Online Randomization Strategies to Obfuscate User Behavioral Patterns Articles uri icon

publication date

  • December 2012

start page

  • 561

end page

  • 578

issue

  • 4

volume

  • 20

international standard serial number (ISSN)

  • 1064-7570

electronic international standard serial number (EISSN)

  • 1573-7705

abstract

  • When operating from the cloud, traces of user activities and behavioral patterns are accessible to anyone with enough privileges within the system. This could be, for example, the case of dishonest technical staff who may well be interested in selling user logs to competitors. In this paper, we investigate some of the security and privacy leakages derived from the analysis of user activities. We show that the working behavioral patterns exhibited by users can be easily captured into computationally useful representations that would allow an adversary to predict future activities, detect the occurrence of events of interest, or infer the organization's internal structure. We then introduce the idea of obfuscating user behaviour through Online Action Randomization Algorithms. In doing so, we introduce an indistinguishability-based definition for perfectly obfuscated actions and a concrete scheme to randomize user traces in an incremental way. We report experimental results confirming the obfuscation quality and other properties of the proposed schemes.