1 / 15

Overview of Privacy Management in Ubiquitous Computing Environments

Presentation at APNOMS2003 DEP. Overview of Privacy Management in Ubiquitous Computing Environments. Shigeki Yamada E-mail:shigeki@nii.ac.jp National Institute of Informatics (NII) October 3, 2003. Why is Privacy Management Important in Ubicomp Environments?.

baka
Download Presentation

Overview of Privacy Management in Ubiquitous Computing Environments

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NII Presentation at APNOMS2003 DEP Overview of Privacy Management in Ubiquitous Computing Environments Shigeki Yamada E-mail:shigeki@nii.ac.jp National Institute of Informatics (NII) October 3, 2003

  2. NII Why is Privacy ManagementImportant in Ubicomp Environments? • Two major concepts of ubiquitous computing • Ubiquity • Invisibility • Invisibility requires context-awareness that captures and interprets user context • User context includes privacy–sensitive personal data such as user’s location, activity status, and preferences • New privacy protection technologies are required for ubiquitous environments • Dynamic changes of user’s computing and communication environments

  3. NII Privacy Invasions in Ubicomp Environments Bob (Data Collector) Improper use of Alice’s personal data Data Collection Data Copy Little control over how her data will be used Unauthorized use of Alice’s personal data Alice (Personal Data Owner) Carol (Data User)

  4. NII Privacy Management Issues • Where to store personal data? • End-User Centric Architecture (ECA) • Into stationary servers and devices • Into wearable servers and devices • Network- Centric Architecture (NCA) • Who manages privacy? • User, Network Operator, or Service Provider • How to protect privacy? • Principle of Minimum Asymmetry • P3P and pawS system • Other technologies

  5. NII Context Data Storage Management: ECA (End-User Centric Architecture) • User context data are stored in user facilities and managed by users or service providers • Users feel easy • User has all the responsibility LAN (18) Contents/ Services Server WLAN R Internet (17) ISP Network (19) (20) MT AP R R (6) (11) LAN R (5) (12) DA UTRAN PS-CN (7) (8) (1) (2) (3) (4) (10) (9) MT BS RNC SGSN GGSN UCN (16) (13) (15) (14)

  6. NII Context Data Storage Management:NCA (Network Centric Architecture) • User context data are stored inside the 3GPP All IPNetwork managed by Network Operators • Secure and uniform management • Users may feel uneasy LAN (23) WLAN Contents/ Services Server Internet ISP Network (22) R MT AP R R (25) (24) (21) DA (26) UTRAN PS-CN (11) (12) (3) IMS UCN (1) (2) (4) (5) (13) MT BS RNC SGSN GGSN P-CSCF (10) (20) (18) (17) (7) (8) (19) (16) (15) (6) S-CSCF (9) I-CSCF (14)

  7. NII Design Space for Privacy Protection Data Collector (Service Provider or web site) Access Prevention Avoidance Detection Data Collection Second Use Prevention Avoidance Detection Prevention Avoidance Detection Personal Data Owner Data User

  8. NII Classification of Privacy Protection Technologies (by X. Jiang (UCB)) RBAC Anonymization Pseudonymization Location Support Prevention Wearables P3P User Interfaces for Feedback, Notification, and Consent Avoidance Privacy Millers Detection Collection Access Second use

  9. NII Principle of Minimum Asymmetry Data Collector (Service Provider or web site) Decrease (e.g. anonymization and pseudonymization) Decrease (e.g. lower rate of updating location information) Increase (e.g. logging of accesses) Increase (e.g. notification of second use) Data User Personal Data Owner

  10. NII Platform for Privacy Preferences Project (P3P) • Developed by World Wide Web Consortium (W3C) • Web sites disclose their privacy policies in a standard XML format • Web browsers automatically retrieve P3P privacy policies and compare them to privacy preferences of personal data owners

  11. GET /w3c/p3p. xml HTTP/1.1 Host: www. att .com Request Policy Reference File Send Policy Reference File Request P3P Policy Send P3P Policy GET /index.html HTTP/1.1 Host: www. att .com Request web page . . . HTTP/1.1 200 OK Content - Type: text/html Send web page . . . NII P3P Protocol Web Server

  12. NII pawS: a Privacy Protection System (ETH) (3) Privacy Policy Download Privacy Proxy Service Proxy (4) Comparison of Privacy Policy with User Preferences (5)Personal Data (2) Personal Data & Service Name (1) Service Announcement Privacy Beacon Privacy Assistant

  13. NII Mobile Agent-based Privacy System for Controlling Second Use (NII) Service Proxy Privacy Proxy Privacy Capsule Privacy Policy (3) Policy Download (4) Agent Migration User’s Preferences Mobile Agent Mobile Agent Personal Data (5) Execution Results (6) (2) (1) Privacy Beacon Privacy Assistant

  14. NII Other Privacy Protection Technologies • Location Support System: the Cricket system [MIT] • Allows client to learn their location without centralized tracking to construct location-specific queries • Wearables • Use person’s own workstations [Xerox PARC] or wearable computers [MIT] to store personal data • Privacy Miller (Georgia Tech) • Shows end-users what information is being collected, and what information has been accessed and by whom. • Helps end-users avoid risky situations

  15. NII Concluding Remarks • Privacy management will be increasingly important in ubiquitous computing networks • Numerous privacy protection and management technologies have been emerging • No simple solution but integration of various technologies for managing privacy • Non-technical aspects must also be considered

More Related