Privacy in Ubiquitous Computing
In the recent years use of desktop computers has fallen gradually, this means people have started moving to next generation of computing called Ubiquitous Computing or everywhere computing. In Ubiquitous environment computers are embedded in to the environment. This way of embedding computers in to the environment will make the humans life easy in many areas of day to day life such as health care, sports, education, etc. The main goal of ubiquitous environment is to free users from interacting with computers by making computers invisible to the users. When it comes to invisible computing one of the major barrier in implementing the ubiquitous environment is Privacy.
When it comes to privacy, there are many different kinds of privacy. Therefore it is difficult to narrow it into one section. According to Malcolm Crompton “What is Privacy?” “Some fundamental part of human dignity requires privacy. Privacy is part of the claim to personal autonomy. It supports the various freedoms that democratic countries value”. (S. Dritsas, D. Gritzalis, and C. Lambrinoudakis, 2006)
Weiser, (1991); Lamming & Newman, Hindus & Schmandt, (1992), “The need to understand and protect personal privacy in sophisticated information Systems is becoming critical as computing power moves out of the box-on-the-desk into the world at large. While we are entering the age of ubiquitous computing”
But in my point of view there is no way to define exactly “what is privacy”, it varies with people and the information they have and, what they want to share and not to share.
Marc Langheinrich states 5 different types of privacy in his Article “Privacy by Design – Principles of Privacy-Aware Ubiquitous Systems “which all has developed since the first privacy issue arose in the 1360s. These five types are “territorial privacy”, “media privacy”, “bodily privacy”, communicational privacy” and “information privacy”. (Cedric Laurant, 2003)
In this paper we will look we will mainly look on communicational privacy and information privacy. But we also have a small concern on territorial privacy, media privacy and bodily privacy.
Ubiquitous computing interface reach beyond the computational infrastructure and attempt to encompass the surrounding physical spaces as well. Ubiquitous applications often exchange physical location and other context information about users and resources to enhance the user experience. In this type of situation information and physical security becomes a question. As a result such environment becomes prone to more severe security threats, which can threaten people and other equipment’s in the physical world. Therefore traditional mechanisms that focus on digital security becomes in adequate in ubiquitous environment.
Accumulating active spaces with active sensors enables the construction of much more high intelligent spaces and computing capabilities, using various sensors and embedded devices in the environment can capture the user’s full information. Unfortunately these environment will be a high threating for the users privacy. Using these environment system administrators can track the particular user’s information and use it for their commercial purpose. Some environments like homes and clinics the users have the abundance of sensitive and personal information which must be preserved, most of the situation the users don’t want to be tracked.
One of the main characteristics of the ubiquitous applications in the rich full user interface for interaction between the user and the environment. To do this verity of multimedia mechanisms are used for input and output and to control the physical aspect of the environment. In this situation the set of users in the space may affect the security properties of the environment. Because of the nature of interaction the users in the space cannot easily be prevented from hearing and seeing things happening in it, therefore it has to be taken in to major consideration while designing the access control system. The access control system should allow the individual and the group or devices to use the environment in a manner that has collaboration, while giving the appropriate access control policies and preventing unauthorized use of the environment. While designing the users interface physical and the virtual aspects of access control for such environment have to be considered.
It is important for ubiquitous computing to have convenient and flexible method for defining and managing security policies in a flexible manner. The policy management tools provide the administrators ability to implement and specify rules to gain the greater control over the behavior of entities in their system. But currently most network policies are implemented by the system administrators using the tool based on scripting application that intact through the list of low-level applications. Their policy management software’s maintains a separate database for corresponding device and resource interfaces, these tools need to be updated frequently to accommodate new hardware or software, or the system will be difficult to manage it. As a result general purpose of the low level management tools are limited in functionality. Since most policy management tools deal with the low-level interface, the administrators may not have clear picture of the policy management actions. These discloser security policies may be a risk for security. Example, someone knowing whether the system is on the lookout for an intruder could actually be a secret. Thus, unauthorized person should not know the security policy.
One of the great deal of concern in ubiquitous environment is the concern over the new types of threads, information operations and cyber-terrorism, which is the natural consequences of increasing importance in the electronic information and the heavy reliance on digital communications networks in most of civilians and military activities. Example info ops, which is defined as “actions taken that affect adversary information and information system while defending one’s own information and information system”. Info ops is a serious concern in today’s networking in this stations cyber-terrorist and other techno villains can exploit computer networks, inject misleading information, steal electronic assets. Ubiquitous computing gives a very high priority for this and adds more capabilities to defend info warriors and make info ops a much more severe threat. ( E. A. M. Luiijf, 1999)
The security and the privacy guarantees in ubiquitous environment should be specified and drafted in to design process rather than considering as an add-on or future thinking. The previous effects in reroofing security and anonymity in to existing system had been proved to be ineffective and in efficient. The main two examples are internet and Wi-Fi, both of these still suffer from inadequate security. In this section we will look on important requirements needs for security of subsystem to be used in ubiquitous environment. (R. Mundy, D. Partain, and B. Stewart, 1999)
The main focus of ubiquitous computing is to transform users in to first class entities, where users no longer need to show more concern on their computing machinery. Therefore even the security subsystems can be transparent to some level, blending in to the background without distracting the users. When it comes to a security, the security architecture deployed should be able to provide different levels of security services based on system policy, context information, environmental situations and available resources, etc. situations which require a high level of assurance or greater security may require users to interact with security system explicitly by authenticating themselves using a variety of means to boot system’s confidence.
Traditional security is static and context insensitive. Ubiquitous computing integrates context and situational information, transforming the computing in to virtual space. In this situations the security services has to make full use of context information available. For example, access control decisions may depend on time or special situations. The principals of “Need to Know” should be applied on temporal and situation basis. For instance the security polices must be able to change dynamically to limit the permissions for the times and the situations they are needed. However viewing “what security policy might be activate in what particular?” should not be possible. Most of these, there needs to be a verification for authenticity and integrity of the context information required.
The security subsystems flexible, customizable and adaptable. It should be able to adapt in to environments with extreme conditions.it should be able to evolve and provide additional functionality when more resources become available, tools for defending and managing policies should be dynamic as the environment itself. With many security technologies surfacing and being developed. The assumptions that a particular security mechanism will eventually prevails. For that reason it is necessary to support multiple security mechanisms. While traditional security was restricted to virtual world, security now should incorporate some aspects of physical world.
The ubiquitous environment can have hundreds or thousands of diverse devices. The security services should be able to scale to the dust of mobile and embedded devices available to some particular instance of time. In addition to the security services, it need to able to serve huge number of users with different roles and privileges, under different situation. In the following sections we see some suggestions and solutions to safe grad the privacy in ubiquitous environment.
Justification and Solution
In day to day life, although ubiquitous computing help the people in mays ways. It cannot survive in the real world without taking some major actions to protect the privacy of the users. Therefore I came out with some suggestions that will help the ubiquitous environment to protect the user’s privacy.
There should be a limit for each ubiquitous applications to collect users data and any such situation the application should make the user aware that his particular data is been collected. The personal data collected from the users, should be relevant for the purpose for which it is to be used and to extent the necessary for the purposes, the users should be kept informed about the extended use of their data. The purpose for which the data is collected should be specified to the user at the time of collection and the subsequent use limited to fulfill the purpose, or such that not incompatible with those purpose should notify the user in each occasion and get authorization from the user. The personal data collected should not be disclosed or made available or otherwise used for purposes other than those specified, expect in the situation in authority of law. The personal data should be protected with the reasonable safeguards against the risk like stolen, modification, unauthorized access, and destruction use etc. There should be a general policy of openness about development, practices and policies with respect to the personal data. Means it should be readily available for establishing the existence and the nature of personal data, purpose of use and identity about the usual residence of the data collector. The individual must have the right to obtain the form of data collected or conform weather or not the data controller has data related to him. And the user should have the control to withdraw or make changes to his data at any point of time.
Although paper address some of the major privacy issues in ubiquitous environment and it also gives some solutions to protect user’s privacy in ubiquitous environment. The problems regarding the privacy is not that easy to solved, mainly because each individuals has their own personal opinions and values of what privacy really is. I also believe that when a new technology arise, the privacy problems will increase rapidly. Especially within the ubiquitous environment, which make it even hard to protect the integrity because sometimes data collection is almost completely invisible and it also provide the possibilities of recording people’s feelings and emotions.
Although it is hard to develop a fully privacy protected system in ubiquitous environment, I believe with the help of further research we can reduce the privacy issues to maximum level and can build a trust full ubiquitous environment in future.