DEEProtect: Enabling Inference-based Access Control on Mobile Sensing Applications
This addresses privacy risks for mobile app users by enabling inference-based access control, offering a novel framework that is incremental in combining autoencoders and obfuscation techniques.
The paper tackles the problem of protecting user privacy in mobile sensing applications by limiting apps' ability to make sensitive inferences from sensor data, and it demonstrates that DEEProtect provides provable privacy guarantees with up to 8x improvement in utility compared to existing approaches.
Personal sensory data is used by context-aware mobile applications to provide utility. However, the same data can also be used by an adversary to make sensitive inferences about a user thereby violating her privacy. We present DEEProtect, a framework that enables a novel form of inference control, in which mobile apps with access to sensor data are limited (provably) in their ability to make inferences about user's sensitive data and behavior. DEEProtect adopts a two-layered privacy strategy. First, it leverages novel autoencoder techniques to perform data minimization and limits the amount of information being shared; the learning network is used to derive a compact representation of sensor data consisting only of features relevant to authorized utility-providing inferences. Second, DEEProtect obfuscates the previously learnt features, thereby providing an additional layer of protection against sensitive inferences. Our framework supports both conventional as well as a novel relaxed notion of local differential privacy that enhances utility. Through theoretical analysis and extensive experiments using real-world datasets, we demonstrate that when compared to existing approaches DEEProtect provides provable privacy guarantees with up to 8x improvement in utility. Finally, DEEProtect shares obfuscated but raw sensor data reconstructed from the perturbed features, thus requiring no changes to the existing app interfaces.