Privacy preserving data collection framework for user centric network applications

Official URL: http://192.168.1.20/record=b1301509 (Table of Contents)

Advances in mobile and ubiquitous computing increased the number of user centric applications that comes into all aspects of our lives. This situation has started to threaten our privacy and created a huge demand for development of privacy-aware applications. Comprehensive privacy protection mechanisms have to take all phases of data processing into considerations including data collection from users, storage of data in central servers, and sharing them with third parties. However, privacy studies in the literature generally bring solutions for sharing of collected information with third parties. In this thesis, a privacy preserving data collection framework is proposed for user centric network applications. Framework provides privacy of data en route to data collector(s). We propose a generic bottom-up clustering method that utilizes k-anonymity or l-diversity concepts during anonymization. Entropy based metrics for information loss and anonymity level are defined and used in performance evaluations. Framework is adapted for networks having different data collector parties with different privacy levels. Our framework is applied for two types of data collection applications: (i) privacy preserving data collection in wireless sensor networks, (ii) preservation of organiza- tional privacy during collection of intrusion detection logs from different organiza- tions. Traditional data utility vs. privacy trade-off has one more dimension in wireless sensor networks. This dimension is minimization of bandwidth or energy consump- tion due to the limitations of tiny sensor nodes. Our analyses show that the proposed framework presents a suitable trade-off mechanism among energy consumption minimization, data utility and privacy preservation in wireless sensor network applications with one or multiple sinks. It is also demonstrated that our framework brings effective solution for preserving organizational privacy during sharing of intrusion detection logs among organizations and central security monitoring entity.