C3P: Context-Aware Crowdsourced Cloud Privacy

  • Hamza Harkous
  • Rameez Rahman
  • Karl Aberer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8555)


Due to the abundance of attractive services available on the cloud, people are placing an increasing amount of their data online on different cloud platforms. However, given the recent large-scale attacks on users data, privacy has become an important issue. Ordinary users cannot be expected to manually specify which of their data is sensitive, or to take appropriate measures to protect such data. Furthermore, usually most people are not aware of the privacy risk that different shared data items can pose. In this paper, we present a novel conceptual framework in which privacy risk is automatically calculated using the sharing context of data items. To overcome ignorance of privacy risk on the part of most users, we use a crowdsourcing based approach. We use Item Response Theory (IRT) on top of this crowdsourced data to determine the sensitivity of items and diverse attitudes of users towards privacy. First, we determine the feasibility of IRT for the cloud scenario by asking workers feedback on Amazon mTurk on various sharing scenarios. We obtain a good fit of the responses with the theory, and thus show that IRT, a well-known psychometric model for educational purposes, can be applied to the cloud scenario. Then, we present a lightweight mechanism such that users can crowdsource their sharing contexts with the server and determine the risk of sharing particular data item(s) privately. Finally, we use the Enron dataset to simulate our conceptual framework and also provide experimental results using synthetic data. We show that our scheme converges quickly and provides accurate privacy risk scores under varying conditions.


Data Item Item Response Theory Malicious User Homomorphic Encryption Privacy Risk 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Greenwald, G., MacAskill, E.: NSA Prism program taps in to user data of Apple, Google and others. The Guardian 7(6), 1–43 (2013)Google Scholar
  2. 2.
    Gentry, C.: A fully homomorphic encryption scheme. PhD thesis, Stanford University (2009)Google Scholar
  3. 3.
    Van Dijk, M., Juels, A.: On the impossibility of cryptography alone for privacy-preserving cloud computing. In: Proceedings of the 5th USENIX Conference on Hot Topics in Security, pp. 1–8 (2010)Google Scholar
  4. 4.
    Protiviti: Knowing how – and where – your confidential data is classified and managed. Technical report, Protiviti Inc. (2013)Google Scholar
  5. 5.
    Sweeney, L.: k-anonymity: A model for protecting privacy. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems 10(05), 557–570 (2002)Google Scholar
  6. 6.
    Baker, F.B.: The basics of item response theory. ERIC (2001)Google Scholar
  7. 7.
    Liu, K., Terzi, E.: A framework for computing the privacy scores of users in online social networks. ACM Transactions on Knowledge Discovery from Data 5(1), 6 (2010)CrossRefGoogle Scholar
  8. 8.
    Quercia, D., Casas, D.L., Pesce, J.P., Stillwell, D., Kosinski, M., Almeida, V., Crowcroft, J.: Facebook and privacy: The balancing act of personality, gender, and relationship currency. In: International AAAI Conference on Weblogs and Social Media (2012)Google Scholar
  9. 9.
    Reeve, B.B., Fayers, P.: Applying item response theory modeling for evaluating questionnaire item and scale properties. Assessing Quality of Life in Clinical Trials: Methods of Practice 2, 55–73 (2005)Google Scholar
  10. 10.
    Nering, M.L., Ostini, R.: Handbook of polytomous item response theory models. Taylor & Francis (2011)Google Scholar
  11. 11.
    Linacre, J.M.: Sample size and item calibration stability. Rasch Measurement Transactions 7(4), 328 (1994)Google Scholar
  12. 12.
    Mair, P., Hatzinger, R.: Extended rasch modeling: The erm package for the application of irt models in r. Journal of Statistical Software 20(9), 1–20 (2007)Google Scholar
  13. 13.
    De Ayala, R.J.: Theory and practice of item response theory. Guilford Publications (2009)Google Scholar
  14. 14.
    Lewis, K., Kaufman, J., Gonzalez, M., Wimmer, A., Christakis, N.: Tastes, ties, and time: A new social network dataset using Social Networks 30(4), 330–342 (2008)CrossRefGoogle Scholar
  15. 15.
    Ion, I., Sachdeva, N., Kumaraguru, P., Čapkun, S.: Home is safer than the cloud!: Privacy concerns for consumer cloud storage. In: Proceedings of the Seventh Symposium on Usable Privacy and Security, pp. 13:1–13:20 (2011)Google Scholar
  16. 16.
    Ion, I., Beato, F., Čapkun, S., Preneel, B., Langheinrich, M.: For some eyes only: Protecting online information sharing. In: Proceedings of the Third ACM Conference on Data and Application Security and Privacy, pp. 1–12 (2013)Google Scholar
  17. 17.
    Garg, V., Patil, S., Kapadia, A., Camp, L.J.: Peer-produced privacy protection. In: IEEE International Symposium on Technology and Society, pp. 147–154 (2013)Google Scholar
  18. 18.
    Nissenbaum, H.: A contextual approach to privacy online. Daedalus 140(4), 32–48 (2011)CrossRefGoogle Scholar
  19. 19.
    Pallapa, G., Di Francesco, M., Das, S.K.: Adaptive and context-aware privacy preservation schemes exploiting user interactions in pervasive environments. In: IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks, pp. 1–6 (2012)Google Scholar
  20. 20.
    Bilogrevic, I., Huguenin, K., Agir, B., Jadliwala, M., Hubaux, J.P.: Adaptive information-sharing for privacy-aware mobile social networks. In: Proceedings of the 2013 ACM International Joint Conference on Pervasive and Ubiquitous Computing, pp. 657–666 (2013)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Hamza Harkous
    • 1
  • Rameez Rahman
    • 1
  • Karl Aberer
    • 1
  1. 1.École Polytechnique Fédérale de Lausanne (EPFL)Switzerland

Personalised recommendations