Design and Secure Implementation of Private Data Query Mechanisms for Data Marketplaces

Abstract

This thesis considers the pricing of private data queries in data marketplaces. A data marketplace is an online platform that facilitates the commoditisation of data by bringing together data owners, data brokers, and data consumers. Private data queries are used by data consumers as a means to extract information from aggregate private data of the data owners. This thesis aims to develop a system for pricing private data queries in an online data marketplace. Towards this goal, we perform the following four tasks: (1) First, to understand the pricing problem of private data queries in a data marketplace at large, we conduct a systematic survey on data pricing paradigms. We propose a new classification with the emphasis on two intrinsic properties of data, privacy and queries. The problem of private data queries thus amounts to an integral part of this taxonomy where privacy and query are the key dimensions of consideration on the data owner-side and consumer-side of the market, respectively. (2) Second, to enable private data query, we design a private data query mechanism, SingleMindedQuery (SMQ), that enables a data broker to procure private data from multiple data owners. By combining techniques from mechanism design and differential privacy, SMQ settles a range of issues that include information asymmetry, privacy protection, and accuracy optimisation. (3) Third, to implement this private data query mechanism in an online environment, we deploy a secure network infrastructure based on blockchain. This involves leveraging cryptography tools in designing a protocol, SmartAuction, that ensures fair trading of private data queries, even without a trusted third party. We employ the universal composability (UC) framework to exhibit the security of the protocol and verify its practicality using a simulated blockchain environment. (4) Finally, to explore the economic value of private data from the perspective of data owners in the real-world, we execute a lab-based experiment. The experiment consists of a survey to collect privacy preferences and second-price auctions to reveal data owners’ valuation of their private data. The experiment results show that in general people associate a non-trivial value to their private data and the valuation varies by different data types.