A Game Theoretic Approach to Optimize Identity Exposure in Pervasive Computing Environments

In pervasive computing environments, personal information is typically expressed in digital forms. Daily activities and personal preferences with regard to pervasive computing applications are easily associated with personal identities. Privacy protection is a serious challenge. The fundamental problem is the lack of a mechanism to help people expose appropriate amounts of their identity information when accessing pervasive computing applications. In this paper, the authors propose the Hierarchical Identity model, which enables the expression of one's identity information ranging from precise detail to vague identity information. The authors model privacy exposure as an extensive game. By finding subgame perfect equilibria in the game, the approach achieves optimal exposure. It finds the most general identity information that a user should expose and which the service provider would accept. The authors' experiments show that their models can reduce unnecessary identity exposure effectively.

[1]  Paul Vickers,et al.  Securing Critical Infrastructures and Critical Control Systems: Approaches for Threat Protection , 2012 .

[2]  Ulf E. Larson A Structured Approach to Selecting Data Collection Mechanisms for Intrusion Detection , 2012 .

[3]  Elisa Bertino,et al.  Trust Negotiation in Identity Management , 2007, IEEE Security & Privacy.

[4]  Jan Camenisch,et al.  Design and implementation of the idemix anonymous credential system , 2002, CCS '02.

[5]  Marc Langheinrich,et al.  A Privacy Awareness System for Ubiquitous Computing Environments , 2002, UbiComp.

[6]  Steven A. Brown,et al.  Ethical Issues and Security Monitoring Trends in Global Healthcare: Technological Advancements , 2010 .

[7]  조영섭,et al.  OASIS SAML(Security Assertion Markup Language) v2.0 고찰 및 활용 , 2006 .

[8]  Lionel M. Ni,et al.  Private and Secure Service Discovery via Progressive and Probabilistic Exposure , 2007, IEEE Transactions on Parallel and Distributed Systems.

[9]  Elisa Bertino,et al.  An Overview of VeryIDX - A Privacy-Preserving Digital Identity Management System for Mobile Devices , 2009, J. Softw..

[10]  Pierangela Samarati,et al.  Regulating service access and information release on the Web , 2000, CCS.

[11]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[12]  David Cash,et al.  Minimal information disclosure with efficiently verifiable credentials , 2008, DIM '08.

[13]  Jun Zheng,et al.  Handbook of Research on Wireless Security , 2008 .

[14]  Matthew Sorell,et al.  A Biologically Inspired Smart Camera for Use in Surveillance Applications , 2010, Int. J. Digit. Crime Forensics.

[15]  Robert Hauptman Encyclopedia of Information Ethics and Security , 2007, Encyclopedia of Information Ethics and Security.

[16]  Jeff Magee,et al.  Security Considerations for a Distributed Location Service , 1998, Journal of Network and Systems Management.

[17]  James A. Landay,et al.  An architecture for privacy-sensitive ubiquitous computing , 2004, MobiSys '04.

[18]  Manuel Mogollon,et al.  Cryptography and Security Services: Mechanisms and Applications , 2007 .

[19]  Marianne Winslett,et al.  Negotiating Trust on the Web , 2002, IEEE Internet Comput..

[20]  J. Mcgaha Implementation Issues on a National Electronic Health Record Network , 2011 .

[21]  M. Culnan Protecting Privacy Online: Is Self-Regulation Working? , 2000 .

[22]  Lionel M. Ni,et al.  The master key: a private authentication approach for pervasive computing environments , 2006, Fourth Annual IEEE International Conference on Pervasive Computing and Communications (PERCOM'06).

[23]  Garry L. White,et al.  Global Information Security Factors , 2010, Int. J. Inf. Secur. Priv..

[24]  Marco Gruteser,et al.  USENIX Association , 1992 .

[25]  Elisa Bertino,et al.  Trust-/spl Xscr/;: a peer-to-peer framework for trust establishment , 2004, IEEE Transactions on Knowledge and Data Engineering.

[26]  Elisa Bertino,et al.  PP-trust-X: A system for privacy preserving trust negotiations , 2007, TSEC.

[27]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[28]  Elisa Bertino,et al.  Establishing and protecting digital identity in federation systems , 2005, DIM '05.

[29]  A. Soppera,et al.  Maintaining Privacy in Pervasive Computing — Enabling Acceptance of Sensor-based Services , 2022 .

[30]  Einar Snekkenes,et al.  Concepts for personal location privacy policies , 2001, EC '01.

[31]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[32]  Murthy V. Rallapalli A Privacy Agreement Negotiation Model in B2C E-Commerce Transactions , 2011, Int. J. Inf. Secur. Priv..

[33]  J. Miller,et al.  Are Online Privacy Policies Readable? , 2010, Int. J. Inf. Secur. Priv..

[34]  Roy H. Campbell,et al.  Towards Security and Privacy for Pervasive Computing , 2002, ISSS.

[35]  Adam M. Bossler,et al.  The General Theory of Crime and Computer Hacking: Low Self-control Hackers? , 2011 .

[36]  Sarah Spiekermann,et al.  Protecting One’s Privacy – Insights into the Views and Nature of the Early Adopters of Privacy Services , 2004 .

[37]  Hamid R. Nemati,et al.  Information Security and Ethics: Concepts, Methodologies, Tools and Applications , 2008 .

[38]  Frank Stajano,et al.  Location Privacy in Pervasive Computing , 2003, IEEE Pervasive Comput..

[39]  Esther Dyson Privacy Protection: Time to Think and Act Locally and Globally , 1998, First Monday.

[40]  W. Yan,et al.  A Comprehensive Survey of Event Analytics , 2012, Int. J. Digit. Crime Forensics.

[41]  Martin J. Osborne,et al.  An Introduction to Game Theory , 2003 .

[42]  Hamid R. Nemati International Journal of Information Security and Privacy , 2007 .

[43]  Marc Langheinrich,et al.  Privacy by Design - Principles of Privacy-Aware Ubiquitous Systems , 2001, UbiComp.

[44]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[45]  Steven Guan Secure Agent Roaming under M-Commerce , 2007, Encyclopedia of Information Ethics and Security.

[46]  Ajinkya Kulkarni,et al.  Understanding and minimizing identity exposure in ubiquitous computing environments , 2009, 2009 6th Annual International Mobile and Ubiquitous Systems: Networking & Services, MobiQuitous.