| Resource-constrained devices such as wireless sensor networks, body area networks, or smart phones collect confidential and sensitive information about their users. Traditional solutions to protect these data, such as encryption, consume a significant amount of resources to be viable. In this dissertation, I present two energy efficient information collection protocols based on the notion that by relaxing the definition of privacy, such as using indistinguishability, energy use can be reduced. The first protocol, multi-dimensional negative surveys (MDNSs), protects multivariate categorical data by perturbing sensed values to something other than what was actually sensed, and transmits the perturbed values to a central information collection server, providing privacy protection for information such as location. The second protocol, k-indistinguishable privacy-preserving data aggregation (KIPDA), protects the privacy of data that are aggregated in wireless sensor networks. It is specialized for the maximum and minimum aggregation functions and is one of the first techniques to provide protection from other adversarial nodes in the network. Sensitive data are obfuscated by hiding them among a set of camouflage values. Because the sensitive data are not encrypted, they can be aggregated easily and efficiently with minimal in-network processing delay. While radio usage is expensive, I show through analysis, simulations, and implementations that broadcasting a modest amount of camouflage data is more energy efficient when encryption is eliminated. Simulations and implementations on physical devices illustrate how both approaches can protect the privacy of a participant's data, while reducing energy use and allowing useful aggregate information to be collected. |
