The document discusses C3P, a context-aware crowdsourced privacy solution for enhancing cloud data protection. It highlights the 60% increase in corporate data shared to the cloud in 2015, with 20% of those files containing protected information, and emphasizes the need for fine-grained data sensitivity assessment rather than brute encryption. It proposes a private crowdsourcing mechanism for estimating data sensitivity based on context and user input to improve privacy management.

1. C3P: Context-Aware
Crowdsourced Cloud Privacy
1
CloudSpacesPrivacyEnhancingTechnologiesSymposium,2014

2. 2
Filesto
Flowers
Conversion

3. 2
Filesto
Flowers
Conversion

4. 2
Filesto
Flowers
Conversion

5. 2
Filesto
Flowers
Conversion

6. 2
Filesto
Flowers
Conversion

7. 3
60%
increase in corporate data shared to the cloud in 2015
Source: Elastica’s Q2 2015 Shadow Data Report

8. 3
20%
of files shared to the cloud contain protected data
60%
increase in corporate data shared to the cloud in 2015
Source: Elastica’s Q2 2015 Shadow Data Report

9. 3
20%
of files shared to the cloud contain protected data
60%
of sensitive files contain PII
30%
…contain health info
60%
increase in corporate data shared to the cloud in 2015
Source: Elastica’s Q2 2015 Shadow Data Report

10. 3
20%
of files shared to the cloud contain protected data
60%
of sensitive files contain PII
30%
…contain health info
Emergence of“Shadow IT”
60%
increase in corporate data shared to the cloud in 2015
Source: Elastica’s Q2 2015 Shadow Data Report

11. You cannot use
cloud services.
You are fully
protected.
Your files are
always
encrypted
before
uploading.
Anti-Snooping Tools for the Cloud
Examples:
4

12. You cannot
run
software.
You are fully
protected.
Your files are
always
quarantined.
WhatifAntivirusSoftwarewasSimilar?
5

13. Obstacles
Privacy vs. Services dilemma

14. Obstacles
Privacy vs. Services dilemma
Context-dependence
of privacy

15. Obstacles
I dedicate the rest of
my life for sorting out
sensitive from non-sensitive
files on my HD
Privacy vs. Services dilemma
Context-dependence
of privacy
Manual effort and expertise
for assessing data sensitivity
6

16. What is needed?
Ensure serviceable protection
instead of brute encryption.

17. What is needed?
Ensure serviceable protection
instead of brute encryption.
Account for the metadata,
sharing environment, and
data content.

18. What is needed?
I dedicate the rest of
my life for sorting out
sensitive from non-sensitive
files on my HD
Ensure serviceable protection
instead of brute encryption.
Account for the metadata,
sharing environment, and
data content.
Automatically estimate the
sensitivity of shared data.
7

19. Introducing C3P
Various levels of information hiding
8

20. Introducing C3P
Define data in terms of context
Various levels of information hiding
8

21. Introducing C3P
I dedicate the rest of
my life for sorting out
sensitive from non-sensitive
files on my HD
Private crowdsourcing mechanism for
gathering people privacy policies
Define data in terms of context
Various levels of information hiding
8

22. Introducing C3P
I dedicate the rest of
my life for sorting out
sensitive from non-sensitive
files on my HD
Private crowdsourcing mechanism for
gathering people privacy policies
Psychologically grounded approach
for estimating sensitivity
Define data in terms of context
Various levels of information hiding
8

23. Fine-Grained Policies
9

24. Defining Data through Context
10
Content Metadata Environment

25. Defining Data through Context
10
Content Metadata Environment

26. Defining Data through Context
10
Content Metadata Environment

27. Location
Data
TopicMedia
Home
Office
Document
Software
Financial
Educational
Context Vocabulary
11

28. PrivacyPreserving Crowdsourcing
12
Business Me ColleagueFinancial Me Stranger Faces Home Friend
Financial Me Stranger
Business Me Colleague
Faces Home Friend
I dedicate the rest of
my life for sorting out
sensitive from non-sensitive
files on my HD
User 1 User 2 User 3

29. PrivacyPreserving Crowdsourcing
12
Business Me ColleagueFinancial Me Stranger Faces Home Friend
Financial Me Stranger
Business Me Colleague
Faces Home Friend
Faces Home Friend
Sharing Operation Context
I dedicate the rest of
my life for sorting out
sensitive from non-sensitive
files on my HD
User 1 User 2 User 3

30. PrivacyPreserving Crowdsourcing
12
Business Me ColleagueFinancial Me Stranger Faces Home Friend
Financial Me Stranger
Business Me Colleague
Faces Home Friend
Faces Home Friend
Work
Sea
Colleague
Family
Sharing Operation Context
I dedicate the rest of
my life for sorting out
sensitive from non-sensitive
files on my HD
User 1 User 2 User 3

31. PrivacyPreserving Crowdsourcing
12
Business Me ColleagueFinancial Me Stranger Faces Home Friend
Financial Me Stranger
Business Me Colleague
Faces Home Friend
Faces Home Friend
Work
Sea
Colleague
Family
Forward-Anonymity
K-anonymity
Sharing Operation Context
I dedicate the rest of
my life for sorting out
sensitive from non-sensitive
files on my HD
User 1 User 2 User 3
Faces Home Friend
Context

32. SensitivityEstimationusingItemResponseTheory
13
Faces Home Friend

33. SensitivityEstimationusingItemResponseTheory
13
Faces Home Friend
High Sensitivity
75%

34. SensitivityEstimationusingItemResponseTheory
13
Faces Home Friend
High Sensitivity
75%

35. High
Privacy Attitude
75%
SensitivityEstimationusingItemResponseTheory
13
Faces Home Friend
High Sensitivity
75%

36. High
Privacy Attitude
75%
SensitivityEstimationusingItemResponseTheory
13
Faces Home Friend
High Sensitivity
75%

37. High
Privacy Attitude
75%
SensitivityEstimationusingItemResponseTheory
13
Faces Home Friend
High Sensitivity
75%

38. High
Privacy Attitude
75%
SensitivityEstimationusingItemResponseTheory
13
Faces Home Friend
High Sensitivity
75%
Group
Invariance
Faces Home Friend
Faces Home Friend

39. High
Privacy Attitude
75%
SensitivityEstimationusingItemResponseTheory
13
Faces Home Friend
High Sensitivity
75%
Group
Invariance
Faces Home Friend
Faces Home Friend
Item
Invariance

40. Connectingthe Dots
14Client
Server
?

41. Connectingthe Dots
14Client
Server
?

42. Connectingthe Dots
14
Financial Me Stranger
Client
Server
Context
Extraction
?

43. Connectingthe Dots
14
Financial Me Stranger
Client
Server
Context
Extraction
Sensitivity
Request
?

44. Connectingthe Dots
14
Financial Me Stranger
Client
Server
Sensitivity
Reply
?

45. Connectingthe Dots
14
Financial Me Stranger
Client
Server
Sensitivity
Reply
Policy
Decision
?

46. Connectingthe Dots
14
Financial Me Stranger
Client
Server
Policy
Decision
Data
Sharing
?

47. Connectingthe Dots
14
Financial Me Stranger
Client
Server
Crowdsourcing
?

48. Connectingthe Dots
14
Financial Me Stranger
Client
Server
Crowdsourcing
? Sensitivity
Computation

49. Evaluation
15
C3P

50. IRTModelsFitPrivacy-AwareCloudSharing?
16
81
96

51. IRTModelsFitPrivacy-AwareCloudSharing?
• Ex: With which privacy level would you
share a project presentation with a friend?
16
81
96

52. IRTModelsFitPrivacy-AwareCloudSharing?
• Ex: With which privacy level would you
share a project presentation with a friend?
• Standardized Infit Statistic:
• (x-axis values should lie in [-2,2])
16
81
96
Dichotomous case
Sensitivity
Infit t-statistic
A dot
represents a
context

53. IRTModelsFitPrivacy-AwareCloudSharing?
• Ex: With which privacy level would you
share a project presentation with a friend?
• Standardized Infit Statistic:
• (x-axis values should lie in [-2,2])
16
81
96
Dichotomous case
Sensitivity
Infit t-statistic
A dot
represents a
context

54. IRTModelsFitPrivacy-AwareCloudSharing?
• Ex: With which privacy level would you
share a project presentation with a friend?
• Standardized Infit Statistic:
• (x-axis values should lie in [-2,2])
16
81
96
Polytomous case
Infit t-statistic
Sensitivity
Dichotomous case
Sensitivity
Infit t-statistic
A dot
represents a
context

55. IRTModelsFitPrivacy-AwareCloudSharing?
• Ex: With which privacy level would you
share a project presentation with a friend?
• Standardized Infit Statistic:
• (x-axis values should lie in [-2,2])
16
81
96
Polytomous case
Infit t-statistic
Sensitivity
Dichotomous case
Sensitivity
Infit t-statistic
A dot
represents a
context

56. IRTModelsFitPrivacy-AwareCloudSharing?
• Ex: With which privacy level would you
share a project presentation with a friend?
• Standardized Infit Statistic:
• (x-axis values should lie in [-2,2])
16
81
96
Yes!
Polytomous case
Infit t-statistic
Sensitivity
Dichotomous case
Sensitivity
Infit t-statistic
A dot
represents a
context

57. TemporalCostofCrowdsourcing&Privacy
17
Zipf context distribution
500
3125
30000
av.: 1 Item/6 hours
• Synthetic Dataset:

58. TemporalCostofCrowdsourcing&Privacy
k
17
Zipf context distribution
500
3125
30000
av.: 1 Item/6 hours
• Synthetic Dataset:

59. TemporalCostofCrowdsourcing&Privacy
k
17
Zipf context distribution
500
3125
30000
av.: 1 Item/6 hours
• Synthetic Dataset:
Crowdsourcing cost: Hit rate (HR) from 0 to 90% in 10 days

60. TemporalCostofCrowdsourcing&Privacy
k
17
Zipf context distribution
500
3125
30000
av.: 1 Item/6 hours
• Synthetic Dataset:
Crowdsourcing cost: Hit rate (HR) from 0 to 90% in 10 days
Anonymity cost: HR difference starts high but vanishes in 10 days.

61. EffectofSharingBehaviorontheTemporalCost
18
Anonymity Parameter K=3
500
3125
30000
av.: 1 Item/6 hours
• Synthetic Dataset:

62. EffectofSharingBehaviorontheTemporalCost
18
Effect: Long tail distribution is of lower temporal cost.
Anonymity Parameter K=3
500
3125
30000
av.: 1 Item/6 hours
• Synthetic Dataset:

63. RobustnessTowardsMaliciousUsers?
19
• Test:
• Assign sensitivities to items
and attitudes to people.
• Honest users choose policies
according to the model.
• Malicious users choose
policies at random.

64. RobustnessTowardsMaliciousUsers?
19
• Test:
• Assign sensitivities to items
and attitudes to people.
• Honest users choose policies
according to the model.
• Malicious users choose
policies at random.

65. RobustnessTowardsMaliciousUsers?
19
• Test:
• Assign sensitivities to items
and attitudes to people.
• Honest users choose policies
according to the model.
• Malicious users choose
policies at random.

66. RobustnessTowardsMaliciousUsers?
19
• Test:
• Assign sensitivities to items
and attitudes to people.
• Honest users choose policies
according to the model.
• Malicious users choose
policies at random.
Preset
Sensitivity
Computed
Sensitivity-Check

67. RobustnessTowardsMaliciousUsers?
19
• Test:
• Assign sensitivities to items
and attitudes to people.
• Honest users choose policies
according to the model.
• Malicious users choose
policies at random.
Preset
Sensitivity
Computed
Sensitivity-Check
Tolerance: 25% malicious: ≈8% difference, 50% malicious: ≈17% difference

68. FutureWork
• Recommendation of policies to users
• Batch sensitivity analysis
• Considering probabilistic attacks on the scheme
• Working with IRT alternatives.
20
ELO MF

69. 21

70. 22
PrivyShare
PrivyShare-Desktop

71. PrivyShareBenefits
• Works with any cloud service
23

72. PrivyShareBenefits
• Works with any cloud service
• Provides“Sensitivity as a Service”
23

73. PrivyShareBenefits
• Works with any cloud service
• Provides“Sensitivity as a Service”
• Offers fine grained protection
• Metadata cleaning
• Face Blurring
• Encryption
• Encryption + Auxiliary Information (automatic summaries, blurred
thumbnails)
23

74. 24
PrivyShare
PrivyShare-Browser

75. PrivySeal:Dealingwith3rdPartyCloudApps
25
PrivySeal
privyseal.epfl.ch

76. 26
Questions
hamzaharkous.com

77. Images/MediaCredits
•Pixel77
•Freepik