research-article

δ-Risk: Toward Context-aware Multi-objective Privacy Management in Connected Environments

Authors:

Karam Bou-Chaaya,

Richard Chbeir,

Mansour Naser Alraja,

Philippe Arnould,

Charith Perera,

Mahmoud Barhamgi,

Djamal BenslimaneAuthors Info & Claims

ACM Transactions on Internet Technology (TOIT), Volume 21, Issue 2

Article No.: 51, Pages 1 - 31

https://doi.org/10.1145/3418499

Published: 24 May 2021 Publication History

Abstract

In today’s highly connected cyber-physical environments, users are becoming more and more concerned about their privacy and ask for more involvement in the control of their data. However, achieving effective involvement of users requires improving their privacy decision-making. This can be achieved by: (i) raising their awareness regarding the direct and indirect privacy risks they accept to take when sharing data with consumers; (ii) helping them in optimizing their privacy protection decisions to meet their privacy requirements while maximizing data utility. In this article, we address the second goal by proposing a user-centric multi-objective approach for context-aware privacy management in connected environments, denoted δ-Risk. Our approach features a new privacy risk quantification model to dynamically calculate and select the best protection strategies for the user based on her preferences and contexts. Computed strategies are optimal in that they seek to closely satisfy user requirements and preferences while maximizing data utility and minimizing the cost of protection. We implemented our proposed approach and evaluated its performance and effectiveness in various scenarios. The results show that δ-Risk delivers scalability and low-complexity in time and space. Besides, it handles privacy reasoning in real-time, making it able to support the user in various contexts, including ephemeral ones. It also provides the user with at least one best strategy per context.

References

[1]

Betsy George, James M. Kang, and Shashi Shekhar. 2009. Spatio-temporal sensor graphs (stsg): A data model for the discovery of spatio-temporal patterns. Intell. Data Anal. 13, 3 (2009), 457–475.

Digital Library

[2]

Karam Bou Chaaya, Mahmoud Barhamgi, Richard Chbeir, Philippe Arnould, and Djamal Benslimane. 2019. Context-aware system for dynamic privacy risk inference: Application to smart IoT environments. Future Gen. Comput. Syst. 101 (2019), 1096–1111.

[3]

Mikhail A. Lisovich, Deirdre K. Mulligan, and Stephen B. Wicker. 2010. Inferring personal information from demand-response systems. IEEE Secur. Privacy 8, 1 (2010), 11–20.

Digital Library

[4]

Nicholas Vollmer. 2018. Table of contents EU General Data Protection Regulation (EU-GDPR). https://www.privacy-regulation.eu/en/.

[5]

State of California Department of Justice. 2018. California Consumer Privacy Act (CCPA). https://oag.ca.gov/privacy/ccpa.

[6]

C. Castelluccia, M. Cunche, D. Le Metayer, and V. Morel. 2018. Enhancing transparency and consent in the IoT. In Proceedings of the IEEE European Symposium on Security and Privacy Workshops (EuroSPW’18). 116–119.

[7]

I. D. Addo, S. I. Ahamed, S. S. Yau, and A. Buduru. 2014. A reference architecture for improving security and privacy in Internet of Things applications. In Proceedings of the IEEE International Conference on Mobile Services. 108–115.

Digital Library

[8]

Santosh Kumar, Sanjay Kumar Singh, Amit Kumar Singh, Shrikant Tiwari, and Ravi Shankar Singh. 2018. Privacy preserving security using biometrics in cloud computing. Multimedia Tools Appl. 77, 9 (2018), 11017–11039.

Digital Library

[9]

David W. Chadwick and Kaniz Fatema. 2012. A privacy preserving authorisation system for the cloud. J. Comput. Syst. Sci. 78, 5 (2012), 1359–1373.

Digital Library

[10]

Akber Datoo. 2018. Data in the post-GDPR world. Computer Fraud and Security 9 (2018), 17–18.

[11]

Tim Collins. 2018. Marketing firm exactis leaks 340 million files containing private data. Mail Online (2018). https://www.dailymail.co.uk/sciencetech/article-5900071/Marketing-firm-Exactis-leaks-340-million-files-containing-private-data.html.

[12]

Mahmoud Barhamgi, Charith Perera, Chirine Ghedira, and Djamal Benslimane. 2018. User-centric privacy engineering for the Internet of Things. IEEE Cloud Comput. 5, 5 (2018), 47–57.

[13]

Victoria Y. Pillitteri and Tanya L. Brewer. 2014. Guidelines for Smart Grid Cybersecurity. Technical Report NISTIR 7628 Revision 1. National Institute of Standards and Technology.

[14]

Alston S. Householder. 2013. The Theory of Matrices in Numerical Analysis. Courier Corporation.

[15]

D. Nagarajan, T. Tamizhi, M. Lathamaheswari, and J. Kavikumar. 2019. Traffic control management using Gauss Jordan method under neutrosophic environment. In AIP Conference Proceedings, Vol. 2112.

[16]

L. Shang, S. Petiton, and M. Hugues. 2009. A new parallel paradigm for block-based Gauss-Jordan algorithm. In Proceedings of the 8th International Conference on Grid and Cooperative Computing. 193–200.

Digital Library

[17]

L. M. Aouad and S. G. Petiton. 2006. Parallel basic matrix algebra on the Grid’5000 large scale distributed platform. In Proceedings of the IEEE International Conference on Cluster Computing. 1–8.

[18]

Ling Shang, Zhijian Wang, Serge G. Petiton, Yuansheng Lou, and Zhizhong Liu. 2008. Large scale computing on component based framework easily adaptive to cluster and grid environments. In Proceedings of the 3rd ChinaGrid Annual Conference. IEEE, 70–77.

Digital Library

[19]

Lamine M. Aouad, Serge G. Petiton, and Mitsuhisa Sato. 2005. Grid and cluster matrix computation with persistent storage and out-of-core programming. In Proceedings of the IEEE International Conference on Cluster Computing. IEEE, 1–9.

[20]

Mingqiang Xue, Panos Kalnis, and Hung Keng Pung. 2009. Location diversity: Enhanced privacy protection in location based services. In Proceedings of the International Symposium on Location-and Context-Awareness. Springer, 70–87.

Digital Library

[21]

Alexander Chernev, Ulf Böckenholt, and Joseph Goodman. 2015. Choice overload: A conceptual review and meta-analysis. J. Consum. Psychol. 25, 2 (2015), 333–358.

[22]

Ann Cavoukian and Michelle Chibba. 2018. Start with privacy by design in all big data applications. In Guide to Big Data Applications. Springer, 29–48.

[23]

Ann Cavoukian. 2012. Privacy by design [leading edge]. IEEE Technol. Soc. Mag. 31, 4 (2012), 18–19.

[24]

2018. ISO/PC 317 Consumer Protection: Privacy by Design for Consumer Goods and Services. https://www.iso.org/committee/6935430/x/catalogue/.

[25]

Ricardo Neisse, Gary Steri, Gianmarco Baldini, Elias Tragos, I. Nai Fovino, and Maarten Botterman. 2014. Dynamic context-aware scalable and trust-based IoT security, privacy framework. Internet of Things Applications: From Research and Innovation to Market Deployment, IERC Cluster Book.

[26]

Everton de Matos, Ramão Tiago Tiburski, Leonardo Albernaz Amaral, and Fabiano Hessel. 2018. Providing context-aware security for IoT environments through context sharing feature. In Proceedings of the 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom’18). IEEE, 1711–1715.

[27]

Mehdi Gheisari, Guojun Wang, Wazir Zada Khan, and Christian Fernández-Campusano. 2019. A context-aware privacy-preserving method for IoT-based smart city using software defined networking. Comput. Secur. 87 (2019), 101470.

Digital Library

[28]

Tidiane Sylla, Mohamed Aymen Chalouf, Francine Krief, and Karim Samaké. 2019. Towards a context-aware security and privacy as a service in the Internet of Things. In Proceedings of the International Conference on Information Security Theory and Practice (IFIP’19). 240–252.

[29]

Vangalur Alagar, Alaa Alsaig, Olga Ormandjiva, and Kaiyu Wan. 2018. Context-based security and privacy for healthcare IoT. In Proceedings of the IEEE International Conference on Smart Internet of Things (SmartIoT). IEEE, 122–128.

[30]

Delphine Christin, Martin Michalak, and Matthias Hollick. 2013. Raising user awareness about privacy threats in participatory sensing applications through graphical warnings. In Proceedings of the International Conference on Advances in Mobile Computing and Multimedia. 445–454.

Digital Library

[31]

Majid Hatamian and Jetzabel Serna-Olvera. 2017. Beacon alarming: Informed decision-making supporter and privacy risk analyser in smartphone applications. In Proceedings of the IEEE International Conference on Consumer Electronics. IEEE, 468–471.

[32]

Xuejun Zhang, Xiaolin Gui, Feng Tian, Si Yu, and Jian An. 2014. Privacy quantification model based on the Bayes conditional risk in Location-based services. Tsinghua Sci. Technol. 19, 5 (2014), 452–462.

[33]

Mishtu Banerjee, Rosa Karimi Adl, Leanne Wu, and Ken Barker. 2011. Quantifying privacy violations. In Proceedings of the Workshop on Secure Data Management. Springer, 1–17.

Digital Library

Cited By

Yessoufou FChicha ESassi SChbeir RHounsou J(2023)CROWDPRED: Privacy-Preserving Approach for locations on Decentralized Crowdsourcing Application2023 International Conference on Innovations in Intelligent Systems and Applications (INISTA)10.1109/INISTA59065.2023.10310558(1-6)Online publication date: 20-Sep-2023
https://doi.org/10.1109/INISTA59065.2023.10310558
Long YLuo XZhu YLee KWang S(2023)Data Transparency Design in Internet of Things: A Systematic ReviewInternational Journal of Human–Computer Interaction10.1080/10447318.2023.222899740:18(5003-5025)Online publication date: 18-Jul-2023
https://doi.org/10.1080/10447318.2023.2228997

Index Terms

δ-Risk: Toward Context-aware Multi-objective Privacy Management in Connected Environments
1. Security and privacy
  1. Security services
    1. Privacy-preserving protocols
2. Theory of computation
  1. Design and analysis of algorithms
    1. Mathematical optimization
      1. Continuous optimization

Recommendations

Synthesising Privacy by Design Knowledge Toward Explainable Internet of Things Application Designing in Healthcare
Privacy by Design (PbD) is the most common approach followed by software developers who aim to reduce risks within their application designs, yet it remains commonplace for developers to retain little conceptual understanding of what is meant by privacy. ...
Context-aware System for Dynamic Privacy Risk Inference
Abstract
With the rapid expansion of smart cyber–physical systems and environments, users become more and more concerned about their privacy, and ask for more involvement in the protection of their data. However, users may not be necessarily ...
Real-time privacy risk quantification in online social networks
ASONAM '21: Proceedings of the 2021 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining

Matching the anonymous profile of an individual in an online social network (OSN) to their real identity raises serious privacy concerns as one can obtain sensitive information about that individual. Previous work has formulated the profile matching ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Internet Technology

ACM Transactions on Internet Technology Volume 21, Issue 2

June 2021

599 pages

ISSN:1533-5399

EISSN:1557-6051

DOI:10.1145/3453144

Editor:
Ling Liu
Georgia Institute of Technology, USA

Issue’s Table of Contents

Copyright © 2021 Association for Computing Machinery.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 May 2021

Accepted: 01 August 2020

Revised: 01 August 2020

Received: 01 April 2020

Published in TOIT Volume 21, Issue 2

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Refereed

Funding Sources

Research Council (TRC)
Sultanate of Oman (Block Fund-Research Grant)

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
134
Total Downloads

Downloads (Last 12 months)26
Downloads (Last 6 weeks)2

Reflects downloads up to 16 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Yessoufou FChicha ESassi SChbeir RHounsou J(2023)CROWDPRED: Privacy-Preserving Approach for locations on Decentralized Crowdsourcing Application2023 International Conference on Innovations in Intelligent Systems and Applications (INISTA)10.1109/INISTA59065.2023.10310558(1-6)Online publication date: 20-Sep-2023
https://doi.org/10.1109/INISTA59065.2023.10310558
Long YLuo XZhu YLee KWang S(2023)Data Transparency Design in Internet of Things: A Systematic ReviewInternational Journal of Human–Computer Interaction10.1080/10447318.2023.222899740:18(5003-5025)Online publication date: 18-Jul-2023
https://doi.org/10.1080/10447318.2023.2228997

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Issue’s Table of Contents