Abstract
In a Ubiquitous Computing environment, sensors are actively collecting data, much of which can be very sensitive. Data will often be streaming at high rates (video and audio) and it must be dealt with in real-time. Protecting the privacy of users is of central importance. Dealing with these issues will be a central challenge for ubicomp for some time to come. Here we propose some simple design principles which address several of these issues. We illustrate them through the design of a smart room capture system we are building. The main design principle is “data discretion:” users should have access and control of data about them, and should be able to determine how it is used. We show how data discretion supports both personal and collaborative uses. In our implementation, the data discretion principle is enforced with cryptographic techniques. Unlike ACL based access control systems, our scheme embeds access rights of legitimate users within the data. An important property of the method is that it hides meta-information about data access: no user can determine who (else) has access to any given datum. Access information is sensitive because it discloses information about which and when users were in the room. We have implemented a prototype system in the smart room equipped with several cameras, and we give data throughput rates under various degrees of protection. Finally we describe ongoing work towards a trustworthy ubicomp environment whose discretion is realistically checkable.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Canny, J.: Collaborative filtering with privacy. In: IEEE Symposium on Security and Privacy, Oakland, CA, pp. 45–57 (2002)
Langheinrich, M.: Privacy by design – principles of privacy-aware ubiquitous systems. In: Abowd, G.D., Brumitt, B., Shafer, S. (eds.) UbiComp 2001. LNCS, vol. 2201, pp. 273–291. Springer, Heidelberg (2001)
Abowd, G.D., Mynatt, E.D.: Charting past, present, and future research in ubiquitous computing. ACM Trans. on Computer-Human Interaction 7, 29–58 (2000)
Al-Muhtadi, J., Campbell, R., Kapadia, A., Mickunas, D., Yi, S.: Routing through the mist: Privacy preserving communication in ubiquitous computing environ-ments. In: International Conference of Distributed Computing Systems (ICDCS 2002), Vienna, Austria (2002)
Cranor, L., Langheinrich, M., Marchiori, M., Reagle, J.: The platform for privacy preferences 1.0 (p3p1.0) specification. W3C Recommendation (2002)
Anonymizer Inc.: Anonymizer (2003), http://www.anonymizer.com
Bellotti, V., Sellen, A.: Design for Privacy in Ubiquitous Computing Environments. In: Proceedings of the Third European Conference on Computer Supported Cooperative Work (ECSCW 1993), pp. 77–92. Kluwer, Dordrecht (1993)
Spreitzer, M., Theimer, M.: Providing location information in a ubiquitous computing environment. In: Proceedings of the 14th ACM Symposium on Operating Systems Principles, pp. 270–283. ACM Press, New York (1993)
Gruteser, M., Schelle, G., Jain, A., Han, R., Grunwald, D.: Privacy-aware location sensor networks. In: Proceedings of the 9th Workshop on Hot Topics in Operating Systems (HotOS IX), Lihue, Hawaii, USA (2003)
Gruteser, M., Grunwald, D.: Anonymous usage of location-based services through spatial and temporal cloaking. In: Proceedings of the First International Conference on Mobile Systems, Applications, and Services (MobiSys 2003), San Francisco, CA, USA (2003)
Hengartner, U., Steenkiste, P.: Protecting access to people location information. In: Proceedings of First International Conference on Security in Pervasive Computing (SPC 2003), Boppard, Germany (2003)
Gribble, S.D., Welsh, M., von Behren, J.R., Brewer, E.A., Culler, D.E., Borisov, N., Czerwinski, S.E., Gummadi, R., Hill, J.R., Joseph, A.D., Katz, R.H., Mao, Z.M., Ross, S., Zhao, B.Y.: The ninja architecture for robust internet-scale systems and services. Computer Networks 35, 473–497 (2001)
Kagal, L., Undercoffer, J., Perich, F., Joshi, A., Finin, T.: A security architecture based on trust management for pervasive computing systems. In: Proceedings of Grace Hopper Celebration of Women in Computing 2002 (2002)
Kagal, L., Cost, S., Finin, T., Peng, Y.: A framework for distributed trust management. In: Proceedings of IJCAI 2001 Workshop on Autonomy, Delegation and Control (2001)
Hengartner, U., Steenkiste, P.: Access control to information in pervasive computing environments. In: Proceedings of the 9th Workshop on Hot Topics in Operating Systems (HotOS IX), Lihue, Hawaii, USA (2003)
Ferraiolo, D., Kuhn, R.: Role based access control. In: Proceedings of the 15th National Computer Security Conference (1992)
Lupu, E., Sloman, M.: A policy-based role object model. In: Proceedings of the 1st IEEE Enterprise Distributed Object Computing Workshop (EDOC 1997), Gold Coast, Australia, pp. 36–47 (1997)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role based access control models. IEEE Computer 29, 38–47 (1996)
Sampemane, G., Naldurg, P., Campbell, R.H.: Access control for active spaces. In: Proceedings of the 18th Annual Computer Security Applications Conference, Las Vegas, Nevada (2002)
Gelernter, D.H.: Mirror Worlds: Or the Day Software Puts the Universe in a Shoebox: How It Will Happen and What It Will Mean. Oxford University Press, Oxford (1992)
Mann, S.: Smart clothing, turning the tables. In: ACM Multimedia Conf. (1996)
Rhodes, B.: The remembrance agent: A continuously running automated information retrieval system. In: The Proceedings of The First International Conference on The Practical Application of Intelligent Agents and Multi Agent Technology (PAAM 1996), London, UK, pp. 487–495 (1996)
Goldberg, D., Nichols, D., Oki, B., Terry, D.: Using collaborative filtering to weave an information tapestry. Comm. ACM 35, 51–60 (1992)
Canny, J.: Collaborative filtering with privacy via factor analysis. In: Proceedings of the 25th Annual International ACM SIGIR Conference on Research and Development in Information Retrieval, Tampere, Finland, pp. 238–245. ACM Press, New York (2002)
Menezes, A.J., Oorschot, P.C.V., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press Series on Discrete Mathematics and Its Applications. CRC Press, Boca Raton (1996)
Pedersen, T.: A threshold cryptosystem without a trusted party. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 522–526. Springer, Heidelberg (1991)
Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure distributed key generation for discrete-log based cryptosystems. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 295–310. Springer, Heidelberg (1999)
Fouque, P.A., Stern, J.: One round threshold discrete-log key generation without private channels. Public Key Cryptography, 300–316 (2001)
Wei, D.: Crypto++ LibraryTM 5.0 (2002)
Goldreich, O., Oren, Y.: Definitions and properties of zero-knowledge proof systems. Journal of Cryptology 7, 1–32 (1994)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Duan, Y., Canny, J. (2005). Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments. In: Martin, D., Serjantov, A. (eds) Privacy Enhancing Technologies. PET 2004. Lecture Notes in Computer Science, vol 3424. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11423409_11
Download citation
DOI: https://doi.org/10.1007/11423409_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-26203-9
Online ISBN: 978-3-540-31960-3
eBook Packages: Computer ScienceComputer Science (R0)