Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments

  • Yitao Duan
  • John Canny
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3424)

Abstract

In a Ubiquitous Computing environment, sensors are actively collecting data, much of which can be very sensitive. Data will often be streaming at high rates (video and audio) and it must be dealt with in real-time. Protecting the privacy of users is of central importance. Dealing with these issues will be a central challenge for ubicomp for some time to come. Here we propose some simple design principles which address several of these issues. We illustrate them through the design of a smart room capture system we are building. The main design principle is “data discretion:” users should have access and control of data about them, and should be able to determine how it is used. We show how data discretion supports both personal and collaborative uses. In our implementation, the data discretion principle is enforced with cryptographic techniques. Unlike ACL based access control systems, our scheme embeds access rights of legitimate users within the data. An important property of the method is that it hides meta-information about data access: no user can determine who (else) has access to any given datum. Access information is sensitive because it discloses information about which and when users were in the room. We have implemented a prototype system in the smart room equipped with several cameras, and we give data throughput rates under various degrees of protection. Finally we describe ongoing work towards a trustworthy ubicomp environment whose discretion is realistically checkable.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Canny, J.: Collaborative filtering with privacy. In: IEEE Symposium on Security and Privacy, Oakland, CA, pp. 45–57 (2002)Google Scholar
  2. 2.
    Langheinrich, M.: Privacy by design – principles of privacy-aware ubiquitous systems. In: Abowd, G.D., Brumitt, B., Shafer, S. (eds.) UbiComp 2001. LNCS, vol. 2201, pp. 273–291. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Abowd, G.D., Mynatt, E.D.: Charting past, present, and future research in ubiquitous computing. ACM Trans. on Computer-Human Interaction 7, 29–58 (2000)CrossRefGoogle Scholar
  4. 4.
    Al-Muhtadi, J., Campbell, R., Kapadia, A., Mickunas, D., Yi, S.: Routing through the mist: Privacy preserving communication in ubiquitous computing environ-ments. In: International Conference of Distributed Computing Systems (ICDCS 2002), Vienna, Austria (2002)Google Scholar
  5. 5.
    Cranor, L., Langheinrich, M., Marchiori, M., Reagle, J.: The platform for privacy preferences 1.0 (p3p1.0) specification. W3C Recommendation (2002)Google Scholar
  6. 6.
    Anonymizer Inc.: Anonymizer (2003), http://www.anonymizer.com
  7. 7.
    Bellotti, V., Sellen, A.: Design for Privacy in Ubiquitous Computing Environments. In: Proceedings of the Third European Conference on Computer Supported Cooperative Work (ECSCW 1993), pp. 77–92. Kluwer, Dordrecht (1993)Google Scholar
  8. 8.
    Spreitzer, M., Theimer, M.: Providing location information in a ubiquitous computing environment. In: Proceedings of the 14th ACM Symposium on Operating Systems Principles, pp. 270–283. ACM Press, New York (1993)Google Scholar
  9. 9.
    Gruteser, M., Schelle, G., Jain, A., Han, R., Grunwald, D.: Privacy-aware location sensor networks. In: Proceedings of the 9th Workshop on Hot Topics in Operating Systems (HotOS IX), Lihue, Hawaii, USA (2003)Google Scholar
  10. 10.
    Gruteser, M., Grunwald, D.: Anonymous usage of location-based services through spatial and temporal cloaking. In: Proceedings of the First International Conference on Mobile Systems, Applications, and Services (MobiSys 2003), San Francisco, CA, USA (2003)Google Scholar
  11. 11.
    Hengartner, U., Steenkiste, P.: Protecting access to people location information. In: Proceedings of First International Conference on Security in Pervasive Computing (SPC 2003), Boppard, Germany (2003)Google Scholar
  12. 12.
    Gribble, S.D., Welsh, M., von Behren, J.R., Brewer, E.A., Culler, D.E., Borisov, N., Czerwinski, S.E., Gummadi, R., Hill, J.R., Joseph, A.D., Katz, R.H., Mao, Z.M., Ross, S., Zhao, B.Y.: The ninja architecture for robust internet-scale systems and services. Computer Networks 35, 473–497 (2001)CrossRefGoogle Scholar
  13. 13.
    Kagal, L., Undercoffer, J., Perich, F., Joshi, A., Finin, T.: A security architecture based on trust management for pervasive computing systems. In: Proceedings of Grace Hopper Celebration of Women in Computing 2002 (2002)Google Scholar
  14. 14.
    Kagal, L., Cost, S., Finin, T., Peng, Y.: A framework for distributed trust management. In: Proceedings of IJCAI 2001 Workshop on Autonomy, Delegation and Control (2001)Google Scholar
  15. 15.
    Hengartner, U., Steenkiste, P.: Access control to information in pervasive computing environments. In: Proceedings of the 9th Workshop on Hot Topics in Operating Systems (HotOS IX), Lihue, Hawaii, USA (2003)Google Scholar
  16. 16.
    Ferraiolo, D., Kuhn, R.: Role based access control. In: Proceedings of the 15th National Computer Security Conference (1992)Google Scholar
  17. 17.
    Lupu, E., Sloman, M.: A policy-based role object model. In: Proceedings of the 1st IEEE Enterprise Distributed Object Computing Workshop (EDOC 1997), Gold Coast, Australia, pp. 36–47 (1997)Google Scholar
  18. 18.
    Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role based access control models. IEEE Computer 29, 38–47 (1996)Google Scholar
  19. 19.
    Sampemane, G., Naldurg, P., Campbell, R.H.: Access control for active spaces. In: Proceedings of the 18th Annual Computer Security Applications Conference, Las Vegas, Nevada (2002)Google Scholar
  20. 20.
    Gelernter, D.H.: Mirror Worlds: Or the Day Software Puts the Universe in a Shoebox: How It Will Happen and What It Will Mean. Oxford University Press, Oxford (1992)Google Scholar
  21. 21.
    Mann, S.: Smart clothing, turning the tables. In: ACM Multimedia Conf. (1996)Google Scholar
  22. 22.
    Rhodes, B.: The remembrance agent: A continuously running automated information retrieval system. In: The Proceedings of The First International Conference on The Practical Application of Intelligent Agents and Multi Agent Technology (PAAM 1996), London, UK, pp. 487–495 (1996)Google Scholar
  23. 23.
    Goldberg, D., Nichols, D., Oki, B., Terry, D.: Using collaborative filtering to weave an information tapestry. Comm. ACM 35, 51–60 (1992)CrossRefGoogle Scholar
  24. 24.
    Canny, J.: Collaborative filtering with privacy via factor analysis. In: Proceedings of the 25th Annual International ACM SIGIR Conference on Research and Development in Information Retrieval, Tampere, Finland, pp. 238–245. ACM Press, New York (2002)CrossRefGoogle Scholar
  25. 25.
    Menezes, A.J., Oorschot, P.C.V., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press Series on Discrete Mathematics and Its Applications. CRC Press, Boca Raton (1996)CrossRefGoogle Scholar
  26. 26.
    Pedersen, T.: A threshold cryptosystem without a trusted party. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 522–526. Springer, Heidelberg (1991)Google Scholar
  27. 27.
    Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure distributed key generation for discrete-log based cryptosystems. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 295–310. Springer, Heidelberg (1999)Google Scholar
  28. 28.
    Fouque, P.A., Stern, J.: One round threshold discrete-log key generation without private channels. Public Key Cryptography, 300–316 (2001)Google Scholar
  29. 29.
    Wei, D.: Crypto++ LibraryTM 5.0 (2002)Google Scholar
  30. 30.
    Goldreich, O., Oren, Y.: Definitions and properties of zero-knowledge proof systems. Journal of Cryptology 7, 1–32 (1994)MATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Yitao Duan
    • 1
  • John Canny
    • 1
  1. 1.Computer Science DivisionUniversity of California, BerkeleyBerkeleyUSA

Personalised recommendations