Privacy preserving and transactional advertising for mobile services
The many sensors embedded in phones nowadays provide advanced sensing capabilities that make it possible to capture real-time information about the user and his surroundings. There are already examples of apps/services that use this information to provide highly useful and contextual advertisements to the users. However, users are still reluctant to share their personal data with advertisers due to their privacy implications (if misused). In this work, we provide protocols that allow users to store their sensor data on third party (untrusted) cloud servers. The data is stored in encrypted form, hence protected from the cloud provider. The advertisements are also stored on the server. They are customized to potential users. The server selects the advertisements appropriate to the users, based on their sensor values, and forwards them to the users. We consider two cases: (i) appropriate advertisements are sent to individual users automatically; and (ii) advertisements are sent to groups of users after getting permission from the group members. In both cases, the concurrency control protocols performed by the cloud provider ensure that the data and advertisements are 'fresh and consistent'. This is to avoid situations where served advertisements are not in sync with the user's current context or the advertisements have already expired. The above is achieved by integrating transactional and cryptographic primitives, such as atomic uploads, optimistic concurrency control, searchable encryption and homomorphic encryption. Finally, experimental results are given to illustrate the practical feasibility and scalability of the proposed protocols.