Robin Kravets
ABSTRACT
As users interact with an Internet of Things (IoT) ecosystem, they leave behind traces of information about their presence, preferences and behavior. While the ecosystem can track individuals' movements to provide enhanced recommendations, individuals have little control over how this information is being used or distributed. Such tracking has led to increasing privacy concerns over the use of IoT. While it is possible to develop systems to enable anonymous interaction with IoT, anonymity results in limited benefits to both individuals and IoT ecosystems. In response, we present Incognito, a secure and privacy preserving IoT framework where user information exposure is driven by the concept of identity. In particular, we advocate user-managed identities, leaving the control of the choice of identity in a given context, as well as the level of exposure, in the hands of the user. Using Incognito, users can create identities that work only within certain contexts and are meaningless outside of these contexts. Furthermore, Incognito allows for simple management of information exposure through contextual-policies for sharing as well as querying of an IoT ecosystem. By giving individuals full control over the information traces that they leave behind in an IoT infrastructure, Incognito, in essence, puts individuals on equal footing with the entities that want to track their behavioral data. Incognito fosters a symbiotic relationship; users will need to expose information in exchange for personalized recommendations and IoT organizations who provide sophisticated user experiences will see enhanced user engagement.
- Natasha Singer. F.T.C. says internet-connected devices pose big risks. The New York Times, Jan 2015. http://nyti.ms/1MPWgby.Google Scholar
- The Economist. The internet of things (to be hacked), July 2014. http://econ.st/1FQ3A1Y.Google Scholar
- Joseph Turow. The daily you: How the new advertising industry is defining your identity and your worth. Yale University Press, 2012.Google Scholar
- Lori Andrews. Facebook is using you. The New York Times, Feb 2012. http://nyti.ms/1GGOG46.Google Scholar
- David Meyer. Samsung invests in internet of things identity management platform evrythng, Oct. 2014. http://bit.ly/1JoTivU.Google Scholar
- Hans Gellersen, Michael Beigl, and Albrecht Schmidt. Sensor-based context-awareness for situated computing. In Proc. of Workshop on Software Engineering for Wearable and Pervasive Computing., 2000.Google Scholar
- Martin Azizyan, Ionut Constandache, and Romit Roy Choudhury. Surroundsense: mobile phone localization via ambience fingerprinting. In Proceedings of the 15th annual international conference on Mobile computing and networking, pages 261--272. ACM, 2009. Google ScholarDigital Library
- Yohan Chon, Nicholas D Lane, Fan Li, Hojung Cha, and Feng Zhao. Automatically characterizing places with opportunistic crowdsensing using smartphones. In Proceedings of the 2012 ACM Conference on Ubiquitous Computing, pages 481--490. ACM, 2012. Google ScholarDigital Library
- Ming Lei, Xiaoyan Hong, and Susan V Vrbsky. Protecting location privacy with dynamic mac address exchanging in wireless networks. In Global Telecommunications Conference, 2007. GLOBECOM'07. IEEE, pages 49--53. IEEE, 2007.Google Scholar
- Julien Freudiger, Mohammad Hossein Manshaei, Jean-Yves Le Boudec, and Jean-Pierre Hubaux. On the age of pseudonyms in mobile ad hoc networks. In INFOCOM, 2010 Proceedings IEEE, pages 1--9. IEEE, 2010. Google ScholarDigital Library
- Rongxing Lu, Xiaodong Li, Tom H Luan, Xiaohui Liang, and Xuemin Shen. Pseudonym changing at social spots: An effective strategy for location privacy in vanets. Vehicular Technology, IEEE Transactions on, 61(1):86--96, 2012.Google Scholar
- Parikshit N Mahalle, Bayu Anggorojati, Neeli R Prasad, and Ramjee Prasad. Identity authentication and capability based access control (iacac) for the internet of things. Journal of Cyber Security and Mobility, 1(4):309--348, 2013.Google Scholar
- Qi He, Dapeng Wu, and Pradeep Khosla. The quest for personal control over mobile location privacy. Communications Magazine, IEEE, 42(5):130--136, 2004. Google ScholarDigital Library
- Uribeacon. http://uribeacon.io.Google Scholar
- Jeffrey Pang, Ben Greenstein, Ramakrishna Gummadi, Srinivasan Seshan, and David Wetherall. 802.11 user fingerprinting. In Proceedings of the 13th annual ACM international conference on Mobile computing and networking, pages 99--110. ACM, 2007. Google ScholarDigital Library
- Konstantinos Lampropoulos and Spyros Denazis. Identity management directions in future internet. Communications Magazine, IEEE, 49(12):74--83, 2011.Google ScholarCross Ref
- Sheikh Iqbal Ahamed, Farzana Rahman, and Endadul Hoque. Erap: Ecc based rfid authentication protocol. In Future Trends of Distributed Computing Systems, 2008. FTDCS'08. 12th IEEE International Workshop on, pages 219--225. IEEE, 2008. Google ScholarDigital Library
- Guanglei Zhao, Xianping Si, Jingcheng Wang, Xiao Long, and Ting Hu. A novel mutual authentication scheme for internet of things. In Modelling, Identification and Control (ICMIC), Proceedings of 2011 International Conference on, pages 563--566. IEEE, 2011.Google Scholar
- nrf51822 bluetooth smart beacon kit. http://bit.ly/1L34QCz.Google Scholar
- Apple. Getting started with ibeacon, 2014. http://apple.co/1MPb7CU.Google Scholar
- Albert Bifet, Geoff Holmes, Bernhard Pfahringer, and Ricard Gavaldà. Mining frequent closed graphs on evolving data streams. In Proceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data mining, pages 591--599. ACM, 2011. Google ScholarDigital Library
- Hong Cheng, Xifeng Yan, and Jiawei Han. Mining graph patterns. In Managing and Mining Graph Data, pages 365--392. Springer, 2010.Google ScholarCross Ref
- Yu-Ru Lin, Jimeng Sun, Hari Sundaram, Aisling Kelliher, Paul Castro, and Ravi Konuru. Community discovery via metagraph factorization. ACM Transactions on Knowledge Discovery from Data (TKDD), 5(3):17, 2011. Google ScholarDigital Library
Index Terms
- For Your Eyes Only
Recommendations
Enhancing and Evaluating Identity Privacy and Authentication Strength by Utilizing the Identity Ecosystem
WPES'18: Proceedings of the 2018 Workshop on Privacy in the Electronic SocietyThis paper presents a novel research model of identity and the use of this model to answer some interesting research questions. Information travels in the cyber world, not only bringing us convenience and prosperity but also jeopardy. Protecting this ...
A framework for preserving privacy in cloud computing with user service dependent identity
ICACCI '12: Proceedings of the International Conference on Advances in Computing, Communications and InformaticsThe widespread focus on the Cloud Computing has necessitated the corresponding mechanisms to ensure privacy and security. Various attempts have been made in the past to safeguard the privacy of the individual or agency trying to utilize the services ...
Enhancing User Identity Privacy in LTE
TRUSTCOM '12: Proceedings of the 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and CommunicationsIdentity privacy is a security issue that is crucial for the users of a cellular network. Knowledge of the permanent identity of a user may allow an adversary to track and amass comprehensive profiles about individuals. Such profiling may expose an ...
Comments