Sensors guard privacy

By Kimberly Patch, Technology Research News

In a world where sensor networking and location tracking technology is becoming increasingly sophisticated and prevalent, preserving privacy is an increasingly difficult challenge.

Researchers from the University of Colorado at Boulder have addressed the problem with a way to set up networks of tiny sensors that allows users to gain useful traffic statistics but preserves privacy by cloaking location information for any given individual.

"We realized that privacy policies tend to get incredibly complex because they need to define in detail under which circumstances who should get access to what information," said Marco Gruteser, a researcher at the University of Colorado.

At the same time, privacy is poised to get even more complicated, said Gruteser. Researchers are developing wireless networks of tiny, cheap, powerful sensors. "Sensor network technology promises to enable vast arrays of sensors monitoring many aspects of our daily lives," he said.

Such high-precision data can give away the identity of the people being monitored, said Gruteser. For example, an array of infrared sensors, which key off the heat human bodies emit, may track movements throughout an office building. "If such movements [were] correlated with knowledge of individuals' office locations, most monitored subjects could be identified simply by checking... which place they spend most of their time," Gruteser said.

The researchers' software uses the computational abilities built into today's sensors to automatically adjust the precision of location data and removes obvious identifiers like names in order to make such correlations more difficult.

The researchers' algorithm defines the strength of privacy as the number of people any given individual is indistinguishable from. The software can be set to a minimum level of privacy, for instance, to make it impossible to distinguish a given person from five of her colleagues. "The algorithm monitors the overall number of people and adaptively changes the precision of reported locations -- say, from a room level to a building floor level -- to maintain the predefined minimum level of privacy," he said.

The researchers' key idea was realizing that networks of sensors offer enough computational power to allow for such privacy-enhancing algorithms, said Gruteser. The main challenge to turning sensor nodes into a trustworthy, privacy-protecting network was designing an algorithm that distributed the needed computation among a large number of sensors, he said.

Distributing the information among nodes yields another advantage, said Gruteser. "If an adversary succeeds in compromising one sensor node, he does not gain access to all information collected by the network," he said.

Putting privacy protection in the sensor network means there are fewer places where information can be hacked. Such protection is usually set up further downstream, in the applications or databases that use the information collected by sensors. "Our work applies... anonymity or depersonalization on-the-fly to a stream of location data before it can be stored in a database that might be exposed to inside attacks or... inadvertent data disclosures," said Gruteser.

The drawback to the approach is that it is only suitable for applications that do not require user identification and can deal with less precise location data, said Gruteser.

Appropriate applications include monitoring the use of facilities, tracking the availability of meeting rooms and offices, collecting retail store traffic statistics to improve store design and product shelving, and tracking vehicles in order to better manage traffic, he said.

Privacy-enabled sensor networks would allow service providers to avoid privacy software and policies at the database and application level, he said.

To ensure privacy, an organization that wishes to collect data would have the sensor networks certified by a third-party agency, said Gruteser. The process could be similar to the federal information processing computer security standard for cryptographic modules, he said. "This should increase user trust in the deployment and decrease organizations' exposure to privacy liabilities," he said.

The scheme is a collection of techniques that have been applied separately in other contexts, and a nice piece of design that shows how to avoid aggregation, said Gene Spafford, a professor of computer science at Purdue University. "This is the first time I've seen that all combined into the context of sensor systems," he said.

The scheme addresses a general issue of privacy concerns, said Spafford. "It is difficult to preserve privacy and also meet necessary accuracy constraints," he said.

But preserving privacy at the sensor level may turn out to be too vague a scheme for many applications, said Spafford. "For instance, if I'm installing a building alarm system for after-hours use, I want to know exactly how many people are in each room," he said.

The scheme also requires that all sensors can be trusted and that they can't be tempered with, said Spafford. "That may or may not be realistic in actual application," he said.

The researchers are ultimately looking to provide a way for users to remain private if they wish to, said Gruteser. "Research in sensor and wireless networking will, as a side-effect, dramatically increase the potential for data collection and surveillance," he said. "Our research seeks to provide a toolkit of techniques that enable users to protect their location privacy when desired," he said.

The privacy-aware location sensor networks could be used practically in 3 to 6 years, according to Gruteser.

Gruteser's research colleagues were Graham Schelle, Ashish Jain, Rick Han and Dirk Grunwald. They presented the work at Usenix HotOS IX: 9TH Workshop on Hot Topics in Operating Systems, in Lihue, Hawaii, May 18-21, 2003. The research was funded by the National Science Foundation (NSF).

Timeline:   3-6 years
Funding:   Government
TRN Categories:   Cryptography and Security; and Data Acquisition; Computers and Society
Story Type:   News
Related Elements:  Technical paper, "Privacy-Aware Location Sensor Networks," presented at at Usenix HotOS IX: 9TH Workshop on Hot Topics in Operating Systems, in Lihue, Hawaii, May 18-21, 2003, and posted at www.usenix.org/events/hotos03/tech/full_papers/gruteser/gruteser.pdf




Advertisements:



July 16/23, 2003

Page One

Sensors guard privacy

Cheaper optics-chip link on tap

Logic clicks with ratchet

Electricity shapes nano plastic

News briefs:
Experience handed across Net
3D display goes vertical
Gel yields nanotube plastic
Nano toolbox gains carbon cones
Jolts mix micro fluids
Jet-laser tandem prints gold

News:
Research News Roundup
Research Watch blog

Features:
View from the High Ground Q&A
How It Works

RSS Feeds:
News  | Blog  | Books 

Ad links:
Buy an ad link
Advertisements:







Ad links: Clear History

Buy an ad link
 
Home     Archive     Resources    Feeds     Offline Publications     Glossary
TRN Finder     Research Dir.    Events Dir.      Researchers     Bookshelf
   Contribute      Under Development     T-shirts etc.     Classifieds
Forum    Comments    Feedback     About TRN


© Copyright Technology Research News, LLC 2000-2006. All rights reserved.