Game Theory Model: Balancing Service Quality & Privacy in Context-Aware Services, Assignments of Game Theory

The challenges of providing quality context-aware services while protecting user privacy in the era of data-driven platforms. It proposes a two-layer three-party game model to balance the trade-off between service quality and privacy loss. The document also formulates the interactions between asymmetric users and the platform-adversary system using a quasi-aggregative game model and a contract model. The main contributions of the paper include the analysis of optimal strategies for asymmetric users and platforms and the validation of the theoretical analysis through simulations.

Typology: Assignments

2021/2022

Uploaded on 07/05/2022

gavin_99
gavin_99 🇦🇺

4.3

(73)

998 documents

1 / 13

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Privacy Protection for Context-Aware Services:
A Two-Layer Three-Party Game Model
Yan Huang, Zhipeng Cai, and Anu G. Bourgeois
Georgia State University, Atlanta GA 3030, USA
[email protected], {zcai,abourgeois}@gsu.edu
Abstract. In the era of context-aware services, users are enjoying re-
markable services based on data collected from a multitude of users.
However, in order to benefit from these services, users are enduring the
risk of leaking private information. Game theory is a powerful method
that is utilized to balance such tradeoff problems. The drawback is that
most schemes consider the tradeoff problem from the aspect of the users,
while the platform is the party that dominates the interaction in reality.
There is also an oversight to formulate the interaction occurring between
multiple users, as well as the mutual influence between any two parties
involved, including the user, platform and adversary. In this paper, we
propose a platform-centric two-layer three-party game model to protect
the users’ privacy and provide quality of service. One layer focuses on
the interactions among the multiple asymmetric users and the second
layer considers the influence between any two of the three parties (user,
platform, and adversary). We prove that the Nash Equilibrium exists
in the proposed game and find the optimal strategy for the platform to
provide quality service, while protecting private data, along with inter-
actions with the adversary. Using real datasets, we present simulations
to validate our theoretical analysis.
1 Introduction
Due to the rapid development and popularity of context aware services, peo-
ple’s lives have become more comfortable and convenient than ever before. Ap-
plications include health care, smart grid, industrial services [48], social net-
work platforms, and transportation, to name a few [5, 7]. Smart transporta-
tion [6,15, 32] provides drivers the optimal path based upon current traffic condi-
tions, e-health [46] platforms are able to continuously monitor a patient’s health
status and facilitate communication with the healthcare specialist, and the smart
grid [31] improves power management by monitoring usage patterns and balanc-
ing loads. Typically, it is only with the users’ information that these context
aware applications can provide and maintain any service and the quality of the
service is often directly dependent upon the quantity and quality of collected
data. As a result, users must consider the cost of leaking private information
in order to benefit from such services. There is, of course, always a threat of
private information being captured during data transmission. However, in re-
cent years, private data leakage, as well as intentional data sale/reuse is more
pf3
pf4
pf5
pf8
pf9
pfa
pfd

Partial preview of the text

Download Game Theory Model: Balancing Service Quality & Privacy in Context-Aware Services and more Assignments Game Theory in PDF only on Docsity!

Privacy Protection for Context-Aware Services:

A Two-Layer Three-Party Game Model

Yan Huang, Zhipeng Cai, and Anu G. Bourgeois

Georgia State University, Atlanta GA 3030, USA [email protected], {zcai,abourgeois}@gsu.edu

Abstract. In the era of context-aware services, users are enjoying re- markable services based on data collected from a multitude of users. However, in order to benefit from these services, users are enduring the risk of leaking private information. Game theory is a powerful method that is utilized to balance such tradeoff problems. The drawback is that most schemes consider the tradeoff problem from the aspect of the users, while the platform is the party that dominates the interaction in reality. There is also an oversight to formulate the interaction occurring between multiple users, as well as the mutual influence between any two parties involved, including the user, platform and adversary. In this paper, we propose a platform-centric two-layer three-party game model to protect the users’ privacy and provide quality of service. One layer focuses on the interactions among the multiple asymmetric users and the second layer considers the influence between any two of the three parties (user, platform, and adversary). We prove that the Nash Equilibrium exists in the proposed game and find the optimal strategy for the platform to provide quality service, while protecting private data, along with inter- actions with the adversary. Using real datasets, we present simulations to validate our theoretical analysis.

1 Introduction

Due to the rapid development and popularity of context aware services, peo- ple’s lives have become more comfortable and convenient than ever before. Ap- plications include health care, smart grid, industrial services [48], social net- work platforms, and transportation, to name a few [5, 7]. Smart transporta- tion [6,15,32] provides drivers the optimal path based upon current traffic condi- tions, e-health [46] platforms are able to continuously monitor a patient’s health status and facilitate communication with the healthcare specialist, and the smart grid [31] improves power management by monitoring usage patterns and balanc- ing loads. Typically, it is only with the users’ information that these context aware applications can provide and maintain any service and the quality of the service is often directly dependent upon the quantity and quality of collected data. As a result, users must consider the cost of leaking private information in order to benefit from such services. There is, of course, always a threat of private information being captured during data transmission. However, in re- cent years, private data leakage, as well as intentional data sale/reuse is more

2 Yan Huang, Zhipeng Cai, and Anu G. Bourgeois

Fig. 1. Two-layer three-party game model

likely from the service provider platform [3,4,16,18,25,26,49]. In recent news we learned of Facebook improperly sharing data that impacted 87 million users [2] and Equifax [1] compromised private information of 143 million users. In spite of this, users still employ these applications, as the services are deemed essential to many people, thus positions the provider platforms in a dominant capacity [14]. This has led to considerable research on techniques to protect a user’s private data from being leaked and/or sold. Most of the privacy protection algorithms, e.g. k-anonymity [40, 41], l-diversity [30, 33], t-closeness [22], and differential privacy [36, 50], protect the data by adding noise, but this in turn will decrease the quality of the services provided. Therefore, several game theory based models have been proposed to balance the trade-off between service quality or reward and privacy protection. Most of the game theory based research has a drawback, in that they only focus on the interaction between two parties, i.e. the user with an untrusted platform, or the user with an adversary (an entity trying to purchase or steal data) [13, 27, 28, 44]. A more realistic model should consider the interactions of the three parties: the user, platform, and adversary. These two-party models ignore or fail to formulate the interaction between each pair of parties (3 such pairings). More recently, diverse three-party game models have been proposed to provide a more realistic interaction analysis [21,23,24,39,42,43]. Yet there is still a shortcoming, as they can only provide binary strategies, meaning the decision for users to submit or not submit their data. Instead, it would be beneficial to have a fine-grained strategy to provide a protection level ranging between 0-1, which is what we propose in this paper. Another deficiency with the current n-player game models (those with n users) [13, 28, 29, 44, 45, 47] is that they only consider the interaction between the users and other parties (either the platform or adversary). They fail to represent the interaction between asymmetric users, where users have individual privacy protection expectations. To demonstrate the impact, let us consider a transportation application. A user is able to get accurate traffic status without submitting any personal information to the platform, provided other users do submit their information. If multiple users stop submitting their information, the service quality will decrease, and if no users submit their information, minimal service can be provided. Thus multiple users must submit their data to provide enough context to the platform for better quality service.

4 Yan Huang, Zhipeng Cai, and Anu G. Bourgeois

strategy sets Si ⊂ RN^ , si ∈ Si. The joint strategy set S =

i∈I Si, is assumed to be a compact metric space, and payoff functions π˜i : S → R, i ∈ I , are assumed to be upper semi-continuous. Then the Quasi-Aggregative Game can be defined as follows.

Definition 1. (Quasi-Aggregative Game) [17] The game Γ = ( ˜πi, Si)i∈I is a quasi-aggregative game with aggregator g : S → R, if there exist continuous functions Fi : R × Si → R (the shift functions), and σi : S−i → X−i ⊂ R, i ∈ I (the interaction functions) such that each of the payoff functions i ∈ I can be written: ˜πi = πi (σi (s−i, si) , si) , where πi : X−i × Si → R, and: g(s) = Fi (σi(s−i), si)), ∀s ∈ S, i ∈ I. Agent i’s best-replies, depend on x−i = σi(s−i), is given by Ri(x−i) = arg max πi(x−i, si) : si ∈ Si.

Theorem 1. The quasi-aggregative game has a pure strategy Nash equilibrium (PSNE) the following two assumptions holds. [17]

Assumption 1 Each correspondence Ri : X−i → 2 Si^ is strictly decreasing.

Assumption 2 The shift-function Fi, i ∈ I , all exhibit strictly increasing dif- ferences in x−i and si.

3 System Model

In this section, we formulate the interactions between asymmetric users, as well as the interactions among the three parties and introduce the proposed game model.

3.1 Users Model

Assume a set of users N = { 1 , 2 , ..., n} use a client of a platform to get context- based service. Each user i ∈ N will submit a dataset Di = {di 1 , di 2 , ..., dim} with m attributes to the platform. The client has a local privacy protection algorithm installed which satisfies strict privacy protection standards, such as Local Differential Privacy [36]. Thus, the platform can only get anonymized data or noise-added data from users. Even if the client has a privacy protection algorithm installed, the anonymized data or noise-added data can still leak some information to the platform, the privacy leakage level depends on the privacy protection setting of the client. Without loss of generality, we define the privacy protection level of attribute j as δj ∈ [0, 1]. When δj = 1, the platform cannot retrieve any information about users’ at- tribute j. When δj = 0, the platform can retrieve all the information about users’ attribute j. To get statistical result from users, the platform has to set the same δ = {δ 1 , δ 2 , ..., δm} for all the users [9,11,20,38]. According to privacy protection laws, such as General Data Protection Regulation within the European Union and the European Economic Area, the platform should use strongest privacy

Privacy Protection for Context-Aware Services 5

protection strength in the client by default. Thus, the default setting of privacy protection level vector is δ = { 1 , 1 , ..., 1 }. However, by using the strongest privacy protection strength, the platform cannot collect usable information from users, resulting in worst service quality. Thus, to collect information from users, the platform has to offer a δ with lower privacy protection level. Users have the right to accept or reject the platform’s offer δ. We define user i’s strategy for attribute j as aij ∈ [0, 1], which defines the probability of user i accept the privacy leakage level δj. Therefore, the strategy vector of user i is ai = {ai 1 , ai 2 , ..., aim} and the strategy vector of all users is a = {ai, aj , ..., an}. The service quality depends on the users’ strategy, and one user’s strategy has a marginal impact on service quality. The service quality of user i received from the platform depends not only on its strategy ai, but also on the strategy of other users a−i. Formally, for a specific privacy protection level, the expected received service quality of user i is determined by the strategy of user i and other users’ strategy, which can be defined as Qi (a−i, ai). Meanwhile, the platform may resell users’ data to a adversary resulting in privacy loss to the users. Assume each user has a constant privacy cost estimation vector ci = {ci 1 , ci 2 , ..., cim}, where cij defines the privacy cost of attribute j’s privacy leakage. We can define the total cost estimation of user i as follows:

Ciu (ai) =

∑^ m

j=

cij aij (sj + (1 − δj )) , (1)

where sj ≤ δj is privacy leakage level when the platform resells the users’ dataset. Thus, we can derive the expected utility function of user i as follows.

U (^) iu (ai, a−i) = Qi (a−i, ai) − Cui (ai). (2)

3.2 Platform Model

The quality of service depends upon the number of users that accept the pri- vacy protection level of attributes. For this reason, the platform entices uses to accept the offer with higher privacy leakage level by providing more accurate service quality. We define σj (a) as the expected number of users that accept the information leakage level δj for attribute j, and calculate σj (a) as

σj (a) =

∑^ n

i=

aij. (3)

The value of δj reveals the privacy leakage of users’ attribute j and also reveals the information that can be retrieved by the platform. According to the research of privacy protection algorithms [10,11,37], the service quality based on attribute j can be defined as a logarithmic function of privacy leakage level δj , and is affected by the number of users that accept the privacy leakage level δj as a law of diminishing marginal utility. Therefore, we can derive that the service

Privacy Protection for Context-Aware Services 7

3.3 Adversary Model

To get users information, the third party can purchase data from the platform. By using purchased data, the adversary can generate value according to its type γ, where θ is its value productivity, and γ is its value output elasticities of each attribute. According to data aggregation research [19] and the standard form of Cobb-Douglas production function [34], the expected data value to the adversary can be defined as

Vt (s, a) = θ

∑^ m

j=

sγj σjb (a). (8)

Thus, the expected utility function of the third party is

U t^ ((p(γ), s), a) = Vt (s, a) − P ((p(γ), s), a). (9)

4 Game Model

In this section, we formulate the problem with a two-layer three-party game and analyze its Nash Equilibrium.

4.1 Aggregative Game Model

In this paper, we assume users do not exchange information with the other users. Each user’s action influences the other users’ utility. With a specific pri- vacy leakage level δ, we can use quasi-aggregative game model to formulate the interactions among users. To maximize utility, a user chooses a proper privacy leakage level for each attribute. According to [17], we define the interactions among users as m quasi- aggregative games, e.g., Γj = (˜πij , Ai), ∀j = 1, 2 , ...m, where Ai is user i’s strategy space. The payoff function of each player in this game can be de- fined as ˜πij = U (^) iju (σij (a−i), aij ); the aggregator can be defined as gj (a) = Fij (σij (a−i), aij ) = σij (a−i) + aij ; the interaction functions vector can be de- fined as σij (a−i) =

k∈N,k 6 =i akj^. User i in the game Γj aims to maximize its utility by properly choosing a strategy vector ai such that ai = arg max aij

U (^) iu (σi(a−i), aij ).

According to the property of quasi-aggregative game theory [17], we can derive the following theorem.

Theorem 2. The game Γu = (˜πi, Ai)i∈N has a pure strategy Nash equilibrium (PSNE) for any privacy leakage level δ.

Proof. When the integrated value σ−i increases, user i can get increased payoff. Thus, user i can increase its payoff by decreasing the value of strategy si. As a result, the best-reply correspondence of user i is strictly decreasing. It is obvi- ously that the shift function Fi (Eq. 4.1) exhibits strictly increasing differences in x−i and si. According to [17], the theorem is proved.

8 Yan Huang, Zhipeng Cai, and Anu G. Bourgeois

4.2 Contract Model

The platform makes a contract with the adversary. Assume the adversary an- nounces its type is γ, γ ∈ (0, 1). The platform provides a menu of contracts {(p(γ), s)}to the adversary. According to contract theory [35], to incentivize the adversary to accept the contract designated for him rather than choosing other contracts or refusing any contract, the menu of contracts should satisfy both the individual rationality condition and the incentive compatibility condition defined below.

Condition 1 (Individual Rationality (IR)) A menu of contracts {(p(γ), s)} sat- isfies the individual rationality constraints if it yields to the adversary a non- negative payoff, i.e., ∀γ ∈ (0, 1), U t(p(γ), s) ≥ 0 , where U t(p(γ), s) is the utility of adversary with type γ.

Condition 2 (Incentive Compatibility (IC)) A menu of contracts {(p(γ), δ)} satisfies the individual compatibility constraints if the best response for the ad- versary with type γ is to choose the contract (p(γ), s) rather than other contracts, i.e., ∀γ, ˆγ ∈ (0, 1), U t(p(γ), δ) ≥ U t(p(ˆγ), s).

Therefore, the objective of the platform is to maximize its utility by properly creating a menu of contracts. We formalize the optimization problem of the platform as follows.

max {(p(γ),s)}

U p^ (δ, s, p(γ), a) ,

subject to Condition 1 and 2.

According to the aggregative model and contract model, we can see that the platform needs to properly choose the privacy leakage level δ for all users and create the contract menu for the adversary to maximize its utility. Therefore, the Nash Equilibrium can be derived by solving the combined optimization problem:

max (δ,{(p(γ),s)})

U p^ (δ, s, p(γ), a∗) ,

subject to Condition 1 and 2.

where a∗^ is the PSNE of the aggregative game.

5 Simulation

In this section, we study the interactions in the proposed two-layer three-party game. In the simulation, we utilize a parallel machining learning algorithm termed Particle Swarm Optimization (PSO) [8] to find the optimal strategies for the user and the platform.

10 Yan Huang, Zhipeng Cai, and Anu G. Bourgeois

shows the utility of user i when it stays in the Nash Equilibrium, and the dashed green line is when it leaves the Nash Equilibrium. As we can see, the user’s utility increases at first and then decreases as the protection level increases. The reason for utility increasing, is that the rate of the user’s privacy loss decreasing is larger than that of service quality decreasing. However, the user’s utility decreases after the maximum point, because the rate of service quality decreasing is larger than that of privacy loss decreasing. User i has utility 0 with the strongest protection level δ 5 because the user cannot get any service quality and has no privacy loss. Fig. 2 also shows us that the utility of user i when it stays in NE is higher than that when it leaves NE. This proves the existence of NE in the aggregative model and that users cannot get higher utility if they use non-NE strategies.

5.3 Platform Comparison

We compare the proposed platform with a trusted platform and an untrusted platform. We assume the trusted platform keeps users’ data safe and will not trade the data, while the untrusted platform sells all its collected data. As shown in Fig. 3, the utility of the proposed platform (solid red line) increases at first and then decreases as the protection level increases. The utility increases because the rate of payoff increasing is larger than that of reputation loss increasing and the utility decreases because the rate of payoff increasing is less than that of reputation loss increasing. This proves the NE existence of the two-layer three-party game because the platform cannot increase its utility by simply decreasing the privacy protection level. Fig. 3 and Fig. 4 compare the utility of three types of platforms with dif- ferent protection levels and different adversary types, respectively. As shown in Fig. 3, the trusted platform has higher utility than the untrusted platform with protection level δ 0 to δ 1 because the trusted platform has no reputation loss and the selling profit of untrusted platform cannot make up its reputation loss. The untrusted platform has higher utility than the trusted platform with protection level δ 2 to δ 5 because the payment from selling data can dominate the reputa- tion loss, thus has more profit than the trusted platform. This explains why the platforms usually sell users data in real life. However, the platform does not need to sell all the users’ data to maximize its utility. From Fig. 3 and Fig. 4, we can see that the proposed platform in this paper has the highest utility because it balances the tradeoff between payoff (from data collection and selling data) and reputation loss. It will choose a proper protection level and selling strategy to maximize its utility. Therefore, we can conclude that the proposed framework can provide balanced strategies for the platform. By using the proposed model, the platform will properly choose the data selling strategy, thus decreasing users’ privacy loss.

6 Conclusion

The use of context-aware services are integrated into the majority of people’s daily lives. By utilizing these services, one must provide certain private infor-

Privacy Protection for Context-Aware Services 11

mation in order to receive better outcomes. Users risk leaking private data, as service platforms are sometimes willing to sell this information to a third party, or adversary to gain more profit, thus resulting in conflicting goals. This paper studies the interactions among the three parties by proposing a platform-centric two-layer three party game. In the proposed game model, we theoretically formulate the behaviors of each party and the interactions among the three parties by using an aggregate game model and contract model. We run simulations with real datasets to validate the effectiveness of the proposed game model. We show that the proposed model can provide the proper strategy for the platform to balance the payoff and reputation loss, thus increasing privacy protection of the users. This work will enable platforms, such as Facebook, to provide quality service and protection to its users, but also provide a means to profit from a balanced strategy. To further investigate more realistic privacy protection issues, this work will be extended to a model that considers the in- fluence of temporal data. Therefore, the users and platform need to consider the privacy protection for not only the current status, but also previous and future conditions.

Acknowledgments

This work is partly supported by the National Science Foundation (NSF) under grant NOs. 1252292, 1741277, 1704287, and 1829674.

References

  1. The equifax data breach. https://www.ftc.gov/equifax-data-breach
  2. Facebook security breach exposes accounts of 50 million users. https://www.nytimes.com/2018/09/28/technology/facebook-hack-data- breach.html, sept. 28, 2018
  3. Cai, Z., He, Z.: Trading private range counting over big iot data. In: The 39th IEEE International Conference on Distributed Computing Systems (July 2019)
  4. Cai, Z., He, Z., Guan, X., Li, Y.: Collective data-sanitization for preventing sen- sitive information inference attacks in social networks. IEEE Transactions on De- pendable and Secure Computing 15 (4), 577–590 (July 2018)
  5. Cai, Z., Zheng, X.: A private and efficient mechanism for data uploading in smart cyber-physical systems. IEEE TNSE pp. 1–1 (2018)
  6. Cai, Z., Zheng, X., Yu, J.: A differential-private framework for urban traffic flows estimation via taxi companies. IEEE Transactions on Industrial Informatics (2019)
  7. Capurso, N., Mei, B., Song, T., Cheng, X., Yu, J.: A survey on key fields of context awareness for mobile devices. JNCA 118 , 44 – 60 (2018)
  8. Clerc, M., Kennedy, J.: The particle swarm - explosion, stability, and convergence in a multidimensional complex space. IEEE TEC 6 (1), 58–73 (Feb 2002)
  9. Cormode, G., Jha, S., Kulkarni, T., Li, N., Srivastava, D., Wang, T.: Privacy at scale: Local differential privacy in practice. In: SIGMOD. pp. 1655–1658 (2018)
  10. Dewri, R.: Local differential perturbations: Location privacy under approximate knowledge attackers. IEEE TMC 12 (12), 2360–2372 (Dec 2013)

Privacy Protection for Context-Aware Services 13

  1. Maharjan, S., Zhu, Q., Zhang, Y., Gjessing, S., Basar, T.: Dependable demand response management in the smart grid: A stackelberg game approach. IEEE TSG 4 (1), 120–132 (March 2013)
  2. Mahrsi, M.K.E., Cme, E., Oukhellou, L., Verleysen, M.: Clustering smart card data for urban mobility analysis. IEEE TITSystems 18 (3), 712–728 (March 2017)
  3. Mao, J., Tian, W., Jiang, J., He, Z., Zhou, Z., Liu, J.: Understanding structure-based social network de-anonymization techniques via empirical analysis. EURASIP JWCN 2018 (1) (Dec 2018)
  4. Meeusen, W., van Den Broeck, J.: Efficiency estimation from cobb-douglas produc- tion functions with composed error. International Economic Review 18 (2), 435– (Jun 1977)
  5. Miltiadis, M.: The theory of incentives: The principalagent model. The Economic Journal 113 (488), F394–F395 (2001)
  6. Pastore, A., Gastpar, M.: Locally differentially-private distribution estimation. In: IEEE ISIT. pp. 2694–2698 (July 2016)
  7. Qin, Z., Yang, Y., Yu, T., Khalil, I., Xiao, X., Ren, K.: Heavy hitter estimation over set-valued data with local differential privacy. In: CCS. ACM (2016)
  8. Thakurta, A.G., Vyrros, A.H., Vaishampayan, U.S., Kapoor, G., Freudinger, J., Prakash, V.V., Legendre, A., Duplinsky, S.: Emoji frequency detection and deep link frequency
  9. Vakilinia, I., Tosh, D.K., Sengupta, S.: 3-way game model for privacy-preserving cybersecurity information exchange framework. In: MILCOM (Oct 2017)
  10. Wang, J., Cai, Z., Li, Y., Yang, D., Li, J., Gao, H.: Protecting query privacy with differentially private k-anonymity in location-based services. Personal and Ubiquitous Computing pp. 1–17 (2018)
  11. Wang, S., Hu, Q., Sun, Y., Huang, J.: Privacy preservation in location-based ser- vices. IEEE Communications Magazine 56 (3), 134–140 (March 2018)
  12. Wang, S., Huang, J., Li, L., Ma, L., Cheng, X.: Quantum game analysis of privacy- leakage for application ecosystems. In: MobiHoc (Jul 2017)
  13. Wang, S., Li, L., Sun, W., Guo, J., Bie, R., Lin, K.: Context sensing system analysis for privacy preservation based on game theory. Sensors 17 (2), 339 (Feb 2017)
  14. Wu, X., Dou, W., Ni, Q.: Game theory based privacy preserving analysis in corre- lated data publication. In: ACSW (Feb 2017)
  15. Xu, L., Jiang, C., Qian, Y., Li, J., Zhao, Y., Ren, Y.: Privacy-accuracy trade-off in differentially-private distributed classification: A game theoretical approach. IEEE TBD pp. 1–1 (2017)
  16. Yi, C., Cai, J.: A priority-aware truthful mechanism for supporting multi-class delay-sensitive medical packet transmissions in e-health networks. IEEE TMC 16 (9), 2422–2435 (Sept 2017)
  17. Ying, B., Nayak, A.: Location privacy-protection based on p-destination in mobile social networks: A game theory analysis. In: IEEE CDSC. pp. 243–250 (Aug 2017)
  18. Zheng, X., Cai, Z., Li, J., Gao, H.: Location-privacy-aware review publication mech- anism for local business service systems. In: IEEE INFOCOM. pp. 1–9 (May 2017)
  19. Zheng, X., Cai, Z., Li, Y.: Data linkage in smart internet of things systems: A consideration from a privacy perspective. IEEE Communications Magazine 56 (9), 55–61 (Sep 2018)
  20. Zheng, X., Cai, Z., Yu, J., Wang, C., Li, Y.: Follow but no track: Privacy preserved profile publishing in cyber-physical social systems. IEEE Internet of Things Journal 4 (6), 1868–1878 (Dec 2017)