limitations of mobile devices, mobile application designers leverage cloud computing ... such as task difficulty, task criticality, estimated cost of interruption, etc.
A Privacy-Enabled Mobile Computing Model Using Intelligent Cloud-Based Services Edward R. Sykes*, Huy Pham*, Magdin Stoica*, Deborah Stacey** Introduction and Motivation
Example Use Case
Privacy Service Mediator Use-Case Responsibilities
Protecting the user's digital privacy in today's increasingly mobile world is a significant challenge [1]. As mobile applications grow in complexity they will exceed the computational capabilities and power limitations of the mobile devices on which they run. To overcome the inherent limitations of mobile devices, mobile application designers leverage cloud computing architectures [2,3]. The primary rationale is that by offloading computationally demanding tasks, mobile applications can provide their users with sophisticated features that are beyond the device’s capabilities. This research analyzes two impactful mobile computing trends from a privacy-protection perspective: (1) mobile applications are increasingly relying on cloud-based services; and (2) cloud-based services will eventually specialize beyond the expertise of mobile application developers [2]. From a privacy perspective, this increased reliance on cloud computing poses additional challenges. In this research, we propose a model that aims to support mobile users to decide if, when, and how a cloud-based service or resource could be used in a way that protects their privacy.
1.User takes a picture of a placard during a political demonstration using a smartphone. The face of the person carrying the placard appears in the corner of the photograph; the time shows in the background.
•Dynamically determines the most appropriate services to use based on service metadata, reliability, privacy policies, user ratings, past history, global service rating.
2.User sends a tweet containing the political movement’s URL, the picture and a message to portray the events. Inadvertently, the GPS location is included with the tweet.
•The user’s contextual information and privacy settings are used to detect the calendar event as being a private event. Furthermore, the location was detected as not permitted to be disclosed in social media applications.
3.Mobile app creates a command chain for each of the four services to be invoked: Picture Storage Service, URL Shortening Service, MicroBlogging Service and Twitter Service and forwards the command chain to the Mobile Device Agent (MDA).
•PSM uses a reputable Image Analysis Service (IAS) to analyze the picture for privacy sensitive artefacts and detects the face in the picture as a nonessential element of the photograph. IAS also detects the time shown in the photograph (from a clock in the picture) to be matching the actual time the picture was taken.
4.MDA collects the user context augmented with the current calendar event, current time and privacy settings and forward the command chain to the Privacy Service Mediator (PSM). 5.PSM analyzes the information received for potential breaches of privacy and modifies and executes the command chain to ensure the user’s privacy remains intact (see PSM Use-Case Responsibilities).
Proposed Model The model is represented in three distinct logical components: the Mobile Device Agent, the Privacy Service Mediator, and Cloud Services. Mobile Device Agent (MDA) This agent resides on the user’s mobile device and captures information representing the four contexts: user, task, environment, and time. Each context includes components representing both static and dynamic (realtime) state information on its user. Components of the user model may include preferences, contact list, calendar information, favourite apps, etc. The task model includes typical activities the user routinely does, the task s/he is currently engaged in, and details associated with the task such as task difficulty, task criticality, estimated cost of interruption, etc. The environment model is represented by not only location awareness factors, but also rich situational details associated with that location.
Mobile Device
Mobile Device
WS Cmd
WS Cmd
Mobile Device Agent
Mobile Device Agent Request
Request
Cloud Services The cloud services in this model refer to both cloud-based services and web-based services. For example, services such as: blogging, 3D scene construction, speech-to-text, image analysis, etc.
Result Privacy Service Mediator
Untrusted Cloud URL Shortening Service
Voice Recognition Service
Image Storage Service
3D Scene Construction Service
Blogging Service
Other Services
Discussion and Benefits The proposed model offers several important benefits. First, the scalability and increased computing power offered by the cloud-based model affords the Privacy Mediator Service with a sophisticated decision making model, and hence allows it to make better privacy-related decisions for its user. Second, the mediator’s ability to continuously learn and improve its model allows it to adaptively modify its behavior and personalize its service to suit the user's changing needs and context. Third, its ability to incorporate realtime environmental and contextual inputs allows it to respond to relevant world events in real-time, resulting in enhanced protection of its user's privacy. The model embraces privacy-by-design principles and provides all mobile application developers with an adaptive, reliable, reusable and easy to use component to manage and implement privacy requirements in their mobile applications.
Future Work
Trusted Cloud Result
Privacy Service Mediator (PSM) The Privacy Service Mediator is the heart of the proposed model. This service has three main components for which it is responsible: (a) personalized privacy; (b) intelligent learning and reasoning; and (c) cloud-based service discovery. Residing in a trusted cloud, this softstate persistent service ensures that the information received from the mobile agent remains confidential for the entire transaction (i.e., selection, submission of data and processing by a cloud-based service). In this model, only the mediator is privy to the user’s private data and the selected cloud-based service is unaware of the user’s identity. The manner of ensuring confidentiality is accomplished by the intelligent learning and reasoning module (e.g., k-anonymity, blurring, identity masquerading, etc.). When the mediator has satisfied the mobile agent’s request, all data used in the transaction is destroyed.
•PSM uses IAS under the direction of the user privacy settings to eliminate the GPS location and blur the participant’s face as well as the face of the clock showing the time.
Future work on the MDA will expand the user state models in combination with the other three contexts (task, environment, and time). This work will also include exploring how the MDA can enable the user to both fine-tune his/her user model through privacy rule settings and obtain feedback from it. Work on the PSM will define design and protocol requirements to ensure a seamless communication with current and future external cloud services. Further work is also aimed at the intelligent and reasoning module used in the selection of appropriate services and confidentiality assurance methods. A template for mobile application employing privacy by design using the MDA/PSM model will be defined and will be applied to existing applications.
References 1.Beach, A., M. Gartrell, and R. Han. Solutions to Security and Privacy Issues in Mobile Social Networking. in International Conference on Computational Science and Engineering. 2009. 2.Satyanarayanan, M., Mobile Computing: the Next Decade, in 1st ACM Workshop on Mobile Cloud Computing & Services: Social Networks and Beyond2011. p. 1‐6. 3.Poolsappasit, N. and I. Ray, Towards Achieving Personalized Privacy for Location-Based Services. Transactions on Data Privacy, 2009. 2(1): p. 77-99.
*
**
