mobile Phones.New York:ACM,2012:Article No.2.
[8] KOTZ D,AVANCHA S,BAXI A.A privacy framework for mobile health and home-care systems[C]// Proceedings of the 2009 Workshop on Security and Privacy in Medical and Home-Care Systems.New York:ACM,2009:1-12.
[9] ERLINGSSON U,PIHUR V,KOROLOVA A.RAPPOR:randomized aggregatable privacy-preserving ordinal response[C]// Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security.New York:ACM,2014:1054-1067.
[10] BASSILY R,SMITH A.Local,private,efficient protocols for succinct histograms[C]// Proceedings of the Forty-Seventh Annual ACM Symposium on Theory of Computing.New York:ACM,2015:127-135.
[11] NGUYEN T T,XIAO X,YANG Y,et al.Collecting and analyzing data from smart device users with local differential privacy[J].ArXiv Preprint,2016,2016:1606.05053.
[12] WANG T,BLOCKI J,LI N,et al.Optimizing locally differentially private protocols[J].ArXiv Preprint,2017,2017:1705.04421.
[13] FANTI G,PIHUR V,ERLINGSSON U.Building a RAPPOR with the unknown:Privacy-preserving learning of associations and data dictionaries[J].ArXiv Preprint,2016,2016:1503.01214.
[14] AKTER M,HASHEM T.Computing aggregates over numeric data with personalized local differential privacy[C]// Proceedings of the 2017 Australasian Conference on Information Security and Privacy.Berlin:Springer,2017:249-260.
[15] CHEN R,LI H,QIN A K,et al.Private spatial data aggregation in the local setting[C]// Proceedings of the 2016 IEEE International Conference on Data Engineering.Piscataway,NJ:IEEE,2016:289-300.
[16] DWORK C,LEI J.Differential privacy and robust statistics[C]// Proceedings of the Forty-first Annual ACM Symposium on Theory of Computing.New York:ACM,2009:371-380.
[17] WARNER S L.Randomized response:a survey technique for eliminating evasive answer bias [J].Journal of the American Statistical Association,1965,60(309):63-69.
[2] 魏书音.从Facebook数据泄露事件看网络运营者对第三方应用的安全管理责任[J].网络空间安全,2018,9(3):43-46.(WEI S Y.Analyze network operators' responsibility for security management of third-party applications from the Facebook data breach [J].Information Security and Technology,2018,9(3):43-46.)
[3] PAPAGEORGIOU A,STRIGKOS M,POLITOU E,et al.Security and privacy analysis of mobile health applications:the alarming state of practice[J].IEEE Access,2018,6(99):9390-9403.
[4] DUCHI J C,JORDAN M I,WAINWRIGHT M J.Local privacy and statistical minimax rates [C]// Proceedings of the 2013 54th Annual IEEE Symposium on Foundations of Computer Science.Piscataway,NJ:IEEE,2013:429-438.
[5] 叶青青,孟小峰,朱敏杰,等.本地化差分隐私研究综述[J].软件学报,2018,29(7):1981-2005.(YE Q Q,MENG X F,ZHU M J,et al.Survey on local differential privacy[J].Journal of Software,2018,29(7):1981-2005.)
[6] 霍峥,张坤,贺萍.满足本地化差分隐私的众包位置数据采集[J].计算机应用,2019,39(3):763-768.(HUO Z,ZHANG K,HE P.Local differentially private spatial data crowdsourcing[J].Journal of Computer Applications,2019,39(3):763-768.)
[7] RAGHAVAN K R,CHAKRABORTY S,SRIVASTAVA M,et al.OVERRIDE:a mobile privacy framework for context-driven perturbation and synthesis of sensor data streams[C]// Proceedings of the 2012 International Workshop on Sensing Applications on Mobile Phones.New York:ACM,2012:Article No.2.
[8] KOTZ D,AVANCHA S,BAXI A.A privacy framework for mobile health and home-care systems[C]// Proceedings of the 2009 Workshop on Security and Privacy in Medical and Home-Care Systems.New York:ACM,2009:1-12.
[9] ERLINGSSON U,PIHUR V,KOROLOVA A.RAPPOR:randomized aggregatable privacy-preserving ordinal response[C]// Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security.New York:ACM,2014:1054-1067.
[10] BASSILY R,SMITH A.Local,private,efficient protocols for succinct histograms[C]// Proceedings of the Forty-Seventh Annual ACM Symposium on Theory of Computing.New York:ACM,2015:127-135.
[11] NGUYEN T T,XIAO X,YANG Y,et al.Collecting and analyzing data from smart device users with local differential privacy[J].ArXiv Preprint,2016,2016:1606.05053.
[12] WANG T,BLOCKI J,LI N,et al.Optimizing locally differentially private protocols[J].ArXiv Preprint,2017,2017:1705.04421.
[13] FANTI G,PIHUR V,ERLINGSSON U.Building a RAPPOR with the unknown:Privacy-preserving learning of associations and data dictionaries[J].ArXiv Preprint,2016,2016:1503.01214.
[14] AKTER M,HASHEM T.Computing aggregates over numeric data with personalized local differential privacy[C]// Proceedings of the 2017 Australasian Conference on Information Security and Privacy.Berlin:Springer,2017:249-260.
[15] CHEN R,LI H,QIN A K,et al.Private spatial data aggregation in the local setting[C]// Proceedings of the 2016 IEEE International Conference on Data Engineering.Piscataway,NJ:IEEE,2016:289-300.
[16] DWORK C,LEI J.Differential privacy and robust statistics[C]// Proceedings of the Forty-first Annual ACM Symposium on Theory of Computing.New York:ACM,2009:371-380.
[17] WARNER S L.Randomized response:a survey technique for eliminating evasive answer bias [J].Journal of the American Statistical Association,1965,60(309):63-69.