1 / 12

Privacy Issues and Techniques for Monitoring Applications

Privacy Issues and Techniques for Monitoring Applications. Vibhor Rastogi RFID Security Group. Privacy in Monitoring Applications. Monitoring apps collect personal information Supports useful applications Personal reminder services or Personal Object trackers Results in privacy issues

taro
Télécharger la présentation

Privacy Issues and Techniques for Monitoring Applications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy Issues and Techniques for Monitoring Applications Vibhor Rastogi RFID Security Group

  2. Privacy in Monitoring Applications • Monitoring apps collect personal information • Supports useful applications • Personal reminder services or Personal Object trackers • Results in privacy issues • RFID Ecosystem: RFID monitoring system • Monitors location information about users & their objects • Information is stored in a trusted central server • Users query the central server

  3. RFID Ecosystem Where is Alice? Bob Charlie Alice Delta Where is Alice? Where is Alice? Bob & Alice are friends Charlie & Alice have a scheduled meeting

  4. Central Privacy Issue: Access control • Suppose a user asks a query • Is the answer public or private? • It depends on multiple factors [Belloti et. al.] • Context information of the Querier and the Subject • Rule-based access control • Rules control the release of personal information • Need to incorporate all the above factors

  5. Access Control: Challenges • Rules need to incorporate context information • Many rules need to be defined • Rules difficult to understand and manage • Context information might have to be inferred • Context information may be uncertain

  6. Managability of Rules • Our Solution • We identify a list of interesting scenarios and applications • Rules are defined to support the scenarios • A constrained space of predefined rules • Users have an option to enable/disable them • Example: Ownership scenario & Ownership rule

  7. The ownership scenario Bob: Where is my book System: Alice has book If B carries A’s objectthen release B has objectto A Context

  8. Context is crucial Bob: Where is my book System: Alice has book Hidden Book If B is with A’s objectthen release B has objectto A • Right context may need to be inferred • Done using PEEX

  9. Context is uncertain • Access control Rules • Context is uncertain • For example: 20% chance that ‘Alice Carries Book’ • Let Pr(context) = pc & Pr(secret) = ps • Access control semantics • If pc = 1 reveal ps • If pc = 0 hide ps • If (0 < pc < 1) then what? If contextthen release secretto user

  10. Our approach: Perturbation method • Reveal partial information in uncertain context • Perturb p`s = ps + noise(pc) • Return p`s instead of ps • Compromise soundness • Answers returned may be wrong • Justifiable as system is itself uncertain! • Degree of confidence in answer also returned

  11. Noise function • -0.5 <= noise(pc) <= 0.5 pc = 0 pc = 0.5

  12. Conclusion • Designing simple & intuitive rules important • We design ACP for the RFID Ecosystem • Infer high level context • Inferred context uncertain • Implementation of ACP • Use perturbation methods for uncertain context

More Related