Understanding identity exposure in pervasive computing environments

Various miniaturized computing devices that store our identity information are emerging rapidly and are likely to become ubiquitous in the future. They allow private information to be exposed and accessed easily via wireless networks. When identity and context information is gathered by pervasive computing devices, personal privacy might be sacrificed to a greater extent than ever before. People whose information is targeted may have different privacy protection skills, awareness, and privacy preferences. In this research, we studied the following issues and their relations: (a) identity information that people think is important to keep private; (b) actions that people claim to take to protect their identities and privacy; (c) privacy concerns; (d) how people expose their identity information in pervasive computing environments; and (e) how our RationalExposure model can help minimize unnecessary identity exposure. We conducted the research in three stages, a comprehensive survey and two in-lab experiments. We built a simulated pervasive computing shopping system, called InfoSource. It consisted of two applications and our RationalExposure model. Our data show that identity exposure decisions depended on participants’ attitudes about maintaining privacy, but did not depend on participants’ concerns or security actions that they claimed to have taken. Our RationalExposure model did help the participants reduce unnecessary disclosures.     

A novel approach to visualize web anomaly attacks in pervasive computing environment

These days, a pervasive computing environment is a rapidly changing trend towards increasingly always-on connected computing devices in the convergence environment. In a pervasive computing environment, there are various multimedia web services and communications for various devices in order to provide interesting and invaluable information to users. Meanwhile, providing a wide variety of the web-based multimedia services and communications may cause various security threats and abnormal behaviors. In this paper, a multimedia visualization approach for pervasive computing environment is proposed which analyzes HTTP request and response header information to detect and visualize multimedia web attacks based on the Bayesian method. We conducted a few cases’ experiment for the verification of the proposed approach in a real environment. The experimental results such as web attack detection visualization, scanning and password attack visualization, and attacker’s position tracking visualization verify the usability of the proposed approach.     

普适计算认证过程基于粗糙集的隐私保护策略

在普适计算环境中,用户要获得需要的服务,需要向对应的服务提供商提供一定的认证信息,而这些认证信息中往往包含有用户不希望泄漏的隐私信息。为了对这些隐私信息进行保护,本文提出了认证过程中基于粗糙集的隐私保护策略：用户将认证信息扩展成粗糙集提供给服务提供商;服务提供商根据策略从粗糙集中提取用户的真实认证信息对用户请求进行认证。该策略充分利用了粗糙集合的不确定性,能够有效地防止用户隐私泄漏。     

A framework for comparing perspectives on privacy and pervasive technologies

Pervasive computing research has evolved, investigating mechanisms for supporting some predefined notion of privacy, typically favoring individual rights over the rights of the community. We offer a framework to consider individual and group rights so that technology developers can more effectively reason about concerns for existing technology as well as generate new technologies that respect a well-defined set of social norms. We outline a framework designed to help developers understand the conflict between privacy and pervasive computing technologies, particularly those technologies that deal with sensing and storage. Pervasive computing technologies, especially those that can automate perception of human activity and then store that information, can provide tremendous benefits. We offer an analytic method to assist developers in asking questions about the systems and applications they are creating. We believe this framework will help developers minimize the gap between design goals and actual effects on privacy.     

一个普适计算环境中的定位隐私保护模型*

随着普适计算技术的发展,在普适环境中的应用服务也日益增多。这些服务通常都是基于用户位置的服务,然而,用户的定位信息中往往直接或间接地包含着用户的隐私内容。针对如何在获取个性化定制服务的同时保护用户的定位隐私这一问题展开讨论,提出了一种定位信息采集和假名使用的策略,并基于该策略建立了一个普适计算环境中的定位隐私保护模型。     

A survey on security issues and solutions at different layers of Cloud computing

Cloud computing offers scalable on-demand services to consumers with greater flexibility and lesser infrastructure investment. Since Cloud services are delivered using classical network protocols and formats over the Internet, implicit vulnerabilities existing in these protocols as well as threats introduced by newer architectures raise many security and privacy concerns. In this paper, we survey the factors affecting Cloud computing adoption, vulnerabilities and attacks, and identify relevant solution directives to strengthen security and privacy in the Cloud environment.     

SPEP： Security Protocol to Enhance Privacy in Pervasive Computing

Pervasive computing world implies privacy, particularly the bad publicity around invasions of privacy, could block the incredible potential of pervasive computing. A brief introduction of the understanding of privacy, and how they relate to,the world of pervasive computing are provided in this paper. With the pseudonyms and Bit Commitment techniques, a Security Protocol--SPEP is designed and built. SPEP provides privacy with confidentiality, two-party data authentication, and evidence of data freshness. A secure node-to-node key agreement protocol is implemented, which is practical in minimal hardware of pervasive computing environment and easily matches the data rate of the network.     

普适计算环境中基于上下文的使用控制模型

使用控制模型可以解决普适计算环境中访问控制的动态授权问题,但该模型没有考虑上下文信息。为此,提出一种普适计算环境中基于上下文的使用控制模型。在使用决策因素中增加上下文信息,包括时间、位置和环境因素,采用行为时态逻辑定义模型的核心规则集。以基于普适计算的智能教室为实例进行分析,证明该模型在普适计算环境中的有效性。     

Modeling privacy control in context-aware systems

Significant complexity issues challenge designers of context-aware systems with privacy control. Information spaces provide a way to organize information, resources, and services around important privacy-relevant contextual factors. In this article, we describe a theoretical model for privacy control in context-aware systems based on a core abstraction of information spaces. We have previously focused on deriving socially based privacy objectives in pervasive computing environments. Building on Ravi Sandhu's four-layer OM-AM (objectives, models, architectures, and mechanisms) idea, we aim to use information spaces to construct a model for privacy control that supports our socially based privacy objectives. We also discuss how we can introduce decentralization, a desirable property for many pervasive computing systems, into our information space model, using unified privacy tagging.     

An approach to domain-based scalable context management architecture in pervasive environments

In pervasive environments, context management systems are expected to administrate large volume of contextual information that is captured from spatial to nonspatial elements. Research in context-aware computing produced a number of middleware systems for context management to intermediate the communications between applications and context providers. In particular, in pervasive environments, the design of distributed storage, retrieval and propagation mechanisms of context information across domains is vital. In this paper, we propose a domain-based approach to address the requirements of scalable distributed context management, cross-domain efficient context information dissemination and domain-based privacy policy enforcement. We propose infinitum, a middleware architecture that incorporates the management and communication benefits of the Google Wave Federation Protocol, while also taking advantage of the semantic and inference benefits of ontology-based context models. This architecture establishes a robust cross-domain scalable context management and collaboration framework, which has been implemented and evaluated in a real-life application of “SMART University” to support virtual team collaboration.     

Embedded security in a pervasive world

Embedded systems have become an integral part of our everyday life. Devices like vehicles, household appliances, and cell phones are already equipped with embedded microcontrollers. The networking of the myriads of embedded devices gives rise to the brave new world of pervasive computing. Pervasive computing offers enormous advantages and opportunities for users and businesses through new applications, increased comfort, and cost reduction. One often overlooked aspect of pervasive computing, however, are new security threats.This article describes security issues in current and future pervasive security scenarios, ranging from privacy threats and unreliable products to loss of revenue. We also highlight the opportunities, such as new business models, which are enabled through strong embedded security solutions. Current research issues are also summarized. As case studies, we introduce security aspects in future automotive systems and in ad-hoc networks.     

Shadow attacks on users’ anonymity in pervasive computing environments

Privacy preserving technologies are likely to become an essential component of adaptive services in pervasive and mobile computing. Although privacy issues have been studied for a long time in computer science as well as in other fields, most studies are focused on the release of data from large repositories. Mobile and pervasive computing pose new challenges, requiring specific formal models for attacks and new privacy preserving techniques. This paper considers a specific pervasive computing scenario, and shows that the application of state-of-the-art techniques for the anonymization of service requests is insufficient to protect the privacy of users. A specific class of attacks, called shadow attacks, is formally defined and a defense technique is proposed. This defense is formally proved to be correct, and its effectiveness is validated by extensive experiments in a simulated environment.     

Long-term location privacy protection for location-based services in mobile cloud computing

The popularity of mobile devices, especially intelligent mobile phones, significantly prompt various location-based services (LBSs) in cloud systems. These services not only greatly facilitate people’s daily lives, but also cause serious threats that users’ location information may be misused or leaked by service providers. The dummy-based privacy protection techniques have significant advantages over others because they neither rely on trusted servers nor need adequate number of trustworthy peers. Existing dummy-based location privacy protection schemes, however, cannot yet provide long-term privacy protection. In this paper, we propose four principles for the dummy-based long-term location privacy protection (LT-LPP). Based on the principles, we propose a set of long-term consistent dummy generation algorithms for the LT-LPP. Our approach is built on soft computing techniques and can balance the preferred privacy protection and computing cost. Comprehensive experimental results demonstrate that our approach is effective to both long-term privacy protection and fake path generation for LBSs in mobile clouds.     

Emerging privacy issues

Because of the essential nature of information in the affairs of society, governments, and institutions, computer- and communications-based systems are creating new aspects of personal privacy threats. Because people and organizations will tend to carry forward established expectations derived from old systems and their characteristics to new systems and their procedures, it can be expected that new privacy threats will frequently not be perceived, (e.g. the transition from physical mail to electronic mail). Moreover, things which are not a privacy threat in the small (e.g. a single telephone number) can pose threats in the large (e.g. a year's worth of telephone billings). The networking of information systems will tend to aggregate information invisibly and create privacy threats (e.g. automatic check verification information blended with financial transaction information). Matching of computer files and the diversification of established industries (e.g. banks providing general accounting services to small business) also will create new dimensions of privacy.The future world will be so tightly stitched together by its information threads that a combination of approaches to protecting privacy will be essential. Technical security safeguards can contribute; privacy laws will surely afford protections. But for some situations, perhaps many, the individual will have to take care of himself. To do so, he will have to be well-informed about information systems and their impact on himself; and he must have a legal standing to recover damages and compel remedial actions by offending organizations.     

Towards privacy-driven design of a dynamic carpooling system

Dynamic carpooling (also known as instant or ad-hoc ridesharing) is a service that arranges one-time shared rides on very short notice. This type of carpooling generally makes use of three recent technological advances: (i) navigation devices to determine a driver’s route and arrange the shared ride; (ii) smartphones for a traveller to request a ride from wherever she happens to be; and (iii) social networks to establish trust between drivers and passengers. However, the mobiquitous environment in which dynamic carpooling is expected to operate raises several privacy issues. Among all the personal identifiable information, learning the location of an individual is one of the greatest threats against her privacy. For instance, the spatio-temporal data of an individual can be used to infer the location of her home and workplace, to trace her movements and habits, to learn information about her centre of interests or even to detect a change from her usual behaviour. Therefore, preserving location privacy is a major issue to be able to leverage the possibilities offered by dynamic carpooling. In this paper we use the principles of privacy-by-design to integrate the privacy aspect in the design of dynamic carpooling, henceforth increasing its public (and political) acceptability and trust.     

Towards sharing life-log information with society

We are living in an era of social media such as online communities and social networking sites. Exposing or sharing personal information with these communities has risks as well as benefits and there is always a trade off between the risks versus the benefits of using these technologies. Life-logs are pervasive tools or systems which sense and capture contextual information from the user's environment in a continuous manner. A life-log produces a dataset, which consists of continuous streams of sensor data. Sharing this information has a wide range of advantages for both user and society. On the other hand, in terms of individual privacy, life-log information is very sensitive. Although social media enable users to share their information, due to life-log data structure, current sharing models are not capable of handling life-log information while maintaining user privacy. Our approach here is to describe the sharing of life-log information with society based on the identification of associated risks and benefits. Subsequently, based on the identified risks, we propose a data model for sharing life-log information. This data model has been designed to reduce the potential risks of life-logs. Furthermore, ethics for providing and using life-logs will be discussed. These ethics focus on reducing risks as much as possible while sharing life-log information.     

Securing next-generation grids

Grid computing poses tough security challenges. What do we have - and what do we still need - to make grids safe for tomorrow? Grid computing harnesses existing self contained systems - from personal computers to supercomputers to let users share processing cycles and data across geographical and organizational boundaries. This emerging technology can transform the computational infrastructure into an integrated, pervasive virtual environment. However, although commercial and research organizations might have collaborative or monetary reasons to share resources, they are unlikely to adopt such a distributed infrastructure until they can rely on the confidentiality of the communication, the integrity of their data and resources, and the privacy of the user information. In other words, large-scale deployment of grids will occur when users can count on their security.     

Privacy preserving security using biometrics in cloud computing

Cloud computing and the efficient storage provide new paradigms and approaches designed at efficiently utilization of resources through computation and many alternatives to guarantee the privacy preservation of individual user. It also ensures the integrity of stored cloud data, and processing of stored data in the various data centers. However, to provide better protection and management of sensitive information (data) are big challenge to maintain the confidentiality and integrity of data in the cloud computation. Thus, there is an urgent need for storing and processing the data in the cloud environment without any information leakage. The sensitive data require the storing and processing mechanism and techniques to assurance the privacy preservation of individual user, to maintain the data integrity, and preserve confidentiality. Face recognition has recently achieved advancements in the unobtrusive recognition of individuals to maintain the privacy-preservation in the cloud computing. This paper emphasizes on cloud security and privacy issues and provides the solution using biometric face recognition. We propose a biometrics face recognition approach for security and privacy preservation of cloud users during their access to cloud resources. The proposed approach has three steps: (1) acquisition of face images (2) preprocessing and extraction of facial feature (3) recognition of individual using encrypted biometric feature. The experimental results establish that our proposed recognition approach can ensure the privacy and security of biometrics data.

     

Privacy-preserving e-payments using one-time payment details

The recent increase in data breaching incidents involving high profile e-commerce companies is alarming as such privacy threats can seriously thwart the healthy growth of electronic commerce. We propose a privacy-preserving e-payment scheme that guarantees authenticity while keeping the customer’s sensitive details secret from the respective parties involved in the online transaction. Using a non-reusable password-based authentication approach, the proposed protocol allows consumers to anonymously purchase goods from an online merchant, thus achieving the ideal privacy environment in which to shop. The protocol can be easily deployed in an e-commerce environment without requiring great changes to the current processes.     

Smart devices and spaces for pervasive computing

Applications and services for pervasive computing have been dramatically grown and have contributed extensively to our daily experiences in recent years. Smart systems, devices, and spaces are proactive for ubiquitous and pervasive computing. Smart information technology (IT) is also an outcome of the state of the art and novel mobile and ubiquitous computing technologies that include highly capable handheld device, pervasive and personal device, etc. This special issue will be a trigger for further related research and technology improvements in pervasive and ubiquitous computing using smart devices and services. This special issue called for original papers describing the latest developments, trends, and solutions of smart devices and spaces for pervasive computing including real-time operating systems (OS), tiny OS and middleware supports, mobile system performance, trustworthy Internet and communications, agents and mobile and pervasive services, among others. In particular, this special issue focuses on a remote control and media-sharing system, flash storage-based smart system, heterogeneous mobile OS, and prediction and auto-execution system for pervasive computing.