Skip to main content
SpringerLink
Log in
Book cover

Intelligent Networking, Collaborative Systems and Applications pp 207–233Cite as

Multilaterally Secure Ubiquitous Auditing

  • Chapter

Part of the book series: Studies in Computational Intelligence ((SCI,volume 329))

Abstract

Tracking information of individuals is a useful input to many Ubiquitous Computing (UbiComp) applications. Consider the example of a smart emergency management application: once mobile first responders are continuously tracked, a precise and safe coordination of rescue missions is possible, and also mission logs can be created for audit purposes. However, continuously tracking users and storing the data for later use is often in conflict with individual privacy preferences. This may ultimately lead to the non-acceptance and rejection of these new technologies by their users. In order to reconcile privacy and accountability requirements in location tracking systems, we introduce and evaluate the approach of using auditing mechanisms on two levels. We illustrate that, by employing carefully designed cryptographic mechanisms for selective pseudonym linkability based on efficient techniques of secure multiparty computation, it is possible to balance the conflicting interests to A certain extent. Our work, motivated by and applied to smart emergency management systems, is a step towards the realization of multilaterally secure and thus multilaterally acceptable UbiComp systems supporting collaborative work.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abelson, H., Anderson, R., Bellovin, S.M., Benaloh, J., Blaze, M., Diffie, W., Gilmore, J., Neumann, P.G., Rivest, R.L., Schiller, J.I., Schneier, B.: The Risks of Key Recovery, Key Escrow, and Trusted Third Party Encryption (1998), http://www.cdt.org/crypto/risks98/

  2. Aitenbichler, E., Kangasharju, J., Mühlhäuser, M.: MundoCore: A Light-Weight Infrastructure for Pervasive Computing. Pervasive and Mobile Computing 3(4), 332–361 (2007)

    Article  Google Scholar 

  3. Anderson, R.J.: Security Engineering: a Guide to Building Dependable Distributed Systems. John Wiley & Sons, Chichester (2008)

    Google Scholar 

  4. Beresford, A.R., Stajano, F.: Location Privacy in Pervasive Computing. IEEE Pervasive Computing 02(1), 46–55 (2003)

    Article  Google Scholar 

  5. Biskup, J., Flegel, U.: Threshold-Based Identity Recovery for Privacy Enhanced Applications. In: ACM Conference on Computer and Communications Security, pp. 71–79. ACM, New York (2000)

    Google Scholar 

  6. Biskup, J., Flegel, U.: Transaction-Based Pseudonyms in Audit Data for Privacy Respecting Intrusion Detection. In: Debar, H., Mé, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol. 1907, pp. 28–48. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  7. Burmester, M., Desmedt, Y., Wright, R.N., Yasinsac, A.: Accountable Privacy. In: Security Protocols Workshop 2004, pp. 83–95. Springer, Heidelberg (2004)

    Google Scholar 

  8. Camenisch, J., Lysyanskaya, A.: An Efficient System for Non-Transferable Anonymous Credentials with Optional Anonymity Revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  9. Cas, J.: Privacy in Pervasive Computing Environments - A Contradiction in Terms? IEEE Technology and Society Magazine 24(1), 24–33 (2005)

    Article  Google Scholar 

  10. Chaum, D.: Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. Communications of the ACM 24(2), 84–88 (1981)

    Article  Google Scholar 

  11. Chaum, D., Pedersen, T.P.: Wallet Databases with Observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993)

    Google Scholar 

  12. Cramer, R., Damgard, I., Schoenmakers, B.: Proofs of Partial Knowledge and Simplified Design of Witness Hiding Protocols. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 174–187. Springer, Heidelberg (1994)

    Google Scholar 

  13. Cramer, R., Gennaro, R., Schoenmakers, B.: A Secure and Optimally Efficient Multi-Authority Election Scheme. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 103–118. Springer, Heidelberg (1997)

    Google Scholar 

  14. Delakouridis, C., Kazatzopoulos, L., Marias, G.F., Georgiadis, P.: Share The Secret: Enabling Location Privacy in Ubiquitous Environments. In: Strang, T., Linnhoff-Popien, C. (eds.) LoCA 2005. LNCS, vol. 3479, pp. 289–305. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  15. Duckham, M., Kulik, L.: Location Privacy and Location-Aware Computing. In: Dynamic & Mobile GIS: Investigating Change in Space and Time, pp. 34–51. CRC Press, Boca Raton (2006)

    Google Scholar 

  16. ElGamal, T.: A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. IEEE Transactions on Information Theory 31(4), 469–472 (1985)

    Article  MATH  MathSciNet  Google Scholar 

  17. Ferguson, N., Schneier, B.: Practical Cryptography. Wiley Publishing, Inc., Chichester (2003)

    Google Scholar 

  18. Fiat, A., Shamir, A.: How to Prove Yourself: Practical Solutions to Identification and Signature Problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)

    Google Scholar 

  19. Fischer-Hübner, S.: Pseudonymity. In: Encyclopedia of Database Systems, p. 2207 (2009)

    Google Scholar 

  20. Fischer-Hübner, S., Brunnstein, K.: Combining Verified and Adaptive System Components Towards More Secure System Architectures. In: Workshop on Computer Architectures to Support Security and Persistance of Information. Springer, Heidelberg (1990)

    Google Scholar 

  21. Flegel, U.: Privacy-Respecting Intrusion Detection. Springer, Heidelberg (2007)

    Google Scholar 

  22. Freudiger, J., Manshaei, M.H., Hubaux, J.-P., Parkes, D.C.: On Non-Cooperative Location Privacy: a Game-Theoretic Analysis. In: ACM Conference on Computer and Communications Security, pp. 324–337. ACM, New York (2009)

    Google Scholar 

  23. Furukawa, J., Sako, K.: An Efficient Scheme for Proving a Shuffle. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 368–387. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  24. Goldwasser, S., Micali, S., Rackoff, C.: The Knowledge Complexity of Interactive Proof-Systems. SIAM Journal on Computing 18(1), 186–208 (1989)

    Article  MATH  MathSciNet  Google Scholar 

  25. Greenstein, B., McCoy, D., Pang, J., Kohno, T., Seshan, S., Wetherall, D.: Improving Wireless Privacy with an Identifier-Free Link Layer Protocol. In: Conference on Mobile Systems, Applications, and Services (MobiSys 2008), pp. 40–53. ACM, New York (2008)

    Chapter  Google Scholar 

  26. Gruteser, M., Grunwald, D.: Enhancing Location Privacy in Wireless LAN through Disposable Interface Identifiers: a Quantitative Analysis. Mob. Netw. Appl. 10(3), 315–325 (2005)

    Article  Google Scholar 

  27. Hartmann, M., Austaller, G.: Context Models and Context-Awareness. In: Ubiquitous Computing Technology for Real Time Enterprises, pp. 235–256. IGI Global Publisher (2008)

    Google Scholar 

  28. Heinemann, A.: Collaboration in opportunistic networks. Ph.D. thesis, Technische Universität Darmstadt (2007)

    Google Scholar 

  29. Henrici, D., Müller, P.: Hash-Based Enhancement of Location Privacy for Radio-Frequency Identification Devices Using Varying Identifiers. In: Conference on Pervasive Computing and Communications Workshops (PERCOMW 2004). IEEE Computer Society, Los Alamitos (2004)

    Google Scholar 

  30. Hirt, M.: Multi-party computation: Efficient protocols, general adversaries, and voting. Ph.D. thesis, ETH Zurich (September 2001), ftp://ftp.inf.ethz.ch/pub/crypto/publications/Hirt01.pdf

  31. Jakobsson, M., Juels, A.: Mix and Match: Secure Function Evaluation via Ciphertexts (Extended Abstract). In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 162–177. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  32. Juels, A., Pappu, R.: Squealing Euros: Privacy Protection in RFID-Enabled Banknotes. In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 103–121. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  33. Kesdogan, D., Federrath, H., Jerichow, A., Pfitzmann, A.: Location Management Strategies Increasing Privacy in mobile Communication. In: IFIP International Information Security Conference (SEC 1996), pp. 39–48. Chapman & Hall, Boca Raton (1996)

    Google Scholar 

  34. Koeune, F.: Pseudo-Random Number Generator. In: Encyclopedia of Cryptography and Security, pp. 485–487 (2005)

    Google Scholar 

  35. Lindell, Y., Pinkas, B.: Secure Multiparty Computation for Privacy-Preserving Data Mining. Journal of Privacy and Confidentiality 01(01), 59–98 (2009)

    Google Scholar 

  36. Martucci, L.A., Kohlweiss, M., Andersson, C., Panchenko, A.: Self-Certified Sybil-Free Pseudonyms. In: Conference on Wireless Network Security (WISEC 2008), pp. 154–159. ACM, New York (2008)

    Chapter  Google Scholar 

  37. Mühlhäuser, M., Gurevych, I. (eds.): Ubiquitous Computing Technology for Real Time Enterprises - Handbook of Research. IGI Global Publisher (2008)

    Google Scholar 

  38. Mühlhäuser, M., Hartmann, M.: Interacting with Context. In: Rothermel, K., Fritsch, D., Blochinger, W., Dürr, F. (eds.) QuaCon 2009. LNCS, vol. 5786, pp. 1–14. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  39. Park, C., Itoh, K., Kurosawa, K.: Efficient Anonymous Channel and All/Nothing Election Scheme. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 248–259. Springer, Heidelberg (1994)

    Google Scholar 

  40. Pedersen, T.P.: A Threshold Cryptosystem without a Trusted Party (Extended Abstract). In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 522–526. Springer, Heidelberg (1991)

    Google Scholar 

  41. Pfitzmann, A.: Multilateral Security: Enabling Technologies and Their Evaluation. In: Müller, G. (ed.) ETRICS 2006. LNCS, vol. 3995, pp. 1–13. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  42. Pfitzmann, A., Hansen, M.: A Terminology for Talking about Privacy by Data Minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management. V0.32 (December 2009), http://dud.inf.tu-dresden.de/Anon_Terminology.shtml

  43. Rannenberg, K.: Multilateral Security - a Concept and Examples for Balanced Security. In: Workshop on New Security Paradigms (NSPW 2000), pp. 151–162. ACM, New York (2000)

    Chapter  Google Scholar 

  44. Satyanarayanan, M.: Privacy: The Achilles Heel of Pervasive Computing? IEEE Pervasive Computing 2(1), 2–3 (2003)

    Google Scholar 

  45. Schlott, S.: Privacy- und sicherheitsaspekte in ubiquitaeren umgebungen. Ph.D. thesis, Universität Ulm (2008)

    Google Scholar 

  46. Schneier, B., Kelsey, J.: Secure Audit Logs to Support Computer Forensics. ACM Trans. Inf. Syst. Secur. 2(2), 159–176 (1999)

    Article  Google Scholar 

  47. Shamir, A.: How to Share a Secret. Communications of the ACM 22(11), 612–613 (1979)

    Article  MATH  MathSciNet  Google Scholar 

  48. Sobirey, M., Fischer-Hübner, S., Rannenberg, K.: Pseudonymous Audit for Privacy Enhanced Intrusion Detection. In: IFIP International Information Security Conference (SEC 1997), pp. 151–163. Chapman & Hall, Boca Raton (1997)

    Google Scholar 

  49. Stajano, F.: Security Issues in Ubiquitous Computing. In: Handbook of Ambient Intelligence and Smart Environments, pp. 281–314. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  50. Tsiounis, Y., Yung, M.: On the Security of ElGamal based Encryption. In: Imai, H., Zheng, Y. (eds.) PKC 1998. LNCS, vol. 1431, pp. 117–134. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  51. Waters, B.R., Balfanz, D., Durfee, G., Smetters, D.K.: Building an Encrypted and Searchable Audit Log. In: Network and Distributed System Security Symposium (NDSS 2004). The Internet Society (2004)

    Google Scholar 

  52. Weber, S.G.: Harnessing Pseudonyms with Implicit Attributes for Privacy-Respecting Mission Log Analysis. In: Conference on Intelligent Networking and Collaborative Systems (INCoS 2009), pp. 119–126. IEEE Computer Society, Los Alamitos (2009)

    Chapter  Google Scholar 

  53. Weber, S.G.: Securing First Response Coordination with Dynamic Attribute-Based Encryption. In: World Congress on Privacy, Security, Trust and the Management of e-Business (CONGRESS 2009), pp. 58–69. IEEE Computer Society, Los Alamitos (2009)

    Chapter  Google Scholar 

  54. Weber, S.G., Heinemann, A., Mühlhäuser, M.: Towards an Architecture for Balancing Privacy and Traceability in Ubiquitous Computing Environments. In: Workshop on Privacy and Assurance (WPA 2008) at Conference on Availability, Reliability and Security (ARES 2008), pp. 958–964. IEEE Computer Society, Los Alamitos (2008)

    Google Scholar 

  55. Weber, S.G., Ries, S., Heinemann, A.: Inherent Tradeoffs in Ubiquitous Computing Services. In: INFORMATIK 2007. LNI, vol. P109, pp. 364–368. GI (September 2007)

    Google Scholar 

  56. Weiser, M.: The Computer for the 21st Century. Scientific American 265(3), 94–104 (1991)

    Article  Google Scholar 

  57. Yao, A.C.: Protocols for Secure Computations (Extended Abstract). In: 23th Annual Symposium on Foundations of Computer Science (FOCS 1982), pp. 160–164. IEEE Computer Society Press, Los Alamitos (1982)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. CASED, Darmstadt, Germany

    Stefan G. Weber

  2. Telecooperation Group, TU, Darmstadt, Germany

    Max Mühlhäuser

Authors
  1. Stefan G. Weber
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Max Mühlhäuser
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Sciences Multimedia and Telecommunications, Open University of Catalonia, Rbla. Poblenou. 156, 08018, Barcelona, Spain

    Santi Caballé

  2. Department of Languages and Informatics Systems, Polytechnic University of Catalonia, Campus Nord, Ed. Omega, C/Jordi Girona 1-3, 08034, Barcelona, Spain

    Fatos Xhafa

  3. Scientific Network for Innovation and Research Excellence, Machine Intelligence Research Labs (MIR Labs), P.O. Box 2259, 98071-2259, Auburn, Washington, USA

    Ajith Abraham

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Weber, S.G., Mühlhäuser, M. (2010). Multilaterally Secure Ubiquitous Auditing. In: Caballé, S., Xhafa, F., Abraham, A. (eds) Intelligent Networking, Collaborative Systems and Applications. Studies in Computational Intelligence, vol 329. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16793-5_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-16793-5_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-16792-8

  • Online ISBN: 978-3-642-16793-5

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation