Chapter 10
A Privacy-Enabled Mobile Computing Model Using Intelligent Cloud-Based Services Edward R. Sykes, Huy Pham, Magdin Stoica, Khaled Mahmud, and Deborah Stacey
Abstract Protecting the user’s digital privacy in today’s increasingly mobile world is a significant challenge. As mobile applications grow in complexity they will exceed the computational capabilities and power limitations of the mobile devices on which they run. To overcome the inherent limitations of mobile devices, mobile application designers are turning to the cloud for solutions. The primary rationale is that by off-loading computationally demanding tasks, mobile applications can provide users with sophisticated features that exceed the device’s capabilities. This research analyzes two impactful mobile computing trends from a privacyprotection perspective: (1) mobile applications are increasingly relying on cloudbased services; and (2) cloud-based services will eventually specialize beyond the expertise of mobile application developers. From a privacy perspective, this increased reliance on cloud computing poses additional challenges. In this research, we propose a model that aims to support mobile users to decide if, when, and how a cloud-based service or resource could be used in a way that protects their privacy. In this paper, we present (1) the model describing the roles of two collaborating components: a mobile device agent and a privacy service mediator, (2) use cases and design considerations, and (3) future work.
E.R. Sykes (*) • H. Pham • M. Stoica • K. Mahmud Faculty of Applied Science and Technology, Sheridan College, 1430 Trafalgar Road, Oakville, ON, Canada e-mail:
[email protected];
[email protected];
[email protected] D. Stacey College of Physical and Engineering Science and School of Computer Science, University of Guelph, Guelph, ON, Canada N1G 2W1 e-mail:
[email protected] I. Harvey et al. (eds.), SmartData: Privacy Meets Evolutionary Robotics, 107 DOI 10.1007/978-1-4614-6409-9_10, # Springer Science+Business Media New York 2013
108
10.1
E.R. Sykes et al.
Introduction
Mobile computing is pervasive in our society; every aspect of our daily lives has been touched by the ubiquitous nature of mobile devices. We have experienced an exponential growth of mobile computing—a trend that seems to have no limit. At a time when mobile computing recently exceeded the popularity of all other computing paradigms, protecting the privacy of mobile users becomes a problem of ever greater importance [7]. While there are some solutions to very specific areas of privacy in mobility, they are far from being adequate to satisfy the requirements of (1) the spectrum of user’s personal characteristics, privacy requirements and preferences and (2) the diversity of the mobile computing devices and platforms that are currently in widespread use [5, 10]. Mobile applications are becoming increasingly more complex. This trend is complicated further with the fact that all mobile devices have inherent limitations in terms of computational processing capabilities, power consumption, and security and privacy protection. Solutions are needed to overcome these limitations and mobile application developers are turning to the cloud [7]. One core benefit of offloading computationally demanding tasks from the mobile device to the cloud is that it enables applications to provide users with significantly more sophisticated functionality that exceed the device’s capabilities [6]. This research embraces two mobile computing trends from a privacy-protection perspective: (1) mobile applications increased reliance on cloud-based services; and (2) cloud-based services specialization beyond the expertise of mobile application developers. From a privacy perspective, this increased reliance on cloud computing poses additional challenges. In this research, we propose a model that aims to support mobile users to decide if, when, and how a cloud-based service or resource could be used in a way that protects their privacy. In this paper, we present (1) a model describing the roles of two collaborating components: a mobile device agent (running on the device) and a privacy service mediator (running in the cloud), (2) use cases and design considerations, (3) a discussion and (4) future work. The model embraces privacy-by-design principles and can be expediently applied to many mobile applications that use context-aware or cloud services for establishing privacy requirements in their mobile applications.
10.2
Background
Privacy in its most fundamental forms is undeniably under attack [1, 9]. Disguised as a technological and societal revolution, the most private personal information has become a commodity that is being grown, harvested and traded with complete disregard to the negative impacts to the very society we are trying to enhance. The rise of social networks has truly allowed people to organize, communicate and share [1]. Revolutions are followed and witnessed via social networking sites.
10
A Privacy-Enabled Mobile Computing Model Using Intelligent. . .
109
Customers can organize and coordinate consumer protection efforts on Twitter while students collaborate on team projects, wikis, blogs and e-portfolios. These services are often offered free of charge in the traditional sense but are heavily paid for with the most personal of currencies, the user’s personal data. Under the guise of a “personalizable” world, companies like RapLeaf are building and trading a repository containing one billion email addresses linked to real names, browsing and shopping history, social networking participation, political interests and affiliations and real estate records [8]. In a race to reach and amass consumers, retailers are data mining shopping habits with a degree of sophistication that allows them to determine and exploit future private information such as determining when young families will have children before official birth records are filled and sometimes before members of the closest family learn it [4]. Users are constantly bombarded with reasons and mechanisms to relinquish their most private data with features like Facebook’s timeline and auto-sharing, LinkedIn’s integration with user’s calendar and Twitter’s contact lookup, which requires users to export their address books. Location-based social networks such as Foursquare combined, by mobile apps, with information-rich networks such as Facebook and LinkedIn have given rise to dubious mobile applications that provide rich context to private information [2]. There are two fundamental areas of mobile computing that this research is situated: context-aware mobile computing and cloud-integrated mobile computing. In both of these areas privacy, security and trust are currently pressing concerns for government, academia, and industry [7, 9]. Furthermore, cloud-integrated mobile computing is growing extremely rapidly, in fact, IBM predicts that by 2015, there will be 1 trillion cloud-ready mobile devices [3]. One of the main contributions of this research is in the cloud-integrated mobile computing area.
10.3
Proposed Model
This section describes the proposed model which is represented by three distinct logical components: the Mobile Device Agent (MDAg), the Privacy Service Mediator (PSM), and Cloud Services. The cloud services in this model refer to both cloudbased services and web-based services. For example, services such as: blogging, 3D scene construction, image analysis, etc. Figure 10.1 shows the model illustrating the relationship between the components, information flow, and dependencies.
10.3.1 A Privacy Telling Use Case Let us consider a typical use-case mobile users often participate in, which involves the use of a mobile device to post information to social networking sites. Such usecases often occur in a larger context that may allow further inferences which violate
110
E.R. Sykes et al.
Mobile Device
Mobile Device
WS Cmd
WS Cmd
Mobile Device Agent
Mobile Device Agent Request
Request
Trusted Cloud Result
Result Privacy Service Mediator
Untrusted Cloud URL Shortening Service
Voice Recognition Service
Image Storage Service
3D Scene Construction Service
Blogging Service
Other Services
Fig. 10.1 Privacy-by-Design model depicting the MDAg, PSM and Cloud Services
the user’s privacy. In this use-case, a user participating in a political demonstration uses a mobile device to take and post a photograph along with a short message using Twitter. The use-case presented below outlines how in only a few simple steps and in a matter of seconds mobile users can release a wealth of private information to publicly accessible cloud services.
10
A Privacy-Enabled Mobile Computing Model Using Intelligent. . .
111
1. User uses their mobile phone to take a picture of a placard during a political demonstration. The phone’s camera catches the face of the person carrying the placard in the corner of the photograph. An electronic sign shows the time somewhere in the background. 2. User composes a tweet that contains the political movement’s URL, attaches the picture and writes a message to portray the events as they happen. 3. User sends the tweet using a mobile tweeter client application. The app was updated recently and its settings changed to include the GPS location with each tweet. 4. Mobile app uses several services to process the message: (a) The picture is stored in the cloud using a picture storage service (PSS) and the picture’s URL is obtained; (b) The URL included in the tweet is shortened using a URL shortening service (URLSS); (c) The application detects the tweet size exceeds 140 characters and uses a micro-blogging service (MBS) to post the full version of the text and to obtain a URL to the full micro-blog; (d) The application recomposes the tweet to include the processed information: a shortened message, a URL to the picture and a URL to the full message stored in the cloud. 5. The Twitter Service (TS) receives and tweet and posts it to the public at large. The paradox of mobile computing is that it provides unparalleled productivity while compromising, with the same degree of “efficiency,” the user’s data protection and privacy. As shown in the use-case above, what used to take hours of work in front of a powerful, network connected, desktop placed computer can now be accomplished in seconds. The mobility itself provides rich context to the actual computing such as in the political demonstration example. In four short steps the mobile user interacts with four cloud-based services: (1) a picture storage services; (2) URL shortening service; (3) micro-blogging service; and (4) Twitter Service. During the same steps the user relinquishes at least eight pieces of private information: political affiliations or at least participation of both the use-case’s actor and the person caught in the photograph; the face of a person; the time and the exact location of the two people and a message. It can be presumed that the user’s intention was simply to post a picture of a placard along with a text caption and nothing else. It is unrealistic to expect users to police every such action analyzing every step from a privacy perspective. The demand for doing so is therefore placed on the mobile device and computing platform, which should provide privacy by design, as a service. The proposed model aims to do just that using the PSM, which arbitrates the communication between mobile applications and cloud services and analyzes the exchange of information from a privacy perspective. Using a command design pattern the mobile application can package the cloud-service calls into a chain of command objects which are linked and sent to PSM for execution via MDAg.
112
E.R. Sykes et al.
The mobile device agent enriches the command chain with the user’s context augmented with the current calendar event, current time and privacy settings. The enriched command chain is sent to the PSM for analysis and execution. Following the mediator design pattern, PSM mediates the execution of the fourth step in the main use-case, the communication between the mobile application and the cloud services necessary to perform the user’s task. By design, the mediator’s main responsibility is to ensure the user’s privacy based on preferences, learned usage models and cloud service metadata. The following paragraph shows how the example use-case changes in step 4 when PSM is used: 1. Mobile app creates a command chain for each of the four services to be invoked: PSS, URLSS, MBS and TS and forwards the command chain to the Mobile Device Agent (MDAg). 2. MDAg collects the user context augmented with the current calendar event and current time and privacy settings and forwards the command chain to the Privacy Service Mediator (PSM). 3. PSM analyzes the information received for potential breaches of privacy and modifies the command chain to ensure the user’s privacy. (a) Dynamically determines the most appropriate services to use based on service metadata, reliability, privacy policies, user rating, past history, global service rating. (b) Uses the user’s context and privacy settings to detect the calendar event as being a private event as well as the fact the location is not allowed in social media applications. (c) Uses a reputable Image Analysis Service (IAS) to analyze the picture for privacy sensitive artifacts and detects the face in the picture as a nonessential element of the photograph as well as the time shown in the picture matching the actual time the picture was taken. (d) PSM uses IAS, under the direction of the user privacy settings, to blur the face of the person as well as the face of the clock showing the time and eliminates the GPS location. 4. PSM executes the command chain having the validated parameters and destinations. Please note that while steps 1 and 2 run on the device, steps 3 and 4 execute in the cloud which allows for extended computing power. In this context the MDAg and PSM act as a privacy bridge between the mobile device and the cloud with a trusted link guarding the information exchanged.
10.3.2 Mobile Device Agent The MDAg resides on the user’s mobile device and captures information representing the four contexts: user, task, environment, and time. Each context
10
A Privacy-Enabled Mobile Computing Model Using Intelligent. . .
Intelligent Reasoning and Learning Personalized Privacy • blurring • proxy representation • k-anonymity
113
Cloud-based Service Discovery and Assessment
Learning • historic information • context refinement • cloud-service ranking
Ranked Service Directory
Cloud Services • location • security • trustworthiness
Fig. 10.2 Privacy Service Mediator components
includes components representing both static and dynamic (real-time) state information on its user. Components of the user model may include preferences, contact list, calendar information, favourite apps, etc. The task model includes typical activities the user routinely does, the task s/he is currently engaged in, and details associated with the task such as task difficulty, task criticality, estimated cost of interruption, etc. The environment model is represented not only by location awareness factors, but also rich situational details associated with that location.
10.3.3 Privacy Service Mediator The PSM is the heart of the proposed model. This service is ultimately responsible for maintaining the user’s privacy and consists of two components: (1) intelligent reasoning and learning; and (2) cloud-based service discovery (see Fig. 10.2). Residing in a trusted cloud, this soft-state persistent service ensures that the information received from the MDAg remains confidential for the entire transaction (i.e., selection, submission of data and processing by a cloud-based service). In this model, only the mediator is privy to the user’s private data and the selected cloudbased service is unaware of the user’s identity. The Intelligent Reasoning and Learning (IRL) component of the PSM is the core unit that oversees the personalized privacy for the user and provides the decision making capability on matters such as whether specific user data should be sent to a cloud service or not. Furthermore, this component also ensures that the user’s privacy remains intact for the current transaction and throughout time. The reasoning module of IRL supports a control-release paradigm and determines if, and if so, how, when and what user data should be released to the selected cloud service. Depending on the answers to those questions this module selects the appropriate techniques for protecting user’s privacy (e.g., blurring, proxy representation, or k-anonymity) [6]. The reasoning module is also responsible for the management of historic information such as what user data has been
114
E.R. Sykes et al.
previously disclosed to this cloud service in the past. Hence, this module has the capability to make inferences. For example, suppose the PSM has noted that the following private information (property A: name, town of residence) has been released to a specific cloud-service, and if at a later time, the same cloud-based service is called upon again this time requesting additional information (property B: postal code), the cloud-based service now has sufficient information to make inferences on the physical location of the user’s home (A + B ¼> C). In this situation, the PSM would prohibit the release of this additional information to ensure the privacy of the user and seek another cloud-based service instead. The learning module of IRL represents a high-level objective for PSM to learn and assimilate the knowledge that has been gained from historic events related to a particular user. The areas where specific learning will take place are: • Context refinement (i.e. user, task, environment and time contexts) • Cloud-based service ranking A well-defined objective criteria was used to select a set of machine learning tools that would support both the reasoning and learning components of this module. The candidate machine learning tools that most appropriately match these criteria are dynamic Bayesian networks, and adaptive neuro-fuzzy inference systems. The second main component of the PSM is cloud-based service discovery. This component represents the mediator’s responsibility to search and find an appropriate service to meet the user’s needs. The relationship between the PSM and the selected cloud service is not a trusted relationship—only data that has been vetted by the user as information that is valid to be shared is communicated with the cloud service. The core of this component is a search algorithm that uses well-defined criteria to determine and select the most appropriate cloud service based on: (1) trustworthyness (i.e., objective third party ranking); (2) location (a k-nearest neighbor algorithm will be used to create a set of closest services to the user to minimize network latency); and (3) security (i.e., the data transmitted between the PSM and the cloud service must be encypted [e.g., AES, etc.]).
10.4
Discussion
The proposed model in this paper offers several important benefits. First, the scalability and increased computing power offered by the cloud-based model affords the Privacy Service Mediator with a sophisticated decision making model, and hence allows it to make better privacy-related decisions for its user. Second, the mediator’s ability to continuously learn and improve its model allows it to adaptively modify its behavior and personalize its service to suit the user’s changing needs and context. Third, its ability to incorporate real-time environmental and contextual inputs allows it to respond to relevant world events in real-time, resulting in enhanced protection of its user’s privacy. The model embraces
10
A Privacy-Enabled Mobile Computing Model Using Intelligent. . .
115
privacy-by-design principles and provides all mobile application developers with an adaptive, reliable, reusable and easy to use component to manage and implement privacy requirements in their mobile applications
10.5
Future Work
Future work on the MDAg will expand the user state models in combination with the other three contexts (task, environment, and time). This work will also include exploring how the MDAg can enable the user to both fine-tune his/her user model through privacy rule settings and obtain feedback from it. Work on the PSM will define design and protocol requirements to ensure a seamless communication with current and future external cloud services. Further work is also aimed at the intelligent and reasoning module used in the selection of appropriate services and confidentiality assurance methods. A template for mobile application employing privacy by design using the MDAg/PSM model will be defined and will be applied to existing applications.
References 1. Beach A, Gartrell M, Han R Solutions to Security and Privacy Issues in Mobile Social Networking. In: International Conference on Computational Science and Engineering, 2009. pp 1036 – 1042 2. Bilton N (2012) Girls Around Me: An App Takes Creepy to a New Level New York Times. http://bits.blogs.nytimes.com/2012/03/30/girls-around-me-ios-app-takes-creepy-to-a-new-level/ Accessed July 10, 2012 3. Cox P, A. (2011) Mobile cloud computing: Devices, trends, issues, and the enabling technologies. IBM 4. Duhigg C (2012) How Companies Learn Your Secrets. New York Times. http://www.nytimes. com/2012/02/19/magazine/shopping-habits.html?_r¼2&pagewanted¼1&hp Accessed July 20, 2012 5. Kakousis K, Paspallis N, Papadopoulos GA (2010) A survey of software adaptation in mobile and ubiquitous computing. Enterprise Information Systems 4 (4):355–389 6. Poolsappasit N, Ray I (2009) Towards Achieving Personalized Privacy for Location-Based Services. Transactions on Data Privacy 2 (1):77–99 7. Satyanarayanan M (2011) Mobile Computing: the Next Decade. Paper presented at the 1st ACM Workshop on Mobile Cloud Computing & Services: Social Networks and Beyond 8. Steel E (2010) A Web Pioneer Profiles Users by Name Wall Street Journal. http://online.wsj. com/article/SB10001424052702304410504575560243259416072.html. Accessed June 24, 2012 9. Tomko G, Borrett D, Kwan H, Steffan G (2010) SmartData: Make the Data “Think” for Itself. Identity in the Information Society 3 (2):343–362 10. Yu WD, Yuan H (2011) An Approach to Explore Mobile Software Engineering Advances in Cloud Computing Environment. Paper presented at the IEEE 35th Annual Conference on Computer Software and Applications Conference Workshops
