The collection of personal information by organizations has become increasingly essential for social interactions. Nevertheless, according to the GDPR (General Data Protection Regulation), the organizations have to protect collected data. Access Control (AC) mechanisms are traditionally used to secure information systems against unauthorized access to sensitive data. The increased availability of personal sensor data, thanks to IoT-oriented applications, motivates new services to offer insights about individuals. Consequently, data mining algorithms have been proposed to infer personal insights from collected sensor data. Although they can be used for genuine purposes, attackers can leverage those outcomes, combining them with other type of data, and further breaching individuals’ privacy. Thus, bypassing AC mechanisms thanks to such insights is a concrete problem.

In this thesis, we address this problem by analyzing queries users issued to a sensor database, and by identifying when they obtain sufficient information to infer insights thanks to data mining algorithms. We refer to such a kind of inference as an Inference Attack Involving Sensor Data (IAISD). Detecting them strengthens individuals’ data protection. When attackers query the sensor database, the important information is not so much the exact value of the obtained data points, but rather if the relevant information (e.g., type of data) are obtained according to the conditions of disclosure of such algorithms. To fulfill this objective, this thesis consists in three contributions:

Raw sensor data based Inference ChannEl Model (RICE-M) models the query history of a querying user which contains information obtained from queries, as well as the conditions of disclosure associated to an insight. RICE-M enables first the modeling of queries issued to a sensor database as a set of metadata units. Those units are built from the query parameters (e.g., selected attributes), the query context (e.g., the identity of the querying user), and the query result metadata (e.g., the number of data points). This set constitutes the query metadata. Second, RICE-M models both the constraints that a user’s knowledge must satisfy to apply data mining algorithm and the corresponding personal insight. Those descriptions correspond to the inference channels attackers leverage to perform IAISDs.

The second contribution of this thesis is RICE-M based inference detection System (RICE-Sy). For each user, our system maintains a history log which keeps track of the queries metadata extracted from the queries they have issued to a sensor database. When a user issues a new query, the related query metadata is extracted and processed by the system. To correctly consider the current user’s knowledge, RICE-Sy retrieves from the history log the metadata units that can be merged with the newly obtained units. It then determines if those units satisfy the constraints of a described inference channel, in which case an IAISD attempt is detected. Otherwise, the user’s history log is updated with the new query metadata. To efficiently filter units from the history log, we endow RICE-Sy with two conceptual optimizations: the Query Based Filtering (QBF) and Search Set Filtering (SSF).

The last contribution of the thesis is a query metadata sequence generator which objective is to evaluate the performance of RICE-Sy. To produce realistic sequences, we identify querying behaviors by analyzing inference attack strategies and the nature of sensor databases. Based on those behaviors, we define three archetypes: the one-time attacker, the genuine employee, and the deceptive attacker. We demonstrate the validity of the generated datasets by providing visualizations of sequences for each archetype. Thanks to the generator outcome, we evaluate RICE-Sy in terms of detection time per query and size of the history log. The results obtained validate the efficiency of QBF and SSF, and demonstrate the feasibility of detecting IAISDs at query-time using RICE-S.