There is a recent trend toward rule-based authorization systems to achieve flexible security policies. Also, new sensing technologies in pervasive computing make it possible to define context-sensitive rules, such as “allow database access only to staff who are currently located in the main office. ” However, these rules, or the facts that are needed to verify authority, often involve sensitive context information. This paper presents a secure context-sensitive authorization system that protects confidential information in facts or rules. Furthermore, our system allows multiple hosts in a distributed environment to perform the evaluation of an authorization query in a collaborative way; we do not need a universally trusted central host that maintains all the context information. The core of our approach is to decompose a proof for making an authorization decision into a set of sub-proofs produced on multiple different hosts, while preserving the integrity and confidentiality policies of the mutually untrusted principals operating these hosts. We prove the correctness of our algorithm. 1

Abstract. Location-based services, such as finding the nearest gas station, require users to supply their location information. However, a user’s location can be tracked without her consent or knowledge. Lowering the spatial and temporal resolution of location data sent to the server has been proposed as a solution. Although this technique is effective in protecting privacy, it may be overkill and the quality of desired services can be severely affected. In this paper, we suggest a framework where uncertainty can be controlled to provide high quality and privacy-preserving services, and investigate how such a framework can be realized in the GPS and cellular network systems. Based on this framework, we suggest a data model to augment uncertainty to location data, and propose imprecise queries that hide the location of the query issuer and yields probabilistic results. We investigate the evaluation and quality aspects for a range query. We also provide novel methods to protect our solutions against trajectory-tracing. Experiments are conducted to examine the effectiveness of our approaches. 1

ABSTRACT Today's rich and varied wireless environment, includingmobile phones, Wi-Fi-enabled laptops, and Bluetooth

Abstract—Privacy and security are two important but seemingly contradictory objectives in a pervasive computing environment (PCE). On one hand, service providers want to authenticate legitimate users and make sure they are accessing their authorized services in a legal way. On the other hand, users want to maintain the necessary privacy without being tracked down for wherever they are and whatever they are doing. In this paper, a novel privacy preserving authentication and access control scheme to secure the interactions between mobile users and services in PCEs is proposed. The proposed scheme seamlessly integrates two underlying cryptographic primitives, namely blind signature and hash chain, into a highly flexible and lightweight authentication and key establishment protocol. The scheme provides explicit mutual authentication between a user and a service while allowing the user to anonymously interact with the service. Differentiated service access control is also enabled in the proposed scheme by classifying mobile users into different service groups. The correctness of the proposed authentication and key establishment protocol is formally verified based on Burrows–Abadi–Needham logic. Index Terms—Access control, authentication, pervasive computing environments (PCEs), security. I.

The increasing availability of information about people's context makes it possible to deploy context-sensitive services, where access to resources provided or managed by a service is limited depending on a person's context. For example, a location-based service can require an individual to be at a particular location in order to let the individual use a printer or learn her friends' location. However, constraining access to a resource based on confidential information about a person's context could result in privacy violations. For instance, if access is constrained based on a person's location, granting or rejecting access will provide information about this person's location and could violate the person's privacy. We introduce an accesscontrol algorithm that avoids privacy violations caused by context-sensitive services. Our algorithm exploits the concepts of access-rights graphs, which represent all the information that needs to be collected in order to make a contextsensitive access decision. Moreover, we introduce hidden constraints, which keep some of this information secret and thus allow for more flexible access control. We present a distributed, certificate-based access-control architecture for context-sensitive services that avoids privacy violations, a sample implementation, and a performance evaluation.

Privacy is widely recognised as a significant obstacle inhibiting the adoption of context-aware applications. In order to remove this obstacle, advances are required in many areas of context-awareness research. In this paper, we address the incorporation of privacy support into context models. In particular, we present extensions to our context modelling approach that address the challenges of assigning ownership to context information and enabling users to express privacy preferences for their own information.

The Aura ubiquitous computing project is investigating how we can reduce user distractions by having applications automatically adapt to the user’s context. Context-aware applications rely on a shared service, the Contextual Information Service, to obtain context information. In this paper we describe our experience in implementing four very different applications using the CIS and in porting the applications to a different environment. One of the services also integrates technologies developed by a sister project that focuses on using the Semantic Web to support context awareness and privacy. 1.

This paper addresses a spatio-temporal configuration problem that consists of integrating a set of interdependent constraints. The problem’s scenario is set to a day at a trade fair during which meetings need be dynamically scheduled and assigned respective spatial locations on a map. For this type of configuration problem, mental problem solving is model-based, i.e. the problem is mentally solved by instantiation of constraints; where multiple instantiations are possible, typically only few get constructed. As a result, the performance of a corresponding planning assistance system does not only depend on its use of computational resources but also on the user’s cognitive effort required to understand the current state of the system and to guide the planning process. Corollary, cognitive processing models have to be integrated into the assistance system to allow for better predicting current cognitive efforts and reasoning preferences. We analyze the scenario with respect to modelbased problem solving strategies and propose first ideas towards an assistance system that presents itself through different media in a ubiquitous computing environment.

privacy violations caused by context-sensitive services

In pervasive computing environments, information gateways derive specific information, such as a person's location, from raw data provided by a service, such as a videostream offered by a camera. Here, access control to confidential raw data provided by a service becomes difficult when a client does not have access rights to this data. For example, a client might have access to a person's location information, but not to the videostream from which a gateway derives this information. Simply granting access rights to a gateway will allow an intruder into the gateway to access any raw data that the gateway can access. We present