August 2013

Privacy in Ubiquitous Computing

Kanasalingam Sathyabaman, School of Computing, Asia Pacific Institute of Information Technology (APIIT), Colombo 2, Sri Lanka.

Abstract
Ubiquitous computing environment continuously collect and use user data for certain objectives, in which most of the data collected can be much sensitive for certain uses. These datas are often streamed and shared among ubiquitous environment. In these situation protecting the privacy of the user is most important point. In this paper we discuss some major privacy issues in ubiquitous computing environment and solution to solve those problems. Such as how user should have the access and control of data about them, how data it should be used. How the data distribution support for the individual and collaborative users. What are previous data distribution principles available and how we can improve it? Most of all we will discuss on how to improve the trustworthiness between the users and the ubiquitous environment.

etc. The main goal of ubiquitous environment is to free users from interacting with computers by making computers invisible to the users. When it comes to invisible computing one of the major barrier in implementing the ubiquitous environment is Privacy. According to Mark Weiser, (1991), Scientific American article: Perhaps key among the social issues that embodied virtually will engender is privacy: hundreds of computers in every room, all capable of sensing people near them and linked by high-speed networks, have the potential to make totalitarianism up to now seem like sheerest anarchy. When it comes to ubiquitous computing degree of measuring the privacy offered by each and every ubiquitous device is a challenging task. Implementing a ubiquitous environment without measuring the privacy issues for each individual or an organization will not be feasible for the real world. Therefore in this paper will discuss about measuring privacy issue for each individual or an organization in ubiquitous environment and also gives some solutions to safeguard the information shared in ubiquitous environment.

Introduction
In the recent years use of desktop computers has fallen gradually, this means people have started moving to next generation of computing called Ubiquitous Computing or everywhere computing. In Ubiquitous environment computers are embedded in to the environment. This way of embedding computers in to the environment will make the humans life easy in many areas of day to day life such as health care, sports, education,

Question or Objectives
When it comes to privacy, there are many different kinds of privacy. Therefore it is

Page 1 of 6

August 2013

difficult to narrow it into one section. According to Malcolm Crompton What is Privacy? Some fundamental part of human dignity requires privacy. Privacy is part of the claim to personal autonomy. It supports the various freedoms that democratic countries value. (S. Dritsas, D. Gritzalis, and C. Lambrinoudakis, 2006) Weiser, (1991); Lamming & Newman, Hindus & Schmandt, (1992), The need to understand and protect personal privacy in sophisticated information Systems is becoming critical as computing power moves out of the box-on-the-desk into the world at large. While we are entering the age of ubiquitous computing But in my point of view there is no way to define exactly what is privacy, it varies with people and the information they have and, what they want to share and not to share. Marc Langheinrich states 5 different types of privacy in his Article Privacy by Design Principles of Privacy-Aware Ubiquitous Systems which all has developed since the first privacy issue arose in the 1360s. These five types are territorial privacy, media privacy, bodily privacy, communicational privacy and information privacy. (Cedric Laurant, 2003) In this paper we will look we will mainly look on communicational privacy and information privacy. But we also have a small concern on territorial privacy, media privacy and bodily privacy. Ubiquitous computing interface reach beyond the computational infrastructure and attempt to encompass the surrounding physical spaces as well. Ubiquitous applications often exchange physical location and other context information about users and resources to enhance the user experience.

In this type of situation information and physical security becomes a question. As a result such environment becomes prone to more severe security threats, which can threaten people and other equipments in the physical world. Therefore traditional mechanisms that focus on digital security becomes in adequate in ubiquitous environment. Accumulating active spaces with active sensors enables the construction of much more high intelligent spaces and computing capabilities, using various sensors and embedded devices in the environment can capture the users full information. Unfortunately these environment will be a high threating for the users privacy. Using these environment system administrators can track the particular users information and use it for their commercial purpose. Some environments like homes and clinics the users have the abundance of sensitive and personal information which must be preserved, most of the situation the users dont want to be tracked. One of the main characteristics of the ubiquitous applications in the rich full user interface for interaction between the user and the environment. To do this verity of multimedia mechanisms are used for input and output and to control the physical aspect of the environment. In this situation the set of users in the space may affect the security properties of the environment. Because of the nature of interaction the users in the space cannot easily be prevented from hearing and seeing things happening in it, therefore it has to be taken in to major consideration while designing the access control system. The access control system should allow the individual and the group or devices to use the environment in a manner that has

Page 2 of 6

August 2013

collaboration, while giving the appropriate access control policies and preventing unauthorized use of the environment. While designing the users interface physical and the virtual aspects of access control for such environment have to be considered. It is important for ubiquitous computing to have convenient and flexible method for defining and managing security policies in a flexible manner. The policy management tools provide the administrators ability to implement and specify rules to gain the greater control over the behavior of entities in their system. But currently most network policies are implemented by the system administrators using the tool based on scripting application that intact through the list of low-level applications. Their policy management softwares maintains a separate database for corresponding device and resource interfaces, these tools need to be updated frequently to accommodate new hardware or software, or the system will be difficult to manage it. As a result general purpose of the low level management tools are limited in functionality. Since most policy management tools deal with the low-level interface, the administrators may not have clear picture of the policy management actions. These discloser security policies may be a risk for security. Example, someone knowing whether the system is on the lookout for an intruder could actually be a secret. Thus, unauthorized person should not know the security policy. One of the great deal of concern in ubiquitous environment is the concern over the new types of threads, information operations and cyber-terrorism, which is the natural consequences of increasing importance in the electronic information and the heavy reliance on digital communications networks in most

of civilians and military activities. Example info ops, which is defined as actions taken that affect adversary information and information system while defending ones own information and information system. Info ops is a serious concern in todays networking in this stations cyber-terrorist and other techno villains can exploit computer networks, inject misleading information, steal electronic assets. Ubiquitous computing gives a very high priority for this and adds more capabilities to defend info warriors and make info ops a much more severe threat. ( E. A. M. Luiijf, 1999) The security and the privacy guarantees in ubiquitous environment should be specified and drafted in to design process rather than considering as an add-on or future thinking. The previous effects in reroofing security and anonymity in to existing system had been proved to be ineffective and in efficient. The main two examples are internet and Wi-Fi, both of these still suffer from inadequate security. In this section we will look on important requirements needs for security of subsystem to be used in ubiquitous environment. (R. Mundy, D. Partain, and B. Stewart, 1999) The main focus of ubiquitous computing is to transform users in to first class entities, where users no longer need to show more concern on their computing machinery. Therefore even the security subsystems can be transparent to some level, blending in to the background without distracting the users. When it comes to a security, the security architecture deployed should be able to provide different levels of security services based on system policy, context information, environmental situations and available resources, etc. situations which require a high level of assurance or greater security may

Page 3 of 6

August 2013

require users to interact with security system explicitly by authenticating themselves using a variety of means to boot systems confidence. Traditional security is static and context insensitive. Ubiquitous computing integrates context and situational information, transforming the computing in to virtual space. In this situations the security services has to make full use of context information available. For example, access control decisions may depend on time or special situations. The principals of Need to Know should be applied on temporal and situation basis. For instance the security polices must be able to change dynamically to limit the permissions for the times and the situations they are needed. However viewing what security policy might be activate in what particular? should not be possible. Most of these, there needs to be a verification for authenticity and integrity of the context information required.

The ubiquitous environment can have hundreds or thousands of diverse devices. The security services should be able to scale to the dust of mobile and embedded devices available to some particular instance of time. In addition to the security services, it need to able to serve huge number of users with different roles and privileges, under different situation. In the following sections we see some suggestions and solutions to safe grad the privacy in ubiquitous environment.

Justification and Solution

In day to day life, although ubiquitous computing help the people in mays ways. It cannot survive in the real world without taking some major actions to protect the privacy of the users. Therefore I came out with some suggestions that will help the ubiquitous environment to protect the users privacy. There should be a limit for each ubiquitous applications to collect users data and any such situation the application should make the user aware that his particular data is been collected. The personal data collected from the users, should be relevant for the purpose for which it is to be used and to extent the necessary for the purposes, the users should be kept informed about the extended use of their data. The purpose for which the data is collected should be specified to the user at the time of collection and the subsequent use limited to fulfill the purpose, or such that not incompatible with those purpose should notify the user in each occasion and get authorization from the user. The personal data collected should not be disclosed or made available or otherwise used for purposes other than those specified, expect in

The security subsystems flexible, customizable and adaptable. It should be able to adapt in to environments with extreme conditions.it should be able to evolve and provide additional functionality when more resources become available, tools for defending and managing policies should be dynamic as the environment itself. With many security technologies surfacing and being developed. The assumptions that a particular security mechanism will eventually prevails. For that reason it is necessary to support multiple security mechanisms. While traditional security was restricted to virtual world, security now should incorporate some aspects of physical world.

Page 4 of 6

August 2013

the situation in authority of law. The personal data should be protected with the reasonable safeguards against the risk like stolen, modification, unauthorized access, and destruction use etc. There should be a general policy of openness about development, practices and policies with respect to the personal data. Means it should be readily available for establishing the existence and the nature of personal data, purpose of use and identity about the usual residence of the data collector. The individual must have the right to obtain the form of data collected or conform weather or not the data controller has data related to him. And the user should have the control to withdraw or make changes to his data at any point of time.

level and can build a trust full ubiquitous environment in future.

References
Weiser, M. The Computer for the 21st Century, Scientific American Ubicomp Paper after Sci Am editing, 1991. Langheinrich, M. Privacy by design Principles of Privacy- Aware Ubiquitous Systems, Distributed Systems Group, 2001. Lahlou, S., Langheinrich, M., and Rcker, C. Privacy and Trust Issues with Invisible Computers, Communications ofthe ACM, 2005. M. Langheinrich, "Privacy in Ubiquitous Computing," in Ubiquitous Computing, J.Krumm, Ed.: Chapman & Hall / CRC Press, 2009. S. Dritsas, D. Gritzalis, and C. Lambrinoudakis,"Protecting privacy and anonymity in pervasive computing: trends and perspectives," Telematics and Informatics,vol. 23, pp. 196-210, 2006. R. Mundy, D. Partain, and B. Stewart, "Introduction to SNMPv3." RFC 2570, April 1999. J. Boyle and e. al, "The COPS Protocol." Internet Draft, Feb. 24, 1999. E. A. M. Luiijf, "Information Assurance and the Information Society," presented at EICAR Best Paper Proceedings, 1999. Crompton, M, What is Privacy?, Privacy and Security in the Information Age Conference,http://www.privacy.gov.au/news /speeches/sp51note1.html,2001, (August 13:th 2013).

Conclusion
Although paper address some of the major privacy issues in ubiquitous environment and it also gives some solutions to protect users privacy in ubiquitous environment. The problems regarding the privacy is not that easy to solved, mainly because each individuals has their own personal opinions and values of what privacy really is. I also believe that when a new technology arise, the privacy problems will increase rapidly. Especially within the ubiquitous environment, which make it even hard to protect the integrity because sometimes data collection is almost completely invisible and it also provide the possibilities of recording peoples feelings and emotions. Although it is hard to develop a fully privacy protected system in ubiquitous environment, I believe with the help of further research we can reduce the privacy issues to maximum

Page 5 of 6

August 2013

Cedric Laurant. Privacy and human rights 2003.http://www.privacyinternational.org/su rvey/phr2003/. (August 13:th 2013). (Ref: p. 31.) Implications. 2013. Implications. [ONLINE] Available at:
http://www.rcet.org/ubicomp/implications.htm l. [Accessed 12 August 2013].

Ubiquitous Computing has Built Ultimate Surveillance Society | Old-Thinker News. 2013. Ubiquitous Computing has Built Ultimate Surveillance Society | Old-Thinker News. [ONLINE] Available at: http://www.oldthinkernews.com/2012/03/ub iquitous-computing-built-ultimatesurveillance-society/. [Accessed 10 August 2013]. Ubiquitous computing - Wikipedia, the free encyclopedia. 2013. Ubiquitous computing Wikipedia, the free encyclopedia. [ONLINE] Available at: https://en.wikipedia.org/wiki/Ubiquitous_co mputing. [Accessed 10 August 2013].

Page 6 of 6