Privacy Preservation in Context-Aware Systems - PowerPoint PPT Presentation

Loading...

PPT – Privacy Preservation in Context-Aware Systems PowerPoint presentation | free to download - id: 6802cf-ODgwO



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Privacy Preservation in Context-Aware Systems

Description:

Privacy Preservation in Context-Aware System – PowerPoint PPT presentation

Number of Views:18
Avg rating:3.0/5.0
Slides: 56
Provided by: ebiquityU1
Learn more at: http://ebiquity.umbc.edu
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Privacy Preservation in Context-Aware Systems


1
Privacy Preservation in Context-Aware Systems
  • By Pramod Jagtap
  • Masters Thesis Defense
  • Advisor Dr. Anupam Joshi

2
The Wall Street Journal
3
(No Transcript)
4
What We Need !
Static Information
Aspects of Context
Generalization of Context
Temporal Restrictions
Requesters Context
Context Restrictions
5
This Thesis is About !
  • Presenting a policy-based framework to protect
    user privacy in context-aware system based on
    context of both owner and requester
  • Validation of the framework in a prototype system
  • Evaluation of the framework on mobile devices

6
Agenda
  • Introduction
  • Related Work and Motivation
  • System Architecture
  • Prototype Implementation
  • Results
  • Conclusion and Future Work

7
What is Context?
  • Set of environmental states and settings in
    which an  application event occurs and is
    interesting to the user (Chen and Kotz - 2000)
  • Defined by a combination of relevant
    environmental properties, participants, and
    participant's activities
  • User context user's role, location, activity,
    people nearby
  • Time context
  • Physical context
  • Computing context

8
Related Work and Background
  • The context-aware electronic tourist guide
    (Cheverst et al. 2000)
  • AnonySense (Shin et al. 2010), a privacy-aware
    architecture for collaborative pervasive
    applications that use mobile sensing
  • Project Aware Home (Kidd et al. 1999) uses RBAC
    based access control model
  • Context Privacy Service (CoPS) (Sacramento,
    Endler, Nascimento 2005) describes the design
    and implementation of a privacy service

9
Related Work
  • Rei is a policy language based in OWL-Lite (Kagal
    et al.)
  • Rein (Rei and N3) (Kagal Berners-lee 2005)
    Distributed framework for describing and
    reasoning over policies in the Semantic Web
  • AIR (Kagal, Hanson, Weitzner 2008) Policy
    language that provides automated justification
    support by tracking dependencies during the
    reasoning process.
  • Uses Truth Maintenance System (Doyle 1978) to
    track dependencies.

10
System Architecture
Social Media
DB
Calendar Data
Server side
Content Aggregator
Learn and share
Privacy control module
Privacy enforcement at server side
Network
Privacy enforcement over Sensed data
Privacy control module
Privacy control module
Privacy control module
Client devices
Sensor Data
Sensor Data
Sensor Data
Privacy enforcement between Peer devices
11
Content Aggregation
12
System Architecture
Social Media
DB
Calendar Data
Content Aggregator
Learn and share
Privacy control module
Privacy enforcement at server side
Network
Privacy enforcement over Sensed data
Privacy control module
Privacy control module
Privacy control module
Sensor Data
Sensor Data
Sensor Data
Privacy enforcement between Peer devices
13
Privacy Control Module
  • It deals with the resource to be protected, the
    owner of a resource and the requester who wants
    to access it
  • Aims to protect user privacy in a context-aware
    system by enforcing user privacy policies

14
Privacy Control Module - Context Ontology
15
Privacy Control Module - Context Ontology
  • It captures the user location and surroundings,
    the presence of other people and devices, and the
    inferred activities in which they are engaged

16
Privacy Control Module - Context Ontology
  • Supports the generalization of contextual
    information
  • Location Generalization
  • Activity Generalization

17
Privacy Control Module - Context Ontology
  • Location Generalization
  • Share my location with teachers on weekdays from
    9am-5pm
  • Users exact location in terms of GPS
    co-ordinates is shared
  • The user may not be interested to share GPS
    co-ordinates but fine with sharing city-level
    location
  • Share my building-wide location with teachers on
    weekdays from 9am-5pm

18
Privacy Control Module - Context Ontology
  • Location Generalization
  • Our ontology uses hierarchical model of location
    to support location generalization
  • The transitive Part Of property creates the
    location hierarchy

19
Privacy Control Module - Context Ontology
  • Activity Generalization
  • Share my activity with friends on weekends
  • Users current activity is shared with friends on
    weekends
  • share more generalized activity rather that
    precise
  • confidential project meeting gt Working, Date gt
    Meeting
  • User clearly needs to obfuscate certain pieces of
    activity information to protect her context
    information
  • Share my public activity with friends on weekends
  • Public is a visibility option

20
Activity Generalization
21
Privacy Control Module Knowledge About User
22
Privacy Control Module Knowledge About User
  • Profile and context information - represented
    using N3

platysProfessor_Meeting a platysActivity
platysis_performed by exAlice
platyshas_participant exAlice, exJohn
platysoccurs_at platysClass LH1
platysoccurs_when 2010-11-19T141242. plat
ysClass LH1 a platysPlace platyshas_location
39.253525, -76.710706. platysGPS a
platysPoint platyspart_of platysITE_325
. platysITE_325 a platysRoom platyspart_of
platysITE . platysITE a platysBuilding
platyspart_of platysBaltimore
. platysBaltimore a platysCity
platyspart_of platysMaryland
. platysMaryland a platysState .
exAlice a foafPerson foafname Alice
exsystemUser true platyshas role
platysStudent .
23
Privacy Control Module Knowledge About User
  • Group Information

exHarry a foafPerson foafname Harry
exmemberOf exGroupFamily . exRon a
foafPerson foafname Ron exmemberOf
exGroupFriends . exGroupFamily a foafGroup
foafname Family . exGroupFriends a
foafGroup foafname Friends .
24
Privacy Control Module Privacy Preferences
25
Privacy Control Module - Privacy Preferences
  • Access control rules that describes how the user
    wants to share her information, with whom, and
    under what conditions
  • Information can be profile information, context
  • Different groups of requesters
  • Condition can be users or requesters context
  • Represented in N3
  • User-defined and System-defined privacy policies

26
Privacy Control Module - Privacy Preferences
  • User-defined policies specified by the user to
    protect her information
  • Share my context with family members all the time
  • System-defined policies
  • Can be needed for military domains or
    organizations
  • Multi-level secure systems where the system-level
    policies must override the user-level policies
  • Do not share the users context if she is inside
    a military building BuildingXYZ

27
Policy Editor
  • To specify and edit privacy policies. The
    policies are created and stored in N3 format on
    both server and client sides in persistent memory

28
Privacy Control Module Reasoning Engine
29
Privacy Control Module Reasoning Engine
  • Handles the requester queries and performs
    reasoning for access control decisions
  • Jena Semantic Web framework
  • Implement both the RDFS and OWL reasoner
  • These reasoners are used to infer additional
    facts from the existing knowledge base coupled
    with ontology and rules

30
Reasoning Architecture
Platys ontology (.owl)
Static user facts (.N3)
OWLReasoner
Save model to file system
Inference Model
Saved Model (RDF/XML)
Load Model
Requesters context information (.N3)
Dynamic knowledge about user (.N3)
Inference Model
System rule-set (.N3)
Generic Rule Reasoner
Inference Model
User-defined rule-set (.N3)
Generic Rule Reasoner
Inference Model
It contains users access levels and
corresponding triples
31
Privacy Preservation
  • The users personal information can be shared
    between a client device and the server or between
    two client devices
  • Privacy enforcement needs to be done on
  • Client devices over sensed data
  • Peer client devices
  • Server side for contextual information

32
Privacy Enforcement between Client Devices
  • Requester another client device
  • Can send requesters context along with request
  • Resource owners contextual information or
    sensor information.
  • Privacy Policies defined by owner of client
    device

33
Sample Privacy Policies
  • Policy to share context information based on
    users profile and group information Share
    detailed contextual information with family
    members all the time

AllowFamilyRule (?requester a
exrequester) (?requester exmemberOf
?groupFamily) (?groupFamily foafname
Family) -gt (?requester excontextAccess
exuserPermitted)
34
Sample Privacy Policies
  • Policy to share context information based on the
    users context Share my activity with friends
    all the time except when I am attending a lecture

ShareActivityWithFriendsRule (?requester a
exrequester) (?requester exmemberOf
?groupFriends) (?groupFriends foafname
Friends) (?someActivity platysis performed_by
exAlice) notEqual(?someActivity,
platysListening_To_Lecture) -gt (?requester
exactivityAccessRule policy5) ( policy5
exactivityAccess exuserPermitted)
35
Sample Privacy Policies
  • Policy for sharing information based on temporal
    restriction
  • Do not share my sleeping activity with teachers
    on weekdays from 9am-9pm
  • Policy for information sharing based on
    requesters context
  • Share my context with anyone attending same class
    as me

36
Sample Privacy Policies
  • Policies using generalization for sharing
  • Share my activity with friends if its public
  • Share my public activity with friends
  • Share my city-wide location with everyone
  • System-level policies
  • Do not share users context if she is inside
    BuildingXYZ

37
Privacy Enforcement over the Sensed Data
  • Let users decide how their sensor information is
    released
  • Sample Privacy policy share GPS co-ordinates on
    weekdays from 9am-5pm only if he is in office

ShareGPSRule (?requester exrequestTime
?localTime) (?user exsystemUser ?true)
(?localTime timedayOfWeek ?day) ge(?day, 1)
le(?day, 6) (?localTime timehour ?hour)
ge(?hour, 9) le(?hour, 17) (?user exLatitude
?latitude) (?user exlongitude
?longitude) Equal(?latitude, ?officeLat) Equal(?
longitude, ?officeLong) -gt (?requester
excanAccessGPSCoordinates True)
38
Privacy Enforcement over the Sensed Data
  • Sample privacy policy Do not allow access to
    recorded audio but allow access to accelerometer
    and WiFi AP ids on weekdays

ShareAccelerometerRule (?requester
exrequestTime ?localTime) (?localTime
timedayOfWeek ?day) ge(?day, 1)
le(?day,6) -gt (?requester excanAccessAcceleromet
erReadings True) (?requester
excanAccessWiFiIds True) (?requester
excanAccessAudioData False)
39
Privacy Enforcement at Server side
  • The server has information about all the system
    users whereas a client device has information
    about its owner only
  • Request to server should contain the specific
    userId

40
Privacy Enforcement at Serverside
  • Allow location access to teachers on weekdays
    only between 9am 6pm

ShareActivityWithTeachersRule (?requester
exmemberOf ?groupTeachers) (?groupTeachers
foafname Teachers) (?requester exrequestTime
?localTime) (?localTime timedayOfWeek ?day)
ge(?day, 1) le(?day, 6) (?localTime timehour
?hour) ge(?hour, 9) le(?hour, 18) (?user
exsystemUser ?true) Equal(?user,
?userId) -gt (?requester exactivityAccessRule
policy6) ( policy6 exactivityAccess
exuserProhibited)
41
Prototype Implementation
  • Google Android phone as client devices
  • It uses sockets to establish two-way
    communication link between a server and clients
  • Defined a generic request and response formats

42
System Implementation
  • Android client and server applications user
    interface

Context Request
Send Response
Bobs Phone
Alices Phone
43
System Evaluation
  • The goals of evaluation were to
  • Verify whether the system satisfies a basic
    criteria by allowing access from privileged users
    and restricting illegal users
  • Test whether the actual computing time of
    reasoning over mobile devices is acceptable
  • Perform scalability tests determine how it
    scales with different size of user information
    like number of users in group list

44
System Validation
  • Designed use cases with sample user information,
    group information and privacy policies.
  • Changed the requester or requester context in
    each of these use cases and verified system
    response in terms of access levels for requester
  • System-level policies and user-specified policies

45
System Validation
  • System-level policies
  • Share detailed context information with family
    members
  • Share users building-wide location with teachers
    on weekdays only between 9 am and 6 pm
  • Share users citywide location with everyone
  • Do not share users super-private activities with
    anyone
  • User-specified policies
  • Do not share my context if I am in a meeting with
    Professor
  • Share my Semipublic activity with friends
  • Do not share my sleeping activity with teachers
    on weekdays between 9am-9pm
  • Do not share my context when I am partying
  • Share my working activity with my family
  • Share my room-wide location with everyone in the
    same building as me
  • Share my context with anyone attending same class
    as me

46
System Validation
  • Use case Context access request from requester
    Ron (a family member)
  • Expected Response Grant context access by
    system-level policy Share detailed context
    information with family members

47
System Validation
  • Use case request from requester Bob (a friend)
  • Expected Response
  • Not allowed to access users detailed context.
    Only SemiPublic activity and citywide location
    can be shared.
  • Share users citywide location with everyone -
    System level policy
  • Share my Semipublic activity with friends
    User-specified policy

Response to a context access query.
Response to a activity access query.
Response to a Location access query.
48
System Validation
  • Use case Request from unknown requester
  • Expected Response
  • Share my context with anyone attending same class
    as me

Response to unknown requester with different
context than attending same class as user.
Response to unknown requester attending same
class as user.
49
System Performance
  • Measured reasoning time taken for the request on
    both server machine and Android device

Numbers of users On server machine On server machine On Android device On Android device
Numbers of users Reasoning time(ms) Standard deviation Reasoning time(ms) Standard deviation
10 1177 142 1128 13
50 1246 74 1446 46
100 1993 26 1903 118
250 2448 184 2682 165
500 3042 108 4233 245
1000 3715 456 10896 393
50
System Performance
  • Reasoning time (in milliseconds) for different
    number of users in owners group list

51
Future Work
  • Extend the prototype implementation to address
    the engineering challenge of scalability
  • Carry out user studies to evaluate the utility of
    the proposed privacy control mechanisms
  • Address the issues of incorporating incentives to
    allow for even more flexibility in the definition
    of policies for context-dependent release of
    information

52
Conclusion
  • Described a policy based framework to control
    information flow in collaborative context aware
    geo-social networking application
  • Showed example policies that state of the art
    systems do not support
  • Our privacy mechanisms constitute a baseline that
    can be extended and incorporated by any of the
    existing social networks including location based
    mobile social networks

53
Dr. Anupam Joshi Dr. Tim Finin Dr. Yelena
Yesha Dr. Laura Zavala
Friends Roommates
54
  • ?

55
Introduction
  • Context-aware systems consists of heterogeneous
    and dynamic sensors
  • Privacy and trust aspects are more prominent
  • Sensitive nature of context information
  • Users are sensitive about how the sensor
    information is captured and used
  • Concerns could affect the adoption and use of
    devices
  • Risk of backlash if users don't feel protected

56
Motivation
  • Need of privacy control models to control the
    information flow in collaborative context-aware
    geo-social networking applications based on the
    context of both owner and requester
  • None of the existing models allow users to
    specify the privacy preferences based on this
    information

57
Introduction
  • This environment calls for better access controls
    with finer control over the context data
  • Privacy control mechanisms that consider the
    dynamic changes in user context relative to the
    location and time
  • The user needs to be in control of the release of
    her personal information at different levels of
    granularity

58
People Opinion about Privacy Concerns
  • As per Westin/Harris Privacy Segmentation Model
    basic privacy groups are
  • Fundamentalist very high privacy concern
  • Pragmatist balanced privacy attitudes
  • Unconcerned little to no concern

PAB 03 Sheehan 02
Fundamentalist 36 3
Pragmatist 53 81
Unconcerned 11 16
Table 1 Privacy classifications of PABs
reported numbers from 2003 and Sheehans online
privacy study in 2002.
59
Privacy Controls in Existing Location-sharing
Applications
  • Location-Sharing Technologies Privacy Risks and
    Controls  by Janice Y. Tsai et al. 2010
  • 89 applications surveyed, 63 are available for
    use on mobile phones. Includes Britekite,
    Foursquare, Google Latitude and Loopt

Category Yes No Unknown Not Applicable
Privacy Policy 66.3 (59) 33.7(30)
Privacy Controls 76.4 (68) 16.9 (15) 1.12 (1) 5.62 (5)
Accessible Privacy Settings 16.9 (15) 75.3 (67) 2.25 (2) 5.62 (5)
60
Sample Privacy Policies
  • Policy for sharing information based on temporal
    restriction Do not share my sleeping activity
    with teachers on weekdays from 9am-9pm

ShareActivityWithTeachersRule (?requester a
exrequester) (?requester exmemberOf
?groupTeachers) (?groupTeachers foafname
Teachers) (?requester exrequestTime
?localTime) (?localTime timedayOfWeek
?day) ge(?day, 1) le(?day, 6) (?localTime
timehour ?hour) ge(?hour, 9) le(?hour,
21) (?someActivity platysis_performed_by
exsomeUser) equal(?someActivity,
platysSleeping) -gt (?requester
exactivityAccessRule policy6) ( policy6
exactivityAccess exuserProhibited)
61
Sample Privacy Policies
  • Policy for information sharing based on
    requesters context Share my context with
    anyone attending same class as me

Rule7 (?requester exrequester
?someValue) (?requesterActivity
platysis_performed by ?requester)
(?requesterActivity platysoccurs_at
?requesterPlace) (?requesterPlace
platyshas_location ?requesterLocation) (?request
erLocation platyspart_of ?requesterRoom) (?reque
sterRoom rdftype platysRoom) (?user
exsystemUser ?userValue) (?userActivity
platysis_performed by ?user) (?userActivity
platysoccurs_at ?userPlace) (?userPlace
platyshas_location ?userLocation) (?userLocation
platyspart_of ?userRoom) (?userRoom rdftype
platysRoom) equal(?requesterRoom, ?userRoom)
equal(?requesterActivity, ?userActivity) equal(?u
serActivity, platysListening_To_Lecture) -gt (?re
quester excontextAccess exuserPermitted)
62
Sample Privacy Policies
  • Policies using activity generalization for
    sharing
  • Share my activity with friends if its public
  • Share my public activity with friends

Rule4 (?requester exrequester
?someValue) (?requester exmemberOf
?groupFriends) (?groupFriends foafname
Friends) (?someActivity platysis performed_by
?someUser) (?someActivity platyshas_visibility
?visibility) equal(?visibility,
platysPublic) -gt (?requester exactivityAccessRu
le policy4) ( policy4 exactivityAccess
exuserPermitted) ( policy4 exactivityAccessLev
el platysPublic)
Rule4 (?requester exrequester
?someValue) (?requester exmemberOf
?groupFriends) (?groupFriends foafname
Friends) -gt (?requester exactivityAccessRule
policyRule2) ( policyRule2 exactivityAccess
exuserPermitted) ( policyRule2
exactivityAccessLevel platysPublic)
63
Sample Privacy Policies
  • System-level policies Do not share users
    context if she is inside BuildingXYZ

Rule6 (?requester exrequester
?someValue) (?someActivity platysis_performed_by
?requester) (?someActivity platysoccurs_at
?requesterPlace) (?requesterPlace
platyshas_location ?requesterLocation) (?request
erLocation platyspart_of ?requesterBuilding) (?r
equesterBuilding rdftype platysBuilding) equal(
?requesterBuilding, platysBuildingXYZ) -gt (?requ
ester excontextAccess exsystemProhibited)
About PowerShow.com