This action might not be possible to undo. Are you sure you want to continue?
on Advances in Computer Science 2010
User Controlled Privacy in Participatory Sensing
Ramaprasada R. Kalidindi, KVSVN Raju1, V. Valli Kumari2, C.S. Reddy3
Dept. of Computer Science and Engineering, S.R.K.R. Engineering College, Bhimavaram-534204, India. firstname.lastname@example.org Dept. of Computer Science and Systems Engineering, AUCE(A), Andhra University, Visakhapatnam-533003, India. 1 email@example.com, firstname.lastname@example.org, email@example.com
Abstract—Most of the sensor network applications in military and civilian use are surreptitious. If these are used for the benefit of society in addition to the individual needs a new set of applications can be developed. This paper describes infrastructure monitoring based on collaboration between sensor networks. The solution provides a reputation based hybrid network where collaborative trust is established based on referrals (opinions). Depending on the trust, the information is exchanged between one entity and another with different authorization levels. The outcome of the paper is collaborative data collection with privacy levels controlled by individual users. Keywords- privacy control; trust; reputation; collaborative networks; urban sensing; participatory sensing; sensor networks.
I. INTRODUCTION Widespread use of low cost tiny sensors in civilian applications and their eventual integration with Internet has made them pervasive [1, 2, 3]. Often data collected from sensor networks in the urban environments inhabited by humans constitute personal information. The acceptance of these sensor networks as public infrastructure will need citizens’ participation and collaboration. This type of applications in urban areas is entirely different from habitat monitoring, where privacy is not a concern. Deploying these networks without addressing the security and privacy concerns will turn against those whom it is meant to benefit. And user acceptance depends on the provision of appropriate mechanisms to deal with these concerns. The main privacy problem in sensor networks is; they generate large volumes of information which is easily available through remote access. Ensuring that sensed information stays within sensor network and is accessible only to trusted parties is an essential step toward achieving privacy . Allowing individual’s control on how personal data is collected, distributed and processed addresses privacy (information privacy) issues. This can be achieved by providing a resolution control in the hands of the user. High resolution data is more useful, but this choice could be left to the individual provider so that privacy control can be done at the source [5, 6]. In an urban environment establishing a sensor network over large area is not practically feasible due to cost, but with people’s participation this can be done with minimum cost. For example, consider these two applications. First, the civic authorities in metropolitan cities provide general amenities and security to public depending
© 2010 ACEEE DOI: 02.ACS.2010.01.187
on the time variant density of population during work hours in offices, evening at parks, and night at clubs etc. This may vary during week days, weekends, festivals, functions and meetings. Estimating the requirement and deploying the security personnel and ambulances and other amenities dynamically is not precise, as getting the real time data is difficult and costly. Assuming that each person has a cell phone, the population density of people at a point of time can be identified using cell phone location . Second, the spread of a contagious disease and its consequences are known to public and health authorities only after certain causalities. But estimating the disease spread in real time depending on the people queries to health websites (viz Google flu trends) minimizes causalities and certain areas can be quarantined in advance . Sharing person specific data for this type of applications is not possible without the consent of its owner. If the granularity of the data is high, there will be more applications of this kind. Automatic collection of higher granular data is possible with networked sensors at higher densities. When these are used around human habitats they will collect human related data, but people do not want to make private life public. Most of the today's sensor network applications are pervasive in nature in which a centralized authority is used to collect data from individuals. But the individuals are not having any control over their private data. For example, giving cell phone location to unauthorized agencies is not allowed under privacy laws. If an individual is willing, this information can be shared with others. People may not be willing to share this information at all times. If the individual is having control over when to share and what to share, more people will allow sharing. This will lead to new applications like location advertising, alerting nearest emergency services etc., where collaborative and opportunistic sensing is used to realize pervasive applications . More people will participate in these endeavors if privacy control is with individual rather than with centralized authority. For infrastructure monitoring applications in gated communities, apartment buildings and rented commercial complexes, solutions are provided with different networks 72
since each cluster head is connected to base station. The cluster head updates data at the base station periodically. water heater. individuals trust and rely on the previous transactions and opinions of others who have good transactions with them in the past. An owner develops a reputation for each other owner by making direct observations about other owners in the neighborhood. We have to trust the entities behind these cluster heads and authorization levels are to be entrusted to each entity. s3 and s4 can be shared with neighbors.) accessed. assigned to different cluster heads may be withdrawn if the occupant of a flat does not have the trust on them. For example. The cluster heads are connected to Base Station (B). fire alarm etc. light. They transmit this data to Cluster Head (C). The base station sends emergency data to emergency services which are connected through Internet. When these neighbors are changing continuously (new owners and new tenants) trusted neighbors are to be identified dynamically. The authorization level A2. They can access this data at their cluster head through a secured link provided by base station.01. administrator at base station and disaster management teams which are using the emergency sensors' data will be the users of network. s3 and s4 can be © 2010 ACEEE DOI: 02. This requires calculation of trust about other cluster heads at the cluster head periodically. police. Table II gives the authorization levels. This model assumes a multi-owner and multi-user network with sensor nodes. earth quake detection. of Int. Sensor nodes collect data from physical activity and send it to cluster head. At level A3 data from s3 and s4 sensors can be accessed. A/C etc. (Personal) State of living room door. there are four authorization levels A1 to A4 to access different types of data. At level A4 data from s4 sensors can be accessed. Since the owner of information can authorize others for different levels of authorization. At level A2 data from sensors s2. we take the opinion of others to build initial trust. who may not be his/her trusted friends.2010. (Maintenance utilities) Fire. TABLE I TYPES OF SENSORS Sensor s1 s2 s3 s4 Data of interest State of bed room door. The links between sensor nodes and cluster head are unidirectional.ACS. Since this trust is needed in between the entities which are dealing with authorization. base station and emergency agencies through Internet. has privileges to give authorization for other users and can configure the sensor network. Table I gives the type of data from various sensors. In a social community. The data from sensors s2. These links are secured and the base station is connected to Internet. This document will give an initial trust. Conf. we trust people depending on past interactions with them. etc. cluster head. power meter reading. The owners of different cluster heads can categorize sensors as s1 to s4. the data is stored with the cluster head and it is exchanged with base station and other cluster heads. PROPOSED MODEL In social environment. etc. This work attempted to give access to data among trusted parties by finding the trustworthiness using reputation. These past interactions will be used to build reputation of a particular person. which is called as institutional trust. All cluster heads send data from s3 and s4 sensors to base station. between them. Initially when a new owner approaches maintenance authority for a flat. if the owner of a flat gives it for rent. In the absence of these interactions. only the network of base station and cluster A user authorized at level A1 can have access to entire data at cluster head level. overhead water tank level. theft alarm. When faced with uncertainty. These levels will determine to what extent the user can have access to data. etc. Emergency management agencies can access data at base station through Internet to deal with emergencies or the base station can alert the agency in case of emergencies. When a flat owner who is in control of cluster head wants to share information with friendly neighbors. Authorized users can access data at the cluster heads and base station. the sensor network collects tenant’s data. the access control will be with owner. he/she can trust only few neighbors.B. In the network model described in Section III. At each cluster head. (Emergency) The owners of cluster heads. trust between two individuals is developed based on their transactions over time. This reputation is used to help an owner evaluate the trustworthiness of others and make a decision to share data within the network. Sensor Nodes (s1-s4) collect data about the physical activity like state of bedroom door. etc. The data from s1 sensors is personal and is accessible to the owner only. The link between cluster head and base station is bidirectional. IV. they will undertake an agreement which is a legally binding document on two parties. The data from s4 sensors is generated in emergencies and is available through base station.187 74 .Proc. sensor node. TABLE II USER AUTHORIZATION LEVELS Level A1 A2 A3 A4 Users Self Trusted friends Infrastructure maintenance authority Emergency services (Fire services. The tenant may not be interested in sharing his/her data with owner's trusted friends. depending upon their authorization levels. on Advances in Computer Science 2010 The data collection mechanism is composed of four levels viz. (Flat utilities) Overhead tank water level. light. which continuously produce data. disaster management teams.
Every time a node interacts with other node it updates its reputation table. as given by Oxford dictionary. which will maintain data coming from the cluster heads pertaining to certain sensors and is connected to all cluster heads and the Internet. Direct Reputation The direct reputation Rij is the ratio of successful and total transactions of node Ni with node Nj. e Rii ( ) = 1 ).Nn) connected to base station. If reputation is considered to form an opinion. on Advances in Computer Science 2010 heads is considered. if other node responds by sending the information it will be treated as successful transaction. Conf.01. Rij is an event driven e Fig.. The base station gives reputation ratings depending on their participation in sharing the data. Base station (B) is the maintenance authority.1] . and the total number of transactions with Nj.5 ⎪ Oijp = ⎨ ij ⎪0 ⎩ o observed reputation Rij of a node Nj as perceived by node o community and Rij ∈ [0.Proc. The definition of opinion. All transactions to itself are if if t ij ≠ 0 t ij = 0 (2) s successful transactions (i. As part of infrastructure.. A. Neighbor is one of the remaining cluster heads which is connected to base station with which a cluster head wants to share information or collect opinion. no response will be treated as unsuccessful transaction.e. which are available in their respective reputation tables. The Reputation of a neighbor Nj at node Ni is derived from direct reputation of Nj at Ni and observed reputation of Nj collected from other nodes and base station at Ni. When a node Ni is having t ij s total transactions and among them t ij is the successful e e directly transacting with node Nj and Rij ∈ [0. Opinion ( O xy ) is the value given by a node x depending upon the reputation of y. t ij is the total and s t ij is the successful number of transactions between nodes Ni and Nj. These nodes will respond to this request by sending the reputation of Nj. we form an opinion taking the reputation of that person in the community into account. B N1 N2 Ni Nj Nn Transaction Request for opinion Figure 2.ACS.2 shows transactions between base station and nodes. the nodes are sharing part of the data with base station. The self reputation value is one (i. t ii = t ii ). Ni reflects the Nj’s behavior with neighbors in the The base station is having transactions with all other nodes.e. A node can also share data with another node and it gives reputation rating depending on how the other node is using the shared data and whether it is sharing data with it or not. Reputation Reputation of a node is the satisfaction of usage of shared data and its reciprocation in sharing data. B. B. The base station and each node will maintain a reputation table consisting of direct reputation of the node and total number of transactions with that node for base station and all nodes in the network. Responding to the request is treated as positive transaction which will increase the reputation of responding node there by encouraging responses.2010. It may be a positive or negative opinion depending on various inputs we have about that person. The direct reputation. The terminology used in the remaining sections is given below.1] . The nodes may or may not have transactions with other nodes. s t ij e (1) Rij = t ij In a social environment. is a belief or judgment about a particular thing. the direct reputation is given as in (1). ⎧ R e − 0. The personal opinion Oijp of node Ni about Nj is given as in (2). of Int. When a node requests for information from a node. Let there are n nodes (N1 .187 75 . reputation of a node Nj as perceived by node Ni when it is The number of transactions with Nj. more than half of successful transactions be considered as positive and less than half be as negative. Interactions with nodes to obtain Nj’s reputation When a node Ni wants to calculate the trust of a particular node Nj it sends a broadcast request to base station and all other nodes. © 2010 ACEEE DOI: 02. when we deal with persons. which is not necessarily based on fact or knowledge. Thick line indicates transaction and dashed line indicates a request to get opinion. Node (N) is the cluster head which will collect data from sensor nodes and forward certain type of sensors’ data to the base station. A node can take reputations from other nodes and can derive an opinion value considering the reputations and its own transactions.
. of Int. o Oij = wi Oijp + (1 − wi )Oij (5) Where wi is the weight assigned to personal opinion among personal and other’s opinion at Ni.2010. The average opinion. which will vary with the values given by responding nodes.5 ⎪ obj = ⎨ bj ⎪0 ⎩ ( ) if if t bj ≠ 0 t bj = 0 (4) obj ∈ [− 0.187 With the emergence of widespread use of sensors in an urban environment. the base station e o sends Rbj and t bj values. MODEL EVALUATION is derived from the reputation collected from base station by node Ni about Nj and base station reputation at node Ni. When a node is having sufficient number of transactions to judge.5.0. These values are used to establish trust and thereby to give authorization. The majority opinion is almost constant except one. to find the mode of given set of opinions S from base station and other nodes. o e e Rbj = Rib ⋅ Rb j (3) Opinion ( obj ) of base station about node Nj is given as in (4). we presented a procedure to evaluate opinion values. If a node is having total transactions more than the average total transactions done by other nodes. on Advances in Computer Science 2010 Oijp ∈ [− 0. For evaluating our model we have taken one hundred nodes having trasactions upto ten thousand. if Ni requests base station to send data about Nj. Opinions were derived from the reputations and majority opinion is taken for consideratrion for other’s opinion as shown in Fig.3. Evaluating the Opinion The overall opinion Oij is node Ni’s opinion on Nj and is given as in (5). o 2 j . This work considered the 76 . wi = nt ij In this paper..1 ∑ n t kj n (6) t kj Users at cluster heads collect opinions and consider them in establishing trust with neighbors... Let S = obj . base station as in (3).5] . CONCLUSION AND FUTURE DIRECTIONS k = b .4 shows majority opinion when the number of responidng nodes for giving the opinon are varying.0. Conf.5. the need for a proper trust management between the collaborative entities and the need of the privacy control with each collaborative entity is strongly felt. For example. But the behavior of nodes with bad intentions and colluding with other nodes to get good opinion are hindrance to the trust establishment. Privacy control at the source will enable willing and engaged participation of citizens to create urban infrastructure with reduced cost. C. The reputation Rij is derived e from the direct reputation value Rbj received from base e station and direct reputation Rib stored at node Ni about In the housing infrastructure having hundreds of houses at particular place is quite common. a positive value represents positive opinion and negative value represents negative opinion. thereby having the control to which they have to share their data.5] . where M is a function The Fig. VI. ⎧ R o − 0.Proc. these are rounded to one decimal place so that majority opinion is selected.01.o nj ( ) be the set of opinions (rounded to one decimal place) from base station and other nodes. there is no necessity of taking other’s opinions. D. but having thousands of houses in a single project is very rare. Observed Reputation The observed reputation o Rbj this trust they authorize users to different levels. for sufficient number of transactions.ACS. o1 j . The majority of the observed o o opinions Oij is given as Oij = M (S ) ..1 ∑ n if t ij < k = b . the node will take only its opinion into account ( wi = 1 ) otherwise other’s opinion is also considered then the weight wi is given as in (6). since the opinions collected from base station and other nodes may not match with each other. V. Depending on © 2010 ACEEE DOI: 02.. is also shown..
. Taking risk factor into consideration along with trust to exchange data are the areas to be considered for further study to have a robust trust management for participatory sensor networks.” Communications of ACM. and N. on Pervasive Services. and E. A. Y. S. X. and S. Wright. Lee. M. mobile phones. Hung. ACM MobiSys’08. IEEE Int. H.51.  K. “Sensor networks: Evolution.R. © 2010 ACEEE DOI: 02.01. Mag. 2006.” Proc. Cornelius. March 2008. Prasad. R. pp. IEEE Computer Society. vol. “AnonySense: Privacy-aware people centric sensing. of Int. Perrig.K. Lee. Y. and C. Conf. Sankarasubramaniam. Kotz.” Communications of ACM. 2007. J. “Four billion little brothers? Privacy. pp.com/. 24-33.  C. Cao. Gao.187 77 . et al. 102-114. Conf. pp. August 2002.. 56-63.J. vol. 8 pages.” Proc. “Next century challenges: Scalable coordination in sensor networks.  H.P. “Privacy protection mechanisms for hybrid hierarchical wireless sensor networks. Shilton. Shaik. Conf. and Y.  D.” IEEE Commn. Hansen. vol.A. “Cisco Connected Real Estate for healthcare: Changing how hospital real estate is developed. “A trust based approach to control privacy exposure in ubiquitous computing environments. 2008.  D. “The illusion of security.google. pp. IEEE ISWCS 2007. Mitseva. D. Kang.  Google. H. 6 pages. October 2003. “Trust management problem in distributed wireless sensor networks. and J. S. Chen.2 11224. pp. Cayirci.” 2009. D. 12th IEEE Int. www. Kumar. 51.. Heidemann.  Cisco. S.” Proceedings of the IEEE. 1999. The data is shared by setting authorization levels to others depending on trust.” IEEE Computer. 1247-56. Cuff. 2007. Song. “Trust propagation and aggregation in wireless sensor networks. 103105. Trust estimation under malicious behavior of nodes.. W. pp.  P. Giang.X. used. August 2003. IEEE Computer Society.cisco. March 2008. D. Govindan.2010. Kumar. pp. JapanChina Joint Workshop on Frontier of Computer Science and Technology. vol. Su. opportunities. M. Lee.  R. 36. November 2009.Proc.” Proc.” Proc.org/flutrends (2nd August 2010). Estrin.” Proc. and S. and H. pp. of ACM. collusion between nodes to get authorization is a problem. 4 pages. “Urban sensing: Out of the woods. Chong.” 2010. “Google flu trends. Jameel. Chan.” Proc.ACS.pdf (2nd August 2010). 149-152.  D. 332-336./healthcare/08CS1312HC_Conn_RealEst_20090208. and managed.91. pp. Kapadia. Triandopoulos. REFERENCES  I. “A survey on sensor networks.” Communications. Peebles. Gerlach. L. Wu.  A. 52.A. and challenges. Lee.F. and A. ACM Mobicom’99. vol. and N. Zhung. M.D. on Advances in Computer Science 2010 problem of establishing trust with neighbors in a sufficiently large residential community by collecting opinions from others.  H. 40. pp. vol.  C. Akyildiz. “Security and privacy in sensor networks. Rajput. Y. http://www. Shin. on Embedded and Real Time Computing and Applications. and ubiquitous data collection. 48-53. 263-270. R. Shaikh.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue listening from where you left off, or restart the preview.