Position: Research Assistant, Teaching Assistant

Current Institution: Princeton Universtiy

Rethinking Privacy in Information Networks and IoT systems

Information sharing is key to realizing the vision of a data-driven customization of our environment. Data that were earlier locked up in private repositories are now being increasingly shared for enabling new context-aware applications, better monitoring of population statistics, and facilitating academic research in diverse fields. However, sharing personal data gives rise to serious privacy concerns as the data can contain sensitive information that a user might want to keep private. Thus, while on one hand, it is imperative to release utility-providing information, on the other hand, the privacy of users whose data is being shared also needs to be protected.

Various privacy metrics including differential privacy have been proposed in the literature to provide mathematical foundation for defining and preserving privacy, which have received considerable attention. However, previous privacy frameworks implicitly assume the independence of data tuples, the static database and the sensitiveness of the data itself, while in contrast the data dependence, data dynamics and sensitive inferences computed over the data are ignored in previous privacy frameworks. These three impractical assumptions become even worse in today’s big data era where tuples within a database present close correlation, large volume, rich semantics and complex structure. Therefore, we need to break these three impractical assumptions and incorporate data dependence, data dynamics and sensitive inferences computed over the data to formulate effective privacy frameworks.

First, tuple independence in the database is a weak assumption in previous privacy frameworks especially because tuple dependence occur naturally in database due to social interactions between users. For example, in a social network graph (with nodes representing user, and edges representing friendship relation), the friendship between two nodes, not explicitly connected in the graph, can be inferred from the existence of edges between other nodes. To effectively incorporate tuple dependence, we propose our dependent differential privacy (in our NDSS 2016 paper) as an important generalization of the existing differential privacy framework. Second, previous privacy frameworks only consider static database while ignoring the data dynamics. In reality, the sequence of perturbed database obtained by these static privacy frameworks provide significantly more observations to an adversary than just a single perturbed database. To defend against such strategic adversaries, we propose our LinkMirage system (in our NDSS 2016 paper) to incorporate data dynamics to form practical perturbation mechanisms in reality. Finally, for certain kind of data such as sensor data in IoT systems, the private information is not the data itself but the sensitive inferences computed over the data. Previous work which directly consider the data itself as private would be too strong to provide rigorous privacy guarantees violating utility performance. Therefore, we propose DEEProtect system (in our CCS 2016 submission) which allows users to specify their privacy and utility preferences in terms of higher level inferences and automatically translates these preferences to fine-grained perturbation policies that can be applied to the sensor data in IoT systems at runtime.

I am a PhD student in the department of Electrical Engineering in Princeton University starting from September 2013. My advisor is Prof. Prateek Mittal. I am interested in building secure and privacy preserving systems. My current interests include the domains of privacy enhancing technologies, Internet-of-Things (IoT) security, trustworthy social systems, and network security. Specifically, I am very interested in 1) privacy enhancing technologies, such as big data privacy and differential privacy; 2) other security problems such as IoT security and Sybil defenses. I am also very interested in machine learning and signal processing techniques, such as deep learning and compressive sensing. As the first author, I have published two papers in the Network and Distributed System Security Symposium (NDSS 16) and one paper in ACM Conference on Computer and Communications Security (CCS 15) (both of the two conferences are among the top venues in security community). During my PhD study, I have won IBM PhD fellowship in 2016, Princeton Early PhD Award in 2015, Anthony Ephremides Fellowship in 2014 and Princeton First-year Graduate Student Fellowship in 2013. I also worked as a research intern in IBM T. J. Watson Research Center for the summer of 2015 and 2016 in the Networking and Cloud Computing Group and Cognitive IoT and Distributed Analytics Group, respectively. Prior to my PhD study, I obtained both my Master’s and Bachelor’s degree in the University of Science and Technology of China (USTC) in 2013 and 2010, respectively. During my study in China, I have won several scholarships and honors including Guo Moruo Scholarship which is the top scholarship in USTC and National Scholarship (for twice) which is the top scholarship in China.