Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Personalization in privacy-aware highly dynamic systems Evica Ilieva
Supervisor: Gerrit Kahl
Zite – Personalized Magazine
Personalization on the Internet
Personalization Pyramid
Outline
•Motivation
• HDS in stationary retailing
• Personalization improvement
• Risks of personalization
• Privacy improvement in HDS
• Related Work
• Conclusion
What is HDS?
• Highly dynamic system – HDS
• Collection of nodes
• heterogeneous
• decentralized
• Components
• enter and leave the system spontaniously
• autonomous in their actions
HDS in Stationary Retailing
• Benefits
• Electronic one-to-one communication
• Collection of context data
• Effectively and cheaply
• Improve customer satisfaction
Future Retail
Suggestion based on previous purchases
Warnings to the allergy sufferers
Optimization of the route through the store
Special offers
Purchasing suggestion
Controlling expenditure
Position in the market
Information about product
Future Retail and Personalization Pyramid
Personalized automatic checkouts
Outline
•Motivation
• HDS in stationary retailing
• Personalization improvement
• Risks of personalization
• Privacy improvement in HDS
• Related Work
• Conclusion
Data Collection in HDS
Extensive data collection
Unobservable data collection
Data Collection in HDS
• Data is increasingly collected
• Without any indication
• Without any predefined purpose
• Collected data are persistent
• Different devices record events simultaneously
• Multiple events are registered simultaneously
• Undermines the users’ desire to control personal data
Risk of Personalization
• RFID-tagged articles
• Video surveillance
• Customer loyalty cards
• Embedded RFID tags
Stopped the RFID-based surveillance
Dropped the use of RFID tags in cards
According to a survey of more than 1,000 U.S. customers, two-thirds identified as a major concern the likelihood that RFID would lead to their data being shared with third parties
Customers concerns regarding RFID and privacy
Privacy and Transparency
Privacy problems in HDS
increasing complexity for modeling the
system
hinder the proof of their behavior
assignment of a formulated privacy policy to personal data is impossible
Outline
•Motivation
• HDS in stationary retailing
• Personalization improvement
• Risks of personalization
• Privacy improvement in HDS
• Related Work
• Conclusion
Transparency in HDS
Technology for detection
Enforceable privacy contracts
Privacy evidence creation
Policies Evidence Creation
Privacy Evidence
Log View
Secure Logging
Policies
• P3P – the Platform for Privacy Preferences
• XML- specifications
• what kind of data is to be stored
• how data is to be used
• its permanence and visibility
• Cannot express
• composed privacy policies
• policies involving
• multiple departments
• hierarchical departments
Novel Algebraic Privacy Specification (NAPS)[1]
• Offers conjunction
• Offers composition
• Scoping operators
• Exhibits desirable algebraic properties
• Allows a distributed evaluation of composed policies
Privacy evidence creation
Policies Evidence Creation
Privacy Evidence
Log View
Secure Logging
Authenticity of log data
Confidentiality
Integrity
Uniqueness
• Standard logging mechanisms fail
• Secure logging is required
Seccure Logging Realization[2][3]
Privacy evidence creation
Policies Evidence Creation
Privacy Evidence
Log View
Secure Logging
Log Views
• Compilations of log entries encompassing all data collected about a user
• In a P3P/EPAL setting
• Log View is a query on log file
• In HDS
• large variety of events
• recorded as isolated pieces of information
• follow unspecified, unforeseen, and chaotic patterns
Techniques
• Guessing particular situations
• Measuring their plausibility against known facts
• Extensive data mining
• Results
• doubtlessly be associated with corresponding customer
• probabilistic estimation
• Completeness of evidence generated - unresolved issue
Outline
•Motivation
• HDS in stationary retailing
• Personalization improvement
• Risks of personalization
• Privacy improvement in HDS
• Related Work
• Conclusion
Privacy Evidence Workflow[4]
(1) PA
Dynamic System
Log File (2) Log View (3) Client
Audit (4)
Privacy Evidence (5)
Privacy Evidence Creation[4]
• Policy Language
• access and collection -act
• provisions and obligations
• Secure Logging
• Simmilar to previously shown proposal
• LogViews
• Answer to question
• Which? Who? How?
• Automated Audits
• Violation of rules are shown to the user
• How rules are violated
• Tests within an airport
Outline
•Motivation
• HDS in stationary retailing
• Personalization improvement
• Risks of personalization
• Privacy improvement in HDS
• Related Work
• Conclusion
Conclusion
• HDS enable several novel ways to increase personalization
• Extensive data collection is necessary
• Raises privacy concerns
• Transparency - reasonable way to maintain privacy
• An initial step – concept of privacy evidence
Conclusion
Summary
References
[1] Raub, D. and Steinwandt, R. An algebra for enterprise privacy policies closed under composition and conjunction. In G. Müller, Ed. ETRICS 2006, Lecture Notes in Computer Science 3995, Springer-Verlag, 2006.
[2] Schneier, B. and Kelsey, J. Security audit logs to support computer forensics. ACM Transactions on Information and System Security 2, 2 (May 1999), 159–176
[3] Accorsi, R. On the relationship of privacy and secure remote logging in dynamic systems. In S. Fisher-Hübner et al., Eds., Proceedings of the IFIP International Federation for Information Processing, Volume 201, Security and Privacy in Dynamic Environments, Springer-Verlag, 2006, pp. 329–338
[4] Automated Privacy Audits to Complement the Notion of Control for Identity Management by Rafael Accorsi