Privacy-Preserving Data Management in Mobile Environments: A Partial Encryption Approach

With the growing demand for data-sensitive applications employing mobile devices, such as mobile clinics in remote villages and remote sensors collecting sensitive data, there is a need for a new architectural paradigm for mobile data management. Typically, these mobile devices have limited storage and processing capabilities, and operate in unreliable environments leading to possible loss of valuable data, if not properly managed. Often, the collected data is periodically offloaded to a remote server such as a cloud. However, such offloading may lead to violation of privacy if the network/server cannot be fully trusted. While encrypting the data prior to offloading appears to be a solution for this problem, this is computationally intensive and infeasible when mobile devices are employed. In this paper, we propose a partial-encryption scheme that takes into account both the privacy (confidentiality) constraints of the data being collected and the limitations of the mobile devices. The scheme employs vertical and horizontal fragmentation to determine those parts that need to be encrypted and those that can be sent in clear. The privacy constraints are represented in terms of a constraint graph and two-coloring problem solution is applied to identify the portions of the data that need to be encrypted. Any cycles in the constraint graph are handled using heuristics. The approach is effective in integrating unsecured wireless/internet with the untrusted yet cheap cloud storage servers, using the capacity-constrained mobile devices to manage sensitive data.