Research‎ > ‎

Privacy-Preserving Data Sharing Framework


Faculty: Mani Srivastava
Students: Haksoo Choi, Max Greenblat, Zainul M Charbiwala


Protecting individual’s privacy is especially important in body-area sensor networks because such networks deal with personal and sensitive information regarding individual’s physiological data. In order for such networks to be practically feasible, it is indispensable to resolve various privacy issues arise in flow of personal sensor data stream. No one would like to use a system that does not properly protect user’s privacy even though the system provide enormous amount of benefits.

In many network systems based on body-area sensor networks, individual’s privacy should be properly protected. For example, medical researchers need to recruit general public so they can have people participate in their research and provide individual’s body sensor data. If the network system that the medical researchers are using does not provide reliable privacy protection mechanisms, people will be reluctant to participate in the research. Similarly, mobile health care systems also have to preserve user’s privacy properly. Even though such systems provide high quality of services regarding personal health care, people would rather not use such system than paying the cost of revealing their private information

We want to give individuals complete control over their personal sensor data to maximize their privacy. In achieving this, we need well designed privacy policy language. Users can have many different privacy preferences in controlling access to their own data. For example, users might want to share their data with someone but not with someone else, and users might be willing to share sensor data from several locations but do not want share data from specific locations. Users would not want to share data from certain time period, too. These preferences can be arbitrary complex so it is important to have a fine-grained language that can well express such various privacy preferences. Moreover, different users will have different privacy preferences. It is infeasible to implement each privacy enforcement system for each user’s privacy requirement. Instead, we want to have general privacy enforcement mechanism that understands privacy policies of users and enforce the privacy rules on run-time. For privacy enforcement systems to understand the policies, we need machine-readable representation of user’s privacy preferences.


Expressive privacy policies: The design focus of our privacy policy language is expressing fine-grained control over user’s personal data to meet user’s various privacy requirements. One important aspect of privacy in body-area sensor networks is that simply granting and denying access to personal data is not enough to preserve user’s privacy. We want to provide users with an ability to control access to their data based on various options such as sensor, time, location, sensor value, data requester, and modifying sensor data.

Privacy policy enforcement mechanism: The privacy policy enforcement mechanism is single general implementation of understanding and enforcing various users' privacy policies. It will understand any privacy policies with arbitrary combination of privacy preferences and properly controls access to personal sensor data according to the data owner's privacy rules.

Privacy-preserving database server: The database server will store users' sensor data and provide them when they are requested according to the privacy policy enforcement mechanism. The database server will have efficient protocols for uploading and downloading sensor data and also have efficient structure for storing sensor data.

Latest Work

So far we have designed the structure of privacy policy rules based on JavaScript Object Notation (JSON). The current design of the privacy rules can express user's privacy preference based on time stamp, location stamp, sensor value, data consumer, and sensors. It also can express various modifications to sensor data. Currently, we are working on privacy policy enforcement mechanism which understands the privacy rules and enforces them on requests to sensor data.

Related Work

[1] K. Chang, N. Yau, M. Hansen, and D. Estrin, " – a centralized repository to slog sensor network data," In Proceedings of DCOSS/EAWMS, 2006.

[2] H. Chen and S. Chong, "Owned policies for information security," In Proceedings of the 17th IEEE Computer Security Foundations Workshop, pages 126–138, June 2004.

[3] A. Kapadia, N. Triandopoulos, et. al., "AnonySense: Opportunistic and Privacy-Preserving Context Collection," In Proc. of the 6th Intl. Conf. on Pervasive Computing, May 2008.

[4] G. Aggarwal, M. Bawa, P. Ganesan, H. Garcia-molina, K. Kenthapadi, N. Mishra, R. Motwani, U. Srivastava, D. Thomas, J. Widom, and Y. Xu, “Vision paper: Enabling privacy for the paranoids,” in Proceedings of VLDB 2004, 2004, pp. 708–719.

[5] Andrew Parker, Sasank Reddy, Thomas Schmid, Kevin Chang, Ganeriwal Saurabh, Mani Srivastava, Mark Hansen, Jeff Burke, Deborah Estrin, Mark Allman, and Vern Paxson, “Network system challenges in selective sharing and verification for personal, social, and urban-scale sensing applications,” in HOTNETS ’06, 2006.

[6] David Kotz, Sasikanth Avancha, and Amit Baxi, “A Privacy Framework for Mobile Health and Home-Care Systems,” in the proceedings of the first ACM workshop on Security and Privacy in Medical and Home-Care Systems (SPIMACS), 2009

[7] Katie Shilton, Jeffrey A. Burke, Deborah Estrin, Ramesh Govindan, Mark Hansen, Jerry Kang, and Min Mun, “Designing the Personal Data Stream: Enabling Participatory Privacy in Mobile Personal Sensing,” In the 37th Research Conference on Communication, Information and Internet Policy (TPRC), September 2009

[8] Marci Meingast, Tanya Roosta, and Shankar Sastry, “Security and Privacy Issues with Health Care Information Technology,” in the Proceedings of the 28th IEEE EMBS Annual International Conference, 2006

[9] JavaScript Object Notation,