Skip to main content
SpringerLink
Log in

Data Protection and Data Sharing in Telematics

  • Published:
Mobile Networks and Applications Aims and scope Submit manuscript

Abstract

Automotive telematics may be defined as the information-intensive applications enabled for vehicles by a combination of telecommunications and computing technology. Telematics by its nature requires the capture, storage, and exchange of sensor data to obtain remote services. Such data likely include personal, sensitive information, which require proper handling to protect the driver's privacy. Some existing approaches focus on protecting privacy through anonymous interactions or by stopping information flow altogether. We complement these by concentrating instead on giving different stakeholders control over data sharing and use. In this paper, we identify several data protection challenges specifically related to the automotive telematics domain, and propose a general data protection framework to address some of those challenges. The framework enables data aggregation before data is released to service providers, which minimizes the disclosure of privacy sensitive information. We have implemented the core component, the privacy engine, to help users manage their privacy policies and to authorize data requests based on policy matching. The policy manager provides a flexible privacy policy model that allows data subjects to express rich constraint-based policies, including event-based, and spatio-temporal constraints. Thus, the policy engine can decide on a large number of requests without user assistance and causes no interruptions while driving. A performance study indicates that the overhead is stable with an increasing number of data subjects.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. R. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, Chapter “Taxi meters, tachographs, and truck speed limiters” (Wiley, 2001).

  2. W. Arbaugh, D. Farber and J. Smith, A secure and reliable bootstrap architecture, in: IEEE Symposium on Security and Privacy (1997) pp. 65–71.

  3. AT&T, Privacy Minder (2002), http://www.research.att. com/projects/p3p/pm

  4. Bastille Linux (2002), http://www.bastille-linux.org

  5. K. Bohrer, D. Kesdogan, X. Liu, M. Podlaseck, E. Schonberg, M. Singh and S. Spraragen, How to go shopping on the World Wide Web with-out having your privacy violated, in: 4th International Conference on Electronic Commerce Research (2001).

  6. K. Bohrer, X. Liu, D. Kesdogan, E. Schonberg, M. Singh and S. Spraragen, Personal information management and distribution, in: Proceedings of the 4th International Conference on Electronic Commerce Research (2001).

  7. M. Covington, W. Long, S. Srinivasan, A. Dey, M. Ahamad and G. Abowd, Securing context-aware applications using environment roles, in: Proceedings of the 6th ACM Symposium on Access Control Models and Technologies (SACMAT 2001) (2001).

  8. CPExchange, Global standards for privacy-enabled customer data exchange (2002), http://www.cpexchange.org/standard/

  9. J. Dyer, R. Perez, R. Sailer and L.V. Doorn, Personal firewalls and in-trusion detection systems, in: Proceedings of the 2nd Australian Information Warfare and Security Conference (2001).

  10. W. Farmer, J. Guttman and V. Swarup, Security for mobile agents: issues and requirements, in: Proceedings of the 19th National Informa-tion Systems Security Conference, Vol. 2 (1996) pp. 591–597.

    Google Scholar 

  11. D. Ferraiolo, R. Sandhu, S. Gavrila, D. Kuhn and R. Chandramouli, Proposed NIST standard for role-based access control, ACM Transactions on Information and System Security 4(3) (2001) 224–274.

    Google Scholar 

  12. S. Fischer-Hubner (ed.), IT-Security and PrivacyDesign and Use of Privacy-Enhancing Security Mechanisms, Lecture Notes in Computer Science (Springer, 2001).

  13. R. Gray, G. Cybenko, D. Kotz and D. Rus, Handbook of Agent Technology, Chapter “Mobile agents: motivations and state of the art” (AAAI/MIT Press, 2001).

  14. M. Gruteser and D. Grunwald, Anonymous usage of location-based services through spatial and temporal cloaking, in: Proceedings of the 1st International Conference on Mobile Systems, Applications, and Services (2003).

  15. D. Hoffman, T. Novak and M. Peralta, Building consumer trust online, Communications of the ACM 42(4) (1999) 80–85.

    Google Scholar 

  16. IBM, Enterprise Privacy Architecture (EPA) (2002), http://www. ibm.com/services/security/epa.html

  17. G. Karjoth, M. Schunter and M. Waidner, Platform for enterprise privacy practices: Privacy-enabled management of customer data, in: Proceedings of the 2nd Workshop on Privacy Enhancing Technologies (2002).

  18. M. Langheinrich, Privacy by design–principles of privacy-aware ubiquitous systems, in: Proceedings of the Ubicomp 2001,eds. G. Abowd, B. Brumitt and S. Shafer, Lecture Notes in Computer Science, Vol. 2201 (2001) pp. 273–291.

  19. NSA, Security-enhanced Linux (2002), http://www.nsa.gov/ selinux

  20. R. Opplinger, Security issues related to mobile code and agent-based systems, Computer Communications 22(12) (1999) 1165–1170.

    Google Scholar 

  21. A. Pfitzmann and M. Koehntopp, Anonymity, unobservability, and pseudonymity–a proposal for terminology, in: Proceedings of the Workshop on Design Issues in Anonymity and Unobservability (2000).

  22. B. Schneier and J. Kelsey, Secure audit logs to support computer forensics, ACM Transactions on Information and System Security (TISSEC) 2(2) (1999) 159–176.

    Google Scholar 

  23. S. Smith and S. Weingart, Building a high-performance, programmable secure coprocessor, Computer Networks, Special Issue on Computer Network Security (1999) 831–860.

  24. E. Snekkenes, Concepts for personal location privacy policies, in: Proceedings of the 3rd ACM Conference on Electronic Commerce (2001) pp. 48–57.

  25. TCG, Trusted Computing Group (2002), https://www. trustedcomputinggroup.org/home

  26. W3C, The Platform for Privacy Preferences 1.0 (P3P1.0) (2002), http://www.w3.org/TR/P3P

  27. U. Wilhelm, A technical approach to privacy based on mobile agents protected by Tamper Resistant Hardware, Ph.D. Thesis, École Polytechnique Federale de Lausanne, Switzerland (1999).

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. IBM T.J. Watson Research Center, Hawthorne, NY, USA

    Sastry Duri, Jeffrey Elliott, Marco Gruteser, Xuan Liu, Paul Moskowitz, Ronald Perez, Moninder Singh & Jung-Mu Tang

Authors
  1. Sastry Duri
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jeffrey Elliott
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Marco Gruteser
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Xuan Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Paul Moskowitz
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Ronald Perez
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Moninder Singh
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Jung-Mu Tang
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

About this article

Cite this article

Duri, S., Elliott, J., Gruteser, M. et al. Data Protection and Data Sharing in Telematics. Mobile Networks and Applications 9, 693–701 (2004). https://doi.org/10.1023/B:MONE.0000042507.74516.00

Download citation

  • Issue Date:

  • DOI: https://doi.org/10.1023/B:MONE.0000042507.74516.00

Search

Navigation